WPR Mac Help

At the moment, there are no circulating viruses for Mac OS X. That does not mean, however, that there never will be or that Mac’s are somehow immune to viruses by design. For now, we’ve been lucky enough that the virus writers haven’t targeted Macs yet.

While I do believe that OS X does offer some inherent protections from the kind of Windows viruses that are constantly showing up, anti-virus software is still a very good idea. In this article, we’ll talk about a free anti-virus program called “ClamXav” and how you can put it to work for you.

Anti-virus Software Options

There are some commercial solutions for anti-virus software. The one that comes to mind first is Norton Antivirus for the Mac. Regrettably, it’s very resource intensive and I’ve noticed that it seems to get in the way more than it helps. (Some PC folks say the same thing about their Windows version.) With version 10.0, it’s still not written to run faster on Intel Macs, which means it will slow down those machines far more than it ought to.

There’s also Intego Virus Barrier, which I know almost nothing about.

The software that I use is called ClamXav, and it is based on the ClamAV anti-virus engine. (The “engine” is the actual part that does the scanning. ClamXav is basically a pretty face for the engine.) It’s free, which is very nice. It’s also updated very regularly. What it does not do, compared with the two commercial alternatives, is perform “on-access” scanning.

Kinds of Virus Protection

There are two basic ways that anti-virus software can operate. One way is called “on-demand”. Basically, it will scan a file when you demand it to do so.

The other method is called “on-access”. With this method, whenever you touch a file, it will be scanned. So when you open your Shena Easton songs, they’ll be scanned for viruses. Opening iTunes will cause the application itself to be scanned, before you ever get to your “best of the 80’s” play list.

Obviously, the “on-access” method is the most secure of the methods. The problem is that scanning a file takes time. This constant scanning can take quite a toll on your system, and can even prevent some applications from functioning correctly. (They don’t understand why they have to wait.)

Basic A/V Strategy

Most of the “proof-of-concept” viruses that have been demonstrated for OS X require getting the user to open and run some downloaded file. There are a number of ways of getting a victim to do this. You might promise them some great little application that will solve some problem. Or you might include your virus as part of another file, like an MP3. When they double click on this file, Whamo!

Because there are so few viruses in existence for OS X, and because they all (so far) require my downloading and clicking on something, I forgo the “on-access” kind of anti-virus and instead go for the “on-demand” instead. Specifically, I choose to scan anything I download from the internet.

Fortunately for me, I don’t have to do this manually. ClamXav has a module that will simply watch a particular folder and scan any files that may show up there. For me, I chose to have it watch my “Desktop” folder.

Installing ClamXav

First, you have to download ClamXav and install it. They’ve made this really quite simple. It comes as a “disk image” file that will mount on your desktop like a CD or another hard drive. Depending on your browser settings, you might have to double click on the .dmg file that downloads.

Once the disk image is opened (”mounted” for those of us geeks), you just have to drag the “ClamXav” application onto the “Applications” folder. They even give you a shortcut for this in their disk image.

This will copy the ClamXav engine into your Applications folder. Go there and double click on it. The first time you run it, it will notice that the ClamAV engine isn’t installed and it will ask you if you want to install it. Go ahead and click “Install”. Unfortunately, I can’t get a screen shot of this.

ClamXav will quit, and instead the ClamAV engine installer will pop up.

The defaults are all just fine. Click “Continue” as many times as it asks, “Agree” to the licensing terms, and “Install” when it finally gets so far. It will ask you for your password before it finally does the installation. It should complete fairly quickly.

Now that the AV engine is installed, we can fire up ClamXav again and configure it the way we want. The first thing I’d do is hit that “Update virus definitions” button, both to update the definitions and to make sure that it can reach the internet OK.

Now click the “Preferences” button so we can set things up. There are really only two tabs here that we’re interested in playing with. The rest of them are fine by default. We’re looking at the “Schedule” tab and the “Folder Sentry” tab.

Under the “Schedule” tab, look at the “Update” sub-tab. This is when ClamXav will go out and automatically update the virus definitions. You’ll need to click the little lock icon to be able to set the schedule. (It will ask you for your password to open the lock.)

I suggest picking times when you know that machine is most likely to be running. I choose 12:30 in the afternoon, every day. When you’re happy with your selection, click the “Save Schedule Settings” button. Then click on the “Folder Sentry” tab.

The folder sentry keeps an eye on one or more folders. It will automatically scan files as they appear (or change) in this folder. As I mentioned earlier, I think my Desktop folder is a good place to scan, since that’s where files I download get saved. To set your Desktop (or any other) folder to be scanned like this, open your Finder and drag the Desktop folder out of your home folder and drop it onto the ClamXav window.

A Quick Sidebar on Dragging Folders.

I made this mistake a couple of times before I realized what was going on. The Finder gives us that nice little side bar where we can tuck folders that we use a lot. By default Apple fills that with things like “Desktop”, our home folder (the little house), “Applications”, and so forth. You modify your Finder side bar the same way you do your Dock. You simply drag folders into it or drag them out of it. (Called “Poof-ing”. Wondering why? Try it!)

For this reason, you cannot drag the “Desktop” icon out of your side bar to the ClamXav window. It will just poof out of your side bar. Instead, go into your home folder and drag that “Desktop” icon to CalmXav.

I would leave the other settings for “Folder Sentry” unchecked except for the “Launch ClamXav Sentry when you log in to this computer” option. Clicking this makes sure the sentry is running whenever you’re using the machine.

Click “Save Settings & Launch ClamXav Sentry”. You can now quit the “ClamXav” application if you’d like. So what’s running? How do you see what’s going on? In the upper RH corner of your menu bar (at the very top of your screen) you should see this icon (among others):

When you put a file on your desktop, you’ll see that icon animate. You can also click on that icon to instruct the sentry for certain tasks, such as manually updating your virus definitions, stop watching a folder, or abort a scan. (You might need to do that if you accidentally plop down a huge file that you know doesn’t need to be scanned.)

One Last Thing

There’s one last thing I like to do. I’m not entirely certain that disk image files are correctly scanned by ClamXav. (The files that end in “.dmg”.) They’re a Mac-specific kind of thing and I don’t know if any anti-virus software knows to go in there and look at the contents. So instead, I like to manually scan anything I’m about to install if it’s not from a source I trust (like Apple).

Again, I’m the lazy type. I look for easy ways to do this kind of thing. Fortunately for me, ClamXav had me in mind. They have a little plug-in that I can install. When I’ve done this, I can right-click (if I have a two button mouse) or I can hold down the “control” key on the keyboard and click. This special clicking brings up a pop-up “contextual” menu. That is, it’s specific to whatever it is I’ve clicked on. With the little plug-in installed, one of the options in that pop-up menu will be “Scan with ClamXav”. Just what I wanted!

To install that plug-in, go to the disk image again where you dragged the application from originally. In that folder, there should be an item called “ScanWithClamXav.plugin”. Drag that item to the “/Library/Contextual Menu Items” folder. The next time you log in, you’ll have the “Scan with ClamXav” option in your menu.

Keeping up to date

The ClamAV engine gets updated pretty regularly. The folks that make ClamXav keep releasing new versions that include these updates. You’ve all ready set things up so the virus definitions are updated regularly, but this does not update the application or engine. For that, you’ll want to download new version every so often.

You basically follow the same instructions for updating as you do for original installation. The only difference is you don’t have to change any settings.

Give the Guy a Break

The folks that wrote ClamXav did a pretty good job, and they do it all out of the goodness of their hearts. Every so often, the program may ask you to donate some money to their cause. If you find yourself using their program regularly (I certainly do), go ahead and throw them a couple of clams!