Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Linux / How to Install and Use ClamAV Antivirus on CentOS/RHEL?

October 13, 2021 CentOSLinuxQuestions and AnswersRHEL

How to Install and Use ClamAV Antivirus on CentOS/RHEL?

ClamAV is an open-source antivirus. It is used to detect viruses, trojans, and malware. It is mostly used on Linux platforms to scan user directories accessible over FTP or Samba, website directories, or emails on mail servers (as an MTA agent).

In this article, we will show how to install, configure and use the ClamAV on a host running a CentOS or RHEL Linux distros.

Contents:
  • Installing ClamAV on CentOS/RHEL
  • Basic Configuration of ClamAV in Linux
  • How to Scan for Viruses with ClamAV?

Installing ClamAV on CentOS/RHEL

ClamAV is not available in basic Linux repos, so you need to use the EPEL repository to install it on your host:

# yum install epel-release -y

After you have installed the repository, you can proceed with the installation of ClamAV packages. To install it, the yum package manager is used (or dnf in CentOS 8):

# yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

install clamav rpm in linux

Basic Configuration of ClamAV in Linux

To set up your own ClamAV configuration, delete the default configuration in the /etc/clam.d/scan.conf.

# sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf

Then open the configuration file:

# nano /etc/clamd.d/scan.conf

And uncomment the following line:

LocalSocket /run/clamd.scan/clamd.sock

You can also uncomment the lines with the settings you need. For example, you can enable logging or configure the maximum number of connections.

The /etc/clamd.d/scan.conf file contains quite a detailed description of all settings.

To update the anti-virus signature databases for ClamAV, you need to use the freshclam. Backup your current configuration file:

# cp /etc/freshclam.conf /etc/freshclam.conf.bak

Then run this command:

# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf

And update your antivirus definitions:

# freshclam

freshclam - update clavam antivirus definitions database

During the update, you may see some errors if you cannot download any updates. Freshclam will automatically find a mirror to download the updates successfully.

To make freshclam automatically check for updates, you may run it with -d parameter:

# freshclam -d — thus, it will check for updates every 2 hours.

freshclam: update virus databases on schedule

To run it easier, create a service file for freshclam:

# nano /usr/lib/systemd/system/freshclam.service

And add the following contents to it:

[Unit]
Description = freshclam
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
RestartSec = 10sec
[Install]
WantedBy=multi-user.target

Reload the systemd daemon:

# systemctl daemon-reload

Then you can start your service and add it to startup:

# systemctl start freshclam.service
# systemctl enable freshclam.service
# systemctl status freshclam.service

freshclam.service service in linux

Like you did for freshclam, create a service for ClamAV. The configuration file already exists, but you will have to change its name:

# mv /usr/lib/systemd/system/clamd\@.service /usr/lib/systemd/system/clamd.service

To make it more convenient, we have deleted \@.

Also, change the configuration in the file:

[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target
[Service]
Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/scan.conf
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec=420
[Install]
WantedBy = multi-user.target

Then you can run the antivirus service or enable it:

# systemctl start clamd.service
# systemctl enable clamd.service

create clamd.service in linux centos/rhel

How to Scan for Viruses with ClamAV?

After you have configured the ClamAV antivirus service, you can scan any server directory for viruses (scanner mode). To scan the specified directory for viruses, use the following command:

# clamscan --infected --remove --recursive /var/www/

clamscan - How to scan for viruses with ClamAV?

With these parameters, the antivirus will immediately delete the infected files. If you want to move suspicious files to a separate directory, run the scan using the —move parameter:

# clamscan --infected --recursive --move=/tmp/clamscan /var/www

This command will scan all contents of the specified directory and move suspicious files to /tmp/clamscan.

clamav - scan summary report

As we can see, the infected file has been moved to the specified directory:

quarantine directory

You can also add the —log=/var/log/clamscan.log parameter to write all information about the scanning process in the log file you have specified:

clamscan.log

If you want to exclude some of the directories from scanning, use the —exclude-dir parameter:

# clamscan -i --recursive --move=/tmp/clamscan --log=/var/log/clamscan.log --exclude-dir="/var/www/administrator" /var/www

To scan for viruses regularly, you can configure a cron job with the settings you want.

There is a graphical frontend for the ClamAV antivirus called ClamTk.

0 comment
0
Facebook Twitter Google + Pinterest
previous post
How to Check Office 2019, 2016 and 365 License Activation Status?
next post
Find the Current User Logged on a Remote Computer

Related Reading

Can’t Remove Language Keyboard Layout in Windows 10

April 14, 2022

Installing an Open Source KMS Server (Vlmcsd) on...

March 16, 2022

Installing PowerShell Core on Linux Distros

February 28, 2022

How to Disable Microsoft Teams Auto Startup?

December 23, 2021

Configuring NFS Server and Client on Linux CentOS/RHEL

November 11, 2021

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Create Organizational Units (OU) Structure in Active Directory with PowerShell

    May 17, 2022
  • Windows Security Won’t Open or Shows a Blank Screen on Windows 10/ 11

    May 17, 2022
  • How to Manually Install Windows Updates from CAB and MSU Files?

    May 16, 2022
  • RDS and RemoteApp Performance Issues on Windows Server 2019/2016

    May 16, 2022
  • Deploying Software (MSI Packages) Using Group Policy

    May 12, 2022
  • Updating VMware ESXi Host from the Command Line

    May 11, 2022
  • Enable or Disable MFA for Users in Azure/Microsoft 365

    April 27, 2022
  • Fix: You’ll Need a New App to Open This Windows Defender Link

    April 27, 2022
  • How to Reset an Active Directory User Password with PowerShell and ADUC?

    April 27, 2022
  • How to Completely Uninstall Previous Versions of Office with Removal Scripts?

    April 26, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Configure MariaDB Master-Master/Slave Replication?
  • Using iPerf to Test Network Speed and Bandwidth (Throughput)
  • How to Mount Google Drive or OneDrive in Linux?
  • KVM: How to Expand or Shrink a Virtual Machine Disk Size?
  • Configuring High Performance NGINX and PHP-FPM Web Server
  • Install and Configure SNMP on RHEL/CentOS/Fedor
  • Adding VLAN Interface in CentOS/Fedora/RHEL
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top