These instructions work as is for both Snow Leopard and Leopard.

The first thing to do is to get the source code for clamav from sourceforge.

Once we have the source code, we need to expand it, configure it, and build and install it. We will set clamav to store it’s configuration files under /etc/clamav. We will also set the user and group that clamav will run under to _clamav. On Snow Leopard, this user and group already exists, so we only have to assign clamav to use them. Once you have expanded the archive and switched into the directory we will configure and build with the following commands.

./configure --with-user=_clamav --with-group=_clamav --sysconfdir=/etc/clamav

You can now build with:

make check

If all has gone well, we are ready to install with:

sudo make install

The next thing to do is to create a configuration file for clamav. In the config file we will tell clamav where to write it’s pid file for running as a daemon, and where the log file is that we created. We also set the interval for selfchecks. Self checks should be run regularly, the higher the load on your server, the more often that clamav should check itself to make sure everything is running correctly. At the moment it checks the database every 3600 seconds (once and hour). You can increase or decrease the interval as you like.

Amavisd-new will connect to clamav thought a socket file. We set clamav to create that socket in the /tmp directory.

Create the a clamd.conf file and add the following lines to it:

LogFile /var/log/clamd.log
LogFileMaxSize 2M
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/run/
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /tmp/clamd.socket
FixStaleSocket yes
ReadTimeout 300
IdleTimeout 60
MaxDirectoryRecursion 20
SelfCheck 3600
User _clamav
AllowSupplementaryGroups yes
Foreground yes
DetectPUA yes
AlgorithmicDetection yes
ScanPE yes
ScanELF yes
DetectBrokenExecutables yes
ScanOLE2 yes
ScanPDF yes
ScanMail yes
PhishingSignatures yes
ScanHTML yes
ScanArchive yes

Once you have saved we will need to change the permissions and ownership on the configuration file before we move it into place. We do so with the following commands:

sudo chmod 0644 clamd.conf
sudo chown _clamav:wheel clamd.conf
sudo mv clamd.conf /etc/clamav/

Next we create the log file for clamav to output information too. Once the file is created, we change it’s ownership to ‘_amavisd’. We give amavisd ownership because clamd will be running under the user amavisd while it is in daemon mode.

sudo touch /var/log/clamd.log
sudo chown _amavisd /var/log/clamd.log

Now that clamav is installed you can use it by hand to scan files for viruses using clamscan. However, it won’t have the latest virus definitions nor is it ready for use as a daemon in conjunction with postfix and amavisd-new.

Setting up auto updates requires us to create a configuration file for the database updater freshclam. We also need to create the place where that database will be stored. The first thing we will do is create the directory to store the virus database that will be updated by freshclam.

The following 2 commands will create a directory and set the permissions so that only clamav and freshclam can access the information it will contain.

sudo mkdir /var/lib/clamav
sudo chown _clamav:daemon /var/lib/clamav

Now we have somewhere to put the information, we need to create a configuration file for freshclam. Open up your favorite editor and enter the following.

DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/freshclam.log
LogFileMaxSize 2M
LogTime yes
LogSyslog yes
PidFile /var/run/
DatabaseOwner _clamav
AllowSupplementaryGroups yes
MaxAttempts 2
Checks 2
Foreground yes

Save the file as freshclam.conf. We will need to change the permissions and ownership on the configuration file before we move it into place. We do so with the following commands:

sudo chmod 0644 freshclam.conf
sudo chown _clamav:wheel freshclam.conf

Now move it into place with :

sudo mv freshclam.conf /etc/clamav/

We also need a log file for freshclam. Just as we did for clamav, creating the logfile and changing it’s ownership required only two commands. They are as follows:

sudo touch /var/log/freshclam.log
sudo chown _clamav /var/log/freshclam.log

There is one more thing we need to do to make freshclam work without any troubles. Freshclam requires a .pid file while it is running. In the configuration file we have told freshclam to place that file in /var/run along with the other .pid files that OS X uses.

In order to give freshclam the ability to create a file in /var/run we need to add the _clamav user to the daemon group. This is done by entering the following command :

sudo dscl . -append /Groups/daemon GroupMembership _clamav

Now that everything is ready, we should run freshclam once by hand to make sure everything will run properly.

sudo freshclam

If everything has gone well, we should now have clamav installed and updated.