Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Linux / How to Install and Use ClamAV Antivirus on CentOS/RHEL

March 13, 2024

How to Install and Use ClamAV Antivirus on CentOS/RHEL

ClamAV is an open-source antivirus. It is used to detect viruses, trojans, and malware. It is mostly used on Linux platforms to scan user directories accessible over FTP or Samba, website directories, or emails on mail servers (as an MTA agent).

In this article, we will show how to install, configure and use the ClamAV on a host running a CentOS or RHEL Linux distros.

Contents:
  • Installing ClamAV on CentOS/RHEL
  • Basic Configuration of ClamAV in Linux
  • How to Scan for Viruses with ClamAV?

Installing ClamAV on CentOS/RHEL

ClamAV is not available in basic Linux repos, so you need to use the EPEL repository to install it on your host:

# yum install epel-release -y

After you have installed the repository, you can proceed with the installation of ClamAV packages. To install it, the yum package manager is used (or dnf on CentOS 8):

# yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

install clamav rpm in linux

Basic Configuration of ClamAV in Linux

To set up your own ClamAV configuration, delete the default configuration in the /etc/clam.d/scan.conf.

# sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf

Then open the configuration file:

# nano /etc/clamd.d/scan.conf

And uncomment the following line:

LocalSocket /run/clamd.scan/clamd.sock

You can also uncomment the lines with the settings you need. For example, you can enable logging or configure the maximum number of connections.

The /etc/clamd.d/scan.conf file contains quite a detailed description of all settings.

To update the anti-virus signature databases for ClamAV, you need to use the freshclam. Backup your current configuration file:

# cp /etc/freshclam.conf /etc/freshclam.conf.bak

Then run this command:

# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf

And update your antivirus definitions:

# freshclam

freshclam - update clavam antivirus definitions database

During the update, you may see some errors if you cannot download any updates. Freshclam will automatically find a mirror to download the updates successfully.

To make freshclam automatically check for updates, you may run it with -d parameter:

# freshclam -d — thus, it will check for updates every 2 hours.

freshclam: update virus databases on schedule

To run it easier, create a service file for freshclam:

# nano /usr/lib/systemd/system/freshclam.service

And add the following contents to it:

[Unit]
Description = freshclam
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
RestartSec = 10sec
[Install]
WantedBy=multi-user.target

Reload the systemd daemon:

# systemctl daemon-reload

Then you can start your service and add it to startup:

# systemctl start freshclam.service
# systemctl enable freshclam.service
# systemctl status freshclam.service

freshclam.service service in linux

Like you did for freshclam, create a service for ClamAV. The configuration file already exists, but you will have to change its name:

# mv /usr/lib/systemd/system/clamd\@.service /usr/lib/systemd/system/clamd.service

To make it more convenient, we have deleted \@.

Also, change the configuration in the file:

[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target
[Service]
Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/scan.conf
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec=420
[Install]
WantedBy = multi-user.target

Then you can run the antivirus service or enable it:

# systemctl start clamd.service
# systemctl enable clamd.service

create clamd.service in linux centos/rhel

How to Scan for Viruses with ClamAV?

After you have configured the ClamAV antivirus service, you can scan any server directory for viruses (scanner mode). To scan the specified directory for viruses, use the following command:

# clamscan --infected --remove --recursive /var/www/

clamscan - How to scan for viruses with ClamAV?

With these parameters, the antivirus will immediately delete the infected files. If you want to move suspicious files to a separate directory, run the scan using the —move parameter:

# clamscan --infected --recursive --move=/tmp/clamscan /var/www

This command will scan all contents of the specified directory and move suspicious files to /tmp/clamscan.

clamav - scan summary report

As we can see, the infected file has been moved to the specified directory:

quarantine directory

You can also add the —log=/var/log/clamscan.log parameter to write all information about the scanning process in the log file you have specified:

clamscan.log

If you want to exclude some of the directories from scanning, use the —exclude-dir parameter:

# clamscan -i --recursive --move=/tmp/clamscan --log=/var/log/clamscan.log --exclude-dir="/var/www/administrator" /var/www

To scan for viruses regularly, you can configure a cron job with the settings you want.

There is a graphical frontend for the ClamAV antivirus called ClamTk.

3 comments
4
Facebook Twitter Google + Pinterest
LinuxQuestions and Answers
previous post
How to Check the Activation Status of MS Office 2021, 2019, and 365
next post
Find the Current User Logged on a Remote Computer

Related Reading

How to Fix the ‘Too Many Open Files’...

March 13, 2024

Installing an Open Source KMS Server (Vlmcsd) on...

March 13, 2024

Using iPerf to Test Network Speed and Bandwidth

March 12, 2024

How to Access VMFS Datastore from Linux, Windows,...

March 11, 2024

How to Check Disk Performance (IOPS and Latency)...

March 11, 2024

Install and Configure SNMP on RHEL/CentOS/Fedor

March 13, 2024

Moving WSL to Another Drive in Windows

March 11, 2024

Compress, Defrag and Optimize MariaDB/MySQL Database

March 11, 2024

3 comments

Kermit June 25, 2023 - 12:36 pm

No, I agree to disagree with the author unwise procedure, described in this article, because of next:
1. Internet is from many years now, completely not secure place where you can just download ClamAV virus definitions.
A “Man in the middle” attack is already a everyday procedure used by British, US, German etc. spy agencies. They do not hesitate to intercept each connection they can and replace key Servers ( as Microsoft Update servers and many others ) with their own version of those, therefore you be better using database already provided with ClamAV instead of overwriting it with some “internet” version.
2. No, You do not need to run “freshclam” as service, neither “ClamAV” as service in order to run a scan. Complete procedure to use ClamAV is in just 2 lines:

yum -y install clamav
clamscan -r -i /

And that is all.
Oh. “Windows OS Hub” – come from somebody who supports the Spy agencies “most friendly” OS called Windows.
See – not that I do not understand national security and stuffs, but you just do not know how far behind any ethical norms had gone the thugs who are above the laws and justice.

Reply
PasserBy July 26, 2024 - 4:20 pm

obviously happy to install a virus scanner from the net, but paranoid enough to download a virus definition update from the same website. Screw logic, right? Also, without clamd / freshclamd he loses half of ClamAV’s functionality, but oh nevermind, because “western agencies go brrrr”. Yea, sure. Sad and hilarious at the same time…

Reply
PasserBy July 26, 2024 - 4:25 pm

*to not download

Sigh.

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Installing an Open Source KMS Server (Vlmcsd) on Linux
  • How to Access VMFS Datastore from Linux, Windows, or ESXi
  • How to Configure MariaDB Master-Master/Slave Replication
  • Using iPerf to Test Network Speed and Bandwidth
  • Moving WSL to Another Drive in Windows
  • KVM: How to Expand or Shrink a Virtual Machine Disk Size?
  • Ubuntu/Mint/Kali Boots to Initramfs Prompt in BusyBox
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top