Configure clamav on MacOS

home/dot_local/etc/clamav/freshclam.conf

@@ -115,7 +115,7 @@ DatabaseMirror database.clamav.net
 
 # Number of database checks per day.
 # Default: 12 (every two hours)
-#Checks 24
+Checks 1
 
 # Proxy settings
 # The HTTPProxyServer may be prefixed with [scheme]:// to specify which kind
@@ -201,4 +201,4 @@ NotifyClamd /usr/local/etc/clamav/clamd.conf
 # Exclude a standard signature database (opt-out).
 # This option can be used multiple times.
 #ExcludeDatabase dbname1
-#ExcludeDatabase dbname2
+#ExcludeDatabase dbname2

home/dot_local/etc/clamav/installdoctor.clamdscan.plist.tmpl

@@ -0,0 +1,30 @@
+{{- if eq .host.distro.family "darwin" -}}
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>installdoctor.clamdscan</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>/usr/local/bin/clamdscan</string>
+    <string>/</string>
+  </array>
+  <key>StartCalendarInterval</key>
+  <array>
+    <dict>
+      <key>Hour</key>
+      <integer>22</integer>
+      <key>Minute</key>
+      <integer>0</integer>
+    </dict>
+  </array>
+  <key>UserName</key>
+  <string>root</string>
+  <key>StandardErrorPath</key>
+  <string>/var/log/installdoctor/clamdscan.error.log</string>
+  <key>StandardOutPath</key>
+  <string>/var/log/installdoctor/clamdscan.output.log</string>
+</dict>
+</plist>
+{{- end -}}

home/dot_local/etc/clamav/installdoctor.freshclam.plist.tmpl

@@ -0,0 +1,30 @@
+{{- if eq .host.distro.family "darwin" -}}
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>installdoctor.freshclam</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>/usr/local/bin/freshclam</string>
+    <string>-v</string>
+  </array>
+  <key>StartCalendarInterval</key>
+  <array>
+    <dict>
+      <key>Hour</key>
+      <integer>21</integer>
+      <key>Minute</key>
+      <integer>0</integer>
+    </dict>
+  </array>
+  <key>UserName</key>
+  <string>{{ $.chezmoi.username }}</string>
+  <key>StandardErrorPath</key>
+  <string>/var/log/installdoctor/freshclam.error.log</string>
+  <key>StandardOutPath</key>
+  <string>/var/log/installdoctor/freshclam.output.log</string>
+</dict>
+</plist>
+{{- end -}}

software.yml

@@ -2304,6 +2304,15 @@ softwarePackages:
     _name: ClamAV
     _post: |
       #!/usr/bin/env bash
+      # Setting up launchd services
+      if [ -d /Applications ] && [ -d /System ]; then
+        sudo mkdir -p /var/log/installdoctor
+        sudo chown $USER /var/log/installdoctor
+        sudo cp -f "$HOME/.local/etc/clamav/installdoctor.clamdscan.plist.tmpl" /Library/LaunchDaemons/installdoctor.clamdscan.plist
+        sudo cp -f "$HOME/.local/etc/clamav/installdoctor.freshclam.plist.tmpl" /Library/LaunchDaemons/installdoctor.freshclam.plist
+        sudo launchctl load -w /Library/LaunchDaemons/installdoctor.clamdscan.plist
+        sudo launchctl load -w /Library/LaunchDaemons/installdoctor.freshclam.plist
+      fi
       # Add freshclam.conf
       if [ -f "$HOME/.local/etc/clamav/freshclam.conf" ]; then
         sudo mkdir -p /usr/local/etc/clamav
@@ -3119,7 +3128,7 @@ softwarePackages:
       # @brief Logs into DockerHub for Docker Desktop
       # @description
       #     This script logs into DockerHub so that Docker Desktop is pre-authenticated. This
-      #     functionality requires that the `DOCKERHUB_USER` be passed in as an environment variable (or 
+      #     functionality requires that the `DOCKERHUB_USER` be passed in as an environment variable (or
       #     directly editted in the `~/.config/chezmoi/chezmoi.yaml` file) and that the `DOCKERHUB_TOKEN`
       #     be passed in as a secret (either via the encrypted secret method or passed in as an environment
       #     variable).
@@ -5169,7 +5178,7 @@ softwarePackages:
           ### Populate appropriate token
           case "$OSTYPE" in
             solaris*) echo "TODO" ;;
-            darwin*)  GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_DARWIN")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_DARWIN" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_DARWIN" }}{{ end }}" ;; 
+            darwin*)  GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_DARWIN")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_DARWIN" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_DARWIN" }}{{ end }}" ;;
             linux*)   GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_LINUX")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_LINUX" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_LINUX" }}{{ end }}" ;;
             bsd*)     echo "TODO" ;;
             msys*)    GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_WINDOWS")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_WINDOWS" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_WINDOWS" }}{{ end }}" ;;
@@ -5198,7 +5207,7 @@ softwarePackages:
               {{ end -}}
               {{ end }}
             fi
-          
+
             ### Register VirtualBox based runners if VirtualBox is installed
             if [ $HAS_VIRTUALBOX -eq 1 ]; then
               logg info 'Registering GitLab Runner(s) that use VirtualBox executor'
@@ -5272,12 +5281,12 @@ softwarePackages:
       if command -v gitomatic > /dev/null; then
         ### Copy bin to /usr/local/bin
         logg info "Copying $HOME/.local/bin/gitomatic-service to /usr/local/bin/gitomatic-service" && sudo cp -f "$HOME/.local/bin/gitomatic-service" /usr/local/bin/gitomatic-service
-        
+
         ### Copy gitomatic to global directory
         if [ ! -f /usr/local/bin/gitomatic ]; then
           logg info 'Copying gitomatic executable to /usr/local/bin/gitomatic' && sudo cp -f "$(which gitomatic)" /usr/local/bin/gitomatic
         fi
-      
+
         if [ -d /Applications ] && [ -d /System ]; then
           ### macOS
           logg info 'Copying gitomatic plist file to /Library/LaunchDaemons' && sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/gitomatic/com.github.muesli.gitomatic.plist" /Library/LaunchDaemons/com.github.muesli.gitomatic.plist
@@ -7817,7 +7826,7 @@ softwarePackages:
 
