Xenia Management Console

Introduction

Xenia is our answer to an Enterprise Management Console for ClamXAV.

The word Xenia comes from Ancient Greece; it’s the concept of hospitality, respect and protection between host and guest. So, whilst ClamXAV looks after the safety of your Macs, Xenia helps you oversee and manage your deployment of ClamXAV protection easily. It lets you see the status of your entire fleet at a glance, fix any issues, and even handles licence activation and deactivation.

Quickstart & Deployment

Once you have confirmed your email address and generated your password for Xenia, the first thing you need to do is log in. After that you’ll probably want to see some of your Macs in the list of Activated Devices. To do this, however, those computers need to be told to talk to the Xenia server because a standard ClamXAV installation doesn’t “phone home” or tell us anything about where it is or what it’s doing.

So that they know where the server is, you’ll need to make some changes to the ClamXAV installation on your fleet. Your options are to redeploy ClamXAV using your organisation-specific installer, run a simple command line tool remotely, or distribute a clickable URL link to your users.

To bring a Mac which has already been activated with your organisation’s licence under Xenia’s management, choose one of the following two options:

  1. Remotely issue the command:
    /Applications/ClamXAV.app/Contents/MacOS/XAV --install-satellite
    OR
  2. Distribute the following link and tell all your users to click on it:
    clamxav.com/install-xenia-satellite

Alternatively, for any Mac (with or without an active installation), you can reinstall ClamXAV entirely using the installer package specific to your organisation by using the “Get ClamXAV Installer” button at the bottom of the navigation menu on the left.

Organisation-specific ClamXAV download button

When you click that button, a popup panel appears with further instructions. If your staff have admin-level access to maintain their own computers and install software for themselves, you can copy the link on the “Download Installer” button in the popup and share the link to let them download the installer PKG and install it directly. Alternatively, you can download from that button yourself and copy it to your other computers and install it manually.

The final option is to use that installer package with your existing MDM service for software deployment. Instructions for that are beyond the scope of this document, but it should be no different to deploying any other software installer pkg. You will, however, also need to deploy the configuration profile for Full Disk Access before ClamXAV will operate properly. The link for that is on the same popup as the download button.

…and that’s all there is to it! Once you’ve done that, you’ll start seeing your Macs appearing in the “Activated Devices” section of Xenia web.

In-depth Instructions

The Dashboard

This is the first place you land after logging in, and it gives you a quick overview of your licence as well as the state of the Macs in your fleet. Image of Xenia Dashboard

At the top you can see how many seats you have a licence for, how many are being used, and how many you have available for activation.

To the right you have the donut chart which gives you a bird’s-eye view of your entire fleet - what percentage are working correctly, needing attention in some way, are infected, or are taking up licence seats but not being managed by Xenia. Below this, you have a specific count of each segment.

In the middle of the screen, you can see a breakdown of why any of the computers may have been marked as Needing Attention. These range from simply not having run a scan or database update recently, to a warning that ClamXAV needs to be updated or that the computer hasn’t been seen for more than a week.

At the bottom, you can see any devices which have detected an infection that couldn’t be handled automatically.

Device Lists

The next most useful things to look at are the Device Lists. You can access these either from the left navigation menu.

“Activated Devices” is a list of all your Macs which have an active ClamXAV licence and are managed by Xenia. They will show up in this list regardless of their status. The other lists (“Infected Devices” or “Devices Needing Attention”) show a subset of what’s in here. View the list of “Deactivated Devices” should you ever wish to add a licence back to a machine which was previously deactivated.

The Activated Devices list shows you if each computer is online, or if it’s not online right now it’ll tell you the last time the machine was seen by Xenia.

The Status column is possibly the most useful piece of information on this page. You can decipher it as follows:

Activated Device icon Clean and currently connected

Device Unavailable icon Device unavailable

Needs Attention Device icon Device needing attention

Infected icon ClamXAV detected an infection

Scanning icon ClamXAV is currently scanning the device

Upating icon ClamXAV is currently downloading a database update

To find out why a particular device might be needing attention, you can hover over the status column for additional details.

You can sort the list in any order by clicking on the column names.

