ClamAV is an open source antivirus tool. Its basic usage is for detecting viruses, malware, and malicious software on Linux-based machines. The threat from viruses, Trojans, and other forms of malware is real. They have grown exponentially in both quantity and in sophistication, and antivirus software have had to adopt sophisticated detection methods. While there’s no guarantee that your system will not fall victim to these unwanted bits of code, remaining mindful when using the Internet and sharing files, implementing common-sense security policies, and using an up-to-date antivirus program can go a long way in protecting you.
This article will show you how to install and configure ClamAV on CentOS 7 and CentOS 8. I have also added some tips for Ubuntu.
1. Install ClamAV packages
To install ClamAV on CentOS 7, we need to install and enable EPEL repository.
# yum install epel-release
You can follow clamav official website to get the details of installing ClamAV on other distributions
ALSO READ: Solved: Error populating transaction, retrying RHEL/CentOS 7/8
Then we can install ClamAV with all its useful tools:
# yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
Below is a snippet from my server after the install was successful.
Below are the list of clamav rpms from my CentOS 7 environment
# rpm -qa | grep -i clamav clamav-0.102.4-1.el7.x86_64 clamav-data-0.102.4-1.el7.noarch clamav-filesystem-0.102.4-1.el7.noarch clamav-update-0.102.4-1.el7.x86_64 clamav-lib-0.102.4-1.el7.x86_64 clamav-devel-0.102.4-1.el7.x86_64
2. Manually update the feshclam database
To update the database for the first time we need to run freshclam to update the database manually and to check whether the configuration is successfully set:
# freshclam ClamAV update process started at Tue Nov 6 15:51:59 2018 WARNING: Can't query current.cvd.clamav.net WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): OK (IMS) main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Reading CVD header (daily.cvd): OK Downloading daily-25006.cdiff [100%] Downloading daily-25092.cdiff [100%] Downloading daily-25093.cdiff [100%] Downloading daily-25094.cdiff [100%] Downloading daily-25095.cdiff [100%] daily.cld updated (version: 25095, sigs: 2143057, f-level: 63, builder: neo) Reading CVD header (bytecode.cvd): OK bytecode.cvd is up to date (version: 327, sigs: 91, f-level: 63, builder: neo) Database updated (6709397 signatures) from database.clamav.net (IP: 104.16.186.138)
This will add or update the existing database file inside
# ls -l /var/lib/clamav/ total 442156 -rw-r--r-- 1 clamupdate clamupdate 296388 Sep 5 17:16 bytecode.cvd -rw-r--r-- 1 clamupdate clamupdate 334600704 Sep 5 14:44 daily.cld -rw-r--r-- 1 clamupdate clamupdate 117859675 Nov 25 2019 main.cvd
ALSO READ: How to undo rm in Linux? [100% Working]
3. Configure auto-update of freshclam database
Based on different distribution, the method to configure auto-update of freshclam database may differ. I see different behaviour in CentOS7 , CentOS 8 and Ubuntu.
3.1: On Ubuntu with /etc/clamav/freshclam.conf
In the /etc/clamav/freshclam.conf file of your Ubuntu machine, you’ll see the following lines at the end:
# Check for new database 24 times a day Checks 24 DatabaseMirror db.local.clamav.net DatabaseMirror database.clamav.net
So, essentially, this means that on Ubuntu, ClamAV will be checking for updates every hour.
3.2: On CentOS 7 with cron job
With clamav-update-0.102.4-1.el7.x86_64 I could find a cron job file which is responsible for performing periodic update to the freshclam database
# cat /etc/cron.d/clamav-update ## Adjust this line... MAILTO=root ## It is ok to execute it as root; freshclam drops privileges and becomes ## user 'clamupdate' as soon as possible 0 */3 * * * root /usr/share/clamav/freshclam-sleep
The */3 in the second column from the left indicates that ClamAV will check for updates every 3 hours.
You can change the default time to check for updates if you like, but you’ll also need to change the setting in the /etc/sysconfig/freshclam file.
