ClamAV is a versatile and powerful antivirus toolkit that can protect against such malicious software. One of its most important uses is on mail servers, which can scan incoming emails for viruses and other threats. It can also be used on file hosting servers to periodically scan files that are available for download to the public. In addition to its use on servers, ClamAV can also be used on individual computers to scan for malware and other threats.
The antivirus software also supports multiple file formats, utilizes multi-thread scanner features, and receives updates for its signature database daily to sometimes numerous times per day for the latest protection. In other words, it’s a powerful tool for protecting your computer from harm. So if you’re looking for an antivirus program that can offer you peace of mind, ClamAV is worth checking out.
The following tutorial will teach you how to configure ClamAV on Rocky Linux 9 desktop or server and some basic scan commands using the command line terminal.
Table of Contents
Update Rock Linux
Before you proceed, run a quick update to ensure all packages are up-to-date to avoid conflicts during ClamAV installation.
sudo dnf upgrade --refresh
The first task is to install the EPEL repository, and the recommendation is to install both repositories.
First, enable the CRB repository.
sudo dnf config-manager --set-enabled crb
Next, install EPEL using the following (dnf) terminal command.
sudo dnf install \ https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \ https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm
Now, install ClamAV from the default repository by executing the following command.
sudo dnf install clamav clamd clamav-update -y
Now that you have installed ClamAV, you can proceed to update the virus database.
Update the ClamAV Virus Database
With ClamAV installed, update your ClamAV database before using the virus scanner (clamscan). To update the definitions, you will need your system to be connected to the Internet using the (freshclam) terminal command.
Firstly, you need to stop the (clamav-freshclam) service before you can update. To do this, type in the following command:
sudo systemctl stop clamav-freshclam
Now you can proceed to update your virus definition database by the following terminal command:
Once the database is updated, you can start the (clamav-freshclam) service.
sudo systemctl enable clamav-freshclam --now
The above command will activate the service and automatically enable it on system boot, which is highly recommended.
In the future, if you need to disable clamav-freshclam, the following command will do the trick.
sudo systemctl disable clamav-freshclam --now
Note, (freshclam) downloads the ClamAV CVDS and databases in the directory location (/var/lib/clamav).
Lastly, for learning purposes, to view the directory of clamav and the dates of files, use the (ls -l) command.
ls -l /var/lib/clamav/
How Scan with ClamAV (Clamscan)
Now that you have installed and updated ClamAV, it is time to scan your system to ensure it is clean. This is done with the (clamscan) command.
An example of the syntax is below.
sudo clamscan [options] [file/directory/-]
The following is a list of examples of common commands; these can be changed to suit your scanning requirements as you see fit.
Print ClamAV help:
sudo clamscan -h
Scan a file:
sudo clamscan /home/script.sh
Scan a directory:
sudo clamscan /home/
Print infected files only:
sudo clamscan -i /home/
Skip printing OK files:
sudo clamscan -o /home/
Do not print the summary at the end of the scan:
sudo clamscan --no-summary /home/
Bell notification on virus detection:
sudo clamscan --bell -i /home
Scan directories recursively:
sudo clamscan --bell -i -r /home
Save scan report to file:
sudo clamscan --bell -i -r /home -l output.txt
Scan files listed line by line in the file:
sudo clamscan -i -f /tmp/scan
Remove infected files:
sudo clamscan -r --remove /home/USER
Note that this deletes the file from your system. If it’s a false positive, you won’t be able to retrieve the file.
Move infected files into the quarantine directory:
sudo clamscan -r -i --move=/home/USER/infected /home/
Limit ClamAV CPU Usage
ClamAV during scanning can be quite CPU intensive, and systems that operate on limited or older hardware may find the process too taxing on their systems. A simple way to limit the (CPU) during the scan is to use the (nice) command before each ClamAV command.
Example of a (nice) command to reduce ClamAV CPU:
sudo nice -n 15 clamscan && sudo clamscan --bell -i -r /home
The great benefit of using this method is that ClamAV using (clamscan) will maximize CPU usage if nothing else is using the CPU. However, if another process with a higher priority requires CPU, clamscan will scale down effectively to allow the other process to take priority.
However, there are a few other options; the (nice) command is the best solution. It will maximize CPU if free and scale down when other processors need it, effectively giving you the best combination of performance and safety.
How to Update/Upgrade ClamAV
Given that ClamAV was installed using the DNF package manager from the EPEL repository, use the following command to check for updates for ClamAV or any other system package installed.
sudo dnf update --refresh
For desktop users, you should use the terminal command even with auto-notifications or automatic upgrades set. This ensures all packages are updated correctly, and the terminal will never fail.
How to Remove (Uninstall) ClamAV
First, disable the service for users no longer interested in using ClamAV.
sudo systemctl disable clamav --now
Next, use the following command to remove all traces of the ClamAV and its dependencies.
sudo dnf autoremove clamav clamd clamav-update -y
Comments and Conclusion
ClamAV is an incredibly versatile and powerful antivirus toolkit that can protect against such malicious software. One of its most important uses is on mail servers, which can scan incoming emails for viruses and other threats. It can also be used on file hosting servers to periodically scan files that are available for download to the public. In addition to its use on servers, ClamAV can also be installed on individual workstations to protect from malware infection. If you’re looking for a comprehensive and reliable antivirus solution, ClamAV is an excellent option.
For more information on using ClamAV, visit the official documentation.