Clam AntiVirus (ClamAV) is an open-source anti-virus toolkit for UNIX, released under GPL. It provides a number of utilities including a flexible and scalable multi- threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.
ClamAV is included in both Fink and DarwinPorts, or can be downloaded directly from sourceforge
Configuration
You have to edit the configuration files. See the manual pages for details:
man freshclam.conf man clamd.conf
You have to edit both files. On a Fink install, you'll find them in /sw/etc/. For other setups, locate clam.conf should find them.
Programs
clamconf -n tells you what non-defaults are set in your configuration. clamscan -r directory recursively scans a directory. freshclam updates your virus definitions.
man clamconf man clamdscan man clamscan man freshclam
I added the following line to /sw/etc/anacrontab
1 25 clamscan nice /sw/bin/freshclam -quiet
When you check your imported software (for a Fink installation, do this by running the command sudo clamscan -r /sw) you should find a few ''infected'' files. For example:
/sw/src/clamav-0.91.2.tar.gz: ClamAV-Test-File FOUND
There are a few more examples in /sw/share/doc/clamav/test/. If you don't find these test cases, check your configuration.
The malware I have found is exclusively in spam mail and cached java applets.
clamdscan ˜/Library/Caches/Java\ Applets clamdscan ˜/Library/mail\ DownloadsYou can remove offending files by hand, or use the
--remove option when calling clamdscan.
