CetnOS 7: Virus scan with ClamAV

This article will describe virus scan with ClamAV.

1 Install epel-release

clamav packages are in EPEL repository. Install epel-release first.

$ sudo yum install -y epel-release

2 Virus scan with clamscan

Install clamav package.

$ sudo yum install -y clamav

The clamscan command will scan file or directory.

  • -r option will scan directory recursively.
  • -i option will show detected file only.
  • –move option will move detected file to specific directory.
$ mkdir ~/virus
$ clamscan -r -i --move=$HOME/virus .

3 Update virus database manually

The freshclam command will update virus database. The freshclam command includes in clamav-update package.

$ sudo yum install -y clamav-update
$ sudo freshclam

4 Update virus database automatically

Installing clam-update package will enable cron job which will run /usr/share/clamav/freshclam-sleep for each 3 hours. If FRESHCLAM_DELAY value is not "disabled-warn" nor "disabled", freshclam-sleep will run freshclam command. FRESHCLAM_DELAY default value is "disabled-warn".

So, for updating virus database automatically, you need to install clamav-freshclam package and replace FRESHCLAM_DELAY value.

$ sudo yum install -y clamav-update
-i /etc/sysconfig/freshclam

For changing update interval, you need to modify the following file.


5 Virus scan with clamd

The clamd daemon load database once and wait as a daemon. And run virus scan by request from clamdscan command without loading database.

clamd daemon always consume memory for database, but clamdscan is faster than clamscan. And clamdscan's behavior depends on clamd while clamscan's behavior depends clamscan's options.

Install packages for clamd.

$ sudo yum install -y clamav-server clamav-server-systemd clamav-scanner

Edit /etc/clamd.d/scan.conf which will be used by clamd.scan.service.

$ sudo sed -e 's/^Example/#Example/g' \
       -e 's/^User.*/User root/g' \
       -e 's/^#LocalSocket /LocalSocket /g' \
       -e 's/^#LocalSocketGroup.*/LocalSocketGroup clamscan/g' \
       -e 's/^#LocalSocketMode /LocalSocketMode /g' \
       -e 's/^#FixStaleSocket /FixStaleSocket /g' \
       -e 's/^#ExcludePath /ExcludePath /g' \
       -i /etc/clamd.d/scan.conf

Enable clamd.scan.service.

$ sudo systemctl enable clamd.scan

Create symbolic link from /etc/clamd.d/scan.conf to /etc/clamd.conf which will be used by clamdscan command.

$ sudo ln -s /etc/clamd.d/scan.conf /etc/clamd.conf

Allow selinux setting for clamd.

$ sudo setsebool -P antivirus_can_scan_system 1
$ sudo setsebool -P clamd_use_jit 1

Add running clamdscan user to clamdscan group.

$ sudo gpasswd -a "${USER}" clamscan

Reboot for updating gpasswd setting.

$ sudo reboot

After reboot, you can run clamdscan.

$ clamdscan <file-or-dir>

6 Virus scan with clamtk

clamtk package provides GUI window, This is useful for desktop user.

$ DL=https://bitbucket.org/dave_theunsub/clamtk/downloads
$ wget -q ${DL}/clamtk-5.24-1.el7.noarch.rpm
$ sudo yum localinstall -y clamtk-5.24-1.el7.noarch.rpm

clamtk is as the following. My environment needs double click to select item.


Check "scan directories recursively" in Settings.


Home directory can be scanned recursively by "Scan a directory".