Installing ClamAV for File Scanning

Linux

26 Jun 2018 - Turkey

5 minutes to read

Virus scanning with ClamAV

Until this time, Linux has experienced only a small number of viruses. Some of these viruses still exist but aren’t active, and they certainly don’t propagate. As Linux on the desktop reaches critical mass, there’s a possibility that more viruses will appear, but that may still be a long ways off.

OpenSource • ClamAv.

Linux plays a critical role in server systems. Thus, virus scanners for Linux are essential when serving e-mail or files to clients. If you can remove the viral threat before it hits the clients, those clients become safer and less prone to infection.

One open source virus scanner that deserves mentioning is ClamAV. You can plug ClamAV directly into e-mail servers, and it will scan for viruses as the e-mail arrives—before it’s delivered to users’ mailboxes. It also performs routine scans on files that are served up to clients via sharing.

ClamAV works as a client/server system, but you can use it as a stand-alone scanner as well.

Install ClamAV From Source

If you installed from sources, first uninstall the old version:

./configure

sudo make uninstall

Firstly, let’s process A command to create a user with clamav,

Some OS’s require you to add the group as well.

# groupadd clamav
# useradd clamav

Create and chown the directories

mkdir /var/log/clamav /var/lib/clamav /var/run/clamav
touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log
touch /var/run/clamav/clamd.socket

chown -R clamav:clamav /var/log/clamav /var/lib/clamav /var/run/clamav

OpenSource • ClamAv.

Download the latest stable ClamAV distribution from https://www.clamav.net/downloads

Expand the distribution that include Linux Filesystem Hierarchy and cd into the resultant directory and build ClamAV using:

tar -xzf clamav-*
cd clamav*
./configure 
    --prefix=/usr \
    --sysconfdir=/etc/clamav \
    --sbindir=/usr/bin \
    --with-dbdir=/var/lib/clamav \
    --with-user=clamav \
    --with-group=clamav \
    --disable-rpath \
    --disable-clamav \
    --disable-llvm \
    --enable-zlib-vcheck \
    --disable-milter \
    --enable-clamdtop 
make
sudo make install

Summary of engine detection features

Summary of detected features follows
              OS          : linux-gnu
              pthreads    : yes (-lpthread)
Summary of miscellaneous features
              check       : no (auto)
              fanotify    : yes
              fdpassing   : 1
              IPv6        : yes
              openssl     : /usr
              libcurl     : /usr
Summary of optional tools
              clamdtop    : yes (-L/usr/lib64 -lncurses)
              milter      : no (missing libmilter) (disabled)
              clamsubmit  : no (missing libjson-c-dev.) (disabled)
              clamonacc   : yes (auto)
Summary of engine performance features
              release mode: yes
              llvm        : no (disabled)
              mempool     : yes
Summary of engine detection features
              iconv       : yes
              bzip2       : ok
              zlib        : yes (from system)
              unrar       : yes
              preclass    : no (missing libjson-c-dev) (disabled)
              pcre        : /usr
              libmspack   : yes (Internal)
              libxml2     : no
              yara        : yes
              fts         : yes (libc)

OpenSource • ClamAv.

Modify the freshclam configuration:

mv -fv /etc/clamav/freshclam.conf.sample /etc/clamav/freshclam.conf
nano -w /etc/clamav/freshclam.conf

Comment out the line (put a # as the first character on the line) near the top that says

Examplesimply:

LogSyslog yes
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogFileMaxSize 2M
LogVerbose yes
PidFile /var/run/clamav/freshclam.pid
DNSDatabaseInfo current.cvd.clamav.net
DatabaseOwner clamav
DatabaseMirror database.clamav.net

Modify the clamd configuration;

mv -fv /etc/clamav/clamd.conf.sample /etc/clamav/clamd.conf
nano -w /etc/clamav/clamd.conf

Example

LogSyslog yes
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
LogTime yes
LogVerbose yes
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.socket
TCPSocket 3310

Save and close the files.

Filesystem Hierarchy • Linux.

Missing systemd service file

We didn’t get a systemd service file, so creating a quick file here. The process should be forking itself and start freshclam in daemon mode. In this case we configure it to check 4 times a day for new files.
Create a new file /usr/lib/systemd/system/clamav-freshclam.service

Run the freshclam as daemon

[Unit]
Description = freshclam scanner
After = network.target

[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true

[Install]
WantedBy=multi-user.target

Next step is changing the clamd service file /usr/lib/systemd/system/clamav-daemon.service

[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target

[Service]
Type = simple
ExecStart = /usr/bin/clamd -c /etc/clamav/clamd.conf --foreground=yes
Restart = on-failure
PrivateTmp = true

[Install]
WantedBy=multi-user.target

Move into the directory.

cd /usr/lib/systemd/system

Security • ClamAv.

Start all services

systemctl enable clamav-freshclam.service
systemctl enable clamav-daemon.service
systemctl start clamav-freshclam.service
systemctl start clamav-daemon.service

Check the status

systemctl status clam-freshclam.service

● clam-freshclam.service - freshclam scanner
   Loaded: loaded (/etc/systemd/system/clam-freshclam.service
   Active: active (running) since Sat 2018-06-23 12:31:50 +03
 Main PID: 531 (freshclam)
    Tasks: 1 (limit: 4586)
   Memory: 808.0K
   CGroup: /system.slice/clam-freshclam.service
           └─531 /usr/bin/freshclam -d -c 4

Last Update: 06 Jun 2021

Share on: