How to Install ClamAV - lightblueseas/linuxstuff GitHub Wiki
Install ClamAV
This guide provides step-by-step instructions on how to install ClamAV, an open-source antivirus software, on a Linux system and macOS. We'll cover the installation on Ubuntu/Debian, CentOS/RHEL systems and macOS.
Prerequisites
- A system running Linux (Ubuntu/Debian or CentOS/RHEL)
- Root or sudo privileges
- Access to a terminal/command line
Installation on Ubuntu/Debian Systems
1. Update the Package List
Before installing new software, it's a good idea to update your package list. Open your terminal and run:
sudo apt update
2. Install ClamAV
Install ClamAV and its utilities using apt:
sudo apt install clamav clamav-daemon
The clamav-daemon package allows ClamAV to run as a background service.
3. Start and Enable the ClamAV Service
After installation, you need to start the ClamAV service and enable it to run at boot:
sudo systemctl start clamav-daemon
sudo systemctl enable clamav-daemon
3.1 Check if ClamAV Daemon is Running
To ensure the ClamAV daemon is running correctly, you can check its status using:
sudo systemctl status clamav-daemon
This command will display the current status of the ClamAV daemon, indicating whether it is active and running.
4. Update Virus Database
Note: ClamAV’s Freshclam daemon automatically updates its malware signature database at scheduled intervals. But you can do it manually as described in the following section.
Before updating the ClamAV virus database, it's recommended to stop the ClamAV daemon to avoid conflicts during the update process.
4.1 Stop the ClamAV Daemon
Run the following command to stop the ClamAV daemon:
sudo systemctl stop clamav-daemon
4.2 Update the Virus Database
After stopping the daemon, update the virus database:
sudo freshclam
This command updates ClamAV’s database.
4.3 Start the ClamAV Daemon Again
Once the database update is complete, restart the ClamAV daemon:
sudo systemctl start clamav-daemon
4.4 Script to Automate the Process
You can automate this process with a simple script:
#!/bin/bash
# Stop ClamAV daemon
sudo systemctl stop clamav-daemon
# Update ClamAV virus database
sudo freshclam
# Start ClamAV daemon
sudo systemctl start clamav-daemon
echo "ClamAV daemon restarted and virus database updated successfully."
Save this script as update_clamav.sh, make it executable with chmod +x update_clamav.sh, and run it whenever you need to update the virus database.
5. Scan for Malware
To perform a manual scan, use:
clamscan [options] [file/directory]
For example, to scan the entire system, run:
sudo clamscan --infected --recursive --exclude-dir="^/sys" /
Installation on CentOS/RHEL Systems
1. Enable EPEL Repository
ClamAV is available in the Extra Packages for Enterprise Linux (EPEL) repository. If it's not already enabled, enable EPEL:
sudo yum install epel-release
2. Install ClamAV
Now, install ClamAV:
sudo yum install clamav
3. Start and Enable the ClamAV Service
Similar to Ubuntu/Debian, start and enable the service:
sudo systemctl start clamd@scan
sudo systemctl enable clamd@scan
###3.1 Check if ClamAV Daemon is Running
To verify that the ClamAV daemon is running, use the following command:
sudo systemctl status clamd@scan
This command will show the status of the ClamAV daemon, helping you confirm that it is active and running as expected.
4. Update Virus Database
Note: ClamAV’s Freshclam daemon automatically updates its malware signature database at scheduled intervals. But you can do it manually as described in the following section.
Before updating the ClamAV virus database, it's recommended to stop the ClamAV daemon to avoid conflicts during the update process.
4.1 Stop the ClamAV Daemon
Run the following command to stop the ClamAV daemon:
sudo systemctl stop clamd@scan
4.2 Update the Virus Database
After stopping the daemon, update the virus database:
sudo freshclam
This command updates ClamAV’s database.
4.3 Start the ClamAV Daemon Again
Once the database update is complete, restart the ClamAV daemon:
sudo systemctl start clamd@scan
4.4 Script to Automate the Process
You can automate this process with a simple script:
#!/bin/bash
# Stop ClamAV daemon
sudo systemctl stop clamd@scan
# Update ClamAV virus database
sudo freshclam
# Start ClamAV daemon
sudo systemctl start clamd@scan
echo "ClamAV daemon restarted and virus database updated successfully."
Save this script as update_clamav.sh, make it executable with chmod +x update_clamav.sh, and run it whenever you need to update the virus database.
5. Scan for Malware
You can start a scan using:
sudo clamscan --infected --recursive --exclude-dir="^/sys" /
Installing ClamAV on macOS
To install ClamAV on macOS, follow these steps: 1. Install the Homebrew Package Manager: Homebrew is a package manager for macOS. Install it by running the following command in Terminal:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
2. Install ClamAV Using the brew Command: Use Homebrew to install ClamAV:
brew install clamav
3. Configure ClamAV: Change directories and copy the ClamAV configuration files:
cd /usr/local/etc/clamav/
cp freshclam.conf.sample freshclam.conf
cp clamd.conf.sample clamd.conf
Edit the freshclam.conf file to comment out the Example line:
##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
# Comment or remove the line below.
# Example
# ...
Do the same for the clamd.conf file. Save both files after making the necessary adjustments.
4. Update the ClamAV Database: Update the virus database:
freshclam
To scan the current working directory:
clamscan
To scan a particular file:
clamscan /path/to/file
To scan all files in a directory recursively:
clamscan -r /path/to/directory
Conclusion
After following these steps, ClamAV should be successfully installed and configured on your Linux system. Regularly updating the virus database and performing system scans is crucial to maintaining system security. ClamAV is a powerful, open-source antivirus solution suitable for various operating systems, including macOS, Ubuntu, and CentOS/RHEL. It is highly effective for email gateway protection and integrates well with different MTAs. Following the installation and configuration steps outlined above will help you set up ClamAV and keep your system protected from malware. Regularly updating the virus database and performing system scans is crucial to maintaining system security. For more detailed options and configurations, refer to the ClamAV documentation and manual pages.
Additional Resources
- ClamAV official documentation: ClamAV Official Documentation
- nextcloud documentation: nextcloud server configuration