Wednesday, March 21, 2012

On-access scanning for OS X

The ClamAuth kernel extension enables ClamAV to provide on-access scanning for Mac OS X 10.5 and later. 


The current version works in a passive mode only - ClamAV will log the detection but won't block access to the infected file. However, it's possible to perform special actions (eg. quarantine files) with the VirusEvent directive of clamd.

Usage
-----

1. Run ClamAuth_load to load the kernel extension (you can edit the script to change or add more paths that will be monitored).
2. Add "ClamAuth yes" to your clamd.conf (ClamAV 0.97.4) or "ScanOnAccess yes" (ClamAV-devel)
3. Start clamd with root privileges ('sudo /usr/local/sbin/clamd')

If clamd properly connects to the driver, you should see a line like this in the log file:

ClamAuth: Driver version: 0.3, protocol version: 2

ClamAV is now monitoring the paths specified in ClamAuth_load.




If you have any questions or feedback about this module please send it to the ClamAV mailing list here:
http://www.clamav.net/lang/en/ml/

Monday, March 19, 2012

ClamAV 0.97.4 has been released!

ClamAV 0.97.4 includes minor bugfixes, detection improvements and
initial support for on-access scanning under Mac OS X (see
contrib/ClamAuth).

This update is recommended for all users.


Wed Feb 29 18:35:45 CET 2012 (acab)
-----------------------------------
 * libclamav/bytecode.c: reset to BYTECODE_AUTO mode at db reload so that
    we don't fail to re-enable or re-disable it again
    (bb#3789)

Tue Jan 17 11:15:57 CET 2012 (acab)
-----------------------------------
 * misc: performance improvement for HP-UX PA-RISC - patch from 
  Michael Pelletier <michael.v.pelletier*raytheon.com> (bb#3926)

Fri Nov  4 00:52:21 CET 2011 (acab)
-----------------------------------
 * libclamav/pe.c: parse vinfo where varfileinfo occours before stringfileinfo
     (bb#3062)

Fri Mar  2 19:48:36 CET 2012 (tk)
---------------------------------
 * clamd: add support for on-access scanning on OS X with ClamAuth (beta)

Wed Feb 29 17:02:18 EET 2012 (edwin)
------------------------------------
 * libclamav/bytecode_api*: Fix Sparc crash (bb #4324)

Tue Feb  7 23:23:48 CET 2012 (tk)
---------------------------------
 * libclamav: fix bytecode whitelisting

Wed Jan 25 18:56:44 CET 2012 (tk)
---------------------------------
 * libclamav: fix macro detection in OLE2BlockMacros (bb#4269)

Thu Dec  1 15:07:49 CET 2011 (tk)
---------------------------------
 * libclamav/readdb.c: allow comments in all db files (bb#3930)

Fri Nov 18 15:23:50 CET 2011 (tk)
---------------------------------
 * libclamav/scanners.c: use lsigs when scanning vba data (bb#3922)

Fri Nov 18 15:48:59 EET 2011 (edwin)
-----------------------------------
 * libclamav/matcher-hash.c: Fix SIGBUS on PA-RISC (big-endian) architectures (bb #3894).


Download : http://downloads.sourceforge.net/clamav/clamav-0.97.4.tar.gz
PGP sig  : http://downloads.sourceforge.net/clamav/clamav-0.97.4.tar.gz.sig
Bugfixes : http://www.clamav.net/release-info/bugs/0.97.4
ChangeLog: http://www.clamav.net/release-info/changelog/0.97.4