Install ClamAV and set up scheduled scans.
Install Epel:
# yum install epel-release
Install ClmAV
# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.lax.hugeserver.com * epel: dl.fedoraproject.org * extras: dallas.tx.mirror.xygenhosting.com * updates: linux.mirrors.es.net Package clamav-data-0.98.7-1.el7.noarch already installed and latest version Package clamav-filesystem-0.98.7-1.el7.noarch already installed and latest version Package clamav-lib-0.98.7-1.el7.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package clamav.x86_64 0:0.98.7-1.el7 will be installed ---> Package clamav-devel.x86_64 0:0.98.7-1.el7 will be installed ---> Package clamav-scanner-systemd.noarch 0:0.98.7-1.el7 will be installed --> Processing Dependency: clamav-scanner = 0.98.7-1.el7 for package: clamav-scanner-systemd-0.98.7-1.el7.noarch ---> Package clamav-server.x86_64 0:0.98.7-1.el7 will be installed --> Processing Dependency: nc for package: clamav-server-0.98.7-1.el7.x86_64 ---> Package clamav-server-systemd.noarch 0:0.98.7-1.el7 will be installed ---> Package clamav-update.x86_64 0:0.98.7-1.el7 will be installed --> Running transaction check ---> Package clamav-scanner.noarch 0:0.98.7-1.el7 will be installed ---> Package nmap-ncat.x86_64 2:6.40-7.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================== Installing: clamav x86_64 0.98.7-1.el7 epel 806 k clamav-devel x86_64 0.98.7-1.el7 epel 37 k clamav-scanner-systemd noarch 0.98.7-1.el7 epel 19 k clamav-server x86_64 0.98.7-1.el7 epel 93 k clamav-server-systemd noarch 0.98.7-1.el7 epel 19 k clamav-update x86_64 0.98.7-1.el7 epel 89 k Installing for dependencies: clamav-scanner noarch 0.98.7-1.el7 epel 26 k nmap-ncat x86_64 2:6.40-7.el7 base 201 k Transaction Summary =================================================================================================================================================================================================== Install 6 Packages (+2 Dependent packages) Total download size: 1.3 M Installed size: 3.0 M Is this ok [y/d/N]: y Downloading packages: (1/8): clamav-0.98.7-1.el7.x86_64.rpm | 806 kB 00:00:00 (2/8): clamav-devel-0.98.7-1.el7.x86_64.rpm | 37 kB 00:00:00 (3/8): clamav-scanner-0.98.7-1.el7.noarch.rpm | 26 kB 00:00:00 (4/8): clamav-scanner-systemd-0.98.7-1.el7.noarch.rpm | 19 kB 00:00:00 (5/8): clamav-server-0.98.7-1.el7.x86_64.rpm | 93 kB 00:00:00 (6/8): clamav-server-systemd-0.98.7-1.el7.noarch.rpm | 19 kB 00:00:00 (7/8): clamav-update-0.98.7-1.el7.x86_64.rpm | 89 kB 00:00:00 (8/8): nmap-ncat-6.40-7.el7.x86_64.rpm | 201 kB 00:00:00 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 1.3 MB/s | 1.3 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : 2:nmap-ncat-6.40-7.el7.x86_64 1/8 Installing : clamav-server-0.98.7-1.el7.x86_64 2/8 Installing : clamav-server-systemd-0.98.7-1.el7.noarch 3/8 Installing : clamav-scanner-0.98.7-1.el7.noarch 4/8 Installing : clamav-scanner-systemd-0.98.7-1.el7.noarch 5/8 Installing : clamav-0.98.7-1.el7.x86_64 6/8 Installing : clamav-update-0.98.7-1.el7.x86_64 7/8 Installing : clamav-devel-0.98.7-1.el7.x86_64 8/8 Verifying : clamav-scanner-systemd-0.98.7-1.el7.noarch 1/8 Verifying : clamav-server-0.98.7-1.el7.x86_64 2/8 Verifying : clamav-scanner-0.98.7-1.el7.noarch 3/8 Verifying : clamav-devel-0.98.7-1.el7.x86_64 4/8 Verifying : clamav-server-systemd-0.98.7-1.el7.noarch 5/8 Verifying : clamav-update-0.98.7-1.el7.x86_64 6/8 Verifying : 2:nmap-ncat-6.40-7.el7.x86_64 7/8 Verifying : clamav-0.98.7-1.el7.x86_64 8/8 Installed: clamav.x86_64 0:0.98.7-1.el7 clamav-devel.x86_64 0:0.98.7-1.el7 clamav-scanner-systemd.noarch 0:0.98.7-1.el7 clamav-server.x86_64 0:0.98.7-1.el7 clamav-server-systemd.noarch 0:0.98.7-1.el7 clamav-update.x86_64 0:0.98.7-1.el7 Dependency Installed: clamav-scanner.noarch 0:0.98.7-1.el7 nmap-ncat.x86_64 2:6.40-7.el7 Complete!
