How to Install and Configure ClamAV on CentOS Stream 9, Fedora, RHEL 9
Introduction –
ClamAV is a versatile, open-source antivirus engine designed to detect Trojans, viruses, malware, and other malicious threats. Developed by the ClamAV team and maintained as part of the Cisco Systems portfolio, it receives updates via the continually-updated virus database provided by the Clam AntiVirus community. This community-driven approach ensures a wide coverage against emerging threats. In this guide, we will explore how to install, set up, and configure ClamAV on CentOS, Fedora, and RHEL systems.
Step 1: Install Required Repositories
Ensure your system’s package repository is up-to-date and has access to the EPEL repository, which contains additional packages needed for ClamAV:
1
2
sudo dnf update -y
sudo dnf install epel-release -y
Step 2: Install ClamAV
With the EPEL repository enabled, proceed to install ClamAV and its utilities:
1
sudo dnf install clamav clamav-update -y
Step 3: Configure Automatic Virus Database Updates
freshclam is used to update the virus database of ClamAV. Instead of running it as a service, you’ll set it up to run periodically via cron:
1
sudo freshclam
Step 5: Schedule Daily Scans
For daily scans of the root directory and optional scans of mounted NFS directories (e.g., /mnt/nfs), set up a cron job:
Create log directories and set permissions: Create the log directory and file if it doesn’t exist, and set the right permissions for them.
1
2
3
4
sudo mkdir -p /var/log/clamav
sudo touch /var/log/clamav/daily_scan.log
sudo chmod 755 /var/log/clamav
sudo chmod 640 /var/log/clamav/daily_scan.log
Create the scan script using vi:
1
sudo vi /usr/local/bin/daily_clamscan.sh
Add the following script contents:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
#!/bin/bash
LOGFILE="/var/log/clamav/daily_scan.log"
touch "$LOGFILE"
chmod 640 "$LOGFILE"
echo "Updating ClamAV database..." >> "$LOGFILE"
freshclam >> "$LOGFILE" 2>&1
echo "Starting ClamAV scan..." >> "$LOGFILE"
# Scan the entire root file system
clamscan -r / --log="$LOGFILE"
# Uncomment the following line to include /mnt/nfs in the scan, or add other drives such as /mnt/smb, etc...
# clamscan -r /mnt/nfs --log="$LOGFILE"
echo "Scan completed." >> "$LOGFILE"
# Uncomment the following line to delete logs older than 30 days
# find /var/log/clamav/ -type f -name '*.log' -mtime +30 -exec rm {} \;
Make the script executable by a non-root account, making sure to use your actual username instead of [username]:
1
2
3
sudo chmod +x /usr/local/bin/daily_clamscan.sh
sudo setfacl -m u:[username]:rwx /var/log/clamav
sudo setfacl -m u:[username]:rx /usr/local/bin/daily_clamscan.sh
Schedule the cron job:
1
sudo crontab -e
Add the cron job, which is set to run the script every day at 3:00 AM every day:
1
0 6 * * * /usr/local/bin/daily_clamscan.sh
Step 6: Monitoring and Logs
Set up log rotation to automatically delete logs older than 30 days (optional, ensure this is uncommented in the script if desired).
Conclusion –
Installing and configuring ClamAV on your CentOS, Fedora, or RHEL system provides robust protection against malware threats. ClamAV’s community-driven virus definitions ensure you are protected against the latest discovered threats. Keep your system secure by regularly updating ClamAV and scanning your system.
Stay proactive about your cybersecurity with ClamAV and keep your systems safe!