XAV Command Line Tool

Many of ClamXAV’s functions can be performed via the XAV command line. Some examples of which are below. We will be adding features to the command line interface as time goes on. You are able to see the available feature-set by running the XAV tool with no command line flags.

Get current version information

/Applications/ClamXAV.app/Contents/MacOS/XAV --version

Update the malware database

/Applications/ClamXAV.app/Contents/MacOS/XAV --update

If you have a database file from the Offline Updates page, you can install this by passing the file to XAV as follows:

/Applications/ClamXAV.app/Contents/MacOS/XAV --update --file database_file.XAVZ

Perform a Quick Scan

/Applications/ClamXAV.app/Contents/MacOS/XAV --quick-scan

Scan arbitrary files/folders

/Applications/ClamXAV.app/Contents/MacOS/XAV --scan /paths/to/scan

If the item you pass to be scanned has specific scan settings configured within ClamXAV, these will be used.

Please note, this feature is still in beta, so please do report your findings if you experience any unexpected results.

Update your licence details

Sometimes you may wish to force ClamXAV to update the licence details without redeploying the installer, for example if your organisation’s name has changed, or if the renewal date has been change.

/Applications/ClamXAV.app/Contents/MacOS/XAV --update-licence

Prune log files

/Applications/ClamXAV.app/Contents/MacOS/XAV --prune-logs NNN

Where NNN is the number of days to be kept. If you supply no number, XAV will prune all log entries older than 120 days.

Submit diagnostics report to our support team

If you contact our support team for assistance, we may request diagnostics from the problematic computer. As well as holding the option key whilst clicking the ClamXAV Menubar Item, you can also do this via XAV command line:

/Applications/ClamXAV.app/Contents/MacOS/XAV --submit-diagnostics NNNN

where NNNN is your ticket number from our helpdesk. Please note, reports submitted which don’t have a valid ticket number will be deleted automatically, so please contact support to get this ticket number first.

Parsing ClamXAV’s logging database

All events performed by ClamXAV are logged in our proprietary database format. To aid data collection and reporting, it’s possible to export the logs into a plain text file. This can also be done using the XAV command line tool.

Viewing Malware DB Update logs

You can obtain a report of all malware database update events since you installed ClamXAV with the following command:

/Applications/ClamXAV.app/Contents/MacOS/XAV --parse-logs updates

Alternatively, you can supply a start date (in ISO 8601 format) for the log parser if you only want to see recent events:

/Applications/ClamXAV.app/Contents/MacOS/XAV --parse-logs updates start-date 2022-01-10

Likewise, you can supply an end-date if you don’t want the most recent records. Alternatively, you can combine start-date and end-date if you’re only interested in a range in the middle of the report.

Viewing Scan reports

The same command line options work for viewing the output of scan reports. Just issue the same parse-logs flag and swap updates for scans:

/Applications/ClamXAV.app/Contents/MacOS/XAV --parse-logs scans

/Applications/ClamXAV.app/Contents/MacOS/XAV --parse-logs scans start-date 2022-01-01

/Applications/ClamXAV.app/Contents/MacOS/XAV --parse-logs scans start-date 2022-01-01 end-date 2022-01-20

Any scans which have detected malware will display those detections immediately after the scan, indented with a single tab character.