Hamsa K
Editor
9 min read | 3 months ago

Install and Configure Clamav in Linux

How to install and configure clamav in Centos/Redhat

ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats on Linux. It was initially designed as email scanning gateway on Unix but it has since then evolved as a solution for securing other OS & applications.

Install clamav in centos 7

First we need to install epel repository

[root@centos ~]# yum install epel-release

now install clamav components as below

[root@centos ~]# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Configure clamav

Edit the clamd-scanner package configuration: vi /etc/clamd.d/scan.conf

Comment the example line: #Example

Uncomment the LocalSocket config line to enable it: LocalSocket /var/run/clamd.scan/clamd.sock

Save and quit the text editor.

Freshclam

To keep the ClamAV database up to date, we need to enable a tool called Freshclam. Therefore, we need to create a backup file from its configuration file.

Edit the configuration file: vi /etc/freshclam.conf

Comment the example line: #Example

otherwise you can use following command

[root@centos ~]# sed -i '/^Example/d' /etc/freshclam.conf

We need to run Freshclam to update the database manually and to check whether the configuration is successfully set

[root@centos ~]# freshclam
ClamAV update process started at Thu Aug 22 18:01:36 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.3 Recommended version: 0.101.4
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily-25543.cdiff [100%]
Downloading daily-25544.cdiff [100%]
Downloading daily-25545.cdiff [100%]
Downloading daily-25546.cdiff [100%]
Downloading daily-25547.cdiff [100%]
Downloading daily-25548.cdiff [100%]
Downloading daily-25549.cdiff [100%]
daily.cld updated (version: 25549, sigs: 1730406, f-level: 63, builder: raynman)
bytecode.cvd is up to date (version: 330, sigs: 94, f-level: 63, builder: neo)
Database updated (6296749 signatures) from database.clamav.net (IP: 104.16.218.84)

We can run freshclam any time we want to make sure the definition databases are up to date, but it would be inconvenient to have to always run it manually. When launched with the -d argument, freshclam will run in the daemon mode and periodically check for updates throughout the day (every two hours by default).

To keep things clean, we created a service file to run freshclam and registered it with systemd

[root@centos ~]# vim /usr/lib/systemd/system/clam-freshclam.service

Then add following code and save it

[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
RestartSec = 20sec
[Install]
WantedBy=multi-user.target

Now reload daemon to refresh changes 

[root@centos ~]# systemctl daemon-reload

Next start and enable the freshclam service

[root@centos ~]# systemctl start clam-freshclam.service
[root@centos ~]# systemctl enable clam-freshclam.service

check status of freshclam service

[root@centos ~]# systemctl status clam-freshclam.service
â clam-freshclam.service - freshclam scanner
   Loaded: loaded (/usr/lib/systemd/system/clam-freshclam.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-08-22 18:23:45 IST; 20s ago
 Main PID: 3948 (freshclam)
   CGroup: /system.slice/clam-freshclam.service
           ââ3948 /usr/bin/freshclam -d -c 4

Aug 22 18:23:45 centos systemd[1]: Started freshclam scanner. Aug 22 18:23:45 centos freshclam[3948]: freshclam daemon 0.101.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Aug 22 18:23:45 centos freshclam[3948]: ClamAV update process started at Thu Aug 22 18:23:45 2019

 Configure ClamAV service file

To configure clamav we need to create the ClamAV service file.

Then, we need to make some minor modifications to it

[root@centos ~]# mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service

Since we have changed the name, we need to change it at the file that uses this service as well.

[root@centos ~]# vim /usr/lib/systemd/system/clamd@scan.service

Then change the first line by removing @ to look like this

.include /lib/systemd/system/clamd@.service

Next step is changing clamd service file /usr/lib/systemd/system/clamd.service

And we remove %i from both the Description and ExecStart options. Then we change them to look like the following

[root@centos ~]# cat /usr/lib/systemd/system/clamd.service
[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target
[Service]
Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/scan.conf
TimeoutSec=5min
Restart = on-failure
RestartSec=10sec
[Install]
WantedBy=multi-user.target

Next start the clamv service

[root@centos ~]# systemctl daemon-reload
[root@centos ~]# systemctl start clamd.service

check status of service like below

[root@centos ~]# systemctl status clamd.service
 clamd.service - clamd scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-08-22 19:40:49 IST; 1min 9s ago
  Process: 4832 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan.conf (code=exited, status=0/SUCCESS)
 Main PID: 4882 (clamd)
   CGroup: /system.slice/clamd.service
           ââ4882 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
Aug 22 19:39:27 centos clamd[4882]: ELF support enabled.
Aug 22 19:39:27 centos clamd[4882]: Mail files support enabled.
Aug 22 19:39:27 centos clamd[4882]: OLE2 support enabled.
Aug 22 19:39:27 centos clamd[4882]: PDF support enabled.
Aug 22 19:39:27 centos clamd[4882]: SWF support enabled.
Aug 22 19:39:27 centos clamd[4882]: HTML support enabled.
Aug 22 19:39:27 centos clamd[4882]: XMLDOCS support enabled.
Aug 22 19:39:27 centos clamd[4882]: HWP3 support enabled.
Aug 22 19:39:27 centos clamd[4882]: Self checking every 600 seconds.
Aug 22 19:40:49 centos systemd[1]: Started clamd scanner daemon.

Now you can enable it in system startup 

[root@centos ~]# systemctl enable clamd.service

Test scan 

For testing we run following command

[root@centos ~]# clamscan --infected --remove --recursive /home
----------- SCAN SUMMARY -----------
Known viruses: 6286656
Engine version: 0.101.3
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 400.178 sec (6 m 40 s)

 Thats it! clamav is successfully configured in centos 7.

 



Warning! This site uses cookies
By continuing to browse the site, you are agreeing to our use of cookies. Read our terms and privacy policy
s')