Knowledge Base

Browse our knowledge base for free solutions to common problems

ClamAV Install on RockyLinux 9 With DirectAdmin

Created On: 1 March 2023
Written by: Ben


ClamAV is an open-source antivirus software toolkit that can be run on a variety of operating systems, including Linux, Windows, and macOS, to detect and remove malware from desktops as well as servers.

You can use Clam to help identify several kinds of malware, such as worms, Trojan horses, spyware, adware, and other harmful programmes.

Clam uses signature-based detection and heuristic analysis to identify malware, and it can also scan files and directories for specific patterns of behaviour that might indicate the presence of malware.

System administrators frequently use Clam to safeguard their networks and servers from malware. It can provide real-time scanning of incoming files and emails by being integrated into a variety of mail servers, web servers, and file servers.

Installing ClamAV

Install on RockyLinux 9

Install The Packages

Packages for Clam are available without an additional repository getting added but epel-release is good to have, install epel-release on the machine you wish to install ClamAV on.

Install epel-release via command line:

yum install epel-release


dnf install epel-release

epel-release is now installed now so we can install the ClamAV packages that are required:

yum install clamav clamav-update


dnf install clamav clamav-update

Enabling autostart for ClamAV

The packages installed in our previous step work for actively scanning but if you want the service to automatically start on boot you should install the daemon with the following command:

yum install clamd


dnf install clamd

Then enable the daemon to autostart with systemctl:

systemctl enable clamd.service

Think carefully about how you wish to use . Having the daemon running constantly can be quite resource intensive and a lot of the time is not required.

Installing ClamAV via CustomBuild (For DirectAdmin)

If you use DirectAdmin you can set clamav flag to true within options.conf either by using custombuild within the DirectAdmin interface or by running the following:

cd /usr/local/directadmin/custombuild
./build set clamav yes

After setting clavav to yes in our options.conf we can add even more options to enable more intrusive scanning, be careful when using these as ClamAV can be resource heavy even with these disabled:

Option NameEnable TriggerDescription
Exim scanning./build set clamav_exim yes Enables Exim email scanning.
Proftpd scanning./build set proftpd_uploadscan yesEnables Proftpd file upload scanning.
Pureftpd scanning./build set pureftpd_uploadscan yesEnables Pureftpd file upload scanning.
PHP upload scanning./build set suhosin_php_uploadscan yesEnables PHP file upload scanning for suhosin.
Modsecurity upload scanning./build set modsecurity_uploadscan yesEnables modsecurity based upload scanning.
Additional Clam options for DirectAdmin

Once you have enabled the additional options of your choice install can begin by running:

cd /usr/local/directadmin/custombuild
./build update
./build clamav

Once the commands have complete ClamAV should be installed inside of DirectAdmin and additional entries for ClamAV service monitoring will be placed inside of your services monitoring file.

This should be located here:


If you prefer to do so you can also download the ClamAV installer RPM or PKG files directly from the ClamAV website here.

ICTU LTD is a company registered England and Wales (Company No. 09344913) 15 Queen Square, Leeds, West Yorkshire, England, LS2 8AJ
Copyright © 2024 ICTU LTD, All Rights Reserved.