ClamAV is an open-source antivirus software toolkit that can be run on a variety of operating systems, including Linux, Windows, and macOS, to detect and remove malware from desktops as well as servers.
You can use Clam to help identify several kinds of malware, such as worms, Trojan horses, spyware, adware, and other harmful programmes.
Clam uses signature-based detection and heuristic analysis to identify malware, and it can also scan files and directories for specific patterns of behaviour that might indicate the presence of malware.
System administrators frequently use Clam to safeguard their networks and servers from malware. It can provide real-time scanning of incoming files and emails by being integrated into a variety of mail servers, web servers, and file servers.
Packages for Clam are available without an additional repository getting added but epel-release is good to have, install epel-release on the machine you wish to install ClamAV on.
Install epel-release via command line:
yum install epel-release
or
dnf install epel-release
epel-release is now installed now so we can install the ClamAV packages that are required:
yum install clamav clamav-update
or
dnf install clamav clamav-update
The packages installed in our previous step work for actively scanning but if you want the service to automatically start on boot you should install the daemon with the following command:
yum install clamd
or
dnf install clamd
Then enable the daemon to autostart with systemctl:
systemctl enable clamd.service
Think carefully about how you wish to use . Having the daemon running constantly can be quite resource intensive and a lot of the time is not required.
If you use DirectAdmin you can set clamav flag to true within options.conf either by using custombuild within the DirectAdmin interface or by running the following:
cd /usr/local/directadmin/custombuild
./build set clamav yes
After setting clavav to yes in our options.conf we can add even more options to enable more intrusive scanning, be careful when using these as ClamAV can be resource heavy even with these disabled:
Option Name | Enable Trigger | Description |
Exim scanning | ./build set clamav_exim yes | Enables Exim email scanning. |
Proftpd scanning | ./build set proftpd_uploadscan yes | Enables Proftpd file upload scanning. |
Pureftpd scanning | ./build set pureftpd_uploadscan yes | Enables Pureftpd file upload scanning. |
PHP upload scanning | ./build set suhosin_php_uploadscan yes | Enables PHP file upload scanning for suhosin. |
Modsecurity upload scanning | ./build set modsecurity_uploadscan yes | Enables modsecurity based upload scanning. |
Once you have enabled the additional options of your choice install can begin by running:
cd /usr/local/directadmin/custombuild
./build update
./build clamav
Once the commands have complete ClamAV should be installed inside of DirectAdmin and additional entries for ClamAV service monitoring will be placed inside of your services monitoring file.
This should be located here:
/usr/local/directadmin/data/admin/services.status
If you prefer to do so you can also download the ClamAV installer RPM or PKG files directly from the ClamAV website here.