How To Install ClamAV on Fedora 44

Install ClamAV on Fedora 44

If you want to Install ClamAV on Fedora 44, this guide walks you through the cleanest way to set it up, update virus signatures, and run real scans without guessing. You will also learn why each step matters, so you can configure ClamAV like a sysadmin, not just copy commands. The goal is a working, maintainable setup for desktops, laptops, and servers.

ClamAV is a good fit when you need a lightweight antivirus scanner for downloads, shared files, email attachments, or periodic server checks. Fedora packages it in a way that supports the scanner, the daemon, and automatic signature updates, which makes it practical for day-to-day Linux use. In this article, I will show you how to set it up, how to configure ClamAV on Fedora 44, and how to avoid the common mistakes that waste time later.

This is written for beginner to intermediate Linux users, developers, and sysadmins who want something clear, accurate, and easy to follow. You will see exact commands, expected outputs, and short explanations for the why behind each action. That makes this more than a simple Linux server tutorial; it is a repeatable setup you can trust.

Prerequisites

  • Fedora 44 installed and updated.
  • A user account with sudo or root access.
  • Internet access for downloading packages and virus definitions.
  • A terminal with basic command-line tools.
  • Enough disk space for ClamAV signature databases and log files.

Step 1: Update Your System

Refresh Fedora packages

Start by updating your system before you install anything.

sudo dnf upgrade --refresh -y

This command updates installed packages and refreshes repository metadata. You should do this first because package conflicts are less likely on a current system, and ClamAV will install more cleanly.

Expected output

Dependencies resolved.
Nothing to do.
Complete!

If Fedora downloads updates, let it finish and reboot if the kernel or core libraries changed. That reduces the chance of service problems during the ClamAV setup.

Step 2: Install ClamAV on Fedora 44

Install the main packages

Now install the core ClamAV components.

sudo dnf install -y clamav clamav-update clamd

This gives you the main scanner, the signature updater, and the daemon service. Fedora’s package set is designed to support the command-line scanner, the updater, and the multi-threaded daemon, which is why this is the right base install for most users.

Why these packages matter

  • clamav gives you the scanning tools like clamscan.
  • clamav-update provides signature updates through freshclam.
  • clamd gives you the background scanning service for faster repeated scans.

Expected output

Installed:
  clamav
  clamav-update
  clamd
Complete!

Step 3: Verify the Installation

Check the version

After install, confirm that ClamAV is available.

clamscan --version
freshclam --version
clamd --version

This checks that the binaries are installed and reachable in your PATH. It also confirms that the three parts of the stack are present before you move on to configuration.

Expected output

ClamAV 1.4.x
ClamAV update process 1.4.x
ClamAV 1.4.x

The exact version may vary by Fedora 44 updates, but the commands should return cleanly. If one command fails, fix that before continuing.

Step 4: Update Virus Signatures

Run FreshClam once manually

Now update the virus database.

sudo freshclam

This downloads the latest malware signatures. It matters because ClamAV is only useful when its database stays current, and stale definitions reduce detection quality.

Expected output

ClamAV update process started at ...
daily.cvd is up to date
main.cvd is up to date
bytecode.cvd is up to date

If the database is already current, that is fine. The important part is that the update completes without errors.

Why this step exists

A lot of people install antivirus software and skip updates. That defeats the purpose. Fresh signatures are the difference between a scanner that finds known threats and a scanner that only looks installed.

Step 5: Configure FreshClam for Automatic Updates

Edit the config file

Open the update config.

sudo nano /etc/freshclam.conf

Find the Example line and comment it out or remove it, depending on how Fedora ships the file. This step is needed because ClamAV uses that line as a safety marker in sample configs, and the real service will not work correctly until you replace the example content with an active config.

What to look for

DatabaseOwner clamupdate
Checks 12
UpdateLogFile /var/log/clamav/freshclam.log

Not every system uses the same defaults, so confirm the file matches your install. The why here is simple: automatic updates keep the scanner useful without manual intervention.

Save and exit

In nano, press:

  • Ctrl + O to save.
  • Enter to confirm.
  • Ctrl + X to exit.

Step 6: Enable the Update Service

Start FreshClam on boot

Enable and start the updater service.

sudo systemctl enable --now clamav-freshclam

This makes signature updates automatic. That matters because security tools lose value quickly if you depend on memory to run them.

Check status

systemctl status clamav-freshclam --no-pager

Expected output

Active: active (running)

If the service is not active, check the config file again and read the journal output.

Step 7: Configure ClamAV Daemon

Open the daemon config

Now configure clamd, which is the background scanner service.

sudo nano /etc/clamd.d/scan.conf

ClamAV documentation explains that the daemon is multi-threaded and designed for efficient repeated scans. That is why clamd is a better fit than running clamscan over and over on large directories.

Update important settings

Look for these options and adjust them if needed:

Example
LocalSocket /run/clamd.scan/clamd.sock
User clamscan
ScanArchive yes
FollowFileSymlinks yes
FollowDirectorySymlinks yes

If Example is present, disable it. If your Fedora build uses a slightly different socket path, keep the package default unless you have a reason to change it.

Why this matters

The daemon loads the virus database once and stays ready. That saves time on later scans, especially when you scan many files or large trees. This is one of the biggest reasons admins prefer clamdscan for routine work.

