CentOSRHEL Based

How To Install ClamAV on CentOS Stream 10

r00t

Install ClamAV on CentOS Stream 10

In this tutorial, we will show you how to install ClamAV on CentOS Stream 10. ClamAV, a widely-used open-source antivirus solution, provides robust protection for Linux-based environments. This guide offers a detailed walkthrough for installing and configuring ClamAV on CentOS Stream 10, ensuring your server or desktop remains secure. Securing your system is a necessity, and ClamAV offers a cost-effective and powerful solution.

What is ClamAV and Why Use It?

ClamAV is an open-source antivirus engine designed to detect Trojans, viruses, malware, and other malicious threats. It operates under the GNU General Public License (GPL), making it a free and versatile option for a wide range of users. ClamAV isn’t a traditional endpoint security suite but rather a toolkit.

  • Core Functionality: ClamAV scans files and directories for malicious code, comparing them against a regularly updated database of virus signatures.
  • Licensing: Being open source, ClamAV allows for community-driven development and transparency, which promotes trust and continuous improvement.

Key Features of ClamAV

ClamAV boasts a range of features that make it an excellent choice for Linux systems:

  • Command-line scanner: Provides flexibility for scripting and automation.
  • Automatic database updates: Ensures protection against the latest threats.
  • Support for multiple file formats: Handles a wide variety of file types, increasing detection capabilities.

Benefits of Using ClamAV on CentOS

Here’s why ClamAV is particularly beneficial for CentOS Stream 10 users:

  • Open-source and free: Eliminates licensing costs, making it accessible to everyone.
  • Regularly updated virus definitions: Keeps your system protected against emerging threats.
  • Lightweight and efficient: Minimizes resource usage, ensuring system performance isn’t significantly impacted.
  • Suitable for servers, desktops, and email gateways: Offers versatile protection across different environments.

Many users find ClamAV to be a crucial component in their security strategy due to its adaptability and strong community support. Protecting against malware is a continuous effort.

Prerequisites for Installation

Before you begin, ensure you have the following prerequisites in place. It’s important to verify these before proceeding to avoid any installation hiccups.

  • CentOS Stream 10 installed and running: A clean and functional CentOS Stream 10 installation is required.
  • Root or sudo privileges: You’ll need administrative rights to install software and modify system settings.
  • Stable internet connection: An active internet connection is necessary for downloading packages and updating virus definitions.
  • Basic knowledge of the Linux command line: Familiarity with basic commands will help you navigate the installation process.

Step-by-Step Installation Guide

Follow these steps to install and configure ClamAV on your CentOS Stream 10 system. Each step is detailed to ensure a smooth and successful installation.

Enabling the EPEL Repository

The EPEL (Extra Packages for Enterprise Linux) repository provides additional packages not available in the default CentOS repositories. ClamAV is one such package, making EPEL a necessary addition.

To enable the EPEL repository, use the following command:

sudo dnf install epel-release -y

This command installs the EPEL release package, adding the repository to your system. EPEL is a valuable resource for additional software.

Installing ClamAV Packages

Next, install the ClamAV packages using the following command. This includes the core ClamAV scanner, daemon, and update tools. This command installs all necessary components for ClamAV to function correctly.

sudo dnf install clamav clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y

This command installs several packages:

  • clamav: End-user tools for the Clam Antivirus scanner.
  • clamav-server: The Clam AntiVirus Daemon.
  • clamav-data: Virus signature data for the Clam Antivirus scanner.
  • clamav-update: Auto-updater for the Clam Antivirus scanner data-files.
  • clamav-filesystem: Filesystem utilities for ClamAV.
  • clamav-scanner-systemd: Systemd integration for ClamAV scanner.
  • clamav-devel: Header files and libraries for Clam Antivirus scanner.
  • clamav-lib: Dynamic libraries for the Clam Antivirus scanner.
  • clamav-server-systemd: Systemd integration for ClamAV server.

SELinux Configuration (If Applicable)

SELinux (Security-Enhanced Linux) provides an extra layer of security. If enabled, you may need to adjust SELinux settings to allow ClamAV to function correctly. To check the status of SELinux, use the following command:

sestatus

If SELinux is enabled, grant ClamAV access with these commands:

sudo setsebool -P antivirus_can_scan_system 1
sudo setsebool -P clamd_use_jit 1

These commands allow ClamAV to scan the system and use JIT (Just-In-Time) compilation, enhancing performance. SELinux is an important security consideration.

Configuring ClamAV

ClamAV requires some configuration to optimize its performance and security. Modify the configuration files as follows:

  1. Modify /etc/clamd.d/scan.conf:

Remove or comment out the Example line:

sudo sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf

Uncomment LocalSocket:

sudo sed -i -e "s/#LocalSocket \/var\/run\/clamd.scan\/clamd.sock/LocalSocket \/var\/run\/clamd.scan\/clamd.sock/" /etc/clamd.d/scan.conf

This allows ClamAV to use a local socket for communication, improving efficiency.

