User must ensure that Chocolatey Package Manager (Windows) is installed on Windows machine if they want Shepherd to setup ClamAV automatically.

Shepherd manages existing anti-viruses on your system efficiently to improve security posture of your device. We currently supports ClamAV and Microsoft Defender.

Shepherd can install and configure ClamAV on your system automatically if you don’t have it already. ClamAV is an open source AV from Cisco and it is free to use.

Using shepherdctl av interface

Execute shepherdctl av --help in terminal/PowerShell to see the available commands. Sample below shows output of this command on a Windows machine for version 0.28.0 or higher.

$ shepherdctl.exe av --help
Interface for managing ClamAV or Defender.

Usage: shepherdctl.exe av [OPTIONS]
       shepherdctl.exe av 

Commands:
  setup          Setup given antivirus. In case of `clamav`, this command also download and installs it
  scan           Scan the given file or directory
  update-defs    Update definitions such as virus and malware signatures
  scan-schedule  Manage scan schedules e.g. add or remove a daily/weekly scan
  status         Status of the active antivirus
  report         Show scan report
  help           Print this message or the help of the given subcommand(s)

Options:
  -a, --av 
          Antivirus programs supported by Shepherd

          Possible values:
          - auto:     Pick one for me automatically
          - clam-av:  ClamAV is a free and open source AV. It is available for all platforms
          - defender: Microsoft Defender

  -h, --help
          Print help (see a summary with '-h')

setup command

Installs and configure given antivirus (default clamav ) on your system. Add --force to upgrade to the latest version.

Examples

• shepherdctl av --av clamav setup --force will force install or upgrade the clamav antivirus on your system. It may take a while to install the av.

status command

Shows the status of active antivirus. Pass --av <av_name> to see the status of specific AV.

Examples

• shepherdctl av status will show the status of the default AV.

scan command

Run a scan on given file or folder (coming soon).

Examples

• shepherdctl av scan C:\\Users\\dilawar\\Downloads\\file.exe run scans on C:\\Users\\dilawar\\Downloads\\file.exe.
• shepherdctl av scan --full will run a scan on the whole computer.
  

report command

Shows scan report. These reports are also available on the dashboard.

Examples

• shepherdctl av report shows JSON based report in the console.
  

scan-schedule command

1. shepherdctl av scan-schedule daily will schedule a daily scan everyday and between 8am and 8pm.
   
2. shepherdctl av scan-schedule weekly will schedule a weekly scan on some week days and between 8am and 8pm.
   

update-defs command

Troubleshooting

shepherdctl av status returns No connection could be made because the target machine actively refused it

     Running `target\\debug\\shepherdctl.exe av status`
ServerResponse {
    code: 500,
    message: "",
    data: String("No connection could be made because the target machine actively refused it. (os error 10061)"),
}

clamd service is not running. Use shepherdctl av --av clamav setup --force to reconfigure the ClamAV. Note that scan command will still work.