Let’s say that you want CentOS to also check for ClamAV updates every hour. In the cron job file, change */3 to *. (You don’t need to do */1 because the asterisk by itself in that position already indicates that the job will run every hour.)
ALSO READ: How to check security updates list & perform linux patch management RHEL 6/7/8
Then, in the /etc/sysconfig/freshclam file, look for this line:
# FRESHCLAM_MOD=
Uncomment that line and add the number of minutes that you want between updates. To set it to 1 hour, so that it matches the cron job, it will look like this:
FRESHCLAM_MOD=60
To disable the auto-update you can modify
# FRESHCLAM_DELAY=
Uncomment this line and add disabled to this value:
FRESHCLAM_DELAY=disabled
3.3: On CentOS 8 with systemd clamav-freshclam.service
In CentOS 8 with clamav-update-0.102.4-1.el8.x86_64 I observed that below files were missing
/usr/share/clamav/freshclam-sleep/etc/cron.d/clamav-update files/etc/sysconfig/freshclam
It is possible with CentOS 8, the developer wants us to use /usr/lib/systemd/system/clamav-freshclam.service to handle auto updates of freshclam database. If you check the content of this service unit file
[Unit] Description=ClamAV virus database updater Documentation=man:freshclam(1) man:freshclam.conf(5) https://www.clamav.net/documents # If user wants it run from cron, don't start the daemon. ConditionPathExists=!/etc/cron.d/clamav-freshclam Wants=network-online.target After=network-online.target [Service] ExecStart=/usr/bin/freshclam -d --foreground=true StandardOutput=syslog [Install] WantedBy=multi-user.target
We have a condition
# If user wants it run from cron, don't start the daemon.
ConditionPathExists=!/etc/cron.d/clamav-freshclam
So if /etc/cron.d/clamav-freshclam exists then user cannot start this daemon. You can find more details in this Red Hat Bugzilla where the developer seems to have done this intentionally so moving forward in RHEL/CentOS we can expect to only see the service unit file.
But this service unit file with CentOS 8 is not well developed to handle the auto-update of the ClamAV database.
ALSO READ: Install Kali Linux on Apple M1 with UTM [100% Working]
With cron we had a timer which was configured to perform the auto-update. Similarly in systemd we should have an equivalent clamav-freshclam.timer file for clamav-freshclam.service but this was missing from my node.
So I decided to create my own systemd timer unit file /etc/systemd/system/clamav-freshclam.timer with below content.
# cat /etc/systemd/system/clamav-freshclam.timer [Unit] Description=ClamAV virus database updater After=network-online.target [Timer] OnCalendar=daily Persistent=true [Install] WantedBy=timers.target
There was one more problem though..
The existing clamav-freshclam.service is configured to start as a daemon in the foreground. When I was testing this, the timer never worked i.e. it failed to execute the freshclam daemon. The reason was because the daemon was always in running state
# ps -ef | grep freshclam
clamupd+ 4874 1 0 17:14 ? 00:00:00 /usr/bin/freshclam -d --foreground=true
root 4907 2074 0 17:14 pts/1 00:00:00 grep --color=auto freshc
So if a daemon is already running, it is obvious that the timer won’t be able to start the service again to initiate the auto update. So I decided to modify this unit file and created my own file where I am just executing freshclam without any arguments as I would do from the terminal to update the database:
# cat /etc/systemd/system/clamav-freshclam.service
[Unit]
Description=ClamAV virus database updater
Documentation=man:freshclam(1) man:freshclam.conf(5) https://www.clamav.net/documents
# If user wants it run from cron, don't start the daemon.
ConditionPathExists=!/etc/cron.d/clamav-freshclam
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/bin/freshclam
StandardOutput=syslog
[Install]
WantedBy=multi-user.target
Next enable and start the clamav-freshclam.timer. We don’t need to start and enable the service as timer will take care of that.
