services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7ccedb976824ecffd6a5aeb41148bd7e6d2831b1
homelab/active/software_clamav/clamav.md
ducoterra 75f4aaebf1
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 39s
Details
add clamav docs
2025-11-07 13:29:02 -05:00

99 lines
2.3 KiB
Markdown
Raw Blame History

# Clamav
- [Clamav](#clamav)
- [Quick Start](#quick-start)
- [On Access Scanning](#on-access-scanning)
- [Testing](#testing)
## Quick Start
<https://docs.clamav.net/manual/Usage/Configuration.html#first-time-set-up>
```bash
# Install
sudo dnf install clamav clamav-freshclam clamd
##### Set up Freshclam #####
# Create freshclam's log file
sudo touch /var/log/freshclam.log
sudo chmod 600 /var/log/freshclam.log
sudo chown clamscan /var/log/freshclam.log
# Copy configuration files
sudo cp active/software_clamav/freshclam.conf
sudo chown root:root /etc/freshclam.conf
sudo chmod u=rw,go=r /etc/freshclam.conf
# Update the freshclam DB
sudo freshclam
sudo systemctl enable clamav-freshclam --now
##### Set up Clamd #####
# Create clamd's log file
sudo touch /var/log/clamd.scan
sudo chmod 600 /var/log/clamd.scan
sudo chown clamscan /var/log/clamd.scan
# Copy configuration files
# NOTE: Edit scan.conf OnAccessIncludePath to point to your home dir
vim active/software_clamav/scan.conf
sudo cp active/software_clamav/scan.conf /etc/clamd.d/scan.conf
sudo chown root:root /etc/clamd.d/scan.conf
sudo chmod u=rw,go=r /etc/clamd.d/scan.conf
# Allow clamav with selinux
sudo setsebool -P antivirus_can_scan_system 1
```
Edit the `clamd@` service to limit system resources.
```bash
sudo systemctl edit clamd@
[Service]
Nice=18
IOSchedulingClass=idle
CPUSchedulingPolicy=idle
```
Then start the clamd service
```bash
sudo systemctl daemon-reload
sudo systemctl enable --now clamd@scan
sudo systemctl status clamd@scan
```
Allow your user to run scans
```bash
sudo -E usermod -aG virusgroup $USER
```
## On Access Scanning
If you want to cripple your computer you can enable on-access scanning.
```bash
sudo systemctl edit clamav-clamonacc.service
[Service]
ExecStart=
ExecStart=/usr/sbin/clamonacc -F --fdpass --config-file=/etc/clamd.d/scan.conf
sudo systemctl daemon-reload
sudo systemctl enable --now clamav-clamonacc.service
```
## Testing
The `eicar` test malware allows you to test any malware scanner, as every
scanner should have its signature included in its database.
1. Create a new file called `eicar.com`
2. Add the contents: `X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*`
3. Save and scan: `clamdscan eicar.com`
4. If you have on access scanning enabled you shouldn't be able to open it.
Reference in New Issue View Git Blame Copy Permalink