How to Install ClamAV on AlmaLinux

Certainly! Here's a step-by-step guide on how to install ClamAV on AlmaLinux, including how to keep it updated and how to scan for malware.

How to Install ClamAV on AlmaLinux

ClamAV is an open-source antivirus engine designed to detect trojans, viruses, malware, and other malicious threats on Linux-based systems, including AlmaLinux. It’s widely used for scanning files on servers, especially in mail gateways and web servers.

Step 1: Update Your System

Always begin by updating your system packages to the latest versions:

sudo dnf update -y
sudo dnf install epel-release -y
sudo dnf update -y

EPEL (Extra Packages for Enterprise Linux) contains ClamAV packages.

Step 2: Install ClamAV and Related Packages

Install ClamAV, the daemon (optional), and update tools:

sudo dnf install clamav clamav-update clamav-scanner clamav-scanner-systemd clamav-server clamav-server-systemd -y

Minimal install for just scanning files:

sudo dnf install clamav clamav-update -y

Step 3: Configure ClamAV

Edit the main ClamAV configuration files:

  1. Freshclam (Updater) Config:

Edit /etc/freshclam.conf:

sudo nano /etc/freshclam.conf

Find the line:

Example

Comment it out by adding #:

#Example

2. Clamd (Scanner Daemon) Config:

Edit /etc/clamd.d/scan.conf:

sudo nano /etc/clamd.d/scan.conf

Find the line:

Example

Comment it out:

#Example

Make sure to set the correct user (optional but recommended):

User clamscan

Step 4: Update Virus Database

Manually update the virus signatures:

sudo freshclam

If it runs without errors, your database is ready.

Step 5: Enable and Start ClamAV Services (Optional Daemon Mode)

If you want ClamAV to run as a daemon:

Start the scanning daemon:

sudo systemctl enable clamd@scan
sudo systemctl start clamd@scan

Check status:

sudo systemctl status clamd@scan

Step 6: Run Manual Scans

Basic scan of a directory:

clamscan -r /path/to/directory

Scan and remove infected files:

clamscan -r --remove /path/to/directory

More verbose scanning with summary:

clamscan -r -i --bell /home

  • -r: Recursive

  • -i: Only print infected files

  • --bell: Audible alert (optional)

Step 7: Use clamdscan (Faster, with Daemon)

If you started the daemon, use clamdscan for faster scans:

clamdscan /path/to/directory

Step 8: Automate Scans (Optional)

Set up a cron job to scan /var/www daily at 2 AM:

sudo crontab -e

Add:

0 2 * * * clamscan -r /var/www --log=/var/log/clamav/daily_scan.log

Or, for daemon-based scans:

0 2 * * * clamdscan /var/www --log=/var/log/clamav/daily_scan.log

Step 9: Automate Virus Database Updates

Enable the Freshclam service to keep signatures up to date:

sudo systemctl enable --now freshclam

Check status:

sudo systemctl status freshclam

Step 10: Verify Everything is Working

Check the ClamAV version:

clamscan --version

Test with the EICAR test virus (a safe test file recognized as a virus):

curl -o eicar.txt https://www.eicar.org/download/eicar.com.txt
clamscan eicar.txt

You should see:

eicar.txt: Eicar-Test-Signature FOUND

Then delete the test file:

rm eicar.txt

Conclusion

ClamAV on AlmaLinux provides a solid baseline malware protection tool for your server. While it isn't a real-time antivirus in the traditional sense, it’s effective for periodic scans of web directories, mail servers, and uploaded content. Keeping it updated and integrating with cron jobs makes it a powerful ally in your server security toolkit

 

 

  • How to Install ClamAV on AlmaLinux
  • 0 utilizatori au considerat informația utilă
Răspunsul a fost util?

Articole similare

How to check if Linux server is under DDOS Attack

To check if a Linux server is under a DDoS (Distributed Denial of Service) attack, you need to...

How to Protect Your WordPress Site from Brute Force Attacks

  How to Protect Your WordPress Site from Brute Force Attacks Brute force attacks target your...

Powered by WHMCompleteSolution