DetectX - Run automatically?

Ratsima · Apr 23, 2019

I was thinking of setting up DetectX to run as a scheduled task. But, to avoid reinventing the wheel, I thought I'd ask if anyone has done this. If so, how (LaunchD?) and on what sort of schedule?

Rod · Apr 23, 2019

Well, speaking generally it's probably a good idea to run an anti malware app on a schedule, a bit like backups, they are easy to forget. Yesterday I purchased the full version of Malwarebytes after discovering I had two Linkury items that Malwarebytes classified as malware. So after quarantining them I thought it was worth the expense, ($127.00 for two years subscription on both my wife's MBP and my own) which allows scheduling, meaning I no longer need to remember to run it manually on her device or my own. We run our business off these two devices so the peace of mind is I think worth the cost.
I have tested DetectX and it seems very thorough, I'm happy to keep it in my arsenel but Malwarebytes is easier to understand.

Ratsima · Apr 24, 2019

I think DetectX is a slightly different beast from Malwarebytes or ClamXAV and the others.

I actually run ClamAV (the open source version) nightly including a signature update. The only thing it ever finds is nasty email attachments. It was nontrivial to set up, but scheduling with a shell script and launchd was pretty easy.

Turns out I paid the shareware fee for DetectX a long time ago, but never remember to use it. I figured that automating it might be a good idea. I can start it with launchd in the wee hours and leave it open for when I get up in the morning:

Any other ideas?

Rod · Apr 24, 2019

Not from me, but as you have paid the subscription for DetectX I'd go that route for sure.

Rod · Apr 24, 2019

Interestingly as an experiment I did a search for ClamXav online because it is not available from the App Store in Australia. I downloaded it from the developer's site and ran it on my Macintosh HD. It took a while as you can imagine and I expected like you I would detect virus attached to emails but no. It only found two files which appear to be Trojans in my Library.

Also FYI it is quite an expensive yearly subscription app at $30.00/year or $55.00/2 yearly.
So if you have an earlier version hang onto it, previous users can update for free I believe.

IWT · Apr 24, 2019

Re: Malwarebytes and/or DetectX Swift.

The developers of each of these product corresponded on our Forums a few months back.

This followed a "suggestion" that Malwarebytes was not the app it used to be since a change of ownership. In fact the original owner relied saying that he is in charge of all development of the app even though it is owned by a large company and he hotly defended the product.

The individual who had made the "suggestion", also mentioned DetectX Swift; which led to a response from that app's owner who explained how it worked.

Bottom line: both are good, reliable products.

If anyone interested in this "vibrant" exchange of views is interested, they can search our Forums.

If I find it first, I'll post a link.

Ian

EDIT: This is the link. You will have to read all the pages. It gets very interesting about 30+ posts into the thread, but you really need to read the whole thing to understand the heated exchange: https://www.mac-forums.com/forums/s...rus-software-mac.html?highlight=DetectX+Swift

Ratsima · Apr 24, 2019

Well, this wasn't about what AV software to use. I'd already decided to use ClamAV (free and open source) not ClamXAV (annual subscription fee) and DetectX.

Since DetectX doesn't have a way to schedule it to run periodically, I was asking about the best way to do that.

I set it up to run via launchd which worked fine. It did its scan whilst I was sleeping and was there with the results when I got up this morning. I do think it's a shame that DetectX doesn't have a built in scheduler, nor does it use the Mac Notification system and has no Growl interface. Either of these would be useful; especially when I'm away from home and would like to know the results of the scan.

The shell script I wrote to run ClamAV updates the virus definitions, runs a scan, sends a Growl notification of the results and also sends me a brief summary via email. I'd like to be able to do that with DetectX. (I am aware that I can pay for an enterprise version of DetectX that runs from the command line. I'm not prepared to do that just yet.)

Rod · Apr 24, 2019

Sorry I didn't realise there were two Clam anti virus apps.

Sent from my iPhone using Mac-Forums

Ratsima · Apr 24, 2019

Rod Sprague said:
Sorry I didn't realise there were two Clam anti virus apps.

Well, it is a bit confusing. Perhaps deliberately so. Originally (I think) ClamXAV was just a GUI wrapper for the command line tools collectively called ClamAV. ClamXAV has moved on and is now much more (and more expensive).

ClamAV is now supported by Cisco which, I believe, coordinates keeping the malware definitions up to date. ClamAV can be installed on a Mac via MacPorts, HomeBrew and (maybe) Fink. Setting it up is not trivial. However, there is a mailing list and good help is available. For me it was mostly a challenging project to keep an old retired guy busy.

