The binary daemondo is part of MacPorts: $ which daemondo /opt/local/bin/daemondo
To allow this process full disk access hit ‘+’ under System Preferences>
Security & Privacy> Privacy> Full Disk Access,
Then in the Finder window hit Command-Shift-. to show the hidden directories,
then navigate to /opt/local/bin/daemondo.
All clamav-server logs are in /opt/local/var/log/clamav, or
~/Library/Logs/ClamavScanIt for user-invoked ClamavScanIt.sh calls. Look for
ClamavScanOnAccess.log and ClamavScanSchedule.log.
Except for the logs, clamav-server scans happen silently in the background.
Quarantined files are placed in /opt/Quarantine or ${CLAMAV_SERVER_QUARANTINE}
according to rules in the scripts:
/opt/local/etc/LaunchDaemons/org.macports.ClamavScanOnAccess/ClamavScanOnAccess.wrapper
/opt/local/etc/LaunchDaemons/org.macports.ClamavScanSchedule/ClamavScanSchedule.wrapper
/opt/local/bin/ClamavScanIt.sh
There’s several other shell variable in these scripts that provide user control
of control scanning behavior.
If you follow the instructions for the Finder.app Contextual Menu for
ClamavScanIt.sh, then right-click on a file and run ClamavScanIt, you’ll see
the little Automator gear running in the Menu Bar, then a notification of the
result.
An undocumented feature to set environment variables at boot time is to create
and load a plist like the following:
/Library/LaunchDaemons/private.myserver.launchctl-setenv.plist
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
> "http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
> <plist version="1.0">
> <dict>
> <key>Label</key>
> <string>private.myserver.launchctl-setenv</string>
> <key>ProgramArguments</key>
> <array>
> <string>/bin/bash</string>
> <string>-c</string>
> <string>/bin/launchctl setenv CLAMAV_SERVER_QUARANTINE
> /path/to/my/quarantine ; /bin/launchctl setenv
> CLAMAV_SERVER_SCAN_SCHEDULE_TARGETS '("/"
> "/Volumes/MyDisk”)'</string>
> </array>
> <key>RunAtLoad</key>
> <true/>
> </dict>
> </plist>
> On Dec 14, 2020, at 11:35 AM, Lenore Horner <[email protected]>
> wrote:
>
> I’m not understanding one part of the notes for clamav-server. They say
> “On macOS 10.14+ On-Schedule and On-Access scans require enabling
> Full Disk Access for the MacPorts process "daemondo" in:
>
> System Preferences> Security & Privacy> Full Disk Access”.
> I’ve looked through the results of port contents clamav and port contents
> clamav-server and don’t see any file deamondo listed. There is a deamondo in
> /opt/local/bin but how do I know that’s the right one? It’s not labeled in
> any clear way as having come from MacPorts. How would I verify that automake
> scanning of ~/downloads and ~/desktop is happening? I only see the log for
> the manual scanning. Does that mean I still don’t have the automatic
> scanning configured correctly (so there is some other deamondo I need to
> follow the instructions above for because I think the rest I’ve followed
> successfully) or is the logging of that going somewhere else?
>
> Thanks,
> Lenore
smime.p7s
Description: S/MIME cryptographic signature
