Gruntwork uses the Clamscan to look for infected files. Infected file(s) are logged and available in the Gruntwork web admin. The Watchman Monitoring plugin will alert you to the infected files found or issues with the Clam-AV Log Plugin.
Clam AV Logs Plugin
Clam is not installed. Please run Munki.
When Mac-MSP Gruntwork Clam AV logs plugin reports that Clam is not installed, this is ususally seen on an initial installation. Run the Maintenance Manual Start.app in the Utilties folder to run the Mac-MSP Gruntwork maintenance routines, including Munki.
Clamscan found infected files.
Mac-MSP Gruntwork ran clamscan which found infection. The Gruntwork web admin contains a Quarantine button for each computer. On next checkin with Gruntwork admin, the server instructs Gruntwork to move the files to the quarantine folder at /Library/Mac-MSP/Gruntwork/Quarantine. The Quarantine checkbox is unchecked upon success in the web admin.
Gruntwork also has an “auto quarantine” feature in the global settings. When enabled, Gruntwork will automatically perform the steps above.
The Clamscan can be disabled in the Gruntwork web admin on either the computer, client group, or global levels. Additionally, Munki can keep from installing clam and definition updates by removing the gruntwork-clam manifest from the included_manifests section of any manifests you maintain (including the default “testing” and “production” manifests).
How Clamscan works
Full disk scan is only done when the machine is idle, then when the faster scan for Office documents completes, and the Mac stays idle long enough for it to complete.