Protecting Against Malicious Software | Apple Training Series: Mac OS X System Administration Reference, Volume 1

It's true on the sports field and it's true when you're facing off against malware: The best offense is a good defense. By responsibly using preventative procedures and implementing protective features built into Mac OS X, you can avoid malware attacks and improve your chances of total recovery if a system or network does become infected.

Backing Up Data and Testing the Backup

The first line of defense and a sure way to prevent an extreme crisis if a computer is infected is to back up data! Be extremely proactive in regularly backing up important data on all the computer systems that fall under your responsibility. Just as important is to test the integrity of those backups and your ability to restore that data from that backup.

The goal of performing a backup isn't to archive datait is to actually restore the original data. If you cannot take your backup to that last step of full restoration, your backup efforts are worthless.

Using Virus Protection Software

You now know how bad malicious software can be, including the damage that it can do to your machine and how it can be transmitted to other machines. Although there are few (if any) Mac OS X viruses today, there likely will be in the future, and you'll be better off if you're prepared before it happens rather than scrambling to figure out what to do after it happens. Lesson 19, "Mail Security," talked about what you, as an email server administrator, can do to quickly add antivirus protection to the users of your email service. But what can end users do to protect their machines?

You no doubt know that there are a number of popular antivirus programs available for other popular operating systems. A number of those are even available on Mac OS X. But as it turns out, there's a free program available called Clam AntiVirus, or ClamAV. This is the same software that the Mac OS X Server mail server uses, and it can protect your workstation too.

Obtain ClamAV

ClamAV is normally distributed as source from www.clamav.net, which you have to download and compile on your machine. After compiling, you must configure and run ClamAV from the command line. Thankfully, Mark Allan has developed a free port called ClamXav, which includes an easy way to use GUI. Here's what to do:

1.	Download ClamXav from www.clamXav.com.
2.	Open the disk image and drag the ClamXav application to your Applications folder.
3.	Open the ClamXav application.
4.	When prompted to install the ClamAV engine, click the Install button, and proceed through the prompts to complete the installation.
5.	After the installation of the engine is complete, you'll probably have to relaunch ClamXav.
6.	Click the "Update virus definitions" button. You'll want to do this every time you run ClamXav to ensure that your computer always knows about the most recent viruses.
7.	Click the "Choose what to scan" button. Scanning your whole drive is optimal but can take some time, so you may need to scan only your home directory.
8.	Click the Preferences button.
9.	On the Internet tab, you probably want to check the boxes at the bottom to automatically check for ClamXav, ClamAV, and virus definitions updates.
10.	The rest of the tabs in the preferences window contain a number of options that you may want to set, particularly the ones that enable automatic scheduled virus scans. For now, just click the OK button to close the preferences window.
11.	Click the Start Scan button in the main ClamXav window.