ClamAV is an open-source antivirus engine designed to detect trojans, viruses, malware and other threats. It is a popular security solution for mail servers, web gateways and file scanning on Linux systems.
Why Use ClamAV?
- Open-Source and Free: A security solution available with no licensing cost.
- Cross-platform: Runs on Linux, Windows and macOS.
- Flexibility: Can be used on the command line, as a daemon, or integrated into other applications (mail servers, proxies).
- Up-to-date signature database: The community maintains a regularly updated threat database.
Prerequisites
- A Linux server (Ubuntu/Debian, CentOS/RHEL, etc.).
- Root access or sudo privileges.
Installation
Step 1: Install the packages
# On Debian / Ubuntu
sudo apt-get update
sudo apt-get install -y clamav clamav-daemon
# On CentOS / RHEL (requires the EPEL repository)
sudo yum install -y epel-release
sudo yum install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-server-systemdStep 2: Update the virus signature database
First of all, you need to download the latest signature database. The `freshclam` service handles this.
# Stop the service for the first manual update
sudo systemctl stop clamav-freshclam
# Run the update manually (may take a few minutes)
sudo freshclam
# Restart the services
sudo systemctl start clamav-freshclam
sudo systemctl start clamav-daemonCheck that the services are running:
sudo systemctl status clamav-freshclam
sudo systemctl status clamav-daemonClamAV is installed and its database is up to date. The `clamav-daemon` daemon runs in the background for fast scans and `clamav-freshclam` will update the signatures automatically.
Command-Line Usage
The main tool to run a manual scan is clamscan.
Scan a file
clamscan my_file.zipScan a directory recursively
# -r for recursive
clamscan -r /home/userUseful options
--infected: Only displays infected files.--remove: Directly deletes infected files (use with caution!).--move=/quarantine/directory: Moves infected files to a quarantine directory.-l /var/log/clamav_scan.log: Saves the scan report to a log file.
Example of a complete, safe scan
The following command scans the entire system, only shows infected files, moves them to quarantine and saves a report.
sudo clamscan -r --infected --move=/var/quarantine/clamav / -l /var/log/clamav/manual_scan.logAutomation with Cron
Automating scans is essential. Here is how to schedule a weekly scan with cron.
sudo nano /etc/cron.weekly/clamav_scanAdd the following content and make the file executable:
#!/bin/bash
LOG_FILE="/var/log/clamav/weekly_scan_$(date +\%Y-\%m-\%d).log"
QUARANTINE_DIR="/var/quarantine/clamav"
mkdir -p $QUARANTINE_DIR
# Scan the filesystem, excluding a few system directories
clamscan -r --infected --move=$QUARANTINE_DIR \
--exclude-dir="^/sys" --exclude-dir="^/proc" --exclude-dir="^/dev" \
/ > $LOG_FILE 2>&1
sudo chmod +x /etc/cron.weekly/clamav_scanA full filesystem scan can be very intensive in terms of I/O and CPU. Schedule it during off-peak hours.
Conclusion
ClamAV is a robust and flexible antivirus solution for Linux environments. It is simple to install, and its use, whether manually or via cron automation, adds an essential layer of security to your servers. Never forget that security is a matter of defense in depth: an antivirus is one tool among others (firewall, updates, hardened configuration).
Comments