# systemctl enable clamav-freshclam.timer --now
So we are all done, check the status of the timer:
ALSO READ: How to install ARPACK in Linux? [SOLVED]
Verify the list of available timers and check the time when the clamav-freshclam.timer will be next executed. So our clamav-freshclam.timer is configured to start the service next at Sun 2020-09-06 00:00:00
Once the service is executed, we should see logs similar to below in journalctl
4. Configure /etc/clamd.d/scan.conf
The configuration file for ClamAV is available at /etc/clamd.d/scan.conf. The default user for performing scan is clamscan which is created as soon as we install clamav rpms
# id clamscan uid=982(clamscan) gid=979(clamscan) groups=979(clamscan),980(virusgroup)
But we will change this to «root» user, search for
User clamscan
Comment this line and add a new line
User root
We can leave all other configuration options to default and next start the service:
5. Configure and start clamd.service
We have an example service file /usr/lib/systemd/system/clamd@.service that we need to copy into the system services folder.
I will copy this file to /etc/systemd/system/clamd.service. I hope you are familiar with the different systemd service file locations so you can understand why I preferred this location instead of /usr/lib/systemd/system
# cp -ap /usr/lib/systemd/system/clamd@.service /etc/systemd/system/clamd.service
Next replace %i with scan.conf from both the Description and ExecStart options in /etc/systemd/system/clamd.service
Enable and start the clamd service
# # systemctl enable clamd.service --now Created symlink /etc/systemd/system/multi-user.target.wants/clamd.service → /etc/systemd/system/clamd.service
ALSO READ: Defensive Programming Techniques Explained with Examples
Check the status to make sure the service is active and running:
6. Configure periodic scan using clamdscan (Optional)
You can follow this step if you wish to configure auto scan of any directory as by default you will have to initiate manual scan.
We will create a new systemd service unit file :
# cat /etc/systemd/system/clamdscan-home.service
[Unit]
Description=ClamAV virus scan
Requires=clamd.service
After=clamd.service
[Service]
ExecStart=/usr/bin/clamdscan /home
StandardOutput=syslog
[Instal]
WantedBy=multi-user.target
To perform a periodic scan we also need a mapping timer unit file. Here I have added time value of 18:40 to start the scan:
# cat /etc/systemd/system/clamdscan-home.timer
[Unit]
Description=Scan /home directory using ClamAV
[Timer]
OnCalendar=18:40:00
Persistent=true
[Install]
WantedBy=timers.target
Next enable and start the timer
# systemctl enable clamdscan-home.timer --now Created symlink /etc/systemd/system/timers.target.wants/clamdscan-home.timer → /etc/systemd/system/clamdscan-home.timer.
We don’t need to start the service unit file as it will be controlled by the timer file
Now we monitor the journalctl logs at 18:40 PM
Sep 05 18:40:05 server.example.com systemd[1]: Started ClamAV virus scan. Sep 05 18:40:17 server.example.com clamdscan[10901]: /home: OK Sep 05 18:40:17 server.example.com clamdscan[10901]: ----------- SCAN SUMMARY ----------- Sep 05 18:40:17 server.example.com clamdscan[10901]: Infected files: 0 Sep 05 18:40:17 server.example.com clamdscan[10901]: Time: 11.725 sec (0 m 11 s)
7. Perform manual scan with clamscan
For a test scan of the current folder, we run the following command:
# clamscan --infected --remove --recursive ./ ----------- SCAN SUMMARY ----------- Known viruses: 6702413 Engine version: 0.100.2 Scanned directories: 7 Scanned files: 9 Infected files: 0 Data scanned: 0.01 MB Data read: 0.00 MB (ratio 2.00:1) Time: 25.439 sec (0 m 25 s)
ALSO READ: Install Lex and Yacc in Kali Linux [Step-by-Step]
Here,
infected: prints only infected filesremove: removes infected filesrecursive: all the sub-directories in the provided directory will also be scanned
Conclusion
In this tutorial we learned about ClamAV scanner and it’s configuration in Linux. With different version of clamav the stepsof configuration seems to be changing. As I am more comfortable with systemd, I have used the same to demonstrate all the steps in this tutorial but you are free to write custom scripts with crond to perform auto scan and auto update of the freshclam database.
Lastly I hope the steps from the article to configure ClamAV on Ubuntu, CentOS 7 and CentOS 8 Linux was helpful. So, let me know your suggestions and feedback using the comment section.
