If your computer still has Mac OS X 10.6.8 to 10.9.5, you can use ClamXAV 2. Step 1 Find ClamXAV3.1.28690Installer.pkg in your Downloads Folder and double click it and follow the on-screen prompts to perform the installation. When asked for your admin name and password, these are the ones you use to log into your computer. On Mac OS X 10.6.8 I just installed Homebrew. It broke ClamXav. So I uninstalled it, and installed Homebrew's clamav. At the end of the installation process I received this: / Warning: /usr/local/. We don't have any change log information yet for version 3.1.2.8690 of ClamXav. Sometimes publishers take a little while to make this information available, so please check back in a few days to see if it has been updated.
This app looks at clamav and freshclam log files to report on usage, scan summary, and virus' discovered.
- ClamAV (https://www.clamav.net/). ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
- ClamAV is a registred trademark of Sourcefire, Inc. and Cisco Technology, Inc.
The author of this splunk app has no connection whatsoever with ClamAV, Sourcefire, and or Cisco. Other, than I think it's a f'ing cool product and no-one else has made a splunk app for its logs. :)
This app has been created to work correctly with a stand-alone, distributed, and cloud installs of Splunk. Read the install notes carefully below with your splunk platform in mind.
You will need two apps:
1. ClamAV https://splunkbase.splunk.com/app/1798/
a. (this app)
2. TA-ClamAV https://splunkbase.splunk.com/app/3619/
New Install
This section is to install on a centralized or stand-alone splunk setup.
Clamav Mac Os X
- Install ClamAV via Splunk UI.
- Install TA-ClamAV via Splunk UI.
- Read the index section, below, to enable your correct index settings.
- Restart the Splunk server.
Upgrading this app
- Run the upgrade via the Splunk App management UI.
- Or use the correct update methodology depending on your distributed design.
Install for Distributed Splunk designs
For those who are running a distributed Splunk design or HA: ie separate forwarders, search heads, indexers, etc... Please follow these directions, depending on your design YMMV. Please see this link for more instructions: [http://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons]
- Install this App on your Search head(s).
- See the README.txt notes to install the TA-ClamAV app on the remaining systems.
Install for Splunk Cloud
I have not used Cloud yet. I believe you install this app via the UI.
Also install the TA-ClamAV app via the UI.
See the README.txt file in the TA-ClamAV app.
The TA app will control your index settings.
Clamav Windows Download
- Created TA-ClamAV to correctly support Distributed and Cloud splunk installs.
- NOTE: You will need to install the TA-ClamAV app to use this ClamAV version!
- Updated CIM.
- Validated app through Splunk App builder.
- Minor corrections and updates.
- Works with splunk 6.5 & 6.6.
- Updated some search string issues.
- Updated instructions for HA splunk install.
- Updated CIM items.
- Updated support for clamXav logs.
- Included Mac OSX set-up instructions.
- Added Common Information Model (CIM) 4.0 support.
- Updated file permissions.
- Updated default.meta file.
- Added Pivot Data Models.
- Fixed some extracts in props.conf file.
- Updated the logo.
- Updated the DLP dashboard.
- Verified works with Splunk 6.1.
- Changed app directory from 'clamav' to 'ClamAV'.
(This will install a second app. You will need to delete the old v1.0 app and copy over any 'local/' files).
New app!
- Works with Splunk 6.0.
- TA for distributed Splunk designs.
- Search form.
- Dashboards on scan summary and agent logs.
- Dashboards on PUA, DLP and Quarantine results.
This is an open source project, no support provided. Please use splunk answers for help and assistance. Author monitors splunk answers and will provide help as best as possible.
I got this working along with ClamXav Sentry, and I'm posting my notes here in case it's useful to others or someone can suggest alternatives. The main idea is change the configuration so that OS X Server uses the ClamXav binaries, and that the server handles all the freshclam updating details. You could also do the same thing with binaries installed using MacPorts 'port install clamav' in /opt/local.
Notes on setting up ClamXav Sentry on OS X Server 10.6:
Based mostly on 'Updating ClamAV on OS X Server >= 10.5.5' from http://osx.topicdesk.com/content/view/139/41/
This will use the clamav binaries that come with clamXav in /usr/local/clamXav/{bin,sbin}
1. Create and copy all the conf and plist files:
% cd ~/Downloads
% mkdir ~/Downloads/SourceCache
% cd ~/Downloads/SourceCache
% curl -O http://downloads.topicdesk.com/docextras/clamavextras_105096.tar.gz
% tar xzf clamav extras_105096.tar.gz
% cd clamav extras_105096
% sudo chown root:wheel ~/Downloads/SourceCache/clamav extras_105096/*
% sudo vi net.clamav.clamd.plist
/usr/local/sbin/clamd -> /usr/local/clamXav/sbin/clamd
% sudo vi net.clamav.clamd.plist
/usr/local/bin/freshclam -> /usr/local/clamXav/bin/freshclam
% sudo vi freshclam.conf
#DatabaseDirectory /var/clamav
# Path to the log file (make sure it has proper permissions)
# Default: disabledUpdateLogFile /usr/local/clamXav/share/clamav/freshclam.log
UpdateLogFile /usr/local/clamXav/share/clamav/freshclam.log
% sudo mv /usr/local/clamXav/etc/clamd.conf /usr/local/clamXav/etc/clamd.conf.orig
% sudo mv /usr/local/clamXav/etc/freshclam.conf /usr/local/clamXav/etc/freshclam.conf.orig
% sudo chown clamav:wheel freshclam.conf
% sudo cp *.conf /usr/local/clamXav/etc
% sudo cp *.plist /System/Library/LaunchDaemons
% sudo mkdir -p /var/clamav/tmp
% sudo chown amavisd:amavisd /var/clamav/tmp
2. Setup launchctl to use the new files
% sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/org.clamav.freshclam.plist
% sudo /bin/launchctl load -w /System/Library/LaunchDaemons/net.clamav.freshclam.plist
% sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/org.clamav.clamd.plist
% sudo /bin/launchctl load -w /System/Library/LaunchDaemons/net.clamav.clamd.plist
% sudo /bin/launchctl unload /System/Library/LaunchDaemons/org.amavis.amavisd.plist
% sudo /bin/launchctl load /System/Library/LaunchDaemons/org.amavis.amavisd.plist
3. Restart
Mac Mini, Mac OS X (10.6.4)
Posted on Aug 19, 2010 7:57 PM