Step 8: Enable SELinux Access

Allow broader system scanning

Fedora often uses SELinux, so you may need to allow system-wide scanning.

sudo setsebool -P antivirus_can_scan_system 1

Upstream ClamAV documentation and Fedora community examples note that SELinux can block ClamAV from reading some paths unless this boolean is enabled. The why is not to weaken security, but to let a trusted scanner read files it is meant to inspect.

Verify SELinux context issues if needed

If scanning still fails, check for AVC denials:

sudo ausearch -m avc -ts recent

That helps you confirm whether SELinux is the blocker. In many Fedora cases, this is the difference between a broken scan and a working one.

Step 9: Start the Daemon

Enable clamd

Start the daemon service and make it run at boot.

sudo systemctl enable --now clamd@scan

This starts the service instance that uses /etc/clamd.d/scan.conf. It is important because clamdscan depends on a running daemon, and without it, daemon-based scans will fail.

Check service health

systemctl status clamd@scan --no-pager

Expected output

Active: active (running)

If it fails, look for socket path issues, bad config syntax, or permission problems.

Step 10: Test ClamAV

Run a simple scan

Test the scanner on a small folder first.

clamscan -r ~/Downloads

The -r flag tells ClamAV to scan recursively. It is a good first test because it is fast, low risk, and close to a real use case.

Why start small

A limited scan helps you confirm the install before you scan the full system. If something is wrong, you will find it in a small area instead of after a long scan.

Expected output

----------- SCAN SUMMARY -----------
Known viruses: ...
Engine version: ...
Infected files: 0

If you see 0, that means no malware was found in the test target.

Step 11: Scan Files and Folders

Scan one file

clamscan /path/to/file.zip

Use this when you want to inspect a single download or attachment. It is the fastest way to check a suspicious file before opening it.

Scan a folder recursively

clamscan -r /home/youruser

The -r flag tells ClamAV to inspect subdirectories too. That is important because malware often hides in nested folders or archives.

Scan with cleaner output

clamscan -r --infected --bell /home/youruser

This keeps the output focused on infected items. The why is simple: when you run repeated scans, you want signal, not noise.

Step 12: Use Clamdscan for Faster Scans

Run daemon-based scans

If clamd is active, use clamdscan.

clamdscan --multiscan --fdpass /home/youruser

This is usually faster than clamscan on repeated or larger jobs because the daemon keeps the engine loaded. ClamAV’s documentation supports this design, and Fedora users often choose it for routine scanning.

Why --fdpass matters

The --fdpass option helps the scanner read files through the daemon with the right permissions. This is useful when local access rules would otherwise block a scan.

Expected output

/home/youruser: OK

If the daemon cannot reach the socket, confirm that clamd@scan is active and your config file uses the correct path.

Step 13: Quarantine Infected Files Safely

Move threats instead of deleting them

Avoid deleting infected files immediately unless you are fully sure.

clamdscan --move=/home/youruser/quarantine /home/youruser

Quarantine is safer because false positives happen. Moving a file keeps the evidence intact, which helps you confirm whether the detection is real.

Why this is the better default

Deleting files during a first-pass scan can create more problems than it solves. Quarantine gives you a recovery path.

Step 14: Automate Regular Scans

Create a simple cron job

For a basic scheduled scan, create a cron entry.

crontab -e

Add something like this:

0 3 * * 0 clamscan -r --quiet /home/youruser >> ~/clamav-weekly.log 2>&1

This runs a weekly scan at 3:00 AM on Sunday. The why is discipline: scheduled scans catch dormant problems and make your routine repeatable.

Use a systemd timer if you prefer

A systemd timer is often cleaner on Fedora servers. It is easier to log, monitor, and maintain than a hand-written shell loop, especially in a production environment.

Troubleshooting

1. FreshClam says the database is locked

This usually means another update process is already running.

Fix:

sudo systemctl stop clamav-freshclam
sudo freshclam
sudo systemctl start clamav-freshclam

The why is to remove the conflict, run one clean update, and then restore the service.

2. clamdscan cannot connect to the socket

This often means clamd@scan is not running or the socket path in scan.conf is wrong.

Fix:

systemctl status clamd@scan
sudo journalctl -u clamd@scan -n 50 --no-pager

Then check LocalSocket in the config. The reason is simple: clamdscan depends on the daemon socket.

3. SELinux blocks access

If scans fail on system paths, SELinux may be denying access.

Fix:

sudo setsebool -P antivirus_can_scan_system 1
sudo ausearch -m avc -ts recent

This usually resolves Fedora system-scan permissions without disabling SELinux.

4. The scan is extremely slow

A full clamscan run can feel slow on large trees.

Fix:

Use clamdscan instead.

clamdscan --multiscan --fdpass /home/youruser

The reason is that clamd keeps the engine in memory and scans more efficiently.

5. You see too many files and false alarms

Archive-heavy folders and cache directories can create noise.

Fix:

clamscan -r --exclude-dir="^/home/youruser/.cache" /home/youruser

This keeps scans practical and easier to review.

r00t is a Linux Systems Administrator and open-source advocate with over ten years of hands-on experience in server infrastructure, system hardening, and performance tuning. Having worked across distributions such as Debian, Arch, RHEL, and Ubuntu, he brings real-world depth to every article published on this blog. r00t writes to bridge the gap between complex sysadmin concepts and practical, everyday application — whether you are configuring your first server or optimizing a production environment. Based in New York, US, he is a firm believer that knowledge, like open-source software, is best when shared freely.

Related Posts