Configure clamav on MacOS

megabyte-labs · Dec 21, 2023 · b641796 · b641796
1 parent 8ed3ec6
commit b641796
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 9 deletions.
diff --git a/home/dot_local/etc/clamav/freshclam.conf b/home/dot_local/etc/clamav/freshclam.conf
@@ -115,7 +115,7 @@ DatabaseMirror database.clamav.net
 
 # Number of database checks per day.
 # Default: 12 (every two hours)
-#Checks 24
+Checks 1
 
 # Proxy settings
 # The HTTPProxyServer may be prefixed with [scheme]:// to specify which kind
@@ -201,4 +201,4 @@ NotifyClamd /usr/local/etc/clamav/clamd.conf
 # Exclude a standard signature database (opt-out).
 # This option can be used multiple times.
 #ExcludeDatabase dbname1
-#ExcludeDatabase dbname2
+#ExcludeDatabase dbname2
diff --git a/home/dot_local/etc/clamav/installdoctor.clamdscan.plist.tmpl b/home/dot_local/etc/clamav/installdoctor.clamdscan.plist.tmpl
@@ -0,0 +1,30 @@
+{{- if eq .host.distro.family "darwin" -}}
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>installdoctor.clamdscan</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>/usr/local/bin/clamdscan</string>
+    <string>/</string>
+  </array>
+  <key>StartCalendarInterval</key>
+  <array>
+    <dict>
+      <key>Hour</key>
+      <integer>22</integer>
+      <key>Minute</key>
+      <integer>0</integer>
+    </dict>
+  </array>
+  <key>UserName</key>
+  <string>root</string>
+  <key>StandardErrorPath</key>
+  <string>/var/log/installdoctor/clamdscan.error.log</string>
+  <key>StandardOutPath</key>
+  <string>/var/log/installdoctor/clamdscan.output.log</string>
+</dict>
+</plist>
+{{- end -}}
diff --git a/home/dot_local/etc/clamav/installdoctor.freshclam.plist.tmpl b/home/dot_local/etc/clamav/installdoctor.freshclam.plist.tmpl
@@ -0,0 +1,30 @@
+{{- if eq .host.distro.family "darwin" -}}
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>installdoctor.freshclam</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>/usr/local/bin/freshclam</string>
+    <string>-v</string>
+  </array>
+  <key>StartCalendarInterval</key>
+  <array>
+    <dict>
+      <key>Hour</key>
+      <integer>21</integer>
+      <key>Minute</key>
+      <integer>0</integer>
+    </dict>
+  </array>
+  <key>UserName</key>
+  <string>{{ $.chezmoi.username }}</string>
+  <key>StandardErrorPath</key>
+  <string>/var/log/installdoctor/freshclam.error.log</string>
+  <key>StandardOutPath</key>
+  <string>/var/log/installdoctor/freshclam.output.log</string>
+</dict>
+</plist>
+{{- end -}}
diff --git a/software.yml b/software.yml
@@ -2224,6 +2224,15 @@ softwarePackages:
     _home: https://www.clamav.net/
     _name: ClamAV
     _post: |
+      # Setting up launchd services
+      if [ -d /Applications ] && [ -d /System ]; then
+        sudo mkdir -p /var/log/installdoctor
+        sudo chown $USER /var/log/installdoctor
+        sudo cp -f "$HOME/.local/etc/clamav/installdoctor.clamdscan.plist.tmpl" /Library/LaunchDaemons/installdoctor.clamdscan.plist
+        sudo cp -f "$HOME/.local/etc/clamav/installdoctor.freshclam.plist.tmpl" /Library/LaunchDaemons/installdoctor.freshclam.plist
+        sudo launchctl load -w /Library/LaunchDaemons/installdoctor.clamdscan.plist
+        sudo launchctl load -w /Library/LaunchDaemons/installdoctor.freshclam.plist
+      fi
       # Add freshclam.conf
       if [ -f "$HOME/.local/etc/clamav/freshclam.conf" ]; then
         sudo mkdir -p /usr/local/etc/clamav
@@ -4781,12 +4790,12 @@ softwarePackages:
       if command -v gitomatic > /dev/null; then
         ### Copy bin to /usr/local/bin
         logg info "Copying $HOME/.local/bin/gitomatic-service to /usr/local/bin/gitomatic-service" && sudo cp -f "$HOME/.local/bin/gitomatic-service" /usr/local/bin/gitomatic-service
-        
+
         ### Copy gitomatic to global directory
         if [ ! -f /usr/local/bin/gitomatic ]; then
           logg info 'Copying gitomatic executable to /usr/local/bin/gitomatic' && sudo cp -f "$(which gitomatic)" /usr/local/bin/gitomatic
         fi
-      
+
         if [ -d /Applications ] && [ -d /System ]; then
           ### macOS
           logg info 'Copying gitomatic plist file to /Library/LaunchDaemons' && sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/gitomatic/com.github.muesli.gitomatic.plist" /Library/LaunchDaemons/com.github.muesli.gitomatic.plist
@@ -7299,7 +7308,7 @@ softwarePackages:
 
         ### netdata-claim.sh must be run as netdata user
         sudo -H -u netdata bash -c 'export NETDATA_ROOM="{{- if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NETDATA_ROOM")) -}}{{- includeTemplate "secrets/NETDATA_ROOM" | decrypt | trim -}}{{- else -}}{{- env "NETDATA_ROOM" -}}{{- end -}}" && export NETDATA_TOKEN="{{- if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NETDATA_TOKEN")) -}}{{- includeTemplate "secrets/NETDATA_TOKEN" | decrypt | trim -}}{{- else -}}{{- env "NETDATA_TOKEN" -}}{{- end -}}" && yes | netdata-claim.sh -token="$NETDATA_TOKEN" -rooms="$NETDATA_ROOM" -url="https://app.netdata.cloud"'
-        
+
         ### Kernel optimizations
         # These are mentioned while installing via the kickstart.sh script method. We are using Homebrew for the installation though.
         # Assuming these optimizations do not cause any harm.
@@ -10029,7 +10038,7 @@ softwarePackages:
     _home: https://github.com/skeeto/endlessh
     _name: Endlessh
     _service: endlessh
-    _post: | 
+    _post: |
       # @file Endlessh Configuration
       # @brief Applies the Endlessh configuration and starts the service on Linux systems
       # @description
@@ -11194,7 +11203,7 @@ softwarePackages:
       #     ## Links
       #
       #     * [Privoxy configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/privoxy/config)
-      
+
       ### Define the Privoxy configuration location based on whether system is macOS or Linux
       if [ -d /Applications ] && [ -d /System ]; then
         ### macOS
@@ -11220,7 +11229,7 @@ softwarePackages:
             sudo add-usergroup "$USER" privoxy
           fi
           sudo chown privoxy:privoxy "$PRIVOXY_CONFIG" 2> /dev/null || sudo chown privoxy:$(id -g -n) "$PRIVOXY_CONFIG"
-          
+
           ### Restart Privoxy after configuration is applied
           if [ -d /Applications ] && [ -d /System ]; then
             ### macOS
@@ -12350,7 +12359,7 @@ softwarePackages:
       #     ## Links
       #
       #     * [`fail2ban` configuration folder](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/fail2ban)
-      
+
       ### Notify of script start
       logg info 'Configuring fail2ban'