References
I have used below external references for this tutorial guide
man page for systemd timer
Install EPEL repo first
Clamav is available on EPEL repo. Please install EPEL first then, run the following command:
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
Remove “Example” line from freshclam.conf and /etc/clamd.d/scan.conf in default locatiof of clamd.conf!
sed -i -e “s/^Example/#Example/” /etc/freshclam.conf
sed -i -e “s/^Example/#Example/” /etc/clamd.d/scan.conf
Run freshclam to update database manually.
freshclam
Fresclam is run by cron job from /etc/cron.d/clamav-update
cat /etc/cron.d/clamav-update
## Adjust this line…
MAILTO=root
## It is ok to execute it as root; freshclam drops privileges and becomes
## user ‘clamupdate’ as soon as possible
0 */3 * * * root /usr/share/clamav/freshclam-sleep# /usr/share/clamav/freshclam-sleep
WARNING: update of clamav database is disabled; please see
‘/etc/sysconfig/freshclam’
for information how to enable the periodic update resp. how to turn
off this message.
It seems that freshclam update via cron is disabled. Remove the last line (REMOVE ME) from /etc/sysconfig/freshclam file to active…
# tail /etc/sysconfig/freshclam
## ‘disabled-warn’ … disables the automatic freshclam update and
## gives out a warning
## ‘disabled’ … disables the automatic freshclam silently
# FRESHCLAM_DELAY=### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
FRESHCLAM_DELAY=disabled-warn # REMOVE ME
run clamd manually for testing purposes
/usr/sbin/clamd -c /etc/clamd.d/scan.conf –nofork=yes
ERROR: Please define server type (local and/or TCP)
If you get error like above, then we need to define server type. Use socket option.
Comment out the following line in /etc/clamd.d/scan.conf
#LocalSocket /var/run/clamd.scan/clamd.sock
to
LocalSocket /var/run/clamd.scan/clamd.sock
Enable on startup
# systemctl enable [email protected]
ln -s ‘/usr/lib/systemd/system/[email protected]’ ‘/etc/systemd/system/multi-user.target.wants/[email protected]’
and start the service, check the status
# systemctl start [email protected]
# systemctl status [email protected]
[email protected] – Generic clamav scanner daemon Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled) Active: active (running) since Mon 2015-01-05 14:45:08 EET; 3s ago Main PID: 13588 (clamd) CGroup: /system.slice/system-clamd.slice/[email protected] ââ13588 /usr/sbin/clamd -c /etc/clamd.d/scan.conf –nofork=yes Jan 05 14:45:08 Centos7-min systemd[1]: Started Generic clamav scanner daemon. Jan 05 14:45:08 Centos7-min clamd[13588]: clamd daemon 0.98.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Jan 05 14:45:08 Centos7-min clamd[13588]: Running as user clamscan (UID 995, GID 994) Jan 05 14:45:08 Centos7-min clamd[13588]: Log file size limited to 1048576 bytes. Jan 05 14:45:08 Centos7-min clamd[13588]: Reading databases from /var/lib/clamav Jan 05 14:45:08 Centos7-min clamd[13588]: Not loading PUA signatures. Jan 05 14:45:08 Centos7-min clamd[13588]: Bytecode: Security mode set to “TrustSigned”.
Run a test scan:
# clamdscan -c /etc/clamd.d/scan.conf /etc/hosts
/etc/hosts: OK
———– SCAN SUMMARY ———–
Infected files: 0
Time: 0.002 sec (0 m 0 s)
Installing clamav on previous Centos version was very easy for me. When I tried to install on Centos 7. I had to learn many things from scratch!..
Install EPEL repo
Clamav is available on EPEL repo. Please install EPEL first then, run the following command:
# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
Remove “Example” line from freshclam.conf and /etc/clamd.d/scan.conf in default locatiof of clamd.conf!
#sed -i -e “s/^Example/#Example/” /etc/freshclam.conf
#sed -i -e “s/^Example/#Example/” /etc/clamd.d/scan.conf
Run freshclam to update database manually.
