Install ClamAV on CentOS 7

Install ClamAV and set up scheduled scans.

Install Epel:

# yum install epel-release

Install ClmAV

# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.lax.hugeserver.com
 * epel: dl.fedoraproject.org
 * extras: dallas.tx.mirror.xygenhosting.com
 * updates: linux.mirrors.es.net
Package clamav-data-0.98.7-1.el7.noarch already installed and latest version
Package clamav-filesystem-0.98.7-1.el7.noarch already installed and latest version
Package clamav-lib-0.98.7-1.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package clamav.x86_64 0:0.98.7-1.el7 will be installed
---> Package clamav-devel.x86_64 0:0.98.7-1.el7 will be installed
---> Package clamav-scanner-systemd.noarch 0:0.98.7-1.el7 will be installed
--> Processing Dependency: clamav-scanner = 0.98.7-1.el7 for package: clamav-scanner-systemd-0.98.7-1.el7.noarch
---> Package clamav-server.x86_64 0:0.98.7-1.el7 will be installed
--> Processing Dependency: nc for package: clamav-server-0.98.7-1.el7.x86_64
---> Package clamav-server-systemd.noarch 0:0.98.7-1.el7 will be installed
---> Package clamav-update.x86_64 0:0.98.7-1.el7 will be installed
--> Running transaction check
---> Package clamav-scanner.noarch 0:0.98.7-1.el7 will be installed
---> Package nmap-ncat.x86_64 2:6.40-7.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================
 Package                                                   Arch                                      Version                                         Repository                               Size
===================================================================================================================================================================================================
Installing:
 clamav                                                    x86_64                                    0.98.7-1.el7                                    epel                                    806 k
 clamav-devel                                              x86_64                                    0.98.7-1.el7                                    epel                                     37 k
 clamav-scanner-systemd                                    noarch                                    0.98.7-1.el7                                    epel                                     19 k
 clamav-server                                             x86_64                                    0.98.7-1.el7                                    epel                                     93 k
 clamav-server-systemd                                     noarch                                    0.98.7-1.el7                                    epel                                     19 k
 clamav-update                                             x86_64                                    0.98.7-1.el7                                    epel                                     89 k
Installing for dependencies:
 clamav-scanner                                            noarch                                    0.98.7-1.el7                                    epel                                     26 k
 nmap-ncat                                                 x86_64                                    2:6.40-7.el7                                    base                                    201 k

Transaction Summary
===================================================================================================================================================================================================
Install  6 Packages (+2 Dependent packages)

Total download size: 1.3 M
Installed size: 3.0 M
Is this ok [y/d/N]: y
Downloading packages:
(1/8): clamav-0.98.7-1.el7.x86_64.rpm                                                                                                                                       | 806 kB  00:00:00
(2/8): clamav-devel-0.98.7-1.el7.x86_64.rpm                                                                                                                                 |  37 kB  00:00:00
(3/8): clamav-scanner-0.98.7-1.el7.noarch.rpm                                                                                                                               |  26 kB  00:00:00
(4/8): clamav-scanner-systemd-0.98.7-1.el7.noarch.rpm                                                                                                                       |  19 kB  00:00:00
(5/8): clamav-server-0.98.7-1.el7.x86_64.rpm                                                                                                                                |  93 kB  00:00:00
(6/8): clamav-server-systemd-0.98.7-1.el7.noarch.rpm                                                                                                                        |  19 kB  00:00:00
(7/8): clamav-update-0.98.7-1.el7.x86_64.rpm                                                                                                                                |  89 kB  00:00:00
(8/8): nmap-ncat-6.40-7.el7.x86_64.rpm                                                                                                                                      | 201 kB  00:00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                              1.3 MB/s | 1.3 MB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 2:nmap-ncat-6.40-7.el7.x86_64                                                                                                                                                   1/8
  Installing : clamav-server-0.98.7-1.el7.x86_64                                                                                                                                               2/8
  Installing : clamav-server-systemd-0.98.7-1.el7.noarch                                                                                                                                       3/8
  Installing : clamav-scanner-0.98.7-1.el7.noarch                                                                                                                                              4/8
  Installing : clamav-scanner-systemd-0.98.7-1.el7.noarch                                                                                                                                      5/8
  Installing : clamav-0.98.7-1.el7.x86_64                                                                                                                                                      6/8
  Installing : clamav-update-0.98.7-1.el7.x86_64                                                                                                                                               7/8
  Installing : clamav-devel-0.98.7-1.el7.x86_64                                                                                                                                                8/8
  Verifying  : clamav-scanner-systemd-0.98.7-1.el7.noarch                                                                                                                                      1/8
  Verifying  : clamav-server-0.98.7-1.el7.x86_64                                                                                                                                               2/8
  Verifying  : clamav-scanner-0.98.7-1.el7.noarch                                                                                                                                              3/8
  Verifying  : clamav-devel-0.98.7-1.el7.x86_64                                                                                                                                                4/8
  Verifying  : clamav-server-systemd-0.98.7-1.el7.noarch                                                                                                                                       5/8
  Verifying  : clamav-update-0.98.7-1.el7.x86_64                                                                                                                                               6/8
  Verifying  : 2:nmap-ncat-6.40-7.el7.x86_64                                                                                                                                                   7/8
  Verifying  : clamav-0.98.7-1.el7.x86_64                                                                                                                                                      8/8

