Much Ado About Viruses

There has been a lot of hoopla in the media and blogs of a much touted document Apple released regarding anti-virus software. As mentioned on the web and here, the document is no longer available from Apple’s website, but it is still in Google’s cache (for the time being). It basically says you should use some sort of anti-virus software to help protect your Mac. The irony here is that while they took down that page, they left up the ad about Mac’s and viruses, implying that Mac’s are virus free. But are Mac’s virus free and what can you do if they’re not?

The truth is Mac’s are not virus free. It’s unrealistic to think otherwise. On the other hand, the number of viruses for Mac is much lower than Windows and the number that actually do anything “evil” is even lower. But there was a time when the same could be said about Windows (that was a long time ago, I know). The best course of action then is to be prepared.

If you’re like me, you spent all your money just buying a Mac (and an iPhone) and there’s not much left in the budget for things such as anti-virus software. If not, you can always buy some A/V software. But just as Apple has benefited from the open source movement (i.e. Unix under the hood, Safari, etc.), we can too by using some open source anti-virus software and if you like it, you can donate to the cause (whatever your budget may allow).

The anti-virus software is clamXav. It uses the clamAV engine that many email servers use to scan emails for viruses. ClamXav is not like your normal AV software. Normal AV software plugs directly into the operating system itself to keep watch, ready to pounce on anything that looks suspicious. All this watching can have a drain on system performance and sometimes interferes with other safe applications. ClamXav doesn’t do any of that. It doesn’t plug into the operating system, it is a normal application. Think of it as a passive anti virus system rather than an active one. However, with the current virus situation for Macs, a passive system is probably all you will need. ClamXav also comes with clamXav Sentry, which is a background process that watches folders for changes and will scan new files as they arrive. While nothing is 100%, you can essentially protect yourself from files you download and place on your mac. Let’s see how it works.

First download clamXav and open the disk image. Install clamXav by dragging it to the Applications folder.

clamXav Installation

The next thing you can do is add the ScanWithClamXav.plugin to your Library:Contextual Menu Items folder. This plugin add a “Scan with ClamXav” as an option from the Finder or by right-clicking a file.

Scan with ClamXav

Next, run ClamXav. When ClamXav runs for the first time, it will prompt you to install the clam AV engine. The Clam AV engine is the heart of app so you’ll want to install it.

Install the AV engine

You will be guided through a standard looking installation wizard and just before it installs you will be prompted for your password. When the install finishes, ClamXav quits too. Run ClamXav again and will do its normal start up. The next thing to do, as with most AV software is to update its virus definitions by clicking on the ‘Update virus definitions’ button.

Next, open preferences by clicking the preferences button or from the menu. From here you can set a schedule for clamXav to scan your computer from the schedule tab:

Setting a Schedule

Of course, this is only useful if your computer is running at the time of the scheduled scan.

Finally, you can configure ClamXav Sentry from the ‘Folder Sentry’ tab.

Configure the Sentry

You can see the list of Folders I have the Sentry set to watch. The Downloads and Mail Downloads folders are places where you will normally download new files. There are other places such as your public folder and anywhere else where files over the network downloaded (a.k.a torrents, iTunes downloads etc). It all depends on your desired level of paranoia. Once you are done, click the ‘Save Settings & Launch ClamXav Sentry’ button and you should be good to go. You can now quit the clamXav application.

The Sentry add a new icon to the menu bar and it has its own drop-down menu.

Sentry Menu

From here, you can do all the most common tasks that clamXav provides.

With clamXav installed and running are you completely protected? No, there are no 100% gaurantees. Are you more protected than without it? Of course. Then again, the only real test would be to try and download a known infected file and see what happens. I will leave that as an exercise for the reader as I’m certainly not going to. Hopefully, clamXav will be software you’ll never really have to use and if it someday saves your Mac from the next big virus, consider a donation. I’m sure the software writers would appreciate it.