Documentation > Administration > Antivirus Management

Antivirus Management

Comprehensive guide to deploying, configuring, and managing antivirus software across your infrastructure with real-time monitoring and control.

Overview

SysManage provides centralized management of open-source antivirus software across all supported platforms. The platform automates deployment, enables real-time monitoring of antivirus status, and provides tools to enable, disable, or remove antivirus software remotely.

Key Features

  • Cross-Platform Support: Manage antivirus on Linux, BSD, macOS, and Windows systems
  • Automatic Detection: Agents automatically detect and report antivirus software status
  • Remote Deployment: Deploy antivirus software from the web interface with one click
  • Service Control: Enable or disable antivirus services remotely
  • Centralized Configuration: Define default antivirus packages per operating system
  • Real-time Status: Monitor antivirus status, version, and enabled/disabled state

Supported Antivirus Software by Platform

Linux Systems

SysManage supports the following open-source antivirus solutions on Linux:

  • ClamAV - Cross-platform antivirus engine for detecting trojans, viruses, malware, and other malicious threats
  • chkrootkit - Tool to check for signs of a rootkit
  • rkhunter - Rootkit Hunter scans for rootkits, backdoors, and local exploits

Distribution-Specific Details

  • Ubuntu/Debian: ClamAV via apt package manager
  • RHEL/CentOS/Fedora: ClamAV via yum/dnf package manager
  • openSUSE: ClamAV via zypper package manager

BSD Systems

BSD platforms support ClamAV and rkhunter:

  • FreeBSD: ClamAV via pkg, rkhunter available
  • OpenBSD: ClamAV via pkg_add
  • NetBSD: ClamAV and rkhunter via pkgin

macOS

macOS supports ClamAV through Homebrew:

  • ClamAV: Installed via Homebrew package manager
  • Service management through Homebrew services

Windows

Windows supports ClamAV:

  • ClamAV for Windows: Native Windows implementation
  • Windows service integration for real-time protection

Configuration

Setting Default Antivirus Software

SysManage allows administrators to define which antivirus software should be deployed for each operating system. These defaults are used when deploying antivirus to hosts.

Configuring Defaults via Web Interface

  1. Navigate to Settings in the main menu
  2. Click on the Antivirus tab
  3. For each operating system, select the desired antivirus package from the dropdown
  4. Select "None" to disable automatic antivirus deployment for that OS
  5. Click Save to apply changes

Example Default Configuration

Ubuntu: clamav
Fedora: clamav
Windows: clamav
FreeBSD: clamav
OpenBSD: clamav
macOS: clamav

Required Permissions

Managing antivirus defaults requires the MANAGE_ANTIVIRUS_DEFAULTS security role. Contact your administrator if you need this permission.

Deploying Antivirus Software

Deployment Process

Antivirus deployment in SysManage is a fully automated process that installs and configures the antivirus software appropriate for the target host's operating system.

Prerequisites

  • Host must be active and connected to the server
  • Agent must be running with elevated privileges (root/administrator)
  • A default antivirus package must be configured for the host's operating system
  • User must have DEPLOY_ANTIVIRUS security role
  • Host must have internet access to download antivirus packages

Deploying via Web Interface

  1. Navigate to Hosts in the main menu
  2. Click on the desired host to view its details
  3. Scroll to the Antivirus card on the host detail page
  4. If no antivirus is detected, you will see a "Deploy Antivirus" button
  5. Click Deploy Antivirus to initiate deployment
  6. Confirm the deployment in the dialog that appears
  7. Monitor the deployment progress - the antivirus card will update when deployment completes

What Happens During Deployment

The deployment process varies slightly by platform but generally follows these steps:

Linux/BSD Systems

  1. Package manager updates repository information
  2. ClamAV and related packages are downloaded and installed
  3. freshclam service is enabled and started (updates virus definitions)
  4. clamd service is enabled and started (real-time scanning daemon)
  5. Initial virus definition update is performed
  6. Agent reports deployment status back to server

macOS Systems

  1. Homebrew installs ClamAV package
  2. freshclam is configured and virus definitions are updated
  3. ClamAV service is started via brew services
  4. Agent reports deployment status

Windows Systems

  1. ClamAV for Windows installer is downloaded
  2. Silent installation is performed
  3. ClamAV Windows service is configured and started
  4. Virus definitions are updated
  5. Agent reports deployment status

Monitoring Antivirus Status

Real-time Status Monitoring

SysManage agents automatically detect installed antivirus software and report status information to the server. This information is displayed in real-time on the host detail page.

