Certainly! Here's a step-by-step guide on how to install ClamAV on AlmaLinux, including how to keep it updated and how to scan for malware.
How to Install ClamAV on AlmaLinux
ClamAV is an open-source antivirus engine designed to detect trojans, viruses, malware, and other malicious threats on Linux-based systems, including AlmaLinux. It’s widely used for scanning files on servers, especially in mail gateways and web servers.
Step 1: Update Your System
Always begin by updating your system packages to the latest versions:
sudo dnf update -y
sudo dnf install epel-release -y
sudo dnf update -y
EPEL (Extra Packages for Enterprise Linux) contains ClamAV packages.
Step 2: Install ClamAV and Related Packages
Install ClamAV, the daemon (optional), and update tools:
sudo dnf install clamav clamav-update clamav-scanner clamav-scanner-systemd clamav-server clamav-server-systemd -y
Minimal install for just scanning files:
sudo dnf install clamav clamav-update -y
Step 3: Configure ClamAV
Edit the main ClamAV configuration files:
-
Freshclam (Updater) Config:
Edit /etc/freshclam.conf:
sudo nano /etc/freshclam.conf
Find the line:
Example
Comment it out by adding #:
#Example
2. Clamd (Scanner Daemon) Config:
Edit /etc/clamd.d/scan.conf:
sudo nano /etc/clamd.d/scan.conf
Find the line:
Example
Comment it out:
#Example
Make sure to set the correct user (optional but recommended):
User clamscan
Step 4: Update Virus Database
Manually update the virus signatures:
sudo freshclam
If it runs without errors, your database is ready.
Step 5: Enable and Start ClamAV Services (Optional Daemon Mode)
If you want ClamAV to run as a daemon:
Start the scanning daemon:
sudo systemctl enable clamd@scan
sudo systemctl start clamd@scan
Check status:
sudo systemctl status clamd@scan
Step 6: Run Manual Scans
Basic scan of a directory:
clamscan -r /path/to/directory
Scan and remove infected files:
clamscan -r --remove /path/to/directory
More verbose scanning with summary:
clamscan -r -i --bell /home
-
-r: Recursive -
-i: Only print infected files -
--bell: Audible alert (optional)
Step 7: Use clamdscan (Faster, with Daemon)
If you started the daemon, use clamdscan for faster scans:
clamdscan /path/to/directory
Step 8: Automate Scans (Optional)
Set up a cron job to scan /var/www daily at 2 AM:
sudo crontab -e
Add:
0 2 * * * clamscan -r /var/www --log=/var/log/clamav/daily_scan.log
Or, for daemon-based scans:
0 2 * * * clamdscan /var/www --log=/var/log/clamav/daily_scan.log
Step 9: Automate Virus Database Updates
Enable the Freshclam service to keep signatures up to date:
sudo systemctl enable --now freshclam
Check status:
sudo systemctl status freshclam
Step 10: Verify Everything is Working
Check the ClamAV version:
clamscan --version
Test with the EICAR test virus (a safe test file recognized as a virus):
curl -o eicar.txt https://www.eicar.org/download/eicar.com.txt
clamscan eicar.txt
You should see:
eicar.txt: Eicar-Test-Signature FOUND
Then delete the test file:
rm eicar.txt
✅ Conclusion
ClamAV on AlmaLinux provides a solid baseline malware protection tool for your server. While it isn't a real-time antivirus in the traditional sense, it’s effective for periodic scans of web directories, mail servers, and uploaded content. Keeping it updated and integrating with cron jobs makes it a powerful ally in your server security toolkit
