About the App
ClamAV ® is the open source standard for mail gateway scanning software. High Performance ClamAV includes a multi-threaded scanner daemon, command line utilities for on demand file scanning and automatic signature updates. Search & Install any app on Mac. Skip to content. Install Sophos Anti-Virus Home Edition on Mac OSX. June 23, 2017 Amber. Install clamav on Mac OSX. App Store purchases are safe and simple, so you can start playing, gaming, reading — or just doing — straight away. Create a secure account with your preferred payment method on file and it’s easily accessible across your devices and the web.
- App name: clamav
- App description: Anti-virus software
- App website: http://www.clamav.net/
Install the App
- Press
Command+Space
and type Terminal and press enter/return key. - Run in Terminal app:
ruby -e '$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)' < /dev/null 2> /dev/null
and press enter/return key.
If the screen prompts you to enter a password, please enter your Mac's user password to continue. When you type the password, it won't be displayed on screen, but the system would accept it. So just type your password and press ENTER/RETURN key. Then wait for the command to finish. - Run:
brew install clamav
Done! You can now use
clamav
.Similar Software for Mac
This technology add-on app is to accompany the ClamAV app.
- ClamAV (https://www.clamav.net/). ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
- ClamAV is a registred trademark of Sourcefire, Inc. and Cisco Technology, Inc.
The author of this splunk app has no connection whatsoever with ClamAV, Sourcefire, and or Cisco. Other, than I think it's a f'ing cool product and no-one else has made a splunk app for its logs. :)
This app has been created to work correctly with a stand-alone, distributed, and cloud installs of Splunk. Read the install notes carefully below with your splunk platform in mind.
Allow app on mac at startup. You will need two apps:
1. ClamAV https://splunkbase.splunk.com/app/1798/
2. TA-ClamAV https: <pending>
a. (this app) Download getting over it mac.
1. ClamAV https://splunkbase.splunk.com/app/1798/
2. TA-ClamAV https: <pending>
a. (this app) Download getting over it mac.
New Install
![Clamav mac download Clamav mac download](/uploads/1/3/4/2/134216197/798705221.png)
This section is to install on a centralized or stand-alone splunk setup.
- Install ClamAV via Splunk UI.
- Install TA-ClamAV via Splunk UI.
- Read the index section, below, to enable your correct index settings.
- Restart the Splunk server.
Upgrading this app
- Run the upgrade via the Splunk App management UI.
- Or use the correct update methodology depending on your distributed design.
Install for Distributed Splunk designs
For those who are running a distributed Splunk design or HA: ie separate forwarders, search heads, indexers, etc. Please follow these directions, depending on your design YMMV. Please see this link for more instructions: [http://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons] https://coopnew766.weebly.com/pema-chodron-how-to-meditate-download.html.
- Install this App on your Search head(s).
- Do not enable the indexes.conf file.
- Install this App on your indexer(s).
- Enable the index and replication: =- indexes.conf
[clamav]
repFactor = auto
- Enable the index and replication: =- indexes.conf
- See the README.txt notes to install the ClamAV app.
Install for Splunk Cloud
I have not used Cloud yet. I believe you install this app via the UI.
Also install the ClamAV app via the UI.
Also install the ClamAV app via the UI.
Syslog notes:
Zscaler mac app store. Now that your TA-ClamAV app is installed per your deployment model.
This app makes the assumption that your clamav logs are being sent over syslog using the sourcetype='syslog' with the key works 'freshclam' and 'clamav' in the syslog process field.
To enable Freshclam syslog logging:
- Edit the /etc/freshclam.conf file
- Make sure setting
- Edit the /etc/freshclam.conf file
- Make sure setting
LogSyslog yes
is enabled.To enable clamav syslog logging:
I run my scans like this.
-
I run my scans like this.
-
/usr/bin/clamscan -i -r $SCAN_DIR $EXCLUDE --log=$LOG_FILE --stdout | logger -i -t clamav -p auth.alert
Mac OSX
To gather your clamXav logs on a mac OSX (tested on Yosemite). Make sure clamXav is logging for 'scan' and 'update' results in your clamXav preferences. Install the Universal Forwarder on a mac and enabled an inputs.conf entry for:
Note: Log location changes depending if you install clamXav manually or via the app store. You may need to validate where your Scan and Update logs are located at. Here are some possible examples:
https://heavenlymiles.weebly.com/scansnap-ix500-software-for-mac-mojave.html. [monitor:///Users/<yourusername>/Library/ClamXav/ClamXav-scan.log]
or
[monitor:///Users/<yourusername>/Library/Logs/clamXav-scan.log]
sourcetype=clamav
index=clamav
or
[monitor:///Users/<yourusername>/Library/Logs/clamXav-scan.log]
sourcetype=clamav
index=clamav
[monitor:///Users/<yourusername>/Library/ClamXav/ClamXav-update.log]
or
[monitor:///usr/local/clamXav/share/clamav/freshclam.log]
sourcetype=freshclam
index=clamav
or
[monitor:///usr/local/clamXav/share/clamav/freshclam.log]
sourcetype=freshclam
index=clamav
Optional scans:
This app support PUA and DLP search results if they are enabled on your scans.
- ClamAV supports scans for DLP like credit cards and social security numbers.
- ClamAV supports scans for PUA.
- See http://www.clamav.net/doc/pua.html for more information.
- ClamAV supports scans for DLP like credit cards and social security numbers.
- ClamAV supports scans for PUA.
- See http://www.clamav.net/doc/pua.html for more information.
ClamAV searches are set to look for data in index 'clamav'. This TA controls the input of data into the index for the ClamAV app. Lately Splunk does not want apps to create indexes be default, so thus you need to create the index file if you wish to use an index.
Create index file
- Create file 'indexes.conf' in the TA-ClamAV/local/ directory on your indexer.
- Cut and paste the below data into the file.
- Restart splunk.
Note: Splunk Cloud users please use the Cloud UI settings to create the 'clamav' index.
[clamav]
repFactor = auto #only use this option if you have a splunk index cluster.
coldPath = $SPLUNK_DB/clamav/colddb
homePath = $SPLUNK_DB/clamav/db
thawedPath = $SPLUNK_DB/clamav/thaweddb
repFactor = auto #only use this option if you have a splunk index cluster.
coldPath = $SPLUNK_DB/clamav/colddb
homePath = $SPLUNK_DB/clamav/db
thawedPath = $SPLUNK_DB/clamav/thaweddb
Clamav Mac App Store Mac
Use the default index
Clamav Mac App Store For Windows
If you are choosing not to use the 'clamav' index and thus the default 'main' index, please follow these steps.
App Store
- Delete the local/indexes.conf file.
- Change index name in default/macros.conf:
a. 'definition = index=main' - Restart the Splunk server.
Clamav Mac App Store App
- Verified works with Splunk 6.5 & 6.6.
- Updated to work with Splunk Cloud.
- Validated app through Splunk App builder.
- Fixed macro issue with distributed design. Added distsearch.conf file.
![Linux Linux](/uploads/1/3/4/2/134216197/822655908.png)
New TA app!
- Works with Splunk 6.4.
- TA for distributed Splunk designs.
This is an open source project, no support provided. Please use splunk answers for help and assistance. Author monitors splunk answers and will provide help as best as possible.