ClamAV is a powerful and versatile antivirus toolkit designed to protect your Fedora Linux system from malicious software, such as viruses, trojans, and other threats. This tutorial will guide you through installing ClamAV on a Fedora Linux desktop or server, updating its virus database, and performing basic scans using the command line terminal.
Table of Contents
Install ClamAV
First, run a quick update to ensure all packages are up-to-date to avoid conflicts during ClamAV installation.
sudo dnf upgrade --refreshBy default, ClamAV is available in the standard repository. Fedora focuses on being an upstream release, so the version provided is generally up-to-date and compatible with other Linux distributions. To install ClamAV, run the following command:
sudo dnf install clamav clamd clamav-updateWith ClamAV installed, you can now update the virus database.
Update the ClamAV Virus Database
To update the virus definitions, you will need your system to be connected to the Internet. Stop the clamav-freshclam service before updating the database:
sudo systemctl stop clamav-freshclamNow, update your virus definition database using the freshclam command:
sudo freshclamOnce the database is updated, start the clamav-freshclam service and enable it to run automatically on system boot:
sudo systemctl enable clamav-freshclam --nowExample output:
Created symlink /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service → /usr/lib/systemd/system/clamav-freshclam.service.If you need to disable clamav-freshclam in the future, use the following command:
sudo systemctl disable clamav-freshclam --nowTo view the ClamAV directory and the dates of the files, use the ls -l command:
ls -l /var/lib/clamav/Scan with ClamAV (Clamscan) on Fedora Linux
With ClamAV installed and updated, it’s time to scan your system to ensure it is clean. Use the clamscan command for this purpose.
The basic syntax for the clamscan command is as follows:
sudo clamscan [options] [file/directory/-]Here are some common clamscan commands to get you started:
Print ClamAV help:
sudo clamscan -hScan a file:
sudo clamscan /home/script.sh
Scan a directory:
sudo clamscan /home/
Print infected files only:
sudo clamscan -i /home/Skip printing OK files:
sudo clamscan -o /home/Do not print the summary at the end of the scan:
sudo clamscan --no-summary /home/Bell notification on virus detection:
sudo clamscan --bell -i /homeScan directories recursively:
sudo clamscan --bell -i -r /homeSave scan report to file:
sudo clamscan --bell -i -r /home -l output.txtScan files listed line by line in the file:
sudo clamscan -i -f /tmp/scanRemove infected files:
sudo clamscan -r --remove /home/USERNote that this deletes the file from your system. If it’s a false positive, you won’t be able to retrieve the file.
Move infected files into the quarantine directory:
sudo clamscan -r -i --move=/home/USER/infected /home/Limit ClamAV CPU Usage
ClamAV can be CPU-intensive during scanning, which may be problematic for systems with limited or older hardware. To limit CPU usage during the scan, use the nice command before each ClamAV command.
For example, to reduce ClamAV CPU usage, use:
sudo nice -n 15 clamscan && sudo clamscan --bell -i -r /homeThe benefit of using this method is that ClamAV, with clamscan, will maximize CPU usage if nothing else is using the CPU. However, if another process with a higher priority requires CPU, clamscan will scale down effectively to allow the other process to take priority.
Scheduled ClamAV Scans
Setting up automatic scheduled scans using a task scheduler like GNOME Schedule or Cron helps ensure your system is regularly scanned for malware without needing to do it manually. Here’s how to set up scheduled scans using Cron:
Open the terminal and run the following command to open the crontab configuration file for the current user:
crontab -eIf the command above does not work, install the following package:
sudo dnf install cronieAdd a new line with the following format to schedule a daily scan:
0 1 * * * /usr/bin/clamscan -r --quiet --move=/home/USER/infected /home/This line schedules a daily scan at 1 AM, scanning the /home/ directory recursively and moving infected files to the /home/USER/infected directory.
Save the file and exit the editor. The new scheduled task will take effect immediately.
Customizing ClamAV Settings
To customize ClamAV settings, such as adjusting the sensitivity of the scanner or specifying which file types to scan, edit the ClamAV configuration file located at /etc/clamav/clamd.conf. Some common settings to customize include:
MaxFileSize: Adjust the maximum file size that ClamAV will scan.MaxScanSize: Change the maximum data size that ClamAV will scan within an archive or a file.HeuristicScanPrecedence: Enable or disable heuristic scanning, which uses techniques to detect unknown malware.
For a full list of configuration options, consult the ClamAV documentation.
Troubleshooting
If you encounter issues during installation or while using ClamAV, consult the following common problems and their solutions:
- Permission denied: If you encounter permission errors during a scan, try running the command with
sudo. - Outdated virus database: Make sure to update the ClamAV virus database regularly using
freshclam. - High CPU usage: If ClamAV is using too much CPU during scans, use the
nicecommand to limit its CPU usage.
Updates and Maintenance
To keep ClamAV effective in protecting your system, it’s essential to maintain and monitor the software. In addition to regularly updating the ClamAV binary using:
sudo dnf update --refreshAdditionally, you should also do the following:
- Monitor ClamAV log files located in
/var/log/clamavfor any issues or potential threats. - Check the ClamAV mailing lists and forums for any updates, news, or known issues.
- Periodically review and update your ClamAV settings to match your system’s needs and requirements.
By staying up-to-date with ClamAV’s updates and maintenance, you’ll ensure the software continues to provide effective protection for your Fedora Linux system.
Installing ClamTk GUI
ClamTk is a popular graphical user interface for ClamAV, providing an alternative for users who prefer a GUI over the command line. To install ClamTk, run the following command:
sudo dnf install clamtkAfter installation, you can launch ClamTk from your application menu. The ClamTk interface allows you to scan files and folders, update the virus database, and view scan history.
Remove (Uninstall) ClamAV
If you decide to uninstall ClamAV, first disable the service:
sudo systemctl disable clamav --nowNext, use the following command to remove all traces of ClamAV and its dependencies:
sudo dnf remove clamav clamd clamav-updateClamTK users, use the following command:
sudo dnf remove clamtkConclusion
In this tutorial, you’ve learned how to install ClamAV on Fedora Linux, update the signature database, and perform basic scanning commands to ensure your system is secure. With Fedora’s focus on being an upstream repository, the ClamAV version provided should be up-to-date and compatible with other Linux distributions, ensuring maximum compatibility and protection for your system. Regularly updating and scanning your system will help maintain its security and integrity.
Additional Resources and Relevant Links
- ClamAV Official Website: Learn more about this powerful antivirus toolkit, its features, and the latest updates by visiting the ClamAV official website.
- ClamAV Documentation: Dive into the official ClamAV documentation to understand ClamAV’s features, configuration options, and advanced usage.
- Fedora Linux Official Website: Discover more about the cutting-edge, community-driven Fedora Linux distribution by exploring its official website.
- Fedora Linux Forums: Connect with other Fedora users, ask questions, and share your experiences in the Fedora Linux forums.
- ClamAV on GitHub: Access the ClamAV source code, report issues, and contribute to the project by visiting the ClamAV GitHub repository.