ClamAV is an open-source and free antivirus software toolkit able to detect many types of malicious software, including viruses, trojans, malware, adware, rootkits, and other malicious threats. One of its primary uses of ClamAV is on mail servers as a server-side email virus scanner or used on file hosting servers to periodically scan to make sure files are clean, especially if the public can upload to the server.
ClamAV supports multiple file formats (documents, executables, or archives), utilizes multi-thread scanner features, and receives updates for its signature database daily to sometimes numerous times per day for the latest protection.
In the following tutorial, you will learn how to install and use ClamAV on Fedora 35 Workstation or Server.
Table of Contents
- Recommended OS: Fedora Linux 35.
- User account: A user account with sudo or root access.
Update Operating System
Update your Fedora operating system to make sure all existing packages are up to date:
sudo dnf upgrade --refresh -y
The tutorial will be using the sudo command and assuming you have sudo status.
To verify sudo status on your account:
Example output showing sudo status:
[joshua@fedora ~]$ sudo whoami root
To set up an existing or new sudo account, visit our tutorial on Adding a User to Sudoers on Fedora.
To use the root account, use the following command with the root password to log in.
Install Dependency Required
Before you proceed with the installation, run the following command to install or check that the package dnf-plugins-core is installed on your Fedora desktop.
sudo dnf install dnf-plugins-core -y
By default, this should be installed.
The tutorial will utilize the terminal, which can be found in your show applications menu.
Install ClamAV on Fedora
Fedora features ClamAV in its default repository. Given that Fedora focuses on the latest packages, it is often on the latest version compared to other distributions that focus on long-term stability, leading to ClamAV being behind a few versions.
First, install ClamAV using the following command.
sudo dnf install clamav clamd clamav-update
Type Y, then press the ENTER KEY to proceed with the installation.
The installation that you just installed on your system includes:
- clamd – Clam Antivirus Daemon.
- clamav – Clam user tools for using the Clam Antivirus.
- clamavupdate – Clam Antivirus auto-updater for data-files.
To verify if the installation was successful and to confirm the version and build number use the following:
Like all RHEL distribution families, Fedora utilizes SELinux; given how ClamAV works, you will need to configure it so there is no interference. To do this, run the following command:
sudo setsebool -P antivirus_can_scan_system 1
Now that you have installed ClamAV, you can update the virus database.
Update the ClamAV Virus Database
After installing ClamAV, it is advised to update your virus definition database before beginning using the virus scanner (clamscan). To update the definitions, you will need your system to be connected to the Internet using the (freshclam) terminal command.
Firstly, it is recommended to stop the (clamav-freshclam) service before you can update. To do this, type in the following command:
sudo systemctl stop clamav-freshclam
Now you can proceed to update your virus definition database by the following terminal command:
In the output, you should get the following as an example:
[joshua@fedora ~]$ sudo freshclam ClamAV update process started at Tue Jan 11 10:18:15 2022 daily database available for download (remote version: 26418) Time: 5.8s, ETA: 0.0s [========================>] 54.86MiB/54.86MiB Testing database: '/var/lib/clamav/tmp.aa1638c168/clamav-ef28165d6331c4b1d7e0bda515cd8668.tmp-daily.cvd' ... Database test passed. daily.cvd updated (version: 26418, sigs: 1970616, f-level: 90, builder: raynman) main database available for download (remote version: 62) Time: 13.5s, ETA: 0.0s [========================>] 162.58MiB/162.58MiB Testing database: '/var/lib/clamav/tmp.aa1638c168/clamav-8f5b94d6a2a5dd2abdbf645aaaf6c2c8.tmp-main.cvd' ... Database test passed. main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode database available for download (remote version: 333) Time: 0.4s, ETA: 0.0s [========================>] 286.79KiB/286.79KiB Testing database: '/var/lib/clamav/tmp.aa1638c168/clamav-954b7af4407206541ca3e5fe4c54b285.tmp-bytecode.cvd' ... Database test passed. bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Once the database is updated, you can start the (clamav-freshclam) service, so it keeps updating the signature database in the background with the following command:
sudo systemctl start clamav-freshclam
After you have begun freshclam after the update, verify it is on as follows:
systemctl status clamav-freshclam
Note, make sure you have enabled or disabled ClamAV on boot. You would mostly want this enabled; however, you can have this automatically disabled for limited resources systems and or need to be manually used on the odd occasion when you need to perform manual scans.