Status Information Displayed

  • Software Name: The name of the detected antivirus software (e.g., "ClamAV")
  • Version: The installed version of the antivirus software
  • Installation Path: Where the antivirus software is installed
  • Enabled/Disabled: Whether the antivirus service is currently running
  • Last Updated: When the status information was last refreshed

Viewing Antivirus Status

  1. Navigate to Hosts in the main menu
  2. Click on the desired host
  3. Scroll to the Antivirus section on the host detail page
  4. Status information is displayed in a card with a shield icon

Status Indicators

  • Enabled (Green): Antivirus is installed and actively running
  • Disabled (Yellow): Antivirus is installed but not running
  • Not Installed (Gray): No antivirus software detected on the host

Service Management

Enabling Antivirus

If antivirus is installed but disabled, you can enable it remotely:

  1. Navigate to the host detail page
  2. In the Antivirus card, click Enable Antivirus
  3. Confirm the action in the dialog
  4. The agent will start the antivirus service and report the new status

Required Permission: ENABLE_ANTIVIRUS security role

Disabling Antivirus

To temporarily disable antivirus without removing it:

  1. Navigate to the host detail page
  2. In the Antivirus card, click Disable Antivirus
  3. Confirm the action in the dialog
  4. The agent will stop the antivirus service

⚠️ Security Warning: Disabling antivirus leaves the system vulnerable to malware. Only disable antivirus when necessary for troubleshooting.

Required Permission: DISABLE_ANTIVIRUS security role

Removing Antivirus

To completely remove antivirus software from a host:

  1. Navigate to the host detail page
  2. In the Antivirus card, click Remove Antivirus
  3. Carefully review the confirmation dialog
  4. Confirm the removal
  5. The agent will stop services, uninstall packages, and clean up configuration files

⚠️ Important Warnings

  • Antivirus removal is irreversible from the web interface
  • System will be unprotected after removal
  • Virus definition databases and logs will be deleted
  • Use the "Deploy Antivirus" button to reinstall if needed

Required Permission: REMOVE_ANTIVIRUS security role

Security Roles

Role Description
DEPLOY_ANTIVIRUS Allows user to deploy antivirus software to hosts
ENABLE_ANTIVIRUS Allows user to enable antivirus services on hosts
DISABLE_ANTIVIRUS Allows user to disable antivirus services on hosts
REMOVE_ANTIVIRUS Allows user to completely remove antivirus software from hosts
MANAGE_ANTIVIRUS_DEFAULTS Allows user to configure default antivirus packages per operating system

Troubleshooting

Deploy Button is Disabled

Possible Causes:

  • No default antivirus package is configured for this OS - configure one in Settings > Antivirus
  • Host is not active or not connected
  • Agent is not running with elevated privileges
  • You don't have the DEPLOY_ANTIVIRUS security role
  • Antivirus is already deployed on this host

Deployment Failed

Solutions:

  • Check host's internet connectivity - package downloads require internet access
  • Verify package manager is working correctly on the host
  • Check agent logs on the host for detailed error messages
  • Ensure sufficient disk space is available
  • On macOS, verify Homebrew is installed and working

Status Not Updating

Solutions:

  • Refresh the host detail page
  • Check if the agent is connected and active
  • Status updates occur during agent check-in cycles (typically every few minutes)
  • Check agent logs for errors in antivirus detection

Permission Denied Errors

Solution: Contact your administrator to request the appropriate security role(s) for antivirus management.

Best Practices

Deploy Early

Deploy antivirus software immediately after host approval for maximum protection.

Monitor Regularly

Regularly review antivirus status across your infrastructure to ensure all systems are protected.

Test Deployments

Test antivirus deployment on non-production hosts before rolling out to production systems.

Use Role-Based Access Control

Restrict antivirus management permissions to trusted administrators only, especially REMOVE_ANTIVIRUS and DISABLE_ANTIVIRUS roles.

Maintain Consistent Standards

Use the default configuration feature to ensure consistent antivirus deployment across all hosts of the same operating system.

Run Agents with Privileges

Ensure agents run with elevated privileges (root/administrator) to enable full antivirus management capabilities.

Related Documentation