# freshclam
Btw, fresclam is run by cron job from /etc/cron.d/clamav-update
# cat /etc/cron.d/clamav-update
## Adjust this line…
MAILTO=root
## It is ok to execute it as root; freshclam drops privileges and becomes
## user ‘clamupdate’ as soon as possible
0 */3 * * * root /usr/share/clamav/freshclam-sleep
# /usr/share/clamav/freshclam-sleep
WARNING: update of clamav database is disabled; please see
‘/etc/sysconfig/freshclam’
for information how to enable the periodic update resp. how to turn
off this message.
It seems that freshclam update via cron is disabled. Remove the last line (REMOVE ME) from /etc/sysconfig/freshclam file to active…
# tail /etc/sysconfig/freshclam
## ‘disabled-warn’ … disables the automatic freshclam update and
## gives out a warning
## ‘disabled’ … disables the automatic freshclam silently
# FRESHCLAM_DELAY=
### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
FRESHCLAM_DELAY=disabled-warn # REMOVE ME
run clamd manually for testing purposes
#/usr/sbin/clamd -c /etc/clamd.d/scan.conf –nofork=yes
ERROR: Please define server type (local and/or TCP)
Himm.. We need to define server type. I suggest to use socket option.
Comment out the following line in /etc/clamd.d/scan.conf
#LocalSocket /var/run/clamd.scan/clamd.sock
to
LocalSocket /var/run/clamd.scan/clamd.sock
Enable on startup
# systemctl enable clamd@scan
ln -s ‘/usr/lib/systemd/system/clamd@scan.service’ ‘/etc/systemd/system/multi-user.target.wants/clamd@scan.service’
and start the service, check the status
# systemctl start clamd@scan
# systemctl status clamd@scan
clamd@scan.service – Generic clamav scanner daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled)
Active: active (running) since Mon 2015-01-05 14:45:08 EET; 3s ago
Main PID: 13588 (clamd)
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
ââ13588 /usr/sbin/clamd -c /etc/clamd.d/scan.conf –nofork=yes
Jan 05 14:45:08 Centos7-min systemd[1]: Started Generic clamav scanner daemon.
Jan 05 14:45:08 Centos7-min clamd[13588]: clamd daemon 0.98.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 05 14:45:08 Centos7-min clamd[13588]: Running as user clamscan (UID 995, GID 994)
Jan 05 14:45:08 Centos7-min clamd[13588]: Log file size limited to 1048576 bytes.
Jan 05 14:45:08 Centos7-min clamd[13588]: Reading databases from /var/lib/clamav
Jan 05 14:45:08 Centos7-min clamd[13588]: Not loading PUA signatures.
Jan 05 14:45:08 Centos7-min clamd[13588]: Bytecode: Security mode set to “TrustSigned”.
Run a test scan:
# clamdscan -c /etc/clamd.d/scan.conf /etc/hosts
/etc/hosts: OK
———– SCAN SUMMARY ———–
Infected files: 0
Time: 0.002 sec (0 m 0 s)
İsmail YENIGUL
ClamAV on RedHat Enterprise Linux (RHEL) and CentOS 7 can be installed from Extra Packages for Enterprise Linux (EPEL) repository.
One liner to install EPEL repo, ClamAV packages, and correct configuration files.
yum -y install epel-release; yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd; sed -i '/^Example$/d' /etc/freshclam.conf; sed -i '/^Example$/d' /etc/clamd.d/scan.conf; sed -i -e 's/#LocalSocket /var/run/clamd.scan/clamd.sock/LocalSocket /var/run/clamd.scan/clamd.sock/g' /etc/clamd.d/scan.conf; sed -i '/REMOVE ME/d' /etc/sysconfig/freshclam; systemctl enable [email protected]; freshclam; systemctl start [email protected]; systemctl status [email protected];
If everything is OK, output should end something like this.
