How to Install ClamAV on CentOS 7: A Step-by-Step Guide

How to Install ClamAV on CentOS 7

We’ll divide this tutorial into three steps – installing ClamAV on CentOS 7, configuring SELinux, and configuring ClamAV. So, let’s get started!

1. Installing ClamAV on CentOS 7

1. By default, ClamAV doesn’t come prepackaged in the CentOS software repository. We have to add the additional repository by running yum commands one after the other:

   sudo yum -y install epel-release

   sudo yum clean all

2. Now, it’s time to install ClamAV on CentOS 7. Simply run the following command:

   sudo yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

You have installed ClamAV, but we still need to make several additional configurations to make it work properly.

2. Configuring SELinux

SELinux is a security measure aimed at protecting changes to some files. Additional configuration is required if you want to use ClamAV with enabled SELinux kernel module. Otherwise, ClamAV will not be able to read certain sections of your files.

1. To configure SELinux, execute the following commands one by one:

   sudo setsebool -P antivirus_can_scan_system 1

   sudo setsebool -P clamd_use_jit 1

2. Next, you have to verify the changes:

   sudo getsebool -a | grep antivirus

   You should get this result:

   antivirus_can_scan_system --> on
   antivirus_use_jit --> off

Once ClamAV is ready to run alongside SELinux, it is time to configure the antivirus.

3. Configuring ClamAV

1. Before you can enable ClamAV configuration, you need to remove Example string from the configuration file:

   sudo sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf

2. Next, you will have to specify the server type. Open the configuration file using your favorite text editor. In this example, we will use nano. If it’s not already installed, you can do it using yum:

   sudo yum install nano -y

   Next, open the configuration file:

   sudo nano /etc/clamd.d/scan.conf

   Find the following line:

   #LocalSocket /var/run/clamd.scan/clamd.sock

   Remove the # symbol and save your changes.

3. Now, remove Example string from ClamAV’s freshclam update engine configuration file:

   sudo sed -i -e "s/^Example/#Example/" /etc/freshclam.conf

4. Once that’s done, you can run virus definition database update:

   sudo freshclam

   You should get a similar output:

   ClamAV update process started at Tue Dec  19 09:30:20 2016
   main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
   Trying host database.clamav.net (69.163.100.14)...
   Downloading daily.cvd [100%]
   daily.cvd updated (version: 22739, sigs: 1100989, f-level: 63, builder: neo)
   Downloading bytecode-279.cdiff [100%]
   Downloading bytecode-280.cdiff [100%]
   Downloading bytecode-281.cdiff [100%]
   Downloading bytecode-282.cdiff [100%]
   Downloading bytecode-283.cdiff [100%]
   bytecode.cld updated (version: 285, sigs: 57, f-level: 63, builder: bbaker)
   Database updated (5319836 signatures) from database.clamav.net (IP: 168.143.19.95)

5. Lastly, start Clamd service and run it on boot:

   sudo systemctl start clamd@scan

   sudo systemctl enable clamd@scan

Conclusion

Viruses can harm computers and even web servers at any given time, regardless of what operating system you’re using. Therefore, if you own a Linux VPS or a server, you must install an antivirus to protect it from malicious attacks.

You’ve learned how to install ClamAV on CentOS 7 using the command line. Let’s review the steps once more:

1. Download the EPEL repository and install ClamAV on CentOS 7.
2. Configure SELinux to make sure ClamAV can thoroughly read all of your files.
3. Configure ClamAV and start the service.

That’s it! Feel free to leave a comment below if you have any questions.