How to Install ClamAV on Rocky Linux 9

Advertisement

ClamAV is a versatile and powerful antivirus toolkit that can protect against such malicious software. One of its most important uses is on mail servers, which can scan incoming emails for viruses and other threats. It can also be used on file hosting servers to periodically scan files that are available for download to the public. In addition to its use on servers, ClamAV can also be used on individual computers to scan for malware and other threats.

The antivirus software also supports multiple file formats, utilizes multi-thread scanner features, and receives updates for its signature database daily to sometimes numerous times per day for the latest protection. In other words, it’s a powerful tool for protecting your computer from harm. So if you’re looking for an antivirus program that can offer you peace of mind, ClamAV is worth checking out.

The following tutorial will teach you how to configure ClamAV on Rocky Linux 9 desktop or server and some basic scan commands using the command line terminal.

Update Rock Linux

Before you proceed, run a quick update to ensure all packages are up-to-date to avoid conflicts during ClamAV installation.

sudo dnf upgrade --refresh

Install ClamAV

The first task is to install the EPEL repository, and the recommendation is to install both repositories.

Advertisement

First, enable the CRB repository.

sudo dnf config-manager --set-enabled crb

Next, install EPEL using the following (dnf) terminal command.

Advertisement
sudo dnf install \
    https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
    https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm

Now, install ClamAV from the default repository by executing the following command.

sudo dnf install clamav clamd clamav-update -y

Now that you have installed ClamAV, you can proceed to update the virus database.

Update the ClamAV Virus Database

With ClamAV installed, update your ClamAV database before using the virus scanner (clamscan). To update the definitions, you will need your system to be connected to the Internet using the (freshclam) terminal command.

Firstly, you need to stop the (clamav-freshclam) service before you can update. To do this, type in the following command:

Advertisement

sudo systemctl stop clamav-freshclam

Now you can proceed to update your virus definition database by the following terminal command:

sudo freshclam

Example output:

How to Install ClamAV on Rocky Linux 9

Once the database is updated, you can start the (clamav-freshclam) service.

sudo systemctl enable clamav-freshclam --now

The above command will activate the service and automatically enable it on system boot, which is highly recommended.

Advertisement

In the future, if you need to disable clamav-freshclam, the following command will do the trick.

sudo systemctl disable clamav-freshclam --now

Note, (freshclam) downloads the ClamAV CVDS and databases in the directory location (/var/lib/clamav).

Advertisement

Lastly, for learning purposes, to view the directory of clamav and the dates of files, use the (ls -l) command.

ls -l /var/lib/clamav/

Example output:

How to Install ClamAV on Rocky Linux 9

How Scan with ClamAV (Clamscan)

Now that you have installed and updated ClamAV, it is time to scan your system to ensure it is clean. This is done with the (clamscan) command.

An example of the syntax is below.

sudo clamscan [options] [file/directory/-]

The following is a list of examples of common commands; these can be changed to suit your scanning requirements as you see fit.

Print ClamAV help:

sudo clamscan -h

Scan a file:

sudo clamscan /home/script.sh

Scan a directory:

sudo clamscan /home/

Print infected files only:

sudo clamscan -i /home/

Skip printing OK files:

sudo clamscan -o /home/

Do not print the summary at the end of the scan:

sudo clamscan --no-summary /home/

Bell notification on virus detection:

sudo clamscan --bell -i /home

Scan directories recursively:

sudo clamscan --bell -i -r /home

Save scan report to file:

sudo clamscan --bell -i -r /home -l output.txt

Scan files listed line by line in the file:

sudo clamscan -i -f /tmp/scan

Remove infected files:

sudo clamscan -r --remove /home/USER

Note that this deletes the file from your system. If it’s a false positive, you won’t be able to retrieve the file.

Advertisement
Advertisement

Move infected files into the quarantine directory:

sudo clamscan -r -i --move=/home/USER/infected /home/

Limit ClamAV CPU Usage

ClamAV during scanning can be quite CPU intensive, and systems that operate on limited or older hardware may find the process too taxing on their systems. A simple way to limit the (CPU) during the scan is to use the (nice) command before each ClamAV command.

Example of a (nice) command to reduce ClamAV CPU:

sudo nice -n 15 clamscan && sudo clamscan --bell -i -r /home

The great benefit of using this method is that ClamAV using (clamscan) will maximize CPU usage if nothing else is using the CPU. However, if another process with a higher priority requires CPU, clamscan will scale down effectively to allow the other process to take priority.

However, there are a few other options; the (nice) command is the best solution. It will maximize CPU if free and scale down when other processors need it, effectively giving you the best combination of performance and safety.

How to Update/Upgrade ClamAV

Given that ClamAV was installed using the DNF package manager from the EPEL repository, use the following command to check for updates for ClamAV or any other system package installed.

sudo dnf update --refresh

For desktop users, you should use the terminal command even with auto-notifications or automatic upgrades set. This ensures all packages are updated correctly, and the terminal will never fail.

Advertisement

How to Remove (Uninstall) ClamAV

First, disable the service for users no longer interested in using ClamAV.

sudo systemctl disable clamav --now

Next, use the following command to remove all traces of the ClamAV and its dependencies.

Advertisement
sudo dnf autoremove clamav clamd clamav-update -y

Comments and Conclusion

ClamAV is an incredibly versatile and powerful antivirus toolkit that can protect against such malicious software. One of its most important uses is on mail servers, which can scan incoming emails for viruses and other threats. It can also be used on file hosting servers to periodically scan files that are available for download to the public. In addition to its use on servers, ClamAV can also be installed on individual workstations to protect from malware infection. If you’re looking for a comprehensive and reliable antivirus solution, ClamAV is an excellent option.

For more information on using ClamAV, visit the official documentation.

Share on: