Some of the things Enterprise love about ClamXAV are how lightweight it is on clients/endpoints, and how easy it is to configure and distribute to an entire network of Macs in one fell swoop. Here, we describe some of the things you can achieve with a business licence and how to make it work the way you want it to.
We offer great value for volume licensing, with discounts starting at just 2 seats. Please see our Pricing Page for more information. If you need more than 150 seats, just reach our to our sales team and we'll get you sorted.
If, like us, you find your staff numbers are always going up, you can add more seats to your licence at any time during the year, with the cost pro-rata to your renewal date. If the additional seats bump you up into the next discount level, they'll be offered at that price point, and then all your seats will use the new price-point at your next renewal. You can't really say fairer than that, can you?
You have two options for distributing and licensing ClamXAV to the Macs on your network depending on the level of access your users/staff have, the number of seats you're protecting, and any distribution methods you already employ:
This is the easiest method of deployment, but it requires the endpoint user to have admin privileges to perform the installation and any subsequent updates to the application, as well as enabling Full Disk Access. Your users would simply follow the instructions in the QuickStart Guide to download and install ClamXAV. You would then send them an email containing a link to install the registration key.
Your users would then be free to configure the app, and any schedules, as they see fit.
You can use our Remote Deployment Tool to configure an installer .pkg file for remote deployment via your MDM server.
If you don't want to specify default preferences, go directly to step 6.
Copy the file in /Library/Application Support/ClamXAV/Settings/Users to the same place within the RemoteHD folder, but change the name to the login user name on the target computer.
If you also want to prevent your users from modifying your default preferences, take that plist file, rename it to override.plist and move it up one level so that it's sitting in RemoteHD/Library/Application Support/ClamXAV/Settings/ also see the 'Overriding/enforcing preference settings' section below.
As of version 3.4, ClamXAV can now notify a designated email contact upon malware detection on any of your endpoints. To enable this, you need to deploy a `global.plist` preferences file to your endpoints.
You can find an example of this in `RemoteDeploymentTool/Extras/global.plist`. You'll need to change the value of the `SendEmailAlert` setting to `true`. You will also need to contact us and let our support staff know the email address to be notified when malware is detected.
The `global.plist` file should be copied to `RemoteHD/Library/Application Support/ClamXAV/Settings/global.plist`
You may also need to distribute a configuration profile to your Macs to enable Full Disk Access. If you don't do this, you will need to manually enable this via System Preferences on each computer. You can find the profile in the Extras folder of the Remote Deployment Tool, called 'ClamXAV Full Disk Access.mobileconfig'
You can force any preference setting with an override config file.
Within the Remote Deployment Tool folder, you'll find a sample override configuration file. It's an XML file but it can be edited with a plain text editor. The first two settings will ensure the database is updated daily and that the app itself will be kept up-to-date:
ScheduleUpdateFrequency 1
UpdateClamXAVOnLaunch true
The file then configures a default set of preferences for the scan settings.
After that is a section which lists the preference settings that users are allowed to specify for themselves - UserConfigurableSettings.
For the purposes of this example, you'll want to remove the lines in this section which would otherwise allow users to configure ScheduleUpdateFrequency and UpdateClamXAVOnLaunch via the app.
The override.plist file should be placed within RemoteHD/Library/Application Support/ClamXAV/Settings/ prior to generating the ClamXAV.pkg installer file in step 6 above.
Open a terminal window into the RemoteDeploymentTool folder and run the buildStandaloneInstaller.sh script.
That will result in a package file called ClamXAV.pkg which you should to be able to code-sign and deploy via your usual tools.
If you have any computers which need to be kept disconnected from the internet, but which still require to have ClamXAV installed and updated, you can use our Offline Database Updates for this.
Please see the Offline Database Updates page for more information.
Some of ClamXAV's functions can be performed via the XAV command line. Some examples of which are below:
/usr/local/ClamXAV3/bin/XAV --version
/usr/local/ClamXAV3/bin/XAV --update
/usr/local/ClamXAV3/bin/XAV --quick-scan
We will be adding features to the command line interface as time goes on. You are able to see the available feature-set by running the XAV tool with no command line flags.
All events performed by ClamXAV are logged in our proprietary database format. To aid data collection and reporting, it's possible to export the logs into a plain text file. This can also be done using the XAV command line tool.
You can obtain a report of all malware database update events since you installed ClamXAV with the following command:
/usr/local/ClamXAV3/bin/XAV --parse-logs updates
Alternatively, you can supply a start date (in ISO 8601 format) for the log parser if you only want to see recent events:
/usr/local/ClamXAV3/bin/XAV --parse-logs updates start-date 2022-01-10
Likewise, you can supply an end-date if you don't want the most recent records. Alternatively, you can combine 'start-date' and 'end-date' if you're only interested in a range in the middle of the report.
The same command line options work for viewing the output of scan reports:
/usr/local/ClamXAV3/bin/XAV --parse-logs scans
/usr/local/ClamXAV3/bin/XAV --parse-logs scans start-date 2022-01-01
/usr/local/ClamXAV3/bin/XAV --parse-logs scans start-date 2022-01-01 end-date 2022-01-20
Any scans which detected malware will be followed by those detections, indented with a single tab character.