In this tutorial, we will show you how to install ClamAV on CentOS 7. For those of you who didn’t know, ClamAV is an open-source (GPL) antivirus engine designed for detecting viruses, malware, and other malicious threats on Linux. It’s easy to use and best for Linux-based Web & Mail servers.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you the step-by-step installation of ClamAV on the CentOS 7 server.
Prerequisites
- A server running one of the following operating systems: CentOS 7.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install ClamAV on CentOS 7
Step 1. First, add the EPEL repository to your system.
yum install epel-release yum update
Step 2. Install ClamAV.
Install required ClamAV packages:
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
Step 3. Configuration of Clam daemon.
Copy the clamd.conf template, in case you don’t have a configuration file yet:
cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf sed -i ‘/^Example/d’ /etc/clamd.d/clamd.conf
Step 4. Configure SELinux for ClamAV.
You had to write this command to get it working with SELinux:
setsebool -P antivirus_can_scan_system 1
Step 4. Enable Freshclam.
For those of you who didn’t know, Freshclam helps with keeping the database of ClamAV up-to-date. First, delete the related “Example” line from /etc/freshclam.conf:
cp /etc/freshclam.conf /etc/freshclam.conf.bak sed -i ‘/^Example/d’ /etc/freshclam.conf
We creating a quick file here. The process should be forking itself and start freshclam in daemon mode. In this case, we configure it to check 4 times a day for new files:
nano /usr/lib/systemd/system/clam-freshclam.service
Add the following piece:
# Run the freshclam as daemon [Unit] Description = freshclam scanner After = network.target [Service] Type = forking ExecStart = /usr/bin/freshclam -d -c 4 Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target
Now enable and start the service:
systemctl enable clam-freshclam.service systemctl start clam-freshclam.service
Next, rename the /usr/lib/systemd/system/clamd@.service file:
mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service
Now we have to change the clamd@scan service as well, as it refers to a non-existing file now. Change this line in /usr/lib/systemd/system/clamd@scan.service and remove the @ sign:
.include /lib/systemd/system/clamd@.service
The next step is changing the clamd service file /usr/lib/systemd/system/clamd.service:
[Unit] Description = clamd scanner daemon After = syslog.target nss-lookup.target network.target [Service] Type = simple ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target
Move into the directory:
cd /usr/lib/systemd/system
Finally, start all services:
systemctl enable clamd.service systemctl enable clamd@scan.service systemctl start clamd.service systemctl start clamd@scan.service.
Congratulations! You have successfully installed ClamAV. Thanks for using this tutorial for installing ClamAV on CentOS 7 system. For additional help or useful information, we recommend you check the official ClamAV website.
