• ClamAV on CentOS

How to Install ClamAV and Configure Daily Scanning on CentOS

This article will guide you through the installation of ClamAV on CentOS. Once installed, we will also configure a daily scan on our CentOS server.

ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats on Linux. In this article, we will only be configuring ClamAV to run scheduled/on-demand scans; not resident scans.

A. Install ClamAV

1. Install EPEL repo

Before we can do proceed, you must ensure that you have the EPEL yum repository enabled. To do this, click here.

2. Install required ClamAV packages

yum install clamav clamd

3. Start the clamd service and set it to auto-start

/etc/init.d/clamd on
chkconfig clamd on
/etc/init.d/clamd start

4. Update ClamAV’s signatures

/usr/bin/freshclam

Note: ClamAV will update automatically, as part of /etc/cron.daily/freshclam.

B. Configure Daily Scan

In this example, we will configure a cronjob to scan the /home/ directory every day:

1. Create cron file:

vim /etc/cron.daily/manual_clamscan

Add the following to the file above. Be sure to change SCAN_DIR to the directory that you want to scan:

#!/bin/bash
SCAN_DIR="/home"
LOG_FILE="/var/log/clamav/manual_clamscan.log"
/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE

Give our cron script executable permissions:

chmod +x /etc/cron.daily/manual_clamscan

You can even run the above script to ensure that it works correctly.

And you’re done! That should be the minimum required to 1. install ClamAV and 2. Perform a daily scan of a specific directory.

Scan to Donate Bitcoin
Like this? Donate Bitcoin to at:
Bitcoin 14M4a7UHEX61VoHkyjj4dxbUBNGGz3hmhM
Donate
Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the creator of CentOS Blog. Please feel free to comment any suggestions, feedback or questions on my posts!

  • sarfaraj

    Nice and valuable post Curtis.

  • http://thekavirajan.blogspot.com kavirajan

    useful info thanks a lot.

  • http://thekavirajan.blogspot.com kavirajan

    Very useful

    thekavirajan.blogspot.com

  • http://N/A Tapan Kumar Thapa

    Really valuable post….

    Thanks for this article and keep writing this kind of article.

    Regards
    Tapan Thapa

  • http://www.linuxmintusers.de centosN

    THX!

    But, change
    “/etc/init.d/clamd on”
    to
    “/etc/init.d/clamd start”.

    Wouldn`t i be good to add “/usr/bin/freshclam” to the cron-file before “/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE” ?

    Greetz
    neo67

    • Curtis K

      Hi neo67,

      That’s a good point – it’s always worth updating clamav with freshclam. I’ll be sure to update the post. Thanks for the suggestion!

  • Ed

    If youre only doing daily scans then surely you dont need to run the daemon? I tried it without and it seems to be running fine

  • Mitch

    Nice post, but a bit over my head, sorry for my ignorance.

    Isn’t there an easier way to set up a cron job via filling a cron job task in cPanel’s “Cron Jobs” ?

    Thank you.

  • Dave Haertel

    So, will ClamAV automatically quarantine/heal/delete infected files that it finds when it runs the daily scan? Or does it just write the information to the log file for you to determine what to do with the files?

    • http://metatraderprogramming.com/ CandleFOREX

      ClamAV by default will not automaticially delete/heal etc infected files. This is actually smart because on servers, autodelete of important files can cause major problems.

      If you want to do this you need to configure ClamAV to do auto delete etc use this on the command line:

      clamscan -ri –remove /home

  • Johnny

    Great article, congrats.

    How can i add mulitple directories to this script

    • adhitya christiawan nurprasety

      /home represent a whole partition. if you need another area to scan, then simply change the value. otherwise, sets it to / for scan all of your system.

  • sreedharan

    will it work without clamd service?

  • http://metatraderprogramming.com/ CandleFOREX

    Curtis,

    If the following error comes up what to do to fix it:

    [root@server]# /etc/init.d/clamd start
    Starting Clam AntiVirus Daemon: ERROR: /var/log/clamav/clamd.log is locked by another process
    ERROR: Can’t initialize the internal logger

    • Gunjan RanjitKar

      sudo /etc/init.d/clamd restart

  • javier

    thanks!!!!!!!!!

  • Pingback: Blocking Malicious File Attachment in CentOS | Some Random Notes()

  • Yehoshua Talansky

    when running I get this error
    line 4: /var/log/clamav/manual_clamscan.log: Permission denied
    what should I do

    • Gunjan RanjitKar

      Use root permission

    • Christopher Westburry

      try to chmod the file. that should work as well.

  • Chrs Swinney

    Is there anyway to get this ClamAV and clamd functional in CentOS 7?

  • Pingback: [Linux] Clamav | sunny()

  • Pingback: Clamav | Boomerweb - Appunti di lavoro()

  • realSoft

    Thank you that was very helpfull!!!

  • Simon

    Very useful thank you. However, with regard to the cron job for the manual scan do I then need to add that script to the /etc/crontab file to tell it to run at a particular time or will it run each day regardless because it’s in the cron.daily folder? If so, what time does that execute?

    Many thanks

  • john

    Thank you for the post …this is helpful.

  • Super Hin

    thanks you very much.It is very nice tutorial and helpful 😀

  • Imran

    It works fine for 4 days but after that I got memory error like this,

    LibClamAV Error: mpool_malloc(): Can’t allocate memory (262144 bytes)
    Any idea ?

    Thanks

  • Byteher

    Awesome article. Had another post that just confused me before finding this one. I am a basic Linux user working in IT. We have a client phone system that is CentOS 5.5 running asterisk that seems to have been hacked and has a mailbot sending out spam. Will scanning the “home” directory find teh malware so I can identify and remove it? Or do I need to add more scan points to the “manual_clamscan” file?
    Thanks for any help you can offer.
    PS for newbies. I prefer nano over vi or vim (vim wasn’t an option on this system).