- \n
- A Linux sever with at least 2GB RAM<\/li>\n\n\n\n
- Almalinux operating system should be installed on the server<\/li>\n\n\n\n
- Sudo SSH access to the server (either with user root or a sudo user)<\/li>\n<\/ul>\n\n\n\n
Step 1: Update Your System<\/strong><\/h3>\n\n\n\n
Before installing any software, it\u2019s always good practice to update your package lists:<\/p>\n\n\n\n
sudo dnf update -y<\/code><\/pre>\n\n\n\nStep 2: Install ClamAV<\/strong><\/h3>\n\n\n\n
Almalinux base repo does not contain packages for installing Clamv. However, we can get them from the EPEL repo (Extra packages for Enterprise Linux). Hence, add that first.<\/p>\n\n\n\n
sudo dnf install epel-release -y\n\nsudo dnf install clamav clamd clamav-update<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/truehost.com\/support\/wp-content\/uploads\/2024\/10\/image-670-1024x301.png\")
<\/figure>\n\n\n\nStep 3: Add ClamAV user on Rocky Linux or AlmaLinux<\/strong><\/h3>\n\n\n\n
sudo groupadd clamav\nsudo useradd -g clamav -s \/bin\/false -c \"Clam Antivirus\" clamav<\/code><\/pre>\n\n\n\nStep 4: Update ClamAV Virus Definitions<\/strong><\/h3>\n\n\n\n
After installing ClamAV, you should update the virus definitions to ensure ClamAV has the latest signatures for detecting threats.<\/p>\n\n\n\n
sudo freshclam<\/code><\/pre>\n\n\n\nStep 5: Enable LocalSocket<\/strong><\/h3>\n\n\n\n
If you are setting up a simple, local clamd instance, then enable the LocalSocket option in its scan configuration file.<\/p>\n\n\n\n
sudo sed -i 's\/#LocalSocket \\\/run\/LocalSocket \\\/run\/g' \/etc\/clamd.d\/scan.conf<\/code><\/pre>\n\n\n\nStep 6: Create Systemd file freshclam<\/strong><\/h3>\n\n\n\n
- \n
- Create a service file for Freshclam to run as a background service.<\/li>\n<\/ul>\n\n\n\n
sudo vi \/usr\/lib\/systemd\/system\/freshclam.service<\/code><\/pre>\n\n\n\n- \n
- Add the following configuration:<\/li>\n<\/ul>\n\n\n\n
[Unit]\nDescription = ClamAV Scanner\nAfter = network.target\n\n[Service]\nType = forking\nExecStart = \/usr\/bin\/freshclam -d -c 1\nRestart = on-failure\nPrivateTmp = true\n\n[Install]\nWantedBy=multi-user.target<\/code><\/pre>\n\n\n\n- \n
- Save and close the file.<\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/truehost.com\/support\/wp-content\/uploads\/2024\/10\/image-675.png\")
<\/figure>\n\n\n\nStep 7: Start FreshClam and Clamd scanner services<\/strong><\/h3>\n\n\n\n
Starting the
clamd<\/code> service allows you to perform scans without initializing ClamAV each time.<\/p>\n\n\n\nStart and Enable freshclam<\/strong><\/p>\n\n\n\n
sudo systemctl start freshclam\nsudo systemctl enable freshclam<\/code><\/pre>\n\n\n\nYou can also check its statuses<\/p>\n\n\n\n
sudo systemctl status freshclam<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/truehost.com\/support\/wp-content\/uploads\/2024\/10\/image-673.png\")
<\/figure>\n\n\n\nIn case you want to stop the service<\/p>\n\n\n\n
sudo systemctl stop freshclam<\/code><\/pre>\n\n\n\nStart and Enable Clamd Scanner service\u00a0\u00a0<\/strong><\/p>\n\n\n\n
sudo systemctl start clamd@scan\nsudo systemctl enable clamd@scan<\/code><\/pre>\n\n\n\nYou can also check its statuses<\/p>\n\n\n\n
sudo systemctl status clamd@scan<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/truehost.com\/support\/wp-content\/uploads\/2024\/10\/image-674.png\")
<\/figure>\n\n\n\nIn case you want to stop the service<\/p>\n\n\n\n
sudo systemctl stop clamd@scan<\/code><\/pre>\n\n\n\nStep 8 : Run a Scan<\/strong><\/h3>\n\n\n\n
You can scan directories or specific files with the
clamscan<\/code> command.<\/p>\n\n\n\n- \n
- Scan a file <\/strong><\/li>\n<\/ul>\n\n\n\n
sudo clamscan filename<\/code><\/pre>\n\n\n\n- \n
- Scan a Directory<\/strong>:\n
- \n
- The
-r<\/code> flag performs a recursive scan, scanning all subdirectories within the specified path.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\nclamscan -r \/path\/to\/directory<\/code><\/pre>\n\n\n\n- \n
