• ClamAV on CentOS

How to Install ClamAV and Configure Daily Scanning on CentOS

This article will guide you through the installation of ClamAV on CentOS. Once installed, we will also configure a daily scan on our CentOS server.

ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats on Linux. In this article, we will only be configuring ClamAV to run scheduled/on-demand scans; not resident scans.

A. Install ClamAV

1. Install EPEL repo

Before we can do proceed, you must ensure that you have the EPEL yum repository enabled. To do this, click here.

2. Install required ClamAV packages

yum install clamav clamd

3. Start the clamd service and set it to auto-start

/etc/init.d/clamd on
chkconfig clamd on
/etc/init.d/clamd start

4. Update ClamAV’s signatures

/usr/bin/freshclam

Note: ClamAV will update automatically, as part of /etc/cron.daily/freshclam.

B. Configure Daily Scan

In this example, we will configure a cronjob to scan the /home/ directory every day:

1. Create cron file:

vim /etc/cron.daily/manual_clamscan

Add the following to the file above. Be sure to change SCAN_DIR to the directory that you want to scan:

#!/bin/bash
SCAN_DIR="/home"
LOG_FILE="/var/log/clamav/manual_clamscan.log"
/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE

Give our cron script executable permissions:

chmod +x /etc/cron.daily/manual_clamscan

You can even run the above script to ensure that it works correctly.

And you’re done! That should be the minimum required to 1. install ClamAV and 2. Perform a daily scan of a specific directory.

Scan to Donate Bitcoin
Like this? Donate Bitcoin to at:
Bitcoin 14M4a7UHEX61VoHkyjj4dxbUBNGGz3hmhM
Donate
Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the creator of CentOS Blog. Please feel free to comment any suggestions, feedback or questions on my posts!

16 thoughts on “How to Install ClamAV and Configure Daily Scanning on CentOS

  1. sarfaraj
    February 4, 2013 at 10:14 am

    Nice and valuable post Curtis.

  2. February 21, 2013 at 7:10 am

    useful info thanks a lot.

  3. February 21, 2013 at 7:10 am

    Very useful

    thekavirajan.blogspot.com

  4. February 24, 2013 at 6:25 am

    Really valuable post….

    Thanks for this article and keep writing this kind of article.

    Regards
    Tapan Thapa

  5. March 13, 2013 at 4:36 pm

    THX!

    But, change
    “/etc/init.d/clamd on”
    to
    “/etc/init.d/clamd start”.

    Wouldn`t i be good to add “/usr/bin/freshclam” to the cron-file before “/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE” ?

    Greetz
    neo67

    • Curtis K
      March 30, 2013 at 6:32 am

      Hi neo67,

      That’s a good point – it’s always worth updating clamav with freshclam. I’ll be sure to update the post. Thanks for the suggestion!

  6. Ed
    March 23, 2013 at 12:04 pm

    If youre only doing daily scans then surely you dont need to run the daemon? I tried it without and it seems to be running fine

  7. Mitch
    May 18, 2013 at 2:37 am

    Nice post, but a bit over my head, sorry for my ignorance.

    Isn’t there an easier way to set up a cron job via filling a cron job task in cPanel’s “Cron Jobs” ?

    Thank you.

  8. Dave Haertel
    July 7, 2013 at 10:18 pm

    So, will ClamAV automatically quarantine/heal/delete infected files that it finds when it runs the daily scan? Or does it just write the information to the log file for you to determine what to do with the files?

    • July 14, 2013 at 1:06 am

      ClamAV by default will not automaticially delete/heal etc infected files. This is actually smart because on servers, autodelete of important files can cause major problems.

      If you want to do this you need to configure ClamAV to do auto delete etc use this on the command line:

      clamscan -ri –remove /home

  9. Johnny
    July 26, 2013 at 1:59 am

    Great article, congrats.

    How can i add mulitple directories to this script

  10. sreedharan
    September 20, 2013 at 11:54 am

    will it work without clamd service?

  11. September 28, 2013 at 1:11 am

    Curtis,

    If the following error comes up what to do to fix it:

    [root@server]# /etc/init.d/clamd start
    Starting Clam AntiVirus Daemon: ERROR: /var/log/clamav/clamd.log is locked by another process
    ERROR: Can’t initialize the internal logger

  12. javier
    October 11, 2013 at 6:39 pm

    thanks!!!!!!!!!

  13. Yehoshua Talansky
    May 18, 2014 at 4:33 am

    when running I get this error
    line 4: /var/log/clamav/manual_clamscan.log: Permission denied
    what should I do

Add Comment Register



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>