Enable ClamAV on startup:
sudo systemctl enable clamav-freshclam
Created symlink /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service → /usr/lib/systemd/system/clamav-freshclam.service.
Disable ClamAV on startup:
sudo systemctl disable clamav-freshclam
Note, (freshclam) downloads the ClamAV CVDS and databases in the directory location (/var/lib/clamav).
To view the directory, use the (ls) command:
bytecode.cvd daily.cld freshclam.dat main.cvd
How to use Clamscan with Examples
Now that you have installed and updated ClamAV, it is time to scan your system to make sure it is clean. This is done with the (clamscan) command. An example of the syntax:
sudo clamscan [options] [file/directory/-]
The following is a list of examples:
Print ClamAV help:
sudo clamscan -h
Scan a file:
sudo clamscan /home/script.sh
Scan a directory:
sudo clamscan /home/
Print infected files only:
sudo clamscan -i /home/
Skip printing OK files:
sudo clamscan -o /home/
Do not print summary at the end of scan:
sudo clamscan --no-summary /home/
Bell notification on virus detection:
sudo clamscan --bell -i /home
Scan directories recursively:
sudo clamscan --bell -i -r /home
Save scan report to file:
sudo clamscan --bell -i -r /home -l output.txt
Scan files listed line by line in file:
sudo clamscan -i -f /tmp/scan
Remove infected files:
sudo clamscan -r --remove /home/USER
Note, this deletes the file from your system. If it’s a false positive, you won’t be able to retrieve the file.
Move infected files into quarantine directory:
sudo clamscan -r -i --move=/home/USER/infected /home/
Limit ClamAV CPU Usage
ClamAV during scanning can be quite CPU intensive, and systems that operate on limited or older hardware may find the process to taxing on their systems. A simple way to limit the (CPU) during the scan is to use the (nice) command before each ClamAV command.
Example of a (nice) command to reduce ClamAV CPU:
sudo nice -n 15 clamscan && sudo clamscan --bell -i -r /home
The great benefit of using this method is that if nothing else is using the CPU, ClamAV using (clamscan) will maximize CPU usage. However, if another process with a higher priority requires CPU, then clamscan will scale down effectively to allow the other process to take priority.
However, there are a few other options; the (nice) command is the best solution. It will maximize CPU if free and scale down when other processors need it, effectively giving you the best combination of performance and safety.
How to Uninstall ClamAV
To remove ClamAV from your operating system is a quick process. Execute the following terminal command to remove:
sudo dnf autoremove clamav clamd clamav-update
Note, this will remove all unused dependencies installed with ClamAV for a complete uninstallation.
Comments and Conclusion
In the following tutorial, you have learned how to install, update, and use ClamAV examples on your Fedora 35 Workstation or Server. Overall, ClamAV is an excellent virus scanner. Is it the best? Well, that is up to a constant debate with other products rising and falling; however, ClamAV is always in the top 1 to 3 in most people’s books and is a solid effort to help protect your operating system and email and or web servers from viruses, malware, and other threats.
Please note, as much as these types of antivirus software are available to use freely on your system, it should not give you the sense of protection as much as making sure your webserver or desktop is hardened with reasonable procedures will most likely save you more than any software can. However, ClamAV is another tool in the arsenal to combat the ever-growing threat of cyber ransomware, malware, and more if you do the procedures first.
For more information on using ClamAV, visit the official documentation.