
If you want to Install ClamAV on Fedora 44, this guide walks you through the cleanest way to set it up, update virus signatures, and run real scans without guessing. You will also learn why each step matters, so you can configure ClamAV like a sysadmin, not just copy commands. The goal is a working, maintainable setup for desktops, laptops, and servers.
ClamAV is a good fit when you need a lightweight antivirus scanner for downloads, shared files, email attachments, or periodic server checks. Fedora packages it in a way that supports the scanner, the daemon, and automatic signature updates, which makes it practical for day-to-day Linux use. In this article, I will show you how to set it up, how to configure ClamAV on Fedora 44, and how to avoid the common mistakes that waste time later.
This is written for beginner to intermediate Linux users, developers, and sysadmins who want something clear, accurate, and easy to follow. You will see exact commands, expected outputs, and short explanations for the why behind each action. That makes this more than a simple Linux server tutorial; it is a repeatable setup you can trust.
Prerequisites
- Fedora 44 installed and updated.
- A user account with sudo or root access.
- Internet access for downloading packages and virus definitions.
- A terminal with basic command-line tools.
- Enough disk space for ClamAV signature databases and log files.
Step 1: Update Your System
Refresh Fedora packages
Start by updating your system before you install anything.
sudo dnf upgrade --refresh -y
This command updates installed packages and refreshes repository metadata. You should do this first because package conflicts are less likely on a current system, and ClamAV will install more cleanly.
Expected output
Dependencies resolved.
Nothing to do.
Complete!
If Fedora downloads updates, let it finish and reboot if the kernel or core libraries changed. That reduces the chance of service problems during the ClamAV setup.
Step 2: Install ClamAV on Fedora 44
Install the main packages
Now install the core ClamAV components.
sudo dnf install -y clamav clamav-update clamd
This gives you the main scanner, the signature updater, and the daemon service. Fedora’s package set is designed to support the command-line scanner, the updater, and the multi-threaded daemon, which is why this is the right base install for most users.
Why these packages matter
- clamav gives you the scanning tools like
clamscan. - clamav-update provides signature updates through
freshclam. - clamd gives you the background scanning service for faster repeated scans.
Expected output
Installed:
clamav
clamav-update
clamd
Complete!
Step 3: Verify the Installation
Check the version
After install, confirm that ClamAV is available.
clamscan --version
freshclam --version
clamd --version
This checks that the binaries are installed and reachable in your PATH. It also confirms that the three parts of the stack are present before you move on to configuration.
Expected output
ClamAV 1.4.x
ClamAV update process 1.4.x
ClamAV 1.4.x
The exact version may vary by Fedora 44 updates, but the commands should return cleanly. If one command fails, fix that before continuing.
Step 4: Update Virus Signatures
Run FreshClam once manually
Now update the virus database.
sudo freshclam
This downloads the latest malware signatures. It matters because ClamAV is only useful when its database stays current, and stale definitions reduce detection quality.
Expected output
ClamAV update process started at ...
daily.cvd is up to date
main.cvd is up to date
bytecode.cvd is up to date
If the database is already current, that is fine. The important part is that the update completes without errors.
Why this step exists
A lot of people install antivirus software and skip updates. That defeats the purpose. Fresh signatures are the difference between a scanner that finds known threats and a scanner that only looks installed.
Step 5: Configure FreshClam for Automatic Updates
Edit the config file
Open the update config.
sudo nano /etc/freshclam.conf
Find the Example line and comment it out or remove it, depending on how Fedora ships the file. This step is needed because ClamAV uses that line as a safety marker in sample configs, and the real service will not work correctly until you replace the example content with an active config.
What to look for
DatabaseOwner clamupdate
Checks 12
UpdateLogFile /var/log/clamav/freshclam.log
Not every system uses the same defaults, so confirm the file matches your install. The why here is simple: automatic updates keep the scanner useful without manual intervention.
Save and exit
In nano, press:
Ctrl + Oto save.Enterto confirm.Ctrl + Xto exit.
Step 6: Enable the Update Service
Start FreshClam on boot
Enable and start the updater service.
sudo systemctl enable --now clamav-freshclam
This makes signature updates automatic. That matters because security tools lose value quickly if you depend on memory to run them.
Check status
systemctl status clamav-freshclam --no-pager
Expected output
Active: active (running)
If the service is not active, check the config file again and read the journal output.
Step 7: Configure ClamAV Daemon
Open the daemon config
Now configure clamd, which is the background scanner service.
sudo nano /etc/clamd.d/scan.conf
ClamAV documentation explains that the daemon is multi-threaded and designed for efficient repeated scans. That is why clamd is a better fit than running clamscan over and over on large directories.
Update important settings
Look for these options and adjust them if needed:
Example
LocalSocket /run/clamd.scan/clamd.sock
User clamscan
ScanArchive yes
FollowFileSymlinks yes
FollowDirectorySymlinks yes
If Example is present, disable it. If your Fedora build uses a slightly different socket path, keep the package default unless you have a reason to change it.
Why this matters
The daemon loads the virus database once and stays ready. That saves time on later scans, especially when you scan many files or large trees. This is one of the biggest reasons admins prefer clamdscan for routine work.
