How to Install ClamAV Antivirus on Ubuntu/Centos VPS Server

In this chapter, you will learn

  1. How to Install & Configure ClamAV antivirus on Ubuntu and CentOS Server?

Installing and running antivirus on a VPS server is essential for protecting it from different threats such as trojans, malware, viruses, and other harmful programs. In this article, we'll show you how to install ClamAV, a free antivirus, on Ubuntu/CentOS VPS servers, covering everything from start to finish.

Introduction: ClamAV Antivirus

The ClamAV antivirus is a free and open-source program that works well on different Linux distributions. Here are some useful features of ClamAV antivirus:

  1. Protects against Malware, Trojans, Worms, Rootkits, Viruses, and other malicious programs.
  2. It's a cross-platform toolkit.
  3. Offers a Command Line Interface (CLI) for server scanning.
  4. Provides mail protection by scanning and filtering emails.
  5. Scans various archive formats such as Tar, Gzip, Zip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS, etc.
  6. Includes several built-in tools.
  7. Automatically updates its database.
  8. Offers real-time protection for Linux systems.

Check ClamAV Status

Before starting the fresh installation of ClamAV, it's important to check whether it's already installed on your server. You can do this by using the following command:

clamscan --version
ClamAV 0.103.11/27195/Sat Feb 24 14:58:55 2024

or,

clamscan -V
ClamAV 0.103.11/27195/Sat Feb 24 14:58:55 2024

Installation

Install ClamAV on Ubuntu

1. Update Ubuntu and its repository:
sudo apt-get update
2. Install ClamAV and ClamAV Daemon
sudo apt install clamav clamav-daemon -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
3. Stop the ClamAV and update virus database.
Ⅰ. Stop ClamAV:
sudo systemctl stop clamav-freshclam
Ⅱ. Update the virus database:
sudo freshclam
Wed Feb 28 16:43:12 2024 -> ClamAV update process started at Wed Feb 28 16:43:12 2024
Wed Feb 28 16:43:12 2024 -> daily.cld database is up-to-date (version: 27199, sigs: 2054066, f-level: 90, builder: raynman)
Ⅲ. Start ClamAV
sudo systemctl start clamav-freshclam
4. Check ClamAV Status:
clamscan -V
ClamAV 0.103.11/27195/Sat Feb 24 14:58:55 2024

Install ClamAV on CentOS

If you're using CentOS, you can install the ClamAV antivirus with the following command:

Installing ClamAV
Step 1: Add ClamAV into CentOS Repositories.
sudo yum -y install epel-release
$sudo yum clean all
Step 2: Install ClamAV.
sudo yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Configuring SELinux

Check the SELinux status before you proceed. If you see that it's disabled on your server, you can skip this part.

See SELinux status:
sestatus
SELinux status:                 enabled

If SELinux is enabled on your server, you'll need to configure it to ensure ClamAV works properly. SELinux protects core system files and other files from being scanned and changed. You'll need to allow ClamAV in the SELinux configuration file.

If you see that SELinux is enabled, follow these steps one by one to configure it.

Step 1. Adjust ClamAV with SELinux and give permission to all files.
sudo setsebool -P antivirus_can_scan_system 1
$sudo setsebool -P clamd_use_jit 1
Step 2. Verify the changes.
sudo getsebool -a | grep antivirus

Now that ClamAV is set up to work with SELinux, there's just one more thing to do before enabling the ClamAV antivirus.

Configure ClamAV

After finishing the installation process, you'll need to configure the ClamAV configuration file like this:

Step 1. Run the following command to remove Example string from the configuration file.
sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
$sed -i -e "s/#LocalSocket /LocalSocket /" /etc/clamd.d/scan.conf
$sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
Step 2. Download the latest virus database.
sudo freshclam
Step 3. Create a Systemd service so that ClamAV can be start automatically when system reboot.
sudo vi /usr/lib/systemd/system/freshclam.service
Step 4.Add following line in the file.
sudo vi /usr/lib/systemd/system/freshclam.service
[Unit]
Description = freshclam scanner
After = network.target

[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 1
Restart = on-failure
PrivateTmp =true

[Install]
WantedBy=multi-user.target
Step 4. To Save and Exit, Press Esc → type :wq → press Enter.

Enable ClamAV

Enable the ClamAV as follows:

systemctl enable clamd@scan
$systemctl enable freshclam
$systemctl start clamd@scan
$systemctl start freshclam

Scanning

After completing all the above process, make your first server scan using ClamAV.

. Scan and list the infected files

clamscan -i -v -r /

. Scan and saves information on logfile.txt.

clamscan -i -v -r --log=logfile.txt /

Summary

In this chapter, I covered what ClamAV antivirus is, how to install it on Ubuntu and CentOS servers, configuring SELinux to work properly with ClamAV, and scanning your server using this antivirus program.





Print