Sentry Documentation

ClamXav Sentry provides the ability to watch folders for changes to their contents. As soon as a file or folder is added to one of the watched folders, it is scanned by ClamXav. If the new addition is clean, no further action is required on your part. On the other hand, if it is infected, a warning message is displayed immediately alerting you to the fact and allowing you to decide which course of action to take.

ClamXav Sentry also offers you a short cut for updating the virus definitions which can be done directly from the menu without needing to launch ClamXav itself.

When active and watching folders, ClamXav Sentry appears as an icon in the menu bar - five vertical bars behind the silhouette of a folder. All actions related to watching folders are performed via this menu icon.

The menu item changes to indicate its state as follows:
     Starting up, or watching has been stopped temporarily
    Sentry Watching Watching folders for new additions - scan not currently in progress
    Sentry Scanning animation Actively scanning new additions to one or more of the watched folders
    Sentry Updating animation Sentry is updating virus definitions
    Sentry icon with an exclamation mark Sentry has found an infected file

Specifying Which Folders to Watch

Before you can actually make use of Sentry, you may need to specify which folders you wish ClamXav Sentry to watch. This is done by choosing the Preferences option from the ClamXav Sentry menu, or by opening Preferences » Sentry, from the ClamXav menu with ClamXav running.

Please consult the ClamXav Preferences documentation for complete information on how to configure Sentry to suit your needs.

Stopping & Starting Watching

When ClamXav Sentry is launched it will automatically start watching the folders you specified in the preferences, as well as some key areas of the system.

Should you wish to suspend ClamXav Sentry's actions temporarily, you can choose Stop Watching from the menu. Watching can be started again by choosing the appropriate menu item.

Aborting Scans

If a scan is taking significantly longer than you expect it should, or if you have just inserted a large disk or mounted a large network volume which is being scanned, then you may abort the scan by choosing the "Abort Scans" menu item.

Quitting ClamXav Sentry (an option which is not available during a scan) will automatically stop folders from being watched. From then on, new additions to the specified folders will not be scanned unless you explicitly do so from within ClamXav.

Dealing with Infected Items

Small Sentry's Infected List Window with Virus Found

If a notification pops up informing you that an infected file has been found, or you notice the menu item is showing the exclamation mark in the menu bar, don't worry. Click on the notification to open the Infected Items Window, or select "Open Infected Items" from the ClamXav Sentry menu. From here, there are a number of options available to you; Select the infected file from the list and then choose one of the options available via the toolbar, or right-click an infected item to see available options:

  • Show Path
  • Reveal in Finder
  • Quarantine
  • Delete

The Infection List is colour-coded to help you decide what to do with an item that has been found:

  •      blue - low concern (consider quarantining the file to avoid the risk of passing it on to others)
  •      orange - medium concern (advise quarantine)
  •      red - high concern (advise delete)
  •      green - neutralised threat

If you delete or quarantine something accidentally, you should right-click (or hold the control key and click if you only have one mouse button) on the file in question immediately and select "Put Back". This ought to put the file back to where it belongs. NB: System Infections, once removed, cannot be put back. Emails can be returned to their original position directly from within Apple Mail itself - you can find them either in the trash or quarantine folder within Mail.

Dealing with Suspicious Activity

Small Sentry's Suspicious Activity Window showing a disk image

If a notification pops up informing you that ClamXav has detected suspicious activity, this most likely means that you've just installed some malware and ClamXav will offer to remove it for you. It will also list the possible sources for that malware and ask if you would like to upload it to us for further inspection.

All items in the list will start by being ticked. You should remove the tick beside any item you trust, or any item that you do not wish to upload. Please then submit the files to us for further analysis.

By allowing these files to be uploaded, you will be helping to make ClamXav better for everyone.

Please see our privacy policy to know what happens to any information you submit.