Using the search box at the top, you can filter this list by any of the criteria you see here, including the Notes field. Notes are free text, and can be used to group machines together to create either ad-hoc lists, or some people use them to create permanent groupings where it’s not possible or convenient to do this based on the computer hostnames.

Once you’ve identified a machine (or group) on which you need to perform an action, use the “Select” or “Select All” buttons at the top of the list and then the “Scan”, “Update DB”, or “Deactivate” buttons.

The “Export Summary” button produces a CSV report of the current state of your fleet. This can contain as much or as little information as you need - simply select the required fields from the popup that appears when you press the button. The popup remains open in case you want to produce multiple reports containing different information. There’s a close button [X] at the top right to dismiss the popup when you’re finished.

Lastly, click the “All Details” button to see detailed information on any particular computer.

Device Details

This screen is where you can see a detailed view of any particular device.

Device Details View

You have all the same options as on the list page (running scans, database updates, updating the ClamXAV app, and licence activation/deactivation), however you can also Decommission the machine if it is leaving your organisation. This will remove all registration data, settings and background tools of ClamXAV. The only way to get ClamXAV running on this machine again would be to reinstall it via the installer pkg.

Should you ever need to ask us for help with a particular computer, we may have to ask for a diagnostics report from it; you can do that from this page.

Lastly, you can also view additional details of recent scans and database updates.

View scan & update logs

Scan Logs View

Like the Reports window within ClamXAV, here you can view the results of any recent scans and database updates. It gives additional information about the scan itself as well as offering up a list of any infected items which may have been found. If there are any, you will be able to Delete, Quarantine or Restore using the appropriate buttons.

Configuring ClamXAV client settings

It’s likely that you will also wish to reconfigure ClamXAV on your remote computers with settings specific to your organisation’s requirements. You do this via the two Preferences options underneath Deployment in the left menu - Global Preferences, and User Preferences.

Under Global Preferences you can choose to enable or disable ClamXAV Sentry, along with whether or not External and Network volumes are scanned. You can also enable detection of non-Mac Malware and turn on the sending of email alerts for when ClamXAV detects malware on any of your devices (this requires you to configure an email to receive these notifications, see Xenia Settings below). You can also choose whether your remote computers should receive the current stable branch of ClamXAV releases, or the beta ones with the latest fixes and test features.

We would advise that you always keep enabled the option to Prevent User Changing Registration Key.

Under User Preferences, you can specify whether or not to display the ClamXAV Menu item, and whether or not it should be animated, as well as whether or not the user should receive notifications when a scan completes.

You can also specify how often the malware database is updated, as well as schedules for running Quick Scans and Full Hard Drive scans. Our recommendations would be as follows:

  • Database Update Schedule: Daily, at a minimum.
  • Quick Scan: Every Day, at a time when the computer is being used.
  • Full HD Scan: Once a week, at a time when the computer is on but not being used for processor-heavy tasks.

If you control deployment of ClamXAV through MDM, we would recommend disabling the option to Check for New ClamXAV Versions on Launch, otherwise your users will be prompted to install app updates that they can’t actually perform unless they have admin permissions.

Configuring Xenia web app settings

Certain settings for the Xenia application itself can be configured by clicking on your name at the top left and choosing Edit Profile Settings.

Configuring email address to receive infection notifications

Whenever ClamXAV detects an infection on any of your devices, and the Global Preferences are configured to send an email, you will receive notifications at the email address(es) you specify here. Enter one or more email addresses, separated with a comma.

The following times are all expressed in seconds.

Session Token TTL: This is how long your session remains open after closing your browser window (or quitting the Xenia Mac app).

Account Create Email Token TTL: When you add a colleague to Xenia, this is how long the registration link remains active.

Password Reset Email Token TTL: When you request to reset your password, this is how long the link remains valid.

Mac desktop app version

If you prefer, we also have a Mac desktop app which you can download here. Most of the screens and functionality are similar to the web version, so don’t require any additional documentation. The initial set up is a bit more complex, but there’s a Setup Assistant to guide you through the process.

You can use both the desktop app and the web app interchangeably, but cannot be logged in to both at the same time.

If you’re using the Mac desktop app, you do not need to leave it running all the time.