Install and Configure ClamAV in Linux

In this article, we want to teach you to Install and Configure ClamAV in Linux Command Line Terminal. The detection and removal of threats on endpoints are powered by the AntiVirus module’s engine. Here we will discuss one of them called ClamAV.

What is ClamAV Antivirus in Linux?

ClamAV is an open-source and free antivirus. It is licensed under the GNU General Public License, Version 2.

The most important job of ClamAV is to scan emails on email gateways and check the attachment file in real time.

Also, it can detect millions of viruses, trojans, worms, and other malware and threats.

ClamAV antivirus databases are always updated. It can search for viruses in compressed files. ClamAV antivirus is managed through the command line.

Step To Install and Configure ClamAV in Linux Command Line Terminal

The ClamAV is the best antivirus for the Linux operating system. Let’s see how to install it in Linux.

Step 1 – Install ClamAV on the Linux Command Line

You can install ClamAV on all Linux-based distributions.

In this part, we want to show you how to install ClamAV on RPM packages for Centos, RedHat, AlmaLinux, etc., and DEB packages for Debian, Ubuntu, etc.

To install ClamAV on these servers follow the instructions below.

Note: We run commands as the root user. If you log in to your server as a non-root user be sure that you have sudo privileges.

Install ClamAV on AlmaLinux 8 / Centos 8 / RHEL 8

  1. Install the Epel release with the following command:
dnf install epel-release -y

2. Now you can install ClamAV by using:

dnf install clamav -y

Then run the following command:

dnf install clamav clamd clamav-update -y

Install ClamAV on Centos 7 / Centos 6 / RHEL 7

  1. First, install the latest release of EPEL with the following command:
yum -y install epel-release

2. Here, you can install ClamAV with the command below:

yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Configure ClamAV on RHEL

  1. Adjust ClamAV with SELinux and give it access to all your files with the following command:
setsebool -P antivirus_can_scan_system 1

2. Now get the latest signatures of the antivirus with the command below:


3. For using ClamAV you need to enable the LocalSocket parameter in /etc/clamd.d/scan.conf with the following command:

sed -i 's/#LocalSocket \/run/LocalSocket \/run/g' /etc/clamd.d/scan.conf

Start and Enable ClamAV and Freshclam on RHEL

4. At this point, you need to create a ClamAV systemd service and set it to auto-start. use the following command to create your file:

vi /usr/lib/systemd/system/freshclam.service

Then, add the following lines to freshclam.service file.

Description = ClamAV Scanner
After =

Type = forking
# if you want to scan more than one in a day change the number 1 with your desired number in below line.
ExecStart = /usr/bin/freshclam -d -c 1
Restart = on-failure
PrivateTmp =true


When you are finished, save and close your file.

5. Start and enable the services:

systemctl start clamd@scan
systemctl start freshclam
systemctl enable clamd@scan
systemctl enable freshclam

6. When you are finished configuring ClamAV. Now you can check that your service is active and running with:

systemctl status clamd@scan
clamd@scan.service - clamd scanner (scan) daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@.service; enabled; vendor pres>
Active: active (running) since Thu 2021-09-09 03:25:00 EDT; 34s ago
Docs: man:clamd(8)
Main PID: 52667 (clamd)
Tasks: 2 (limit: 11409)
Memory: 1.2G
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
└─52667 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
systemctl status freshclam
freshclam.service - ClamAV Scanner
Loaded: loaded (/usr/lib/systemd/system/freshclam.service; enabled; vendor p>
Active: active (running) since Thu 2021-09-09 03:25:10 EDT; 36s ago
Main PID: 52672 (freshclam)
Tasks: 1 (limit: 11409)
Memory: 5.3M
CGroup: /system.slice/freshclam.service

Now you are done with installing ClamAV and you can start to scan your system with it.

Install and Configure ClamAV on Debian / Ubuntu

First, you need to update and upgrade the APT packages with the following command:

apt update && apt upgrade

Then, install ClamAV and its services with the following command:

apt install clamav clamav-daemon -y

Now you should start ClamAV-daemon, you can use the following command:

service clamav-daemon start

At this point, you need to update virus signatures. First, stop freshclam by using:

/etc/init.d/clamav-freshclam stop

Now update viruses signatures with the following command:


Start Freshclam again with:

/etc/init.d/clamav-freshclam start

Now you need to start the services:

systemctl start clamav-daemon
systemctl start clamav-freshclam

When you are finished installing ClamAV on Debian-based distros, check that your service is active and running with the following command:

systemctl status clamav-daemon
clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor>
Drop-In: /etc/systemd/system/clamav-daemon.service.d
Active: active (running) since Sat 2021-09-11 01:48:14 EDT; 1min 58s ago
Docs: man:clamd(8)
Process: 11093 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=>
Process: 11094 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, sta>
Main PID: 11095 (clamd)
Tasks: 2 (limit: 2340)
Memory: 1.1G
CPU: 28.087s
CGroup: /system.slice/clamav-daemon.service
└─11095 /usr/sbin/clamd --foreground=true
systemctl status clamav-freshclam
clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; ven>
Active: active (running) since Sat 2021-09-11 01:49:11 EDT; 1min 33s ago
Docs: man:freshclam(1)
Main PID: 11122 (freshclam)
Tasks: 1 (limit: 2340)
Memory: 2.8M
CPU: 93ms
CGroup: /system.slice/clamav-freshclam.service
└─11122 /usr/bin/freshclam -d --foreground=true

Let’s see how to use ClamAV in Linux.

Step 2 – Use ClamAV on Linux from Terminal

The important tool to use ClamAV is clamscan. The basic syntax of clamscan is:

clamscan [options] [files-or-directories]

Here are the most important options :

  1. –infected: prints only infected files.
  2. –remove: removes infected files.
  3. –recursive: all directories and subdirectories in that path will be scanned.

For more information about clamscan, you can use:

man clamscan


At this point, you know what is ClamAV, and you can easily install and use it on all Linux distros like Centos 7, Ubuntu20.04, Debian 11, etc.

Hope you enjoy this article about How To Install and Configure ClamAV in Linux.

You may be interested in this article about How to Install and Configure Rootkit Hunter in Linux.

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Stay informed and not overwhelmed, subscribe now!