Remote Deployment Tool

Please note this tool has been superseded by Xenia, our Remote Management Console for ClamXAV. Whilst this information is still valid, you may want to consider moving over to managing your Macs with Xenia instead.

You can use our Remote Deployment Tool to configure an installer .pkg file for remote deployment via your MDM server.

  1. Download the Remote Deployment Tool v3.5.4
  2. Install the latest version of ClamXAV on the same computer as the Remote Deployment Tool is being used.
  3. Install the registration key.

Specifying default preference settings

If you don’t want to specify default preferences, go directly to step 6.

To supply a default set of preferences for your users, open ClamXAV and configure the settings as you would like them. You may want to consider setting scan schedules for certain folders as well as the Quick Scan. Consider, also, the settings for Sentry and whether you want external volumes and network drives scanned.

  1. Copy the file in /Library/Application Support/ClamXAV/Settings/Users to the same place within the RemoteHD folder, but change the name to the login user name on the target computer.
  2. If you also want to prevent your users from modifying your default preferences, take that plist file, rename it to override.plist and move it up one level so that it’s sitting in RemoteHD/Library/Application Support/ClamXAV/Settings/ also see the Overriding/enforcing preference settings section below.

Notifying a designated email contact upon malware detection

ClamXAV can notify a designated email contact upon malware detection on any of your endpoints. To enable this, you need to deploy a global.plist preferences file to your endpoints.

You can find an example of this in RemoteDeploymentTool/Extras/global.plist. You’ll need to change the value of the SendEmailAlert setting to true.

The global.plist file should be copied to RemoteHD/Library/Application Support/ClamXAV/Settings/global.plist

You will also need to contact us and let our support staff know the email address to be notified when malware is detected.

Configuration Profile for Full Disk Access

You will also need to distribute a configuration profile to your endpoints to enable Full Disk Access. If you don’t do this, you will need to manually enable Full Disk Access via System Settings on each computer.

You can find the profile in the Extras folder of the Remote Deployment Tool, called ClamXAV Full Disk Access.mobileconfig

Overriding/enforcing preference settings

You can force any preference setting with an override config file - see step 5.

Within the Remote Deployment Tool folder, you’ll find a sample override configuration file. It’s an XML file but it can be edited with a plain text editor. The first two settings will ensure the database is updated daily and that the app itself will be kept up-to-date:

ScheduleUpdateFrequency 1
UpdateClamXAVOnLaunch true

The file then configures a default set of preferences for the scan settings.

After that is a section which lists the preference settings that users are allowed to specify for themselves - UserConfigurableSettings.

For the purposes of this example, you’ll want to remove the lines in this section which would otherwise allow users to configure ScheduleUpdateFrequency and UpdateClamXAVOnLaunch via the app.

The override.plist file should be placed within RemoteHD/Library/Application Support/ClamXAV/Settings/ prior to generating the ClamXAV.pkg installer file in step 6 below.

Generate the ClamXAV.pkg installer package

  1. Open a terminal window into the RemoteDeploymentTool folder and run the buildStandaloneInstaller.sh script

This will result in a package file called ClamXAV.pkg which you should be able to code-sign and deploy via your usual tools.