  1. Modify /etc/freshclam.conf:

Remove or comment out the Example line:

sudo sed -i -e "s/^Example/#Example/" /etc/freshclam.conf

This ensures that the freshclam utility uses the correct configuration settings. It’s a crucial step for signature updates.

Updating the Virus Database

Keeping the virus database up to date is essential for effective protection. Use the following command to update the database:

sudo freshclam

This command downloads the latest virus definitions, ensuring ClamAV can detect the newest threats. Regular updates are key to maintaining security.

Starting and Enabling ClamAV Services

To start and enable the ClamAV services, use the following commands. This ensures that ClamAV runs in the background and starts automatically on boot.

sudo systemctl enable clamd@scan
sudo systemctl start clamd@scan
sudo systemctl enable freshclam
sudo systemctl start freshclam

These commands enable and start the ClamAV daemon (clamd) and the virus definition update service (freshclam). Both services are vital for continuous protection.

Basic Usage and Scanning

Now that ClamAV is installed, let’s explore some basic usage and scanning techniques. These commands will help you perform manual scans and automate the process.

Command-Line Scanning

The clamscan command allows you to perform manual scans from the command line. Here are some common use cases:

  • Scanning a specific file:
clamscan /path/to/file
  • Recursive scanning of a directory:
clamscan -r /path/to/directory
  • Scanning the entire system:
clamscan -r /
  • Displaying only infected files:
clamscan -i -r /path/to/scan
  • Removing infected files:
clamscan --remove /path/to/infected/file

These options provide flexibility in how you scan your system for malware. Regular scans are an important part of your security routine.

Real-time Scanning (Using ClamD)

The ClamD daemon provides real-time scanning capabilities. Use the clamdscan command to scan files with the daemon:

clamdscan /path/to/file

ClamD offers continuous scanning, providing an additional layer of protection. It’s particularly useful for servers and systems that require constant monitoring.

Scheduling Scans with Cron

Automate scans using cron jobs to ensure regular checks. This eliminates the need for manual intervention and keeps your system consistently protected.

Example cron job to scan the /home directory daily:

0 0 * * * /usr/bin/clamscan -i -r /home >> /var/log/clamav/clamscan.log

This cron job runs at midnight every day, scanning the /home directory and logging the results. Automating scans ensures consistent protection.

Make the cron script executable:

chmod +x /etc/cron.daily/manual_clamscan

Advanced Configuration and Tuning

For more advanced users, ClamAV offers several configuration options to fine-tune its behavior. These adjustments can optimize performance and enhance security.

Adjusting ClamD Configuration

The /etc/clamd.d/scan.conf file contains various settings that can be adjusted. Consider the following:

  • Maximum file size to scan: Adjust this to balance scanning thoroughness with performance.
  • Types of files to exclude: Exclude certain file types to improve scanning speed.
  • Number of threads: Increase the number of threads to improve scanning performance on multi-core systems.
  • Location of the virus database: Ensure this is correctly configured for updates.

Fine-tuning these settings can significantly impact ClamAV’s performance. Experiment to find the optimal configuration for your system.

Excluding Directories and Files

Exclude specific directories or files from scans to improve performance. This is particularly useful for directories containing large files or those known to be safe. Use the --exclude-dir and --exclude-file options with clamscan.

clamscan -r --exclude-dir=/path/to/exclude /path/to/scan

Excluding unnecessary directories can significantly reduce scanning time. Be cautious when excluding files to avoid missing potential threats.

Email Scanning

ClamAV can be integrated with email servers to scan incoming and outgoing emails. This requires additional configuration and the clamav-milter package. Integrating ClamAV with your email system provides an extra layer of protection against email-borne threats.

Troubleshooting Common Issues

Here are some common issues and their solutions:

  • Database update failures:
    • Ensure your internet connection is stable.
    • Check DNS settings.
    • Verify that the ClamAV update servers are reachable.
  • High CPU usage:
    • Adjust the number of threads used by ClamD.
    • Exclude unnecessary directories from scans.
    • Schedule scans during off-peak hours.
  • False positives:
    • Submit the file to ClamAV for analysis.
    • Exclude the file from scans if it’s a known safe file.
  • Permissions issues:
    • Ensure ClamAV has the necessary permissions to access the files and directories being scanned.
    • Check SELinux settings.

Congratulations! You have successfully installed ClamAV. Thanks for using this tutorial to install the ClamAV antivirus on CentOS Stream 10. For additional help or useful information, we recommend you check the official ClamAV website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button