UPDATE (2009-04-26 7:06PM EDT): Apparently I was mistaken. When poking through the preferences of ClamXav in order to restructure my watch folders, I noticed a checkbox that I had overlooked. Apparently you can add the login item from within the main application. However, it still doesn’t start the Sentry app when adding the item. You have to manually click the “Save settings & Launch Sentry” button.
Recently I have bowed to the necessity of installing antivirus software on my Mac, both at work and at home.
In investigating the possibilities I decided to try out the open source antivirus solution ClamAV. While I tend to gravitate towards commercially supported security products when possible, I currently don’t have the extra money to spend on the Intego VirusBarrier product, and the budget at work is quite strained, as are budgets for most people.
I like the ClamXav frontend for the ClamAV engine. I know that I can do all the scanning functions from the command line, but I am fan of gui frontends do to the fact that they are often more user-friendly.
The ClamXav is a nice frontend. The only problem I have with it is that there is inherent mechanism to launch the sentry program at user login. The ClamXav Sentry application is contained in the Resources section of the Contents of the ClamXav application bundle. Below are the steps to add the application as a login item.
Adding ClamXav Sentry as Login Item
1. Open System Preferences from the Apple Menu
Open System Preferences
2. Open Accounts Preference Pane
System Prefences
3. Select Login Items
Login Items
4. Click the Plus sign button at the button of the Login Items list.
5. When the dialog window comes up, hit the Command + Shift + G keyboard combo.
6. In the window type the following:
/Applications/ClamXav.app/Contents/Resources/”
then click the Go button.
Enter the file path to the Resources of the ClamXav bundle
7. Select ClamXavSentry.app from the list and click the Add button.
Select the Sentry app
8. Congratulations, you have successfully added the ClamXav Sentry as a login item.
Login Item Added
I also wrote an Applescript application that will add the login item for you. The benefit of using my utility is that it launches ClamXav Sentry after adding the login item. You download a zipfile containing both the application and script file.
Today I picked up one of the new dual-band AirPort Extreme base stations at Best Buy. The reason behind the purchase was so that I could use 802.11n for my iMac and Apple TV while using 802.11g for my iPhone, since this should give me the best wireless throughput for my shared files to the Apple TV.
After getting the DHCP, PPPoE, WiFi and network security configured to mimic the settings of the Linksys router that I replaced, I thought I was through, but then I realized that I still needed to configure an ACL to implement MAC filtering. For those who don’t know, a MAC filter on a typical router lets the admin control which devices will be allowed to talk to the router.
While there are some people who say that having both WPA2 encyrption as well as MAC filtering is unnecessary, I decided that I wanted to do both, since I am allowing the SSID to be broadcast for the convenience of visitors.
On my last two Linksys routers (a WRT54G and a WRT160N) this was simply a matter of checking a box and entering the allowed MAC addresses into a table. On the AEBS it require a little more work.
Necessary items
- an Apple AirPort Extreme base station that is properly configured for your network
- AirPort Utility
- a list of the MAC addresses for the allowed devices
Step 1
Open AirPort Utility. On the main screen, double-click on the connected AEBS listed in the column on the left side of the window.
Main screen for AirPort Utility
Step 2
In the configuration screen that comes up, click on the Access options.
Airport utility access configuration screen defaults
Step 3
Change the default setting for MAC Address Access Control from the default to say Timed Access.
Airport utility access configuration set to Timed Access
Step 4
In the configuration pane click on the default entry, then click the Edit button. This will bring up the Timed Access Control Setup Assistant window.
In the Timed Access Control Setup Assistant window click in the drop down menu that currently reads Everday and select No Access from the list. This will make sure that any computer or device with a MAC address that is not in the list will be denied access to your network. Then click the Done button to save your changes.
Timed Access Control Setup Assistant for default rule
Step 5
Back in the access configuration screen, click on the plus sign in the left below the list of devices. This will bring up the Timed Access Control Setup Assistant window that allows you to add new devices.
In the MAC Address field you will need to enter the MAC address (aka ethernet address, hardware address, ethernet id, etc.) for your device. (Hint: If you are doing this for the computer you are currently using just click the This Computer button.) If you want, you can add a description for each device as well. I use the devices hostname when appropriate.
Then change the time frame that the device is allowed to connect if you need to restrict it to something other than the default of Everday/all day.
When you are finished just click the Done button to save your changes. Repeat this step for each device.
Timed Access Control Setup Assistant add device dialog
Step 6
After adding all your devices you should have a screen that looks similar to the below. (Note: I have obscured my MAC addresses to protect the innocent.)
Airport access configuration screen completed
Step 7
If you have added all your devices and you are sure you are finished, just click the Update button. This will save your configuration changes and restart the AEBS.
Final Notes
Understand that like the Linksys MAC filter, this only affects devices that are connecting over the wireless network. This is useful since it gives you an avenue for fixing any problems that you have run into. Also, if you run into a problem so extreme (pardon the pun) that you need to perform a hardware reset of the AEBS, follow the instructions in the Apple knowledgebase article Resetting the AirPort Extreme Base Station (Article No. HT1406).