services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ef527abef4886e8ab5d242618be39047b9c5ca77
homelab/active/software_clamav/clamav.md
ducoterra 75f4aaebf1
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 39s
Details
add clamav docs
2025-11-07 13:29:02 -05:00

2.3 KiB
Raw Blame History

Clamav

Quick Start

https://docs.clamav.net/manual/Usage/Configuration.html#first-time-set-up

# Install
sudo dnf install clamav clamav-freshclam clamd

##### Set up Freshclam #####

# Create freshclam's log file
sudo touch /var/log/freshclam.log
sudo chmod 600 /var/log/freshclam.log
sudo chown clamscan /var/log/freshclam.log

# Copy configuration files
sudo cp active/software_clamav/freshclam.conf
sudo chown root:root /etc/freshclam.conf
sudo chmod u=rw,go=r /etc/freshclam.conf

# Update the freshclam DB
sudo freshclam
sudo systemctl enable clamav-freshclam --now

##### Set up Clamd #####

# Create clamd's log file
sudo touch /var/log/clamd.scan
sudo chmod 600 /var/log/clamd.scan
sudo chown clamscan /var/log/clamd.scan

# Copy configuration files
# NOTE: Edit scan.conf OnAccessIncludePath to point to your home dir
vim active/software_clamav/scan.conf

sudo cp active/software_clamav/scan.conf /etc/clamd.d/scan.conf
sudo chown root:root /etc/clamd.d/scan.conf
sudo chmod u=rw,go=r /etc/clamd.d/scan.conf

# Allow clamav with selinux
sudo setsebool -P antivirus_can_scan_system 1

Edit the clamd@ service to limit system resources.

sudo systemctl edit clamd@

[Service]
Nice=18
IOSchedulingClass=idle
CPUSchedulingPolicy=idle

Then start the clamd service

sudo systemctl daemon-reload
sudo systemctl enable --now clamd@scan
sudo systemctl status clamd@scan

Allow your user to run scans

sudo -E usermod -aG virusgroup $USER

On Access Scanning

If you want to cripple your computer you can enable on-access scanning.

sudo systemctl edit clamav-clamonacc.service

[Service]
ExecStart=
ExecStart=/usr/sbin/clamonacc -F --fdpass --config-file=/etc/clamd.d/scan.conf

sudo systemctl daemon-reload
sudo systemctl enable --now clamav-clamonacc.service

Testing

The eicar test malware allows you to test any malware scanner, as every scanner should have its signature included in its database.

  1. Create a new file called eicar.com
  2. Add the contents: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
  3. Save and scan: clamdscan eicar.com
  4. If you have on access scanning enabled you shouldn't be able to open it.
Reference in New Issue View Git Blame Copy Permalink