How To Install ClamAV on CentOS Stream 9
In this tutorial, we will show you how to install ClamAV on CentOS Stream 9. ClamAV, a powerful open-source antivirus software, is an excellent solution for securing your CentOS Stream 9 servers and workstations. With its robust scanning engine, regular virus definition updates, and seamless integration with various tools and services, ClamAV provides comprehensive protection against a wide range of threats.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the ClamAV antivirus on CentOS Stream 9.
Prerequisites
- A server running one of the following operating systems: CentOS Stream 9.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- An active internet connection.
- You’ll need administrative privileges or root access on your CentOS Stream 9 system. If you don’t have them, reach out to your system administrator.
Install ClamAV on CentOS Stream 9
Step 1. Before proceeding with the Kodi installation, it’s crucial to update your CentOS Stream 9 system to the latest versions of all packages. Log in to your account and switch to the root user using the su command. Run the following command to update your system:
sudo dnf clean all sudo dnf update
Step 2. Enable EPEL Repository.
ClamAV packages are not available in the default CentOS Stream 9 repositories. To access them, you need to enable the Extra Packages for Enterprise Linux (EPEL) repository. EPEL is a community-driven repository that provides additional packages for CentOS and other RHEL-based distributions.
To enable the EPEL repository on CentOS Stream 9, run the following command:
sudo dnf install epel-release
Once the installation is complete, you can verify that the EPEL repository is successfully enabled by running:
sudo dnf repolist | grep epel
Step 3. Installing ClamAV on CentOS Stream 9.
With the EPEL repository enabled, you can now proceed to install the ClamAV packages. The core packages required for ClamAV are:
- clamav: The main ClamAV package containing the scanning engine and command-line tools.
- clamav-update: A package responsible for updating the virus definitions.
- clamd: The ClamAV daemon that runs in the background and performs real-time scanning.
To install these packages, run the following command:
sudo dnf install clamav clamav-update clamd
After the installation completes, you can verify that the packages are successfully installed by running:
rpm -qa | grep clamav
Step 4. Adjust SELinux Policy.
Security-Enhanced Linux (SELinux) is a security feature in CentOS Stream 9 that enforces access controls and policies. By default, SELinux may prevent ClamAV from accessing certain files and directories necessary for its operation. To ensure ClamAV functions properly, you need to adjust the SELinux policy. To allow ClamAV to access the required files and directories, run the following commands:
sudo setsebool -P antivirus_can_scan_system 1 sudo setsebool -P clamd_use_jit 1
To verify that the SELinux policy is configured correctly for ClamAV, run:
sudo getsebool -a | grep antivirus
The output should show the antivirus_can_scan_system and clamd_use_jit boolean values set to 1.
Step 5. Update Virus Definitions.
Keeping the ClamAV virus definitions up to date is crucial for effective malware detection. ClamAV provides the freshclam utility to download and install the latest virus definitions. To update the virus definitions, you need to configure the freshclam tool.
Open the freshclam.conf file in a text editor:
sudo nano /etc/freshclam.conf
Uncomment the following lines by removing the # symbol at the beginning:
DatabaseDirectory /var/lib/clamav UpdateLogFile /var/log/clamav/freshclam.log LogFileMaxSize 20M LogTime yes LogRotate 5 LogSyslog yes
Save the changes and exit the editor, then run the freshclam command to download the latest virus definitions:
sudo freshclam
The freshclam utility will connect to the ClamAV servers, download the latest definitions, and install them in the specified database directory.
To ensure that the virus definitions are regularly updated, you can set up a cron job or a systemd timer. For example, to create a daily cron job, run:
sudo echo "0 0 * * * /usr/bin/freshclam --quiet" >> /etc/crontab
This will run the freshclam command every day at midnight to update the virus definitions.
Step 6. Configure ClamAV and Start Services.
To configure ClamAV and start its services, you need to edit the clamd.conf and scan.conf files. Open the clamd.conf file in a text editor:
sudo nano /etc/clamd.conf
Uncomment and modify the following lines according to your requirements:
LogFile /var/log/clamav/clamd.log LogFileMaxSize 20M LogTime yes LogSyslog yes LocalSocket /var/run/clamd.sock TCPSocket 3310 TCPAddr 127.0.0.1 MaxConnectionQueueLength 200 MaxThreads 50 ReadTimeout 400 User clamav ScanPE yes ScanELF yes DetectBrokenExecutables yes ScanOLE2 yes ScanPDF yes ScanHTML yes ScanArchive yes
Save the changes and exit the editor. Next, open the scan.conf file:
sudo nano /etc/clamd.d/scan.conf
Uncomment and modify the following lines based on your scanning preferences:
LogFile /var/log/clamav/scan.log LogFileMaxSize 20M LogTime yes LogSyslog yes LogClean yes LogVerbose yes PidFile /var/run/clamd.scan/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamd.scan/clamd.sock TCPSocket 3310 TCPAddr 127.0.0.1 MaxConnectionQueueLength 200 MaxThreads 50 ReadTimeout 400 User clamav ScanPE yes ScanELF yes DetectBrokenExecutables yes ScanOLE2 yes ScanPDF yes ScanHTML yes ScanArchive yes
Save the changes and exit the editor. If you want to enable On-Access Scanning, which scans files in real-time as they are accessed, you need to configure the clamd.conf file accordingly. Uncomment and modify the following lines:
ScanOnAccess yes OnAccessMountPath / OnAccessIncludePath /home OnAccessExcludePath /proc OnAccessExcludePath /sys OnAccessExcludePath /dev OnAccessExcludePath /var/log/clamav OnAccessPrevention yes OnAccessExtraScanning yes
Save the changes and exit the editor. Finally, start and enable the clamd and freshclam services to run ClamAV:
sudo systemctl start clamd@scan sudo systemctl enable clamd@scan sudo systemctl start freshclam sudo systemctl enable freshclam
To verify that the services are running correctly, use the following commands:
sudo systemctl status clamd@scan sudo systemctl status freshclam
Step 7. Test ClamAV Installation.
With ClamAV installed and configured, it’s essential to test its functionality to ensure it’s working as expected. You can perform scans using the clamscan command-line utility.
To scan your home directory recursively, run:
clamscan -r -i /home/your_username
Replace your_username with your actual username. The -r flag enables recursive scanning, and the -i flag only prints infected files.
To scan a specific file, provide its path:
clamscan /path/to/file
ClamAV will scan the specified directory or file and display the scan results. If any threats are detected, it will provide information about the infected files.
Congratulations! You have successfully installed ClamAV. Thanks for using this tutorial to install the ClamAV antivirus on CentOS Stream 9. For additional help or useful information, we recommend you check the official ClamAV website.