Installed:
  clamav.x86_64 0:0.98.7-1.el7                        clamav-devel.x86_64 0:0.98.7-1.el7          clamav-scanner-systemd.noarch 0:0.98.7-1.el7         clamav-server.x86_64 0:0.98.7-1.el7
  clamav-server-systemd.noarch 0:0.98.7-1.el7         clamav-update.x86_64 0:0.98.7-1.el7

Dependency Installed:
  clamav-scanner.noarch 0:0.98.7-1.el7                                                                nmap-ncat.x86_64 2:6.40-7.el7

Complete!

Copy a the clamd.conf template, in case you don’t have a configuration file yet:

# cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf

Change the file and Comment out “Example”

# nano /etc/clamd.d/clamd.conf

Change this…

# Comment or remove the line below.
Example

To this…

# Comment or remove the line below.
#Example

Configure SELinux for ClamAV.

Check if selinux in on:

# getenforce
Enforcing
[root@database ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

Write this command to get it working with SELinux if this is active:


# setsebool -P antivirus_can_scan_system 1

Enabling and Disabling SELinux


nano /etc/sysconfig/selinux

To enable…set this to enforcing


# SELINUX=enforcing

To disable, set to permissive

# SELINUX=permissive

Reboot after changes

Or, to make temp changes:

# setenforce permissive

Enable Freshclam

# cp /etc/freshclam.conf /etc/freshclam.conf.bak

Edit the config file to comment out example

# nano /etc/freshclam.conf
# Comment or remove the line below.
#Example

Creat a file

# nano /usr/lib/systemd/system/clam-freshclam.service

Add

# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
 
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
 
[Install]
WantedBy=multi-user.target

Let’s enable and start the service

# systemctl enable clam-freshclam.service
# systemctl start clam-freshclam.service

rename the /usr/lib/systemd/system/clamd@.service file

# mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service

change the clamd@scan service as well. Change this line in /usr/lib/systemd/system/clamd@scan.service and remove the @ sign

# nano /usr/lib/systemd/system/clamd@scan.service

From…

# .include /lib/systemd/system/clamd@.service

to…

# .include /lib/systemd/system/clamd.service

change the clamd service file /usr/lib/systemd/system/clamd.service:

[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target
 
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes
Restart = on-failure
PrivateTmp = true
 
[Install]
WantedBy=multi-user.target

Start all services

#cd /usr/lib/systemd/system
# systemctl enable clamd.service
# systemctl enable clamd@scan.service
# systemctl start clamd.service
# systemctl start clamd@scan.service.

Run a scan

# clamscan -i -r --log=/var/log/clamscan-date.txt /var/www/vhosts/*

----------- SCAN SUMMARY -----------
Known viruses: 4159219
Engine version: 0.98.7
Scanned directories: 3
Scanned files: 116
Infected files: 0
Data scanned: 13.64 MB
Data read: 39.54 MB (ratio 0.34:1)
Time: 10.738 sec (0 m 10 s)

Set up a cron to run a scan (example is for a plesk server for the virtual hosts

# nano /etc/cron.daily/clamscan
#!/bin/bash
# setup the scan location and scan log
CLAM_SCAN_DIR="/var/www/vhosts"
CLAM_LOG_FILE="/var/log/clamav/dailyscan.log"
# update the virus database
/usr/bin/freshclam
# run the scan
/usr/bin/clamscan -i -r $CLAM_SCAN_DIR >> $CLAM_LOG_FILE
MAILTO=user@domain.com

Set the cron file as an executible


# chmod 555 /etc/cron.daily/clamscan

Test your installation and cron job


# /etc/cron.daily/clamscan

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.