Step 8: Enable SELinux Access
Allow broader system scanning
Fedora often uses SELinux, so you may need to allow system-wide scanning.
sudo setsebool -P antivirus_can_scan_system 1
Upstream ClamAV documentation and Fedora community examples note that SELinux can block ClamAV from reading some paths unless this boolean is enabled. The why is not to weaken security, but to let a trusted scanner read files it is meant to inspect.
Verify SELinux context issues if needed
If scanning still fails, check for AVC denials:
sudo ausearch -m avc -ts recent
That helps you confirm whether SELinux is the blocker. In many Fedora cases, this is the difference between a broken scan and a working one.
Step 9: Start the Daemon
Enable clamd
Start the daemon service and make it run at boot.
sudo systemctl enable --now clamd@scan
This starts the service instance that uses /etc/clamd.d/scan.conf. It is important because clamdscan depends on a running daemon, and without it, daemon-based scans will fail.
Check service health
systemctl status clamd@scan --no-pager
Expected output
Active: active (running)
If it fails, look for socket path issues, bad config syntax, or permission problems.
Step 10: Test ClamAV
Run a simple scan
Test the scanner on a small folder first.
clamscan -r ~/Downloads
The -r flag tells ClamAV to scan recursively. It is a good first test because it is fast, low risk, and close to a real use case.
Why start small
A limited scan helps you confirm the install before you scan the full system. If something is wrong, you will find it in a small area instead of after a long scan.
Expected output
----------- SCAN SUMMARY -----------
Known viruses: ...
Engine version: ...
Infected files: 0
If you see 0, that means no malware was found in the test target.
Step 11: Scan Files and Folders
Scan one file
clamscan /path/to/file.zip
Use this when you want to inspect a single download or attachment. It is the fastest way to check a suspicious file before opening it.
Scan a folder recursively
clamscan -r /home/youruser
The -r flag tells ClamAV to inspect subdirectories too. That is important because malware often hides in nested folders or archives.
Scan with cleaner output
clamscan -r --infected --bell /home/youruser
This keeps the output focused on infected items. The why is simple: when you run repeated scans, you want signal, not noise.
Step 12: Use Clamdscan for Faster Scans
Run daemon-based scans
If clamd is active, use clamdscan.
clamdscan --multiscan --fdpass /home/youruser
This is usually faster than clamscan on repeated or larger jobs because the daemon keeps the engine loaded. ClamAV’s documentation supports this design, and Fedora users often choose it for routine scanning.
Why --fdpass matters
The --fdpass option helps the scanner read files through the daemon with the right permissions. This is useful when local access rules would otherwise block a scan.
Expected output
/home/youruser: OK
If the daemon cannot reach the socket, confirm that clamd@scan is active and your config file uses the correct path.
Step 13: Quarantine Infected Files Safely
Move threats instead of deleting them
Avoid deleting infected files immediately unless you are fully sure.
clamdscan --move=/home/youruser/quarantine /home/youruser
Quarantine is safer because false positives happen. Moving a file keeps the evidence intact, which helps you confirm whether the detection is real.
Why this is the better default
Deleting files during a first-pass scan can create more problems than it solves. Quarantine gives you a recovery path.
Step 14: Automate Regular Scans
Create a simple cron job
For a basic scheduled scan, create a cron entry.
crontab -e
Add something like this:
0 3 * * 0 clamscan -r --quiet /home/youruser >> ~/clamav-weekly.log 2>&1
This runs a weekly scan at 3:00 AM on Sunday. The why is discipline: scheduled scans catch dormant problems and make your routine repeatable.
Use a systemd timer if you prefer
A systemd timer is often cleaner on Fedora servers. It is easier to log, monitor, and maintain than a hand-written shell loop, especially in a production environment.
Troubleshooting
1. FreshClam says the database is locked
This usually means another update process is already running.
Fix:
sudo systemctl stop clamav-freshclam
sudo freshclam
sudo systemctl start clamav-freshclam
The why is to remove the conflict, run one clean update, and then restore the service.
2. clamdscan cannot connect to the socket
This often means clamd@scan is not running or the socket path in scan.conf is wrong.
Fix:
systemctl status clamd@scan
sudo journalctl -u clamd@scan -n 50 --no-pager
Then check LocalSocket in the config. The reason is simple: clamdscan depends on the daemon socket.
3. SELinux blocks access
If scans fail on system paths, SELinux may be denying access.
Fix:
sudo setsebool -P antivirus_can_scan_system 1
sudo ausearch -m avc -ts recent
This usually resolves Fedora system-scan permissions without disabling SELinux.
4. The scan is extremely slow
A full clamscan run can feel slow on large trees.
Fix:
Use clamdscan instead.
clamdscan --multiscan --fdpass /home/youruser
The reason is that clamd keeps the engine in memory and scans more efficiently.
5. You see too many files and false alarms
Archive-heavy folders and cache directories can create noise.
Fix:
clamscan -r --exclude-dir="^/home/youruser/.cache" /home/youruser
This keeps scans practical and easier to review.