Sunday, September 25, 2022

How To Install and Configure ClamAV in Linux

In this article, we want to teach you How To Install and Configure ClamAV in Linux.

The detection and removal of threats on endpoints are powered by the AntiVirus module’s engine.

Here we will discuss one of them called ClamAV.

How To Install and Configure ClamAV in Linux

What is ClamAV?

ClamAV is an open-source and free antivirus. It is licensed under the GNU General Public License, Version 2.

The most important job of ClamAV is to scan emails on email gateways and check the attachment file in real-time.

Also, it can detect millions of viruses, trojans, worms, and other malware and threats.

ClamAV antivirus databases are always updated. it can search for viruses in compressed files. ClamAV antivirus is managed through the command line. even if it is free, it is quite limited in its features.

The ClamAV is the best antivirus for Linux operating system.

Let’s see how to install it in Linux.

How to Install ClamAV in Linux

You can install ClamAV on all Linux-based distributions.

In this part, we want to show you how to install ClamAV on RPM packages for Centos, RedHat, AlmaLinux, etc., and DEB packages for Debian, Ubuntu, etc.

To install ClamAV on these servers follow the instruction below.

We run commands as the root user.

If you log in to your server as a non-root user be sure that you have sudo privileges.

Install ClamAV on AlmaLinux 8/Centos 8/RHEL 8

  1. Install Epel release with the following command:
dnf install epel-release -y

2. Now you can install ClamAV by using:

dnf install clamav -y

Then run the following command:

dnf install clamav clamd clamav-update -y

Install ClamAV on Centos 7/Centos 6/ RHEL 7

  1. First, install the latest release of EPEL with the following command:
yum -y install epel-release

2. Here, you can install ClamAV with the command below:

yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Configure ClamAV

  1. Adjust ClamAV with SELinux and give it access to all your files with the following command:
setsebool -P antivirus_can_scan_system 1

2. Now get the latest signatures of antivirus with the command below:

freshclam

3. For using ClamAV you need to enable the LocalSocket parameter in /etc/clamd.d/scan.conf with the following command:

sed -i 's/#LocalSocket \/run/LocalSocket \/run/g' /etc/clamd.d/scan.conf

4. At this point, you need to create a ClamAV systemd service and set it to auto-start. use the following command to create your file:

vi /usr/lib/systemd/system/freshclam.service

Then, add the following lines to freshclam.service file.

[Unit]
Description = ClamAV Scanner
After = network.target

[Service]
Type = forking
# if you want to scan more than one in a day change the number 1 with your desired number in below line.
ExecStart = /usr/bin/freshclam -d -c 1
Restart = on-failure
PrivateTmp =true

[Install]
WantedBy=multi-user.target

When you are finished, save and close your file.

5. Start and enable the services.

systemctl start [email protected]
systemctl start freshclam
systemctl enable [email protected]
systemctl enable freshclam

6. When you are finished configuring ClamAV. Now you can check that your service is active and running with:

systemctl status [email protected]
OutPut
[email protected] - clamd scanner (scan) daemon
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor pres>
Active: active (running) since Thu 2021-09-09 03:25:00 EDT; 34s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Main PID: 52667 (clamd)
Tasks: 2 (limit: 11409)
Memory: 1.2G
CGroup: /system.slice/system-clamd.slice/[email protected]
└─52667 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
systemctl status freshclam
Output
freshclam.service - ClamAV Scanner
Loaded: loaded (/usr/lib/systemd/system/freshclam.service; enabled; vendor p>
Active: active (running) since Thu 2021-09-09 03:25:10 EDT; 36s ago
Main PID: 52672 (freshclam)
Tasks: 1 (limit: 11409)
Memory: 5.3M
CGroup: /system.slice/freshclam.service

Now you are done with installing ClamAV and you can start to scan your system with it.

Install and Configure ClamAV on Debian/Ubuntu

First, you need to update and upgrade the APT packages with the following command:

apt update && apt upgrade

Then install ClamAV and its services with the following command:

apt-get install clamav clamav-daemon -y

Now you should start clamav-daemon, you can use the following command:

service clamav-daemon start

At this point, you need to update virus signatures. first, stop freshclam by using:

/etc/init.d/clamav-freshclam stop

Now update viruses signatures with the following command:

freshclam

start freshclam again with:

/etc/init.d/clamav-freshclam start

Now you need to start the services:

systemctl start clamav-daemon
systemctl start clamav-freshclam

When you are finished installing ClamAV. To check that your service is active and running run the following command:

systemctl status clamav-daemon
Output
clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor>
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: active (running) since Sat 2021-09-11 01:48:14 EDT; 1min 58s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Process: 11093 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=>
Process: 11094 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, sta>
Main PID: 11095 (clamd)
Tasks: 2 (limit: 2340)
Memory: 1.1G
CPU: 28.087s
CGroup: /system.slice/clamav-daemon.service
└─11095 /usr/sbin/clamd --foreground=true
systemctl status clamav-freshclam
Output
clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; ven>
Active: active (running) since Sat 2021-09-11 01:49:11 EDT; 1min 33s ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://www.clamav.net/documents
Main PID: 11122 (freshclam)
Tasks: 1 (limit: 2340)
Memory: 2.8M
CPU: 93ms
CGroup: /system.slice/clamav-freshclam.service
└─11122 /usr/bin/freshclam -d --foreground=true

Let’s see how to use ClamAV in Linux.

How to Use ClamAV

The important tool to use ClamAV is clamscan. the basic syntax of clamscan is:

clamscan [options] [files-or-directories]

Here are the most important options :

  1. –infected: prints only infected files.
  2. –remove: removes infected files.
  3. –recursive: all directories and subdirectories in that path will be scanned.

For more information about clamscan you can use:

man clamscan

Conclusion

At this point, you know what is ClamAV., and you can easily install and use it on all Linux distros like Centos 7, Ubuntu20.04, Debian 11, etc.

Hope you enjoy this article about How To Install and Configure ClamAV in Linux.

May you will be interested in this article about How to Install and Configure Rootkit hunter in Linux.

Related Articles

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles