In this article, we want to teach you How To Install and Configure ClamAV in Linux.
The detection and removal of threats on endpoints are powered by the AntiVirus module’s engine.
Here we will discuss one of them called ClamAV.
What is ClamAV?
ClamAV is an open-source and free antivirus. It is licensed under the GNU General Public License, Version 2.
The most important job of ClamAV is to scan emails on email gateways and check the attachment file in real time.
Also, it can detect millions of viruses, trojans, worms, and other malware and threats.
ClamAV antivirus databases are always updated. it can search for viruses in compressed files. ClamAV antivirus is managed through the command line. even if it is free, it is quite limited in its features.
Step To Install and Configure ClamAV in Linux
The ClamAV is the best antivirus for Linux operating system.
Let’s see how to install it in Linux.
Install ClamAV on Linux
You can install ClamAV on all Linux-based distributions.
In this part, we want to show you how to install ClamAV on RPM packages for Centos, RedHat, AlmaLinux, etc., and DEB packages for Debian, Ubuntu, etc.
To install ClamAV on these servers follow the instruction below.
We run commands as the root user.
If you log in to your server as a non-root user be sure that you have sudo privileges.
Install ClamAV on AlmaLinux 8 / Centos 8 / RHEL 8
- Install the Epel release with the following command:
dnf install epel-release -y
2. Now you can install ClamAV by using:
dnf install clamav -y
Then run the following command:
dnf install clamav clamd clamav-update -y
Install ClamAV on Centos 7 / Centos 6 / RHEL 7
- First, install the latest release of EPEL with the following command:
yum -y install epel-release
2. Here, you can install ClamAV with the command below:
yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
Configure ClamAV
- Adjust ClamAV with SELinux and give it access to all your files with the following command:
setsebool -P antivirus_can_scan_system 1
2. Now get the latest signatures of the antivirus with the command below:
freshclam
3. For using ClamAV you need to enable the LocalSocket parameter in /etc/clamd.d/scan.conf with the following command:
sed -i 's/#LocalSocket \/run/LocalSocket \/run/g' /etc/clamd.d/scan.conf
freshclam service
4. At this point, you need to create a ClamAV systemd service and set it to auto-start. use the following command to create your file:
vi /usr/lib/systemd/system/freshclam.service
Then, add the following lines to freshclam.service file.
[Unit] Description = ClamAV Scanner After = network.target [Service] Type = forking # if you want to scan more than one in a day change the number 1 with your desired number in below line. ExecStart = /usr/bin/freshclam -d -c 1 Restart = on-failure PrivateTmp =true [Install] WantedBy=multi-user.target
When you are finished, save and close your file.
5. Start and enable the services.
systemctl start [email protected] systemctl start freshclam systemctl enable [email protected] systemctl enable freshclam
6. When you are finished configuring ClamAV. Now you can check that your service is active and running with:
systemctl status [email protected]
OutPut [email protected] - clamd scanner (scan) daemon Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor pres> Active: active (running) since Thu 2021-09-09 03:25:00 EDT; 34s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Main PID: 52667 (clamd) Tasks: 2 (limit: 11409) Memory: 1.2G CGroup: /system.slice/system-clamd.slice/clam[email protected] └─52667 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
systemctl status freshclam
Output freshclam.service - ClamAV Scanner Loaded: loaded (/usr/lib/systemd/system/freshclam.service; enabled; vendor p> Active: active (running) since Thu 2021-09-09 03:25:10 EDT; 36s ago Main PID: 52672 (freshclam) Tasks: 1 (limit: 11409) Memory: 5.3M CGroup: /system.slice/freshclam.service
Now you are done with installing ClamAV and you can start to scan your system with it.
Install and Configure ClamAV on Debian / Ubuntu
First, you need to update and upgrade the APT packages with the following command:
apt update && apt upgrade
Then install ClamAV and its services with the following command:
apt-get install clamav clamav-daemon -y
Now you should start clamav-daemon, you can use the following command:
service clamav-daemon start
At this point, you need to update virus signatures. first, stop freshclam by using:
/etc/init.d/clamav-freshclam stop
Now update viruses signatures with the following command:
freshclam
start freshclam again with:
/etc/init.d/clamav-freshclam start
Now you need to start the services:
systemctl start clamav-daemon systemctl start clamav-freshclam
When you are finished installing ClamAV. To check that your service is active and running run the following command:
systemctl status clamav-daemon
Output clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor> Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: active (running) since Sat 2021-09-11 01:48:14 EDT; 1min 58s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 11093 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=> Process: 11094 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, sta> Main PID: 11095 (clamd) Tasks: 2 (limit: 2340) Memory: 1.1G CPU: 28.087s CGroup: /system.slice/clamav-daemon.service └─11095 /usr/sbin/clamd --foreground=true
systemctl status clamav-freshclam
Output clamav-freshclam.service - ClamAV virus database updater Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; ven> Active: active (running) since Sat 2021-09-11 01:49:11 EDT; 1min 33s ago Docs: man:freshclam(1) man:freshclam.conf(5) https://www.clamav.net/documents Main PID: 11122 (freshclam) Tasks: 1 (limit: 2340) Memory: 2.8M CPU: 93ms CGroup: /system.slice/clamav-freshclam.service └─11122 /usr/bin/freshclam -d --foreground=true
Let’s see how to use ClamAV in Linux.
How To Use ClamAV
The important tool to use ClamAV is clamscan. the basic syntax of clamscan is:
clamscan [options] [files-or-directories]
Here are the most important options :
- –infected: prints only infected files.
- –remove: removes infected files.
- –recursive: all directories and subdirectories in that path will be scanned.
For more information about clamscan you can use:
man clamscan
Conclusion
At this point, you know what is ClamAV., and you can easily install and use it on all Linux distros like Centos 7, Ubuntu20.04, Debian 11, etc.
Hope you enjoy this article about How To Install and Configure ClamAV in Linux.
May you will be interested in this article about How to Install and Configure Rootkit hunter in Linux.
You are missing the on-access bits.