Admin... by accident!

You may have chosen to be an admin. I didn't!

  • Home
  • FreeBSD
  • GNU/Linux
  • Security
  • Network
  • Virtualization
  • Politics
  • Github
  • Donate
  • Me

How to install the Clamav antivirus on CentOS 8

June 1, 2020 by Albert Valbuena

Clamav is a free antivirus nowadays owned by Cisco and developed under the umbrella of the Talos-Intelligence group. Don’t be fooled by the word free, this is serious business. It supports a wide variety of operating systems from Windows to Linux-based ones as well as FreeBSD. Many companies are using other types of antivirus software and some have had an advantage over Clamav for quite some time, that being real-time protection. However, since release 0.99, from back in 2015, Clamav incorporates a On-Access scanning feature, making more interesting and appealing tool. In this how to install the Clamav antivirus on CentOS 8 guide I’ll demonstrate how to install the tool and enable the On-Access scanning capability.

If you find the articles in Adminbyaccident.com useful to you, please consider making a donation.

As it happens with some other tools on CentOS one needs to enable the EPEL repository. You can read about some repo configuration on this other article but for enabling EPEL now you can just use this command:

Step 0. Enable the EPEL repository

$ sudo dnf --enablerepo=extras install epel-release

Once the repo has been configured and installed we need to update the system repositories information.

$ sudo dnf update -y

Now that the EPEL repository has been configured installed and the system’s information has been updated I can install the Clamav antivirus on CentOS 8.

Step 1. Install Clamav

$ sudo dnf install clamav clamav-update clamd -y

This above command will install the clamav program the freshclam utility in clamav-update so updates are received automatically and the clamav daemon.

Step 2. Adjust SELinux

Now Clamav has been installed SELinux must be adjusted, otherwise the freshclam utility for updates will not work and scans will not be performed because they’ll be blocked.

$ sudo setsebool -P antivirus_can_scan_system 1

Use the above command and do not disable SELinux completely unless you have a good reason for that and/or know what you’re doing.

Step 3. Get the antivirus signatures

In order to get the latest signatures I will use the following command.

$ sudo freshclam

The server will start downloading all the signatures.

Step 4. Configure clamd

In order to make use of Clamav a few configuration bits must be changed. First locate the ‘LocalSocket’ parameter in /etc/clamd.d/scan.conf file and enable it.

This next command will do this.

$ sudo sed -i 's/#LocalSocket \/run/LocalSocket \/run/g' /etc/clamd.d/scan.conf

Check the result to look like:

[albert@CentOS ~]$ grep -n 'LocalSocket' /etc/clamd.d/scan.conf

93:LocalSocket /run/clamd.scan/clamd.sock

97:#LocalSocketGroup virusgroup

101:#LocalSocketMode 660

[albert@CentOS ~]$

Before enabling Clamav with Systemd control capabilities we’ll make two simple configuration changes in the entry for that in the ‘/usr/lib/systemd/system/clamd@.service’ file.

$ sudo sed -i 's/scanner (%i) daemon/scanner daemon/g' /usr/lib/systemd/system/clamd@.service

$ sudo sed -i 's/\/etc\/clamd.d\/%i.conf/\/etc\/clamd.d\/scan.conf/g' /usr/lib/systemd/system/clamd@.service

Step 5. Enable and start up the services for clamd and freshclam.

First we will enable the freshclam service with systemd.

$ sudo systemctl enable freshclam.service

After that we will start it up.

$ sudo systemct start freshclam.service

To check how it’s running type this next one.

$ sudo systemctl status freshclam.service

With fresclam enabled and running time to do the same with clamd.

To enable the clamd service type:

$ sudo systemctl enable clamd@.service

Don’t forget the dot in the above command.

Now I’ll start it up.

$ sudo systemctl start clamd@scan

To check the clamd service is up and running use the next command.

$ sudo systemctl status clamd@scan

We can now make use of the Clamav antivirus and make some scans at will. This is a very short guide from its developers. But here some simple examples.

$ sudo clamscan filename

Instead of files one can scan directories.

$ sudo clamscan -r directoryname

Flags can be used so Clamav does not only scan for viruses but takes specific actions.

To remove found threats on the manual scan.

$ sudo clamscan --remove filename

$ sudo clamscan -r --remove directoryname

Other flags can be used to log the results

$ sudo clamscan -r --log=/path/to/the/log

Or move the suspicious files

$ sudo clamscan -r –move=/path/to/the/quarantine/directory

These actions can be declared on the systemd launch files for clamd. The filw is located here:

/usr/lib/systemd/system/clamd@.service

Now, this could be all on a regular how to install the Clamav antivirus on CentOS 8 guide. However as an extra, a very convenient one, I’m going to enable the On-Access module.

Step 6. Enable On-Access (Optional)

As already described above Clamav incorporates the On-Access scan feature and this is interesting because the tool will prevent writing or even reading from infected files. In this link one can read the official instructions but I’ll post it here and explain a few other extra bits.

