CentOS 7 – Setting up the Clamav antivirus

How to Install MySQL 8.0 on Ubuntu 18.04

Clamav is an open source antivirus tool. Its basic usage is for detecting viruses, malware, and malicious software on Linux-based machines.

To install Clamav, we need to install the EPEL repository:


$ sudo yum install epel-release

Then we can install Clamav with all its useful tools:


$ sudo yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Before we start configuring, we need to make sure that SELinux will let Clamav work without issues:


$ sudo setsebool -P antivirus_can_scan_system 1

To check whether the option is active, we need to type this:


$ sudo getseboot –a | grep virus

Then we remove the example configuration, so we can make our own configuration:


$ sudo sed -i '/^Example/d' /etc/clamd.d/scan.conf

After removing the example lines, we need to do some modifications to define the TCP server type and to define the user root to execute the antivirus:


$ sudo nano /etc/clamd.d/scan.conf

We uncomment the following line:


LocalSocket /var/run/clamd.scan/clamd.sock

We add those two lines at the end of the file and save:


User root
LocalSocket /var/run/clamd.<SERVICE>/clamd.sock

To keep the Clamav database up to date, we need to enable a tool called Freshclam. Therefore, we need to create a backup file from its configuration file:


$ sudo cp /etc/freshclam.conf /etc/freshclam.conf.bak

Again we remove the example lines:


$ sudo sed -i '/^Example/d' /etc/freshclam.conf

Otherwise, if needed, we can adjust the options for a more personalized solution. We need to run Freshclam to update the database manually and to check whether the configuration is successfully set:


$ sudo freshclam

We need to create the file that will act as the service file to run the Freshclam daemon:


$ sudo nano /usr/lib/systemd/system/clam-freshclam.service

Then we put the following code inside the file and save it:


[Unit]
Description = freshclam scanner
After = network.target

[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true

[Install]
WantedBy=multi-user.target

Next, we should check whether the service is well configured by running it and checking its status:


$ sudo systemctl start clam-freshclam.service
$ sudo systemctl status clam-freshclam.service -l

If everything is running fine and there is no problem, we add it to the system startup service:


$ sudo systemctl enable clam-freshclam.service

Now we need to create the Clamav service file. We have an example service file that we need to copy into the system services folder. We need to change its name to something understandable. Then, we need to make some minor modifications to it:


$ sudo mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service

Since we have changed the name, we need to change it at the file that uses this service as well:


$ sudo nano /usr/lib/systemd/system/clamd@scan.service

We change the first line by removing @ to look like this:


.include /lib/systemd/system/clamd.service

At the same location, we need to change the Clamd service file:


$ sudo nano /usr/lib/systemd/system/clamd.service

We add the following lines at the end:


[Install]
WantedBy=multi-user.target

And we remove %i from both the Description and ExecStart options. Then we change them to look like the following:


Description = clamd scanner daemon
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes

Before running any service, we need to check whether we have any errors. We will run Clamd manually:


$ sudo /usr/sbin/clamd -c /etc/clamd.d/scan.conf –nofork=yes

Then, if everything goes fine, we start the services and add them to the system startup services:


$ sudo systemctl enable clamd.service
$ sudo systemctl enable clamd@scan.service
$ sudo systemctl start clamd.service
$ sudo systemctl start clamd@scan.service

For a final verification of the Clamav services, we check its status:


$ sudo systemctl status clamd.service -l
$ sudo systemctl status clamd@scan.service -l

For a test scan of the current folder, we run the following command:


$ sudo clamscan --infected --remove --recursive ./

This is the architecture how ClamAV should be located in our infrastructure:

Source https://wiki.jenkins-ci.org/display/JENKINS/Home

The following figure shows a better description between the components of a mail server to explain how ClamAV help secure our mail service:

Source: https://aphyr.com/

Comments are closed.