Downloading daily.cvd [100%]
daily.cvd updated (version: 20882, sigs: 1566229, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 268, sigs: 47, f-level: 63, builder: anvilleg)
Database updated (3990501 signatures) from database.clamav.net (IP: 104.131.196.175)
[email protected] - Generic clamav scanner daemon
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled)
Active: active (running) since Sun 2015-09-06 09:24:37 EDT; 16ms ago
Main PID: 707 (clamd)
CGroup: /system.slice/system-clamd.slice/[email protected]
└─707 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes
Sep 06 09:24:37 test.demo.local systemd[1]: Started Generic clamav scanner daemon.
Sep 06 09:24:37 test.demo.local clamd[707]: clamd daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sep 06 09:24:37 test.demo.local clamd[707]: Running as user clamscan (UID 998, GID 997)
Sep 06 09:24:37 test.demo.local clamd[707]: Log file size limited to 1048576 bytes.
Sep 06 09:24:37 test.demo.local clamd[707]: Reading databases from /var/lib/clamav
Sep 06 09:24:37 test.demo.local clamd[707]: Not loading PUA signatures.
Sep 06 09:24:37 test.demo.local clamd[707]: Bytecode: Security mode set to "TrustSigned".
[[email protected] ~]#
ClamAV Installation details:
Install EPEL repo:
EPEL can be installed from CentOS Extras repository, which is enabled by default, with the following command.
yum -y install epel-release
In case epel-release package is not available for any reason, it can be installed from Webtatic or Fedora servers, with following commands.
rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm
or
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Install ClamAV packages:
Once EPEL is installed ClamAV packages can be installed with the following command.
yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
Once all necessary packages have been installed, freshclam.conf file needs to be edited, for ClamAV update to work.
Correct freshclam.conf file:
Default installation will return the following error when “freshclam” command is run, due to file being marked as example config file.
# freshclam ERROR: Please edit the example config file /etc/freshclam.conf ERROR: Can't open/parse the config file /etc/freshclam.conf
Error is caused by the following section in the freshclam.conf configuration file.
## Example config file for freshclam ## Please read the freshclam.conf(5) manual before editing this file. ## # Comment or remove the line below. Example
As specified in the file, last line in this snippet, needs to be removed, or commented out, in order for “freshclam” command to work.
Line can be removed with the following command.
sed -i '/^Example$/d' /etc/freshclam.conf
Enable automatic Updates:
By default freshclam cronjob is disabled, and last line needs to be removed or commented out from /etc/sysconfig/freshclam in order for automatic updates to run.
[[email protected] ~]# cat /etc/sysconfig/freshclam ## When changing the periodicity of freshclam runs in the crontab, ## this value must be adjusted also. Its value is the timespan between ## two subsequent freshclam runs in minutes. E.g. for the default ## ## | 0 */3 * * * ... ## ## crontab line, the value is 180 (minutes). # FRESHCLAM_MOD= ## A predefined value for the delay in seconds. By default, the value is ## calculated by the 'hostid' program. This predefined value guarantees ## constant timespans of 3 hours between two subsequent freshclam runs. ## ## This option accepts two special values: ## 'disabled-warn' ... disables the automatic freshclam update and ## gives out a warning ## 'disabled' ... disables the automatic freshclam silently # FRESHCLAM_DELAY= ### !!!!! REMOVE ME !!!!!! ### REMOVE ME: By default, the freshclam update is disabled to avoid ### REMOVE ME: network access without prior activation FRESHCLAM_DELAY=disabled-warn # REMOVE ME [[email protected] ~]#
Lines can be removed with following command.
sed -i '/REMOVE ME/d' /etc/sysconfig/freshclam
Correct scan.conf file:
Same needs to be done for scan.conf file
## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. Example
Following command removes the line from scan.conf file.
sed -i '/^Example$/d' /etc/clamd.d/scan.conf
We also need to define the socket file.
If we try to run clamd, following error is returned.
[[email protected] ~]# clamd -c /etc/clamd.d/scan.conf ERROR: Please define server type (local and/or TCP). [[email protected] ~]#
Checking the scan.conf file, we see socket file is commented out.
# Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) #LocalSocket /var/run/clamd.scan/clamd.sock
Comment can be removed with following command.
sed -i -e 's/#LocalSocket /var/run/clamd.scan/clamd.sock/LocalSocket /var/run/clamd.scan/clamd.sock/g' /etc/clamd.d/scan.conf
-
#1
Hi all,
I’ve got a Plesk 12 box installed and running on Digital Ocean using CentOS 6.5 64bit.
