The installation of ClamAV from EPEL 7 to CentOS/Red Hat 7 is a little bit more challenging than the simple setup used in CentOS 6/Red Hat 6. The problem isn’t really the installation itself, but the way how things are documented and what it’s really needed to do to use ClamAV.
You can find a lot of bad information on the Internet who only complicate things (perhaps this post will add more incorrect information…). But when you know how to install it, it can be done quickly, smoothly and without difficulties. The complication came with the proliferation of packages that need to be installed, and as always with EPEL, the missing/lost documentation on how the packages were made.
This post is trying to suggest a working solution that can be used to start from scratch with a new installation.
A part of the answer can be found in the lost manual:
more /usr/share/doc/clamav-server-*/README
1 – Install EPEL 7
After you’ve successfully installed your operating system and applied all the updates. You can install the EPEL 7 repository by running this command:
yum install epel-release
2 – Install and configure the ClamAV packages
yum install clamav clamav-scanner-systemd
Yes, it’s enough. When installing these packages all needed packages will be installed by dependency.
Create a symbolic link to the default file path and link it to the clamd@scan file (read comments for more information):
ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
Edit the configuration installed by the clamd-scanner package:
vi /etc/clamd.d/scan.conf
Comment the example line:
#Example
Uncomment the LocalSocket config line to enable it:
LocalSocket /var/run/clamd.scan/clamd.sock
Save and quit the text editor.
3 – Turn on the SELinux boolean for antivirus
setsebool -P antivirus_can_scan_system 1
4 – Start the service and enable it at boot
systemctl start clamd@scan systemctl enable clamd@scan
5 – Install and configure the ClamAV updater
To automatically get the latest virus updates, you need to install the binary used for this task:
yum install clamav-update
Edit the configuration file:
vi /etc/freshclam.conf
Comment the example line:
#Example
Edit the second configuration file (in sysconfig):
vi /etc/sysconfig/freshclam
Comment this line to allow you to use crontab (updates are disabled by default):
#FRESHCLAM_DELAY=disabled-warn
Save files and quit the text editor and run the command “freshclam” to update the virus database. If needed you can add a crontab to execute it regularly.
6 – Test your installation
clamdscan --fdpass /var/log/*
Always use the –fdpass to give the correct permission to scan the files with clamdscan binary. In some case the first check mays fail after the installation, a simple reboot can solve this issue.
You also need to comment out one line in /etc/sysconfig/freshclam :
#FRESHCLAM_DELAY=disabled-warn # REMOVE ME
Thanks, I forgot this information on the post! I will correct.
Thank you for this. After a few days of banging my head against a wall with other guides, this was simple, clear and did exactly what I needed.
Doesn’t clamav-update drop a clamav-update file into /etc/cron.d?
## Adjust this line…
MAILTO=root
## It is ok to execute it as root; freshclam drops privileges and becomes
## user ‘clamupdate’ as soon as possible
0 */3 * * * root /usr/share/clamav/freshclam-sleep
From another post …
Create a new file /usr/lib/systemd/system/clam-freshclam.service
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
Now enable and start the service.
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
Seems like I should do one or the other (cron or daemon) but not both.
Hello, newbie here. I created the above file. Can I also create a cron job as described elseware? Thanks
I have installed many Linux boxes from FC3 – right to FC10 from 200-users mail serves, firewalls, proxy servers, samba, MailScanners working with CLAMAV and SpamAssassin and they are all still working today appart from the old upgrading of hardware and server OS…
WHAT THE HELL DID THESE PEOPLE DO TO PERFECTLY WORKING Linux Mail servers???!? I cant even install Squirrelmail or CLAMAV without seeing important things commented out which never use to be the case, and why by Zues’s beard to they have the word “EXAMPLE” in the middle of a config file not commented out?
I could have installed these things with my eyes closed and now I have to open them with a simple Postfix, Mailscanner, ClamAV and Spamassassin installation. I chucked Squirrelmail out the windows that sh!t just aint working anymore. This new Epel thing screwed everything up.
What a waste of my time.
You can have multiple daemons, that’s why there is no /etc/clamd.conf
There is one daemon by default: clamd@scan (it uses the /etc/clamd.d/scan.conf file)
Example:
If you wanted to have the clamd@amavisd service/daemon, you need to do this:
cp -a “/usr/lib/systemd/system/clamd@scan.service” “/usr/lib/systemd/system/clamd@amavisd.service”;
systemctl daemon-reload;
systemctl status clamd@amavisd;
Now you have a clamd@amavisd daemon which will use the /etc/clamd.d/amavisd.conf file
Indeed, it seems logical… Thanks!
Just found this out:
You don’t even need to copy that file, you would only do that if you need to change some settings.
Systemd will use the clamd@.service file as a template and substitute %i
So without copying the file, just do this:
systemctl enable clamd@amavisd;
systemctl start clamd@amavisd;
read more here (search for “%i”): https://www.freedesktop.org/software/systemd/man/systemd.unit.html
This was the ONLY piece of documentation that helped me get ClamAV installed. Thank you so much for providing ACCURATE AND HELPFUL info!!!!
No idea how to do anything with clamav to ensure its functionality but needed to install AV on the system.
Periodically, I DO try getting into Linux and would love nothing more than to get rid of all Windows systems, but crap installations, along with worthless installation instructions, like ClamAV provides makes me glad I’m too stupid for Linux.
Why can’t the installation take care of basic configuration in the first place?
Super post!
I’ve finally got clamav installed and working, but could not have done it without this post.
Amazing… Thanks to save my life.
I have no clue what I just did editing those files.
