• ClamAV on CentOS

How to Install ClamAV and Configure Daily Scanning on CentOS

This article will guide you through the installation of ClamAV on CentOS. Once installed, we will also configure a daily scan on our CentOS server.

ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats on Linux. In this article, we will only be configuring ClamAV to run scheduled/on-demand scans; not resident scans.

A. Install ClamAV

1. Install EPEL repo

Before we can do proceed, you must ensure that you have the EPEL yum repository enabled. To do this, click here.

2. Install required ClamAV packages

yum install clamav clamd

3. Start the clamd service and set it to auto-start

/etc/init.d/clamd on
chkconfig clamd on
/etc/init.d/clamd start

4. Update ClamAV’s signatures


Note: ClamAV will update automatically, as part of /etc/cron.daily/freshclam.

B. Configure Daily Scan

In this example, we will configure a cronjob to scan the /home/ directory every day:

1. Create cron file:

vim /etc/cron.daily/manual_clamscan

Add the following to the file above. Be sure to change SCAN_DIR to the directory that you want to scan:

/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE

Give our cron script executable permissions:

chmod +x /etc/cron.daily/manual_clamscan

You can even run the above script to ensure that it works correctly.

And you’re done! That should be the minimum required to 1. install ClamAV and 2. Perform a daily scan of a specific directory.

Scan to Donate Bitcoin
Like this? Donate Bitcoin to at:
Bitcoin 1HqhvrfNCiZYFWhkfwKUryMCt2fQVmWpjS
Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the author of CentOS Blog. Please feel free to comment with any suggestions, feedback or questions!

  • sarfaraj

    Nice and valuable post Curtis.

  • useful info thanks a lot.

  • Very useful


  • Really valuable post….

    Thanks for this article and keep writing this kind of article.

    Tapan Thapa

  • THX!

    But, change
    “/etc/init.d/clamd on”
    “/etc/init.d/clamd start”.

    Wouldn`t i be good to add “/usr/bin/freshclam” to the cron-file before “/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE” ?


    • Curtis K

      Hi neo67,

      That’s a good point – it’s always worth updating clamav with freshclam. I’ll be sure to update the post. Thanks for the suggestion!

  • Ed

    If youre only doing daily scans then surely you dont need to run the daemon? I tried it without and it seems to be running fine

  • Mitch

    Nice post, but a bit over my head, sorry for my ignorance.

    Isn’t there an easier way to set up a cron job via filling a cron job task in cPanel’s “Cron Jobs” ?

    Thank you.

  • Dave Haertel

    So, will ClamAV automatically quarantine/heal/delete infected files that it finds when it runs the daily scan? Or does it just write the information to the log file for you to determine what to do with the files?

    • ClamAV by default will not automaticially delete/heal etc infected files. This is actually smart because on servers, autodelete of important files can cause major problems.

      If you want to do this you need to configure ClamAV to do auto delete etc use this on the command line:

      clamscan -ri –remove /home

  • Johnny

    Great article, congrats.

    How can i add mulitple directories to this script

    • adhitya christiawan nurprasety

      /home represent a whole partition. if you need another area to scan, then simply change the value. otherwise, sets it to / for scan all of your system.

  • sreedharan

    will it work without clamd service?

  • Curtis,

    If the following error comes up what to do to fix it:

    [root@server]# /etc/init.d/clamd start
    Starting Clam AntiVirus Daemon: ERROR: /var/log/clamav/clamd.log is locked by another process
    ERROR: Can’t initialize the internal logger

    • Gunjan RanjitKar

      sudo /etc/init.d/clamd restart

  • javier


  • Pingback: Blocking Malicious File Attachment in CentOS | Some Random Notes()

  • Yehoshua Talansky

    when running I get this error
    line 4: /var/log/clamav/manual_clamscan.log: Permission denied
    what should I do

    • Gunjan RanjitKar

      Use root permission

    • Christopher Westburry

      try to chmod the file. that should work as well.

  • Sidhi Ciang

    Please also provide how to uninstall it…

  • Chrs Swinney

    Is there anyway to get this ClamAV and clamd functional in CentOS 7?

  • Pingback: [Linux] Clamav | sunny()

  • Pingback: Clamav | Boomerweb - Appunti di lavoro()

  • realSoft

    Thank you that was very helpfull!!!

  • Simon

    Very useful thank you. However, with regard to the cron job for the manual scan do I then need to add that script to the /etc/crontab file to tell it to run at a particular time or will it run each day regardless because it’s in the cron.daily folder? If so, what time does that execute?

    Many thanks

  • john

    Thank you for the post …this is helpful.

  • Super Hin

    thanks you very much.It is very nice tutorial and helpful 😀

  • Imran

    It works fine for 4 days but after that I got memory error like this,

    LibClamAV Error: mpool_malloc(): Can’t allocate memory (262144 bytes)
    Any idea ?


  • Byteher

    Awesome article. Had another post that just confused me before finding this one. I am a basic Linux user working in IT. We have a client phone system that is CentOS 5.5 running asterisk that seems to have been hacked and has a mailbot sending out spam. Will scanning the “home” directory find teh malware so I can identify and remove it? Or do I need to add more scan points to the “manual_clamscan” file?
    Thanks for any help you can offer.
    PS for newbies. I prefer nano over vi or vim (vim wasn’t an option on this system).

  • Pingback: omnioo lab. record | オムニオラボ WEB, LAMP, jQuery, ITのお話()

  • Pingback: Securing Linux servers with SeLinux, ClamAV, SpamAssassin and RkHunter | Pak Jiddat()

  • Thanks. Is ClamAV effective against DarkLeech malware?

  • Ligman Yanto

    thank for share, can u help me with cron.daily time? i need to change time to middle of nigth. thx

  • Robert Nadon

    I really like clam AV just have one little problem. I installed clamAV on CentOS 7 and it is kicking off its own crond?!? Now every night my cron jobs are running twice at the same time and that really messes some of them up ( two processes creating tgz’s into same filename, checking checksum of same filename, etc). Is there a configuration somewhere to tell clam not to kick off cron as the cron is run through # service crond

  • Gurpreet Channi

    When i run the command to auto start the clamd is says ” no such file or directory ”
    but when i run ls in the init.d the directory clamd is there ???
    please help

    • EMan

      i also see no ‘clamd’ in /etc/init.d

  • Warren Burstein

    Centos 6.8
    I added the epel repo with yum install epel-release -y
    I edited /etc/yum.repos.d/epel.repo and turned the one thing enabled=1 to 0, [epel]

    but when I tried to install clamav and clamd, yum said

    No package clamav available.
    No package clamd available.

    So I re-enabled [epel] and the clamav/labd install worked

  • sunder

    Anyone can please tell me, how i can setup clamav server and clamav agent which can get update from clamav server daily night. and how i can overcome the issue with clamav, it keeps updateing his version after few months.