This article will describe virus scan with ClamAV.
Table of Contents
1 Virus scan with clamscan
Install clamav package.
$ sudo dnf install -y clamav
The clamscan command will scan file or directory.
- -r option will scan directory recursively.
- -i option will show detected file only.
- –move option will move detected file to specific directory.
$ mkdir ~/virus $ clamscan -r -i --move=$HOME/virus .
2 Update virus database manually
The freshclam command will update virus database. The freshclam command includes in clamav-update package.
$ sudo dnf install -y clamav-update $ sudo freshclam
3 Update virus database automatically
Installing clam-update package will enable cron job which will run /usr/share/clamav/freshclam-sleep for each 3 hours. If FRESHCLAM_DELAY value is not "disabled-warn" nor "disabled", freshclam-sleep will run freshclam command. FRESHCLAM_DELAY default value is "disabled-warn".
So, for updating virus database automatically, you need to install clamav-freshclam package and replace FRESHCLAM_DELAY value.
$ sudo dnf install -y clamav-update $ sudo sed -e 's/^FRESHCLAM_DELAY/#FRESHCLAM_DELAY/g' \ -i /etc/sysconfig/freshclam
For changing update interval, you need to modify the following file.
/etc/cron.d/clamav-update
4 Virus scan with clamd
The clamd daemon load database once and wait as a daemon. And run virus scan by request from clamdscan command without loading database.
clamd daemon always consume memory for database, but clamdscan is faster than clamscan. And clamdscan's behavior depends on clamd while clamscan's behavior depends clamscan's options.
Install packages for clamd.
$ sudo dnf install -y clamav-server clamav-server-systemd clamav-scanner
Edit /etc/clamd.d/scan.conf which will be used by clamd@scan.service.
$ sudo sed -e 's/^Example/#Example/g' \ -e 's/^User.*/User root/g' \ -e 's/^#LocalSocket /LocalSocket /g' \ -e 's/^#LocalSocketGroup.*/LocalSocketGroup clamscan/g' \ -e 's/^#LocalSocketMode /LocalSocketMode /g' \ -e 's/^#FixStaleSocket /FixStaleSocket /g' \ -e 's/^#ExcludePath /ExcludePath /g' \ -i /etc/clamd.d/scan.conf
Enable clamd@scan.service.
$ sudo systemctl enable clamd@scan
Create symbolic link from /etc/clamd.d/scan.conf to /etc/clamd.conf which will be used by clamdscan command.
$ sudo ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
Allow selinux setting for clamd.
$ sudo setsebool -P antivirus_can_scan_system 1 $ sudo setsebool -P clamd_use_jit 1
Add running clamdscan user to clamdscan group.
$ sudo gpasswd -a "${USER}" clamscan
Reboot for updating gpasswd setting.
$ sudo reboot
After reboot, you can run clamdscan.
$ clamdscan <file-or-dir>
5 Virus scan with clamtk package
clamtk package provides GUI window, This is useful for desktop user.
$ sudo dnf install -y clamtk
clamtk is as the following. You need double click to select item.
Check "scan directories recursively" in Settings.
Home directory can be scanned recursively by "Scan a directory".