Copy a the clamd.conf template, in case you don’t have a configuration file yet:
# cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
Change the file and Comment out “Example”
# nano /etc/clamd.d/clamd.conf
Change this…
# Comment or remove the line below. Example
To this…
# Comment or remove the line below. #Example
Configure SELinux for ClamAV.
Check if selinux in on:
# getenforce Enforcing [root@database ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28
Write this command to get it working with SELinux if this is active:
# setsebool -P antivirus_can_scan_system 1
Enabling and Disabling SELinux
nano /etc/sysconfig/selinux
To enable…set this to enforcing
# SELINUX=enforcing
To disable, set to permissive
# SELINUX=permissive
Reboot after changes
Or, to make temp changes:
# setenforce permissive
Enable Freshclam
# cp /etc/freshclam.conf /etc/freshclam.conf.bak
Edit the config file to comment out example
# nano /etc/freshclam.conf
# Comment or remove the line below. #Example
Creat a file
# nano /usr/lib/systemd/system/clam-freshclam.service
Add
# Run the freshclam as daemon [Unit] Description = freshclam scanner After = network.target [Service] Type = forking ExecStart = /usr/bin/freshclam -d -c 4 Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target
Let’s enable and start the service
# systemctl enable clam-freshclam.service # systemctl start clam-freshclam.service
rename the /usr/lib/systemd/system/clamd@.service file
# mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service
change the clamd@scan service as well. Change this line in /usr/lib/systemd/system/clamd@scan.service and remove the @ sign
# nano /usr/lib/systemd/system/clamd@scan.service
From…
# .include /lib/systemd/system/clamd@.service
to…
# .include /lib/systemd/system/clamd.service
change the clamd service file /usr/lib/systemd/system/clamd.service:
[Unit] Description = clamd scanner daemon After = syslog.target nss-lookup.target network.target [Service] Type = simple ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target
Start all services
#cd /usr/lib/systemd/system
# systemctl enable clamd.service # systemctl enable clamd@scan.service # systemctl start clamd.service # systemctl start clamd@scan.service.
Run a scan
# clamscan -i -r --log=/var/log/clamscan-date.txt /var/www/vhosts/* ----------- SCAN SUMMARY ----------- Known viruses: 4159219 Engine version: 0.98.7 Scanned directories: 3 Scanned files: 116 Infected files: 0 Data scanned: 13.64 MB Data read: 39.54 MB (ratio 0.34:1) Time: 10.738 sec (0 m 10 s)
Set up a cron to run a scan (example is for a plesk server for the virtual hosts
# nano /etc/cron.daily/clamscan
#!/bin/bash # setup the scan location and scan log CLAM_SCAN_DIR="/var/www/vhosts" CLAM_LOG_FILE="/var/log/clamav/dailyscan.log" # update the virus database /usr/bin/freshclam # run the scan /usr/bin/clamscan -i -r $CLAM_SCAN_DIR >> $CLAM_LOG_FILE MAILTO=user@domain.com
Set the cron file as an executible
# chmod 555 /etc/cron.daily/clamscan
Test your installation and cron job
# /etc/cron.daily/clamscan