First I will stop the clamav service.

$ sudo systemctl stop clamd@service

Then I will enable the on-access module.

$ sudo sed -i 's/#OnAccessPrevention yes/OnAccessPrevention yes/g' /etc/clamd.d/scan.conf

Next configuration arrengement is to set what has to be scanned. There are two already set entries but they are commented. Each path one desires to monitor and get scanned has to be declared on one single, independent, line.

If I want to scan my /home directory I will do this:

$ sudo sed -i 's/#OnAccessIncludePath \/home/OnAccessIncludePath \/home/g' /etc/clamd.d/scan.conf

But if I also want to scan my website folder in the system I will add and entry on the ‘OnAccessInclude’ section. To find the line one needs to edit use the following command.

$ grep -n ‘OnAccessInclude’ /etc/clamd.d/scan.conf

Once you see the line where it starts you can edit the file and add your entry. For the above example on the website directory add this:

OnAccessIncludePath /var/www/html

This will scan all the files and directories under that path.

Last but not least I will exclude the clamav user to be scanned and looked after so it’s not blocked.

$ sudo sed -i 's/#OnAccessExcludeUname clamav/OnAccessExcludeUname clamscan/g' /etc/clamd.d/scan.conf

Now the On-Access scan has been minimally configured I can add a systemd entry so it starts up automatically after reboots.

First I create an empty file.

$ sudo touch /usr/lib/systemd/system/clamonacc.service

Now I add the following configuration block.

[Unit]

Description=ClamAV On Access Scanner

Requires=clamd@service

After=clamd.service syslog.target network-online.target

[Service]

Type=simple

User=root

ExecStart=/usr/bin/clamonacc -F --log=/var/log/clamonacc --move=/tmp/clamav-quarantine

Restart=on-failure

RestartSec=7s

[Install]

WantedBy=multi-user.target

After this block has been placed the log file and the quarantine directory must be created.

For the log file I’ll use the following command:

$ sudo touch /var/log/clamonacc

For the quarantine directory:

$ sudo mkdir /tmp/clamav-quarantine

Before enabling this recently created entry on systemd let’s reload the tool.

$ sudo systemctl daemon-reload

Now I can enable the clamonacc.service so the On-Access scan capacity is systemd-aware. Or better said, systemd knows this exists and what to do with it.

$ sudo systemctl enable clamonacc.service

Because clamonacc depends on clamd and I stopped it before making these changes I need to start it up again.

$ sudo systemctl start clamd@service

Time to start the clamonacc.service service.

$ sudo systemctl start clamonacc.service

To check that all the Clamav antivirus services are up and running I will use this next command:

[albert@CentOS ~]$ ps -ef | grep clam

clamupd+ 1498 1 0 17:10 ? 00:00:00 /usr/bin/freshclam -d --foreground=true

clamscan 1526 1 0 17:11 ? 00:00:00 /usr/sbin/clamd -c /etc/clamd.d/scan.conf

root 1530 1 0 17:11 ? 00:00:00 /usr/bin/clamonacc -F --log=/var/log/clamonacc --move=/tmp/clamav-quarantine

clamscan 1578 1 99 17:13 ? 00:00:02 /usr/sbin/clamd -c /etc/clamd.d/scan.conf

albert 1608 1581 0 17:13 pts/0 00:00:00 grep --color=auto clam

[albert@CentOS ~]$

Clamav and its On-Access module are now installed and enabled.

Conclusion

To conclude this how to install the Clamav antivirus on CentOS 8 guide you’re very welcome to test this same configuration using the script on my Github or tune it to best fit your needs.

This same setup can be built in DigitalOcean. Use this link to get 100 $ credit at DigitalOcean and support Adminbyaccident.com hosting costs.

Filed Under: GNU/Linux, How To's, Security

Recent Posts

  • How to configure Apache HTTP as a reverse proxy on FreeBSD
  • How to install Nextcloud on FreeBSD 12
  • How to install ModSecurity 3 on FreeBSD
  • How to replace a disk on a ZFS mirror pool
  • How to install Webmin on FreeBSD 12
  • How to patch OpenSSH in FreeBSD 12.2
  • The CentOS party is over, isn’t it?
  • Donation Time 2020
  • How to configure TLS 1.2 on UNIX or GNU/Linux
  • How to install the Clamav antivirus on CentOS 8
  • 100 articles mark at Adminbyaccident.com
  • How to analyze suspicious email
  • How to work with Nessus scan results
  • How to install Ansible on FreeBSD
  • How to secure the ELK stack on CentOS 8
  • How to mirror disks on FreeBSD’s ZFS
  • Nmap cheatsheet
  • Nessus vulnerability scanner
  • How to install the ELK stack on CentOS 8
  • How to install OSSEC agents on Windows

Archives

  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • September 2018
  • June 2018
  • May 2018
  • April 2018
  • February 2018
  • January 2018
  • November 2017
  • April 2017

Copyright © 2021 · Magazine Pro Theme on Genesis Framework · WordPress · Log in