ClamXav 2 full review
ClamXav 2 is a little different to most other anti-malware software programs. Not only is it free in the finance sense, this venerable command-line program is also based on a libre and open-source project. The ClamAV project was originally made for UNIX and is typically used for server-based email screening – Apple even includes it in OS X Server for this reason.
Ports are available for Windows and Linux, and ClamXav 2 for OS X with its graphical interface was developed by Mark Allan using the GPL code. It’s supported by donations through the British developer's website www.clamxav.com, and you’ll also find it as a free download on the Mac App Store.
If you get it from the developer’s site, the first time you run ClamXav 2 you must install the Clam Anti-Virus engine separately. It’s an easy enough process and can be as a ready-made binary that’s downloaded through the app itself, or you can choose to compile yourself. When checking for application updates the app will optionally send basic system details to the developer and this is easily deselected if preferred.
Where ClamXav 2 also differentiates itself is by having no real-time scanning facilities. You can however still set it to run scheduled scans on important directories or volumes, up to once per day.
But to help compensate for the real-time deficiency, there’s a potentially invaluable Sentry option, where you can choose a certain folder for ClamXav to monitor, as well as inserted disks – example would be your Downloads folder, or /Library and /private where malware likes to hide. Attached USB drives could also be set for scan, even if this infection vector is minimal today.
Note that the app and its Sentry function do not automatically launch after reboot, although it’s simple enough to add ClamXav 2 to your user login items; but you’ll also need to select ‘Launch ClamXav Sentry when you log in to this computer’ from the app’s preferences for this function to always be engaged. And although ClamXav is available to download through the Mac App Store, that version does not include the Sentry function.
ClamXav 2 review: Application design and interface
The interface is quite spartan but suitably Mac-like. Across the top of its small application window are buttons for Start Scan, Stop, Pause; and then links to Update Definitions, Open Scan Log, Open Update Log, and Preferences.
The left sidebar of the application’s window is the Source List, which shows your user directory, Documents, and Desktop folders by default. To scan any of the above, just click the icon. Or you can drag any chosen folder or volume to the same sidebar, highlight it and then click Start Scan.
Detailed results about what’s been scanned and the results are available through OS X’s own Console.app, and stored in ~/Library/Logs.
Other options found in the app’s preferences include setting your quarantine folder, where suspect files can be sent for closer examination; and Exclude Files, which lets you set ClamXav to overlook certain filetypes, for example. There’s even a link to another site’s tutorial on using regular expressions.
ClamXav 2 review: Performance
The clamscan engine that does the heavy lifting of signature-based malware scanning is usually taking only one processor thread, and in our tests that was typically pegged at 100 percent on our four- and eight-core Intel processors when active.
In our performance tests ClamXav 2 was the slowest to finish in on-demand scans of our test directory – almost three times longer than the next-best apps.
Malware detection by Security Spread was not bad though at 89.3 percent from the April 2014 malware zoo, which includes unwanted applications like commercial keyloggers. For the latter category alone, ClamXav 2 found 89% of the 37 test apps. Discovering previously installed malware traces was lowest of the six reviewed here, at 34 percent and just behind Avira.
False positives were flagged for two of the selection of 11, just above the average of one incorrect call, and quieter than the worst-case example of Avast in this group which mistook four innocent samples for malware.