         ### netdata-claim.sh must be run as netdata user
         sudo -H -u netdata bash -c 'export NETDATA_ROOM="{{- if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NETDATA_ROOM")) -}}{{- includeTemplate "secrets/NETDATA_ROOM" | decrypt | trim -}}{{- else -}}{{- env "NETDATA_ROOM" -}}{{- end -}}" && export NETDATA_TOKEN="{{- if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NETDATA_TOKEN")) -}}{{- includeTemplate "secrets/NETDATA_TOKEN" | decrypt | trim -}}{{- else -}}{{- env "NETDATA_TOKEN" -}}{{- end -}}" && yes | netdata-claim.sh -token="$NETDATA_TOKEN" -rooms="$NETDATA_ROOM" -url="https://app.netdata.cloud"'
-        
+
         ### Kernel optimizations
         # These are mentioned while installing via the kickstart.sh script method. We are using Homebrew for the installation though.
         # Assuming these optimizations do not cause any harm.
@@ -7849,7 +7858,7 @@ softwarePackages:
             logg error 'No etc location found for netdata' && exit 1
           fi
           logg info "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/ to $NETDATA_ETC" && sudo cp -rf "${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/" "$NETDATA_ETC"
-          
+
           if command -v gsed > /dev/null; then
             SED_UTIL="gsed"
           else
@@ -7859,7 +7868,7 @@ softwarePackages:
           ### Blocky
           logg info "Adding Blocky metrics collection to $NETDATA_ETC/go.d/prometheus.conf"
           sudo "$SED_UTIL" -i "/jobs:/a\  - name: blocky_local \n    url: 'http://127.0.0.1:4000/metrics'" "$NETDATA_ETC/go.d/prometheus.conf"
-          
+
           ### SFTPGo
           logg info "Adding SFTPGo metrics collection to $NETDATA_ETC/go.d/prometheus.conf"
           sudo "$SED_UTIL" -i "/jobs:/a\  - name: sftpgo_local \n    url: 'http://127.0.0.1:57500/metrics'" "$NETDATA_ETC/go.d/prometheus.conf"
@@ -10798,7 +10807,7 @@ softwarePackages:
     _home: https://github.com/skeeto/endlessh
     _name: Endlessh
     _service: endlessh
-    _post: | 
+    _post: |
       #!/usr/bin/env bash
       # @file Endlessh Configuration
       # @brief Applies the Endlessh configuration and starts the service on Linux systems
@@ -11638,7 +11647,7 @@ softwarePackages:
     yay: termius
   dagu:
     _bin: dagu
-    _github: 
+    _github:
     _name: Dagu
     _post: |
       #!/usr/bin/env bash
@@ -12018,7 +12027,7 @@ softwarePackages:
       #     ## Links
       #
       #     * [Privoxy configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/privoxy/config)
-      
+
       ### Define the Privoxy configuration location based on whether system is macOS or Linux
       if [ -d /Applications ] && [ -d /System ]; then
         ### macOS
@@ -12044,7 +12053,7 @@ softwarePackages:
             sudo add-usergroup "$USER" privoxy
           fi
           sudo chown privoxy:privoxy "$PRIVOXY_CONFIG" 2> /dev/null || sudo chown privoxy:$(id -g -n) "$PRIVOXY_CONFIG"
-          
+
           ### Restart Privoxy after configuration is applied
           if [ -d /Applications ] && [ -d /System ]; then
             ### macOS
@@ -13583,7 +13592,7 @@ softwarePackages:
       #     ## Links
       #
       #     * [`fail2ban` configuration folder](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/fail2ban)
-      
+
       ### Notify of script start
       logg info 'Configuring fail2ban'