- Scan and Remove Infected Files<\/strong>\/Directories<\/strong>:\n
- \n
- The
--remove<\/code> option will delete infected files (use with caution).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\nsudo clamscan --remove filename\nsudo clamscan -r --remove directoryname<\/code><\/pre>\n\n\n\nScan and Generate a Log<\/strong>:<\/p>\n\n\n\n
- \n
- This command saves scan output to
\/var\/log\/clamav\/scan.log<\/code> for later review.<\/li>\n<\/ul>\n\n\n\nclamscan -r \/path\/to\/directory | tee \/var\/log\/clamav\/scan.log<\/code><\/pre>\n\n\n\nStep 9: Schedule Regular Scans (Optional)<\/strong><\/h3>\n\n\n\n
To automate scans, set up a cron job. For example, to scan
\/home<\/code> daily:<\/p>\n\n\n\n- \n
- Open the cron editor:<\/li>\n<\/ul>\n\n\n\n
crontab -e<\/code><\/pre>\n\n\n\n- \n
- Add the following line to schedule a scan at midnight each day:<\/li>\n<\/ul>\n\n\n\n
0 0 * * * \/usr\/bin\/clamscan -r \/home | tee -a \/var\/log\/clamav\/daily_scan.log<\/code><\/pre>\n\n\n\nStep 10: Enable On-Access Scanning (Optional)<\/strong><\/h3>\n\n\n\n
- \n
- On-Access scanning provides real-time protection by monitoring specific directories for malicious files. Follow the steps below to enable it.<\/li>\n\n\n\n
- Stop clamd service<\/li>\n<\/ul>\n\n\n\n
sudo systemctl stop clamd@service<\/code><\/pre>\n\n\n\n- \n
- Now, enable On-Access in the ClamAV scan configuration file:<\/li>\n<\/ul>\n\n\n\n
sudo sed -i 's\/#OnAccessPrevention yes\/OnAccessPrevention yes\/g' \/etc\/clamd.d\/scan.conf<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/truehost.com\/support\/wp-content\/uploads\/2024\/10\/image-676-1024x180.png\")
<\/figure>\n\n\n\n- \n
- With the above command, we enabled this service in the Scan.conf file. If you want the Scanner to monitor some directory or file, declare that in the Scan.conf file as well by manually editing this file \/etc\/clamd.d\/scan.con<\/strong>f and declaring your folder\/file in the format below<\/li>\n<\/ul>\n\n\n\n
OnAccessIncludePath path-to-folder<\/em><\/code><\/pre>\n\n\n\n- \n
- If not like above, you can also do it as below. Let’s say I want to enable On-Access scan monitoring for my Home directory.<\/li>\n<\/ul>\n\n\n\n
sudo sed -i 's\/#OnAccessIncludePath \\\/home<\/strong>\/OnAccessIncludePath \\\/home<\/strong>\/g' \/etc\/clamd.d\/scan.conf<\/code><\/pre>\n\n\n\n- \n
- You also want to exclude your Clamd user from scanning to make sure it will not get blocked accidentally:<\/li>\n<\/ul>\n\n\n\n
sudo sed -i 's\/#OnAccessExcludeUname clamav\/OnAccessExcludeUname clamscan\/g' \/etc\/clamd.d\/scan.conf<\/code><\/pre>\n\n\n\n- \n
- Start Daemon and On-Access Scanner service manually:<\/li>\n<\/ul>\n\n\n\n
sudo su - clamav -c \"\/usr\/local\/bin\/clamd\"\nsudo clamonacc<\/code><\/pre>\n\n\n\n- \n
- Run clamd service as well:<\/li>\n<\/ul>\n\n\n\n
sudo systemctl start clamd@service<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/truehost.com\/support\/wp-content\/uploads\/2024\/10\/image-677-1024x167.png\")
<\/figure>\n\n\n\nIn case you get the following error while starting the Clamd service, then follow the steps further to resolve this error.<\/p>\n\n\n\n
sudo systemctl start clamd@service Job for clamd@service.service failed because the control process exited with error code. See \"systemctl status clamd@service.service\" and \"journalctl -xeu clamd@service.service\" for details.<\/code><\/pre>\n\n\n\n- \n
- Create a New Service Configuration File<\/strong>: If the Clamd service file does not already exist on your system, then create the one using:<\/li>\n<\/ul>\n\n\n\n
sudo vi \/etc\/clamd.d\/service.conf<\/code><\/pre>\n\n\n\nAdd the following basic configuration and save the file by pressing Ctrl+X, Y, and Enter keys.<\/p>\n\n\n\n
# Example ClamAV Daemon configuration file\nLogFile \/var\/log\/clamd.service.log\nLogFileMaxSize 2M\nLogTime yes\nLogVerbose yes\nPidFile \/var\/run\/clamd.service.pid\nDatabaseDirectory \/var\/lib\/clamav\nTCPSocket 3310\nTCPAddr 127.0.0.1<\/code><\/pre>\n\n\n\n- \n
- Set file correct permissions and ownership<\/li>\n<\/ul>\n\n\n\n