Randy B. Singer · Apr 25, 2019

Rod Sprague said:
Interestingly as an experiment I did a search for ClamXav online because it is not available from the App Store in Australia. I downloaded it from the developer's site and ran it on my Macintosh HD. It took a while as you can imagine and I expected like you I would detect virus attached to emails but no. It only found two files which appear to be Trojans in my Library.

The last comparison test of AV products that seems to be from a non-biased source is from four years ago:

The Safe Mac
>> Mac anti-virus testing 2014

Scroll down to the table with the results. ClamXav did rather poorly. There is no way to know if the product is better now. There are no longer any unbiased sources for comparison tests (you'll find comparison sites on the Web, but they are all clearly shill sites).

ClamXav used to be a popular recommendation, mostly because it was free and it wasn't fully interactive so it didn't cause the slowdown and stability problems of some other AV software. All that has changed recently. So there are a lot of questions concerning how good a product ClamXav is, and whether it is worth the subscription fee that they now ask for.

If you look for the winner of the comparison test cited above, you will see Intego's Virus Barrier. Intego offers a free version of that product, lacking only the commercial version's fully interactive capabilities. (And that may be a good thing, rather than a serious omission. As I said, fully interactive AV products tend to be problematic.) It seems to me that it is a no-brainer.

VirusBarrier Free Edition (free)
Intego Launches VirusBarrier Scanner — Free Mac Antivirus | The Mac Security Blog
Intego VirusBarrier Scanner on the Mac App Store

Ratsima · Apr 25, 2019

So, to get back on topic, anyone have any great ideas on running DetectX on a schedule?

IWT · Apr 25, 2019

Ratsima said:
So, to get back on topic, anyone have any great ideas on running DetectX on a schedule?

As far as I know, you cannot schedule DetectX Swift (or its predecessor DetectX).

Ian

Ratsima · Apr 25, 2019

IWT said:
As far as I know, you cannot schedule DetectX Swift (or its predecessor DetectX).

Well, as I posted earlier, launchd worked fine.

I guess that’s the only way....

Randy B. Singer · Apr 25, 2019

Ratsima said:
So, to get back on topic, anyone have any great ideas on running DetectX on a schedule?

You should be able to fairly easily create an Automator workflow to run it on a schedule:

How to Schedule Automator Tasks in Mac OS X | Chron.com

There are also Mac scheduling apps. This one is only $5:

Mac Task Scheduler App to Run Applications at Later Date Time

IWT · Apr 25, 2019

Nice app suggestion, Randy.

Ian

Ratsima · Apr 25, 2019

The following shell script runs DetectX in the background and sends the results via email:

Code:

#!/bin/sh

/Applications/DetectX\ Swift.app/Contents/MacOS/DetectX\ Swift vsearch | mail -s "DetectX" [email protected]

The following launchd Property List runs the above shell script every day at 4:00 AM

Code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Disabled</key>
	<false/>
	<key>EnvironmentVariables</key>
	<dict>
		<key>PATH</key>
		<string>/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/X11/bin:/usr/local/sbin</string>
	</dict>
	<key>Label</key>
	<string>com.mgnewman.detectx</string>
	<key>ProgramArguments</key>
	<array>
		<string>/bin/sh</string>
		<string>/Users/mnewman/bin/com.mgnewman.detectx.sh</string>
	</array>
	<key>RunAtLoad</key>
	<false/>
	<key>StartCalendarInterval</key>
	<array>
		<dict>
			<key>Hour</key>
			<integer>4</integer>
			<key>Minute</key>
			<integer>0</integer>
		</dict>
	</array>
</dict>
</plist>

The email message generated by the above looks like this:

Code:

Search func called with arg 0:  /Applications/DetectX Swift.app/Contents/MacOS/DetectX Swift
Search func called with arg 1:  vsearch
Without a Pro or Commercial license, this CLI tool can only be used for a limited period of 20 days.
There are 20 days of use remaining.
Initiating search...

Requested search for users:
/Users/mnewman


DetectX Swift 1.087
2019-04-26T05:17:01+0700
Spotlight indexing: Enabled
Searching...

Nothing found.
Elapsed search time: 38.45 secs

Unfortunately, running DetectX from the command line this way requires a license that costs fifty bucks. Not sure if it's worth it.

Rod · Apr 25, 2019

Very handy.