Kaseya Community

What Anti Virus do you recommend for MACs?

  • I assume there isn't anything that plays nice with Kaseya?

    Legacy Forum Name: What Anti Virus do you recommend for MACs?,
    Legacy Posted By Username: Matthias Busch
  • You can try to use the preinstalled clamav virusscanner on Mac OSX Server.

    It is still on my to-do list to try the following:
    - create clamav package/installer for OSX Client (and use the preinstalled version from server)
    - create local shell script that scans the machine and writes the output "CLEAN" or "INFECTED" to a temp file in the temp directory
    - create a kaseya procedure that runs the above shell script and downloads the temp file if it contains "INFECTED". This download will trigger an alert because of the changed file

    Legacy Forum Name: Macintosh,
    Legacy Posted By Username: macbofh
  • any update on this?

    Legacy Forum Name: Macintosh,
    Legacy Posted By Username: dsinton
  • Still a work in progress and this tutorial is still quick and dirty, but it is running (and already found some 'virusses' in the local junkmail folders of some users)
    Tested on 10.5 and 10.6

    - Download clamxav from http://www.clamxav.com/ (i used the 2.0 beta)
    - extract the clamavEngineInstaller104.pkg from the ClamXav.app (/Applications/ClamXav.app/Contents/Resources/clamavEngineInstaller104.pkg)
    - make a zipfile of the pkg (important!)
    - upload clamavEngineInstaller104.pkg.zip to the Shared Files on your kaseya server
    - Create a "MacOSX - Install ClamAV" script/procedure with the following steps:
    1) "write file "VSASharedFiles\clamavEngineInstaller104.pkg.zip" to /tmp/clamavEngineInstaller104.pkg.zip
    2) Execute command unzip -o /tmp/clamavEngineInstaller104.pkg.zip -d /tmp/ as Execute as the system account
    3) Execute command installer -pkg /tmp/clamavEngineInstaller104.pkg / as Execute as the system account
    - Create a "MacOSX - ClamAV virusscan (/Users/)" with the following steps:
    1) Execute command /user/local/clamXav/bin/freshclam as Execute as the system account (this step updates the virusdefinitions)
    2) Execute command /user/local/clamXav/bin/clamscan -i -r /Users/ >> /tmp/clamav.output as Execute as the system account (this step scans all of the local User folders. You can change this to / if you want to scan the full local HD. ClamAV is dog slow so i'm only scanning user folders on machines where the users aren't local admins )
    3) IF: file Path /tmp/clamav.output Contains FOUND (if the clamav finds infected files it writes the files with the comment FOUND in the log. This log will only be downloaded if there are virusses found)
    4) get file /tmp/clamav.output and save on KServer at clamav.output. Overwrite existing file and send alert if file changed



    Please leave your comments and suggestions here so we all can improve this.

    Legacy Forum Name: Macintosh,
    Legacy Posted By Username: macbofh