I’ve installed Qmail Scanner and Spamassassin via Plesk’s «Updates and Upgrades» section, and I installed ClamAV using the following command yum install clamd in terminal.
Unlike the last time I did this, it doesn’t want to work out the box. The initial errors of:
ERROR: Please edit example config file /etc/freshclam.conf
ERROR: Can’t open/parse the config file /etc/freshclam.conf
I fixed by commenting Example out in the freshclam.conf and clamd.conf files. But it seems like nothing is configured, and I’m getting lost at this point, as I’m not a Linux guru.
Last time I did this in Plesk 8.6 it was configured out of the box, but that doesn’t seem to be the case now. Is that because I’m using Plesks Qmail? HELP!
Thanks, Matt
UFHH01
Guest
-
#2
What is the output of «service clamd start» ?
-
#3
It fails with:-
Code:
# service clamd start
Starting Clam AntiVirus Daemon: ERROR: Please define server type (local and/or TCP).
[FAILED]When I did this on Plesk 8.6 via the ART yum channel, which I’m also using on this box, it installed with no need to touch the config files.
-
#4
I think that you need to uncomment the «TCPSocket» line in clamd.conf and start service again.
-
#5
Thanks for the reply IgorG. I’ve also noticed the qmail-scanner-reconfigure command doesn’t work either when using the qmail installed via Plesk’s «Updates and Upgrades» section.
Do I need to install qmail-scanner via YUM as well as via Plesk, or not?
UFHH01
Guest
-
#6
Hi Matt_Auckland,
we are getting closer to a working solution for you… ^^
Yes, some individuell modifications need some more «own» work from you… the commands to install the qmail-scanner would be:
yum install qmail-scanner
and afterwards you should be able to use the command:
qmail-scanner-reconfigure
If you still experience issues/problems, a known solution is to switch to postfix and back to qmail again, because you force Plesk to re-install qmail and its packages ( with all it’s settings ), wihtout any modifications to the current eMail — accounts or their folders. Please make sure to include some command outputs and/or depending log — entries if you experience further issues, because it is much easier to suggest work-arounds, if we are aware of the whole situation.
-
#7
Ah ok, I assumed that because I had already installed Plesks Qmail via «Updates and Upgrades», that I wouldn’t need to install qmail-scanner via YUM channel. I assumed running both would break it.
Another another not I’m running Plesks Spamassassin as well. I take it that won’t break anything either?
To be on the safe side, I’ve taken a snapshot of the server, and will attempt this now.
-
#8
Ok it seems to be working. Some minor issues that I overcame, but I’ll explain all just incase someone else has the same problems.
Before I start with the explanation, is there anyway to test this is working?
So kicking off I started with Plesk’s Qmail and Spamassassin installed via the control panel.
Next, from terminal I ran yum install clamd followed by yum install qmail-scanner (thanks UFHH01).
At this stage clamd won’t work out of the box. When you run the freshclam command for the first time you’ll get this error:
Code:
# freshclam
ERROR: Please edit the example config file /etc/freshclam.conf
ERROR: Can't open/parse the config file /etc/freshclam.confSo you need to edit the /etc/freshclam.conf file and comment out the word Example. Then when you re-run the freshclam command this error will come up:
Code:
# freshclam
ERROR: Can't create temporary directory /var/clamav/clamav-f6df56085fdcc627fea887a8a0c30c1d.tmp
Hint: The database directory must be writable for UID 492 or GID 494
# ERROR: Can't create temporary directory /var/clamav/clamav-f6df56085fdcc627fea88So to fix this you need to set the permissions for writting to that folder, to the user clamav (thanks to http://pclosmag.com/html/Issues/201202/page10.html for that) using this command:
Code:
# chown clamav:clamav /var/clamavOk, third time of running the freshclam command is the charm, although you might see these errors during the first database update:
Code:
ClamAV update process started at Tue Nov 25 17:56:12 2014
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
ERROR: Can't open /var/clamav/mirrors.dat for writing
Downloading daily-19680.cdiff [100%]
ERROR: Can't open /var/clamav/mirrors.dat for writing
daily.cld updated (version: 19680, sigs: 1274659, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)
ERROR: Can't open /var/clamav/mirrors.dat for writing
Database updated (3698930 signatures) from db.us.clamav.net (IP: 194.8.197.22)But don’t worry, that is only because those files don’t exist yet, until freshclam runs for the first time.
