ClamAV is a powerful and versatile antivirus toolkit designed to protect your Fedora Linux system from malicious software, such as viruses, trojans, and other threats. This tutorial will guide you through installing ClamAV on a Fedora Linux desktop or server, updating its virus database, and performing basic scans using the command line terminal.
Table of Contents
First, run a quick update to ensure all packages are up-to-date to avoid conflicts during ClamAV installation.
sudo dnf upgrade --refresh
By default, ClamAV is available in the standard repository. Fedora focuses on being an upstream release, so the version provided is generally up-to-date and compatible with other Linux distributions. To install ClamAV, run the following command:
sudo dnf install clamav clamd clamav-update
With ClamAV installed, you can now update the virus database.
Update the ClamAV Virus Database
To update the virus definitions, you will need your system to be connected to the Internet. Stop the
clamav-freshclam service before updating the database:
sudo systemctl stop clamav-freshclam
Now, update your virus definition database using the
Once the database is updated, start the
clamav-freshclam service and enable it to run automatically on system boot:
sudo systemctl enable clamav-freshclam --now
Created symlink /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service → /usr/lib/systemd/system/clamav-freshclam.service.
If you need to disable
clamav-freshclam in the future, use the following command:
sudo systemctl disable clamav-freshclam --now
To view the ClamAV directory and the dates of the files, use the
ls -l command:
ls -l /var/lib/clamav/
Scan with ClamAV (Clamscan) on Fedora Linux
With ClamAV installed and updated, it’s time to scan your system to ensure it is clean. Use the
clamscan command for this purpose.
The basic syntax for the
clamscan command is as follows:
sudo clamscan [options] [file/directory/-]
Here are some common
clamscan commands to get you started:
Print ClamAV help:
sudo clamscan -h
Scan a file:
sudo clamscan /home/script.sh
Scan a directory:
sudo clamscan /home/
Print infected files only:
sudo clamscan -i /home/
Skip printing OK files:
sudo clamscan -o /home/
Do not print the summary at the end of the scan:
sudo clamscan --no-summary /home/
Bell notification on virus detection:
sudo clamscan --bell -i /home
Scan directories recursively:
sudo clamscan --bell -i -r /home
Save scan report to file:
sudo clamscan --bell -i -r /home -l output.txt
Scan files listed line by line in the file:
sudo clamscan -i -f /tmp/scan
Remove infected files:
sudo clamscan -r --remove /home/USER
Note that this deletes the file from your system. If it’s a false positive, you won’t be able to retrieve the file.
Move infected files into the quarantine directory:
sudo clamscan -r -i --move=/home/USER/infected /home/
Limit ClamAV CPU Usage
ClamAV can be CPU-intensive during scanning, which may be problematic for systems with limited or older hardware. To limit CPU usage during the scan, use the
nice command before each ClamAV command.
For example, to reduce ClamAV CPU usage, use:
sudo nice -n 15 clamscan && sudo clamscan --bell -i -r /home
The benefit of using this method is that ClamAV, with
clamscan, will maximize CPU usage if nothing else is using the CPU. However, if another process with a higher priority requires CPU,
clamscan will scale down effectively to allow the other process to take priority.
Scheduled ClamAV Scans
Setting up automatic scheduled scans using a task scheduler like GNOME Schedule or Cron helps ensure your system is regularly scanned for malware without needing to do it manually. Here’s how to set up scheduled scans using Cron:
Open the terminal and run the following command to open the crontab configuration file for the current user:
If the command above does not work, install the following package:
sudo dnf install cronie
Add a new line with the following format to schedule a daily scan:
0 1 * * * /usr/bin/clamscan -r --quiet --move=/home/USER/infected /home/
This line schedules a daily scan at 1 AM, scanning the
/home/ directory recursively and moving infected files to the
Save the file and exit the editor. The new scheduled task will take effect immediately.
Customizing ClamAV Settings
To customize ClamAV settings, such as adjusting the sensitivity of the scanner or specifying which file types to scan, edit the ClamAV configuration file located at
/etc/clamav/clamd.conf. Some common settings to customize include:
MaxFileSize: Adjust the maximum file size that ClamAV will scan.
MaxScanSize: Change the maximum data size that ClamAV will scan within an archive or a file.
HeuristicScanPrecedence: Enable or disable heuristic scanning, which uses techniques to detect unknown malware.
For a full list of configuration options, consult the ClamAV documentation.
If you encounter issues during installation or while using ClamAV, consult the following common problems and their solutions:
- Permission denied: If you encounter permission errors during a scan, try running the command with
- Outdated virus database: Make sure to update the ClamAV virus database regularly using
- High CPU usage: If ClamAV is using too much CPU during scans, use the
nicecommand to limit its CPU usage.
Updates and Maintenance
To keep ClamAV effective in protecting your system, it’s essential to maintain and monitor the software. In addition to regularly updating the ClamAV binary using:
sudo dnf update --refresh
Additionally, you should also do the following:
- Monitor ClamAV log files located in
/var/log/clamavfor any issues or potential threats.
- Check the ClamAV mailing lists and forums for any updates, news, or known issues.
- Periodically review and update your ClamAV settings to match your system’s needs and requirements.
By staying up-to-date with ClamAV’s updates and maintenance, you’ll ensure the software continues to provide effective protection for your Fedora Linux system.
Installing ClamTk GUI
ClamTk is a popular graphical user interface for ClamAV, providing an alternative for users who prefer a GUI over the command line. To install ClamTk, run the following command:
sudo dnf install clamtk
After installation, you can launch ClamTk from your application menu. The ClamTk interface allows you to scan files and folders, update the virus database, and view scan history.
Remove (Uninstall) ClamAV
If you decide to uninstall ClamAV, first disable the service:
sudo systemctl disable clamav --now
Next, use the following command to remove all traces of ClamAV and its dependencies:
sudo dnf remove clamav clamd clamav-update
ClamTK users, use the following command:
sudo dnf remove clamtk
In this tutorial, you’ve learned how to install ClamAV on Fedora Linux, update the signature database, and perform basic scanning commands to ensure your system is secure. With Fedora’s focus on being an upstream repository, the ClamAV version provided should be up-to-date and compatible with other Linux distributions, ensuring maximum compatibility and protection for your system. Regularly updating and scanning your system will help maintain its security and integrity.
Additional Resources and Relevant Links
- ClamAV Official Website: Learn more about this powerful antivirus toolkit, its features, and the latest updates by visiting the ClamAV official website.
- ClamAV Documentation: Dive into the official ClamAV documentation to understand ClamAV’s features, configuration options, and advanced usage.
- Fedora Linux Official Website: Discover more about the cutting-edge, community-driven Fedora Linux distribution by exploring its official website.
- Fedora Linux Forums: Connect with other Fedora users, ask questions, and share your experiences in the Fedora Linux forums.
- ClamAV on GitHub: Access the ClamAV source code, report issues, and contribute to the project by visiting the ClamAV GitHub repository.