sudo chmod 644 \/etc\/clamd.d\/service.conf\nsudo chown clamav:clamav \/etc\/clamd.d\/service.conf<\/code><\/pre>\n\n\n\n- \n
- Update the Systemd Service Unit<\/li>\n<\/ul>\n\n\n\n
sudo vi \/etc\/systemd\/system\/clamd@service.service<\/code><\/pre>\n\n\n\nMake sure it includes this below<\/strong><\/p>\n\n\n\n
[Service]\nExecStart=\/usr\/sbin\/clamd --config-file=\/etc\/clamd.d\/service.conf<\/code><\/pre>\n\n\n\n- \n
- Save and close file.<\/li>\n\n\n\n
- Reload systemd and Restart the Service<\/li>\n<\/ul>\n\n\n\n
sudo systemctl daemon-reload\nsudo systemctl start clamd@service.service<\/code><\/pre>\n\n\n\nVerify the Service Status<\/p>\n\n\n\n
sudo systemctl status clamd@service.service<\/code><\/pre>\n\n\n\nCreate clamonacc Service file (optional)<\/strong><\/p>\n\n\n\n
- \n
- To ensure the On-Access Scanner service starts automatically after a system reboot, you need to create a systemd file.<\/li>\n<\/ul>\n\n\n\n
sudo vi \/usr\/lib\/systemd\/system\/clamonacc.service<\/code><\/pre>\n\n\n\n- \n
- Copy-paste the below-given line in the file:<\/li>\n<\/ul>\n\n\n\n
[Unit]\nDescription=ClamAV On Access Scanner\nRequires=clamd@service\nAfter=clamd.service syslog.target network-online.target\n\n[Service]\nType=simple\nUser=root\nExecStart=\/usr\/bin\/clamonacc -F --log=\/var\/log\/clamonacc --move=\/tmp\/clamav-quarantine\nRestart=on-failure\nRestartSec=7s\n\n[Install]\nWantedBy=multi-user.target<\/code><\/pre>\n\n\n\n- \n
- Save the file by pressing\u00a0ESC <\/strong>followed by :wq<\/strong>\u00a0and then Enter<\/strong>.<\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/truehost.com\/support\/wp-content\/uploads\/2024\/10\/image-679-1024x285.png\")
<\/figure>\n\n\n\n
- Save the file by pressing\u00a0ESC <\/strong>followed by :wq<\/strong>\u00a0and then Enter<\/strong>.<\/li>\n<\/ul>\n\n\n\n
- Copy-paste the below-given line in the file:<\/li>\n<\/ul>\n\n\n\n
- To ensure the On-Access Scanner service starts automatically after a system reboot, you need to create a systemd file.<\/li>\n<\/ul>\n\n\n\n
- Update the Systemd Service Unit<\/li>\n<\/ul>\n\n\n\n
- Set file correct permissions and ownership<\/li>\n<\/ul>\n\n\n\n
- Create a New Service Configuration File<\/strong>: If the Clamd service file does not already exist on your system, then create the one using:<\/li>\n<\/ul>\n\n\n\n
- Run clamd service as well:<\/li>\n<\/ul>\n\n\n\n
- Start Daemon and On-Access Scanner service manually:<\/li>\n<\/ul>\n\n\n\n
- You also want to exclude your Clamd user from scanning to make sure it will not get blocked accidentally:<\/li>\n<\/ul>\n\n\n\n
- If not like above, you can also do it as below. Let’s say I want to enable On-Access scan monitoring for my Home directory.<\/li>\n<\/ul>\n\n\n\n
- With the above command, we enabled this service in the Scan.conf file. If you want the Scanner to monitor some directory or file, declare that in the Scan.conf file as well by manually editing this file \/etc\/clamd.d\/scan.con<\/strong>f and declaring your folder\/file in the format below<\/li>\n<\/ul>\n\n\n\n
- Now, enable On-Access in the ClamAV scan configuration file:<\/li>\n<\/ul>\n\n\n\n
- Add the following line to schedule a scan at midnight each day:<\/li>\n<\/ul>\n\n\n\n
- Open the cron editor:<\/li>\n<\/ul>\n\n\n\n
- This command saves scan output to
- The
- Scan and Remove Infected Files<\/strong>\/Directories<\/strong>:\n
- The
- Scan a Directory<\/strong>:\n
- Scan a file <\/strong><\/li>\n<\/ul>\n\n\n\n
- Save and close the file.<\/li>\n<\/ul>\n\n\n\n
- Add the following configuration:<\/li>\n<\/ul>\n\n\n\n
- Create a service file for Freshclam to run as a background service.<\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/truehost.com\/support\/wp-content\/uploads\/2024\/10\/image-680-1024x112.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/truehost.com\/support\/wp-content\/uploads\/2024\/10\/image-681.png\")
<\/figure>\n\n\n\n