Setting up clamav on a server

[UPDATED] Some very concise instructions on configuring clamav for a file server. This is to document the steps I took on a Mediawiki box.


Most of what follows was culled from just doing it. The ClamAV Wiki was only marginally helpful. What would be really nice is if someone in the RHEL community would do a HowTo on this. Maybe that’s something I’ll consider for next year.

For Red Hat enterprise distributions (Red Hat Enteprise, CentOS, Scientific Linux) clamav related packages can be found in the EPEL repository. Later versions of Fedora Linux include it as part of the main repo.

The base package is clamav. Yum will also also install clamav-db (or clamav-data). The clamav-update package should also be installed.

The clamd daemon allows for greater efficiency in supporting frequent on demand scans such as you’d expect on a file or mail server. I did not use it with my wiki server.

The package for clamav automatically should set up a job to run freshclam inside cron.daily in order to keep the signature database up to date (later versions of Fedora fail to include the cron.daily script, so be sure to check for it).

My systems have the following in a file called /etc/cron.daily/freshclam:

#!/bin/sh

/usr/bin/freshclam --quiet

(this file is permissioned chmod ugo+x)

Some basics about using clamav.

There are two scanning utilities: clamscan is the traditional anti virus scanner, while clamdscan is a client for the clamd daemon.

In general clamdscan is faster, but because the daemon is running as the clam user may not have the file system permissions necessary to access some directory structures (like Unix home directories). You might want to use clamdscan against shared file systems where you can make the clam user a member of the owning group.

Here are some sample commands:

clamscan -r -i /data/projects/ldap

This will do a recursive scan on everything under the “shared” directory but only print infected files.

Using clamdscan against the same directory structure:

clamdscan /data/projects/ldap

In general clamav provides a robust, reliable means of checking user files for virus infections. It is not designed to block malware or viruses operating in memory. That’s the job of desktop malware and real-time antivirus services.