Next you need to run the service clamd start command, which will bring up this error:
Code:
# service clamd start
Starting Clam AntiVirus Daemon: ERROR: Please edit the example config file /etc/clamd.conf
ERROR: Can't open/parse the config file /etc/clamd.conf
[FAILED]Again to fix this, you need to edit the /etc/clamd.conf file and comment out the word Example. Also locate the line TCPSocket 3310 and uncomment it (thanks to IgorG). That will help you avoid this error:
Code:
# service clamd start
Starting Clam AntiVirus Daemon: ERROR: Please define server type (local and/or TCP).
[FAILED]After that, to finish the install I ran the following commands:
Code:
# chkconfig clamd on
# freshclam -d -c 2
# qmail-scanner-reconfigure
Reconfiguring spamassassin settings: Done
Reconfiguring clamav settings: Done
Configuring qmail-scanner: OKAnd that, he says fingers crossed, should do it.
-
#9
What was the final outcome of this… having issues with qmail-scanner 2.10 from atomic repo and would like to get this
working without breaking plesk 12 qmail and dovecot
I had it running years ago under plesk 9 and 10 but am at a loss now
-
#10
Well in short my answer is above.
I used Plesk’s Qmail, and did the install above.
I did notice the other day that a Clamd update broke the virus scanning side of mail delivery, but running the qmail-scanner-reconfigure command fixed the issue. It was most likely a permissions/ownership issue, due to the update.
The steps above are what I followed to resolve the issue, and I’ve also written a PDF guide which includes qmail and clamd installation and configuration, as part of my «Installing CentOS 6.5 and Plesk on a Digital Ocean Droplet». That guide also covers «Fixing The Passive FTP Issue», and «Adding Support for FTP Over TLS» which I recently came across when FileZilla updated their FTP app.
Happy to share the guide with anyone who needs it. It’s designed for newbies, but great quick reference for everybody else.
-
#11
Hi Matt, would appreciate if you share the file….i am having similar issues….
-
#13
Hello someone know if ClamAV can be installed in a Plesk 12 server that currently use Parallels Dr Web?
-
#14
Yes, see above, although you have to remove Dr Web first, as it is also an anti-virus program.
-
#15
I have some site with malware so I will use ClamAV to help Maldect scan for malware in website files. Dr. Web will scan for viruses on email accounts. Both can be installed in the same server?
-
#16
Honestly, not sure. General rule of thumb on a computer is never use more than one Anti-Virus, as two can greatly affect the system performance, and can return false positives.
However that might not be the case on Linux. Personally though I tend to only use one, and that is ClamAV/Clamd.
And yes, it can scan for Malware as well as Anti-Virus. I’ve used it in the past for that.
-
#18
Hi,
I know this is a old post but i got an unreporter error and I couldn’t find any clue on how to fix it.
I followed all the instructions and evarythig went really (maybe too much)well untill i use:
service clamd start (after modifing the clamd.conf file)
and i got:
Starting Clam AntiVirus Daemon: ERROR: Incorrect argument format for option TCPSocket
ERROR: Can’t open/parse the config file /etc/clamd.conf
The line in clamd.conf look like:
# TCP port address.
# Default: no
TCPSocket 331
What am I missing?
Running plesk 12 on centos x64
-
#19
Wrote error:
The line in clamd.conf look like:
# TCP port address.
# Default: no
TCPSocket 3310
-
#20
Hi Lapo.
Sorry for the late reply, Christmas and all that.
This issue normally also happens after updates to Clamd.
Simply run the following:
# qmail-scanner-reconfigure
# service clamd start
That should do it.