But thank you very much because clamscan is updated now! Yay!
You = Angel!
Thank YOU!
I followed this exactly but I get the following error
ERROR: Please edit the example config file /etc/clamd.conf
ERROR: Can’t parse clamd configuration file /etc/clamd.con
**ERROR: Can’t parse clamd configuration file /etc/clamd.conf
You probably missed the sym link creation in the step 2.
This post is great but Step 0 (before you do anything else) is to add a clamd.conf file such as the one from below https://raw.githubusercontent.com/vrtadmin/clamav-devel/master/etc/clamd.conf.sample
Remove the text “Example” and then uncomment the line starting with TCPSocket and TCPAddr
Not sure to understand why? This file already exists and is placed by default at /etc/clamd.d/scan.conf.
[root@server516 ~]# setsebool -P antivirus_can_scan_system 1
setsebool: SELinux is disabled.
in this comand i get :SELinux is disabled., i use plesk ant default not have enebled the SELinux , so i load the extension SELinux in the extension of plesk bat i have agen the same erorr SELinux is disabled.
can you help me? is the SELinux recuirment for clamav?
a very very thanks for yur clear tutorial
Hi, if SELinux is disabled you can forget this command. SELinux is not mandatory but enabled by default on CentOS/Red Hat Enterprise Linux, so in your case you can ignore this.
I was trying to do so using https://linux-audit.com/install-clamav-on-centos-7-using-freshclam/
Yours is much much better…!
Thanks…!
Thanks for saving me many hours of trying to resolve conflicting documents and making false starts. I appreciate you taking the time to share your knowledge and simplify the install process for others!
Please use the repository to download if epel-release is not available.
cd /tmp
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
ls *.rpm
To install epel-release-7-5.noarch.rpm, type:
sudo yum install epel-release-latest-7.noarch.rpm
Sorry for what may be a silly question, but by uncommenting the Checks parameter in /etc/freshclam.conf, wouldn’t freshclam perform a database automatically, without the need for a separate crontab? Is the use of a crontab preferred? Also, when i attempt to run sudo clamdscan /, I receive a lot of error messages regarding insufficient access permissions for various files. I would have assumed that by running clamdscan as root, i wouldn’t have these permissions errors.
By default, the freshclam update is disabled to avoid network access (based on official documentation). Removing this line allow freshclam to access Internet without error, so next you can create a crontab.
Thank you!
Thanks for this article. It was straightforward and works fine with one minor hiccup caused by my own security configuration.
Freshclam writes its files as the user clamupdate. Clamd@scan runs as the user clamscan. I am asked to run systems with a restrictive 027 umask, so when freshclam creates the database files in /var/lib/clamav/ it makes them owned by clamupdate.clamupdate with 640 permissions instead of 644. As a result clamscan can’t read them. I added the clamscan user account into the clamupdate group, and it fixed the issue without requiring me to change my umask. If clamscan can’t read the database files it just restarts the clamd@scan service over and over and uses an impressive amount of CPU doing it.
Just posting this comment here so that others may find it if they search
Thank you AlanM. Adding clamscan to clamupdate group brought my cpu load to its normal value.
This helped me a lot thanks.
Hi,
I am using CentOS 7 and Plesk Onyx.
What settings do we need to make in order to use ClamAV as antivirus for email attachments (postfix) and on-access scanning (to protect against malicious files upload using php scripts)?
Sorry, but I’ve absolutely no idea, I’m not using Plesk.
Excelent explanation and tutorial thanks a lot!
congratulations
I have followed your guide and have came up with an error ” Can’t create temporary directory /car/lib/clamav/clamav-445566787.tmp.
Hint: The database directory must be writable for UID 1000 or GID 1000. I have followed your instructions verbatim 3 times and reinstalled CentOS 7.4**** in case it was me…
I am a novice but after reading the praises from previous users here thought I will attempt this too but I am stuck now. Any help would be greatly appreciated…
James
“Can’t create temporary directory /car/lib/clamav/clamav-445566787.tmp.”
It should be /var/lib/clamav, not /car/lib/clamav. “c” is right next to “v” on the keyboard, so you likely just mis-typed.
I followed the same steps but the below service failed to start.
[root@20191113-1348 ~]# systemctl start clamd@scan
Job for clamd@scan.service failed because the control process exited with erro r code. See “systemctl status clamd@scan.service” and “journalctl -xe” for det ails.
[root@instance-20191113-1348 ~]# systemctl status clamd@scan.service
● clamd@scan.service – Generic clamav scanner daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; disabled; vendo r preset: disabled)
Active: failed (Result: start-limit) since Tue 2019-11-19 12:00:00 UTC; 15s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Process: 20411 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf (code=exite d, status=1/FAILURE)
Nov 19 12:00:00 instance-20191113-1348 systemd[1]: Failed to start Generic …
Nov 19 12:00:00 instance-20191113-1348 systemd[1]: Unit clamd@scan.service …
Nov 19 12:00:00 instance-20191113-1348 systemd[1]: clamd@scan.service failed.
Nov 19 12:00:00 instance-20191113-1348 systemd[1]: clamd@scan.service holdo…
Nov 19 12:00:00 instance-20191113-1348 systemd[1]: Stopped Generic clamav s…
Nov 19 12:00:00 instance-20191113-1348 systemd[1]: start request repeated t…
Nov 19 12:00:00 instance-20191113-1348 systemd[1]: Failed to start Generic …
Nov 19 12:00:00 instance-20191113-1348 systemd[1]: Unit clamd@scan.service …
Nov 19 12:00:00 instance-20191113-1348 systemd[1]: clamd@scan.service failed.