My use-case is this: I have very good protection via Crowdstrike Falcon Sensor, but that only deletes/quarantines files based on known IOCs, high malicious scores, or behavior via machine-learning. Otherwise it still blocks processes considered suspicious and/or due custom IOA. The downside is that some files are left behind. What we have used in the interim to do post-alert cleanup is download the trial version of MalwareBytes for Mac, install, scan, then remove MalwareBytes.
I want to automate the scanning of an endpoint using ClamAV but without permanently installing ClamAV. In Windows I can simply copy the ClamAV files to a temp location and then initiate the scan command line with the desired parameters like Update, Full Scan, Logging, etc. After the scan completes the temp directory is deleted. I'm sure we can do the same with ClamAV on the Mac but I have not seen any references to it being done yet. In documentation it mentions the compiling of the code which I am thinking I can leverage to create a single package to accomplish what I need but I am not fluent enough in linux/unix to test. As an example, I was able to successfully create a stand-alone MalwareBytes Enterprise scanner but that is not free and very expensive so we did not want to purchase to only use it sparingly. The permanent installation of a scanner is NOT required and proved out a few times. Does anyone here have an idea, lead, or suggestion of how I can accomplish this on a Mac? Thanks in advance. Dexter R. Rivera On 5/11/19, 9:01 AM, "clamav-users on behalf of clamav-users-requ...@lists.clamav.net" <clamav-users-boun...@lists.clamav.net on behalf of clamav-users-requ...@lists.clamav.net> wrote: Send clamav-users mailing list submissions to clamav-users@lists.clamav.net To subscribe or unsubscribe via the World Wide Web, visit https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.clamav.net%2Fmailman%2Flistinfo%2Fclamav-users&data=02%7C01%7C%7Cf182ecec07f740dba63808d6d629f5db%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636931873058741554&sdata=nax3EoCsiR6noTsd20e8tdRaWR%2FsexMvyv1wgc%2FmN9g%3D&reserved=0 or, via email, send a message with subject or body 'help' to clamav-users-requ...@lists.clamav.net You can reach the person managing the list at clamav-users-ow...@lists.clamav.net When replying, please edit your Subject line so it is more specific than "Re: Contents of clamav-users digest..." _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml