Install ClamAV and set up scheduled scans.
Install Epel:
# yum install epel-release
Install ClmAV
# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.lax.hugeserver.com
* epel: dl.fedoraproject.org
* extras: dallas.tx.mirror.xygenhosting.com
* updates: linux.mirrors.es.net
Package clamav-data-0.98.7-1.el7.noarch already installed and latest version
Package clamav-filesystem-0.98.7-1.el7.noarch already installed and latest version
Package clamav-lib-0.98.7-1.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package clamav.x86_64 0:0.98.7-1.el7 will be installed
---> Package clamav-devel.x86_64 0:0.98.7-1.el7 will be installed
---> Package clamav-scanner-systemd.noarch 0:0.98.7-1.el7 will be installed
--> Processing Dependency: clamav-scanner = 0.98.7-1.el7 for package: clamav-scanner-systemd-0.98.7-1.el7.noarch
---> Package clamav-server.x86_64 0:0.98.7-1.el7 will be installed
--> Processing Dependency: nc for package: clamav-server-0.98.7-1.el7.x86_64
---> Package clamav-server-systemd.noarch 0:0.98.7-1.el7 will be installed
---> Package clamav-update.x86_64 0:0.98.7-1.el7 will be installed
--> Running transaction check
---> Package clamav-scanner.noarch 0:0.98.7-1.el7 will be installed
---> Package nmap-ncat.x86_64 2:6.40-7.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================================================================================
Installing:
clamav x86_64 0.98.7-1.el7 epel 806 k
clamav-devel x86_64 0.98.7-1.el7 epel 37 k
clamav-scanner-systemd noarch 0.98.7-1.el7 epel 19 k
clamav-server x86_64 0.98.7-1.el7 epel 93 k
clamav-server-systemd noarch 0.98.7-1.el7 epel 19 k
clamav-update x86_64 0.98.7-1.el7 epel 89 k
Installing for dependencies:
clamav-scanner noarch 0.98.7-1.el7 epel 26 k
nmap-ncat x86_64 2:6.40-7.el7 base 201 k
Transaction Summary
===================================================================================================================================================================================================
Install 6 Packages (+2 Dependent packages)
Total download size: 1.3 M
Installed size: 3.0 M
Is this ok [y/d/N]: y
Downloading packages:
(1/8): clamav-0.98.7-1.el7.x86_64.rpm | 806 kB 00:00:00
(2/8): clamav-devel-0.98.7-1.el7.x86_64.rpm | 37 kB 00:00:00
(3/8): clamav-scanner-0.98.7-1.el7.noarch.rpm | 26 kB 00:00:00
(4/8): clamav-scanner-systemd-0.98.7-1.el7.noarch.rpm | 19 kB 00:00:00
(5/8): clamav-server-0.98.7-1.el7.x86_64.rpm | 93 kB 00:00:00
(6/8): clamav-server-systemd-0.98.7-1.el7.noarch.rpm | 19 kB 00:00:00
(7/8): clamav-update-0.98.7-1.el7.x86_64.rpm | 89 kB 00:00:00
(8/8): nmap-ncat-6.40-7.el7.x86_64.rpm | 201 kB 00:00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.3 MB/s | 1.3 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 2:nmap-ncat-6.40-7.el7.x86_64 1/8
Installing : clamav-server-0.98.7-1.el7.x86_64 2/8
Installing : clamav-server-systemd-0.98.7-1.el7.noarch 3/8
Installing : clamav-scanner-0.98.7-1.el7.noarch 4/8
Installing : clamav-scanner-systemd-0.98.7-1.el7.noarch 5/8
Installing : clamav-0.98.7-1.el7.x86_64 6/8
Installing : clamav-update-0.98.7-1.el7.x86_64 7/8
Installing : clamav-devel-0.98.7-1.el7.x86_64 8/8
Verifying : clamav-scanner-systemd-0.98.7-1.el7.noarch 1/8
Verifying : clamav-server-0.98.7-1.el7.x86_64 2/8
Verifying : clamav-scanner-0.98.7-1.el7.noarch 3/8
Verifying : clamav-devel-0.98.7-1.el7.x86_64 4/8
Verifying : clamav-server-systemd-0.98.7-1.el7.noarch 5/8
Verifying : clamav-update-0.98.7-1.el7.x86_64 6/8
Verifying : 2:nmap-ncat-6.40-7.el7.x86_64 7/8
Verifying : clamav-0.98.7-1.el7.x86_64 8/8
Installed:
clamav.x86_64 0:0.98.7-1.el7 clamav-devel.x86_64 0:0.98.7-1.el7 clamav-scanner-systemd.noarch 0:0.98.7-1.el7 clamav-server.x86_64 0:0.98.7-1.el7
clamav-server-systemd.noarch 0:0.98.7-1.el7 clamav-update.x86_64 0:0.98.7-1.el7
Dependency Installed:
clamav-scanner.noarch 0:0.98.7-1.el7 nmap-ncat.x86_64 2:6.40-7.el7
Complete!
Copy a the clamd.conf template, in case you don’t have a configuration file yet:
# cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
Change the file and Comment out “Example”
# nano /etc/clamd.d/clamd.conf
Change this…
# Comment or remove the line below.
Example
To this…
# Comment or remove the line below.
#Example
Configure SELinux for ClamAV.
Check if selinux in on:
# getenforce
Enforcing
[root@database ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
Write this command to get it working with SELinux if this is active:
# setsebool -P antivirus_can_scan_system 1
Enabling and Disabling SELinux
nano /etc/sysconfig/selinux
To enable…set this to enforcing
# SELINUX=enforcing
To disable, set to permissive
# SELINUX=permissive
Reboot after changes
Or, to make temp changes:
# setenforce permissive
Enable Freshclam
# cp /etc/freshclam.conf /etc/freshclam.conf.bak
Edit the config file to comment out example
# nano /etc/freshclam.conf
# Comment or remove the line below.
#Example
Creat a file
# nano /usr/lib/systemd/system/clam-freshclam.service
Add
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
Let’s enable and start the service
# systemctl enable clam-freshclam.service
# systemctl start clam-freshclam.service
rename the /usr/lib/systemd/system/clamd@.service file
# mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service
change the clamd@scan service as well. Change this line in /usr/lib/systemd/system/clamd@scan.service and remove the @ sign
# nano /usr/lib/systemd/system/clamd@scan.service
From…
# .include /lib/systemd/system/clamd@.service
to…
# .include /lib/systemd/system/clamd.service
change the clamd service file /usr/lib/systemd/system/clamd.service:
[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
Start all services
#cd /usr/lib/systemd/system
# systemctl enable clamd.service
# systemctl enable clamd@scan.service
# systemctl start clamd.service
# systemctl start clamd@scan.service.
Run a scan
# clamscan -i -r --log=/var/log/clamscan-date.txt /var/www/vhosts/*
----------- SCAN SUMMARY -----------
Known viruses: 4159219
Engine version: 0.98.7
Scanned directories: 3
Scanned files: 116
Infected files: 0
Data scanned: 13.64 MB
Data read: 39.54 MB (ratio 0.34:1)
Time: 10.738 sec (0 m 10 s)
Set up a cron to run a scan (example is for a plesk server for the virtual hosts
# nano /etc/cron.daily/clamscan
#!/bin/bash
# setup the scan location and scan log
CLAM_SCAN_DIR="/var/www/vhosts"
CLAM_LOG_FILE="/var/log/clamav/dailyscan.log"
# update the virus database
/usr/bin/freshclam
# run the scan
/usr/bin/clamscan -i -r $CLAM_SCAN_DIR >> $CLAM_LOG_FILE
MAILTO=user@domain.com
Set the cron file as an executible
# chmod 555 /etc/cron.daily/clamscan
Test your installation and cron job
# /etc/cron.daily/clamscan