Installing and Configuring Clamscan

ClamAV is an open source (GPL) antivirus engine designed for detecting trojans, viruses, malware and other malicious threats.

To Install ClamAV for Non-cPanel Servers

  1. Install EPEL Repo using the command:

    rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

    This will create an EPEL Repo file /etc/yum.repos.d/epel.repo.

  2. Install required ClamAV packages.

    yum install clamav clamd

  3. Start the clamd service and set it to auto-start.

    /etc/init.d/clamd on

    chkconfig clamd on

    /etc/init.d/clamd start

  4. Update ClamAV signatures using the command:

    /usr/bin/freshclam

Now, you can configure daily scan as given below:

  1. Create a cron file using the command

    vim /etc/cron.daily/manual_clamscan

  2. Add the following lines in the file /etc/cron.daily/manual_clamscan:

    #!/bin/bash
    SCAN_DIR=”/home”
    LOG_FILE=”/var/log/clamav/manual_clamscan.log”
    /usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE

    Note

    You need to change SCAN_DIR to the directory that you want to scan.

  3. Set executable permission for the cron script using the command:

    chmod +x /etc/cron.daily/manual_clamscan

To Install ClamAV for cPanel Servers

  1. Login to your WHM panel as the root user.

  2. Click the cPanel icon.

  3. Select Manage Plugins. This will bring up a list of additional cPanel modules.

  4. Select the checkbox next to ClamAV Install and Keep Updated.

  5. Submit the settings by clicking Save.

Listed below are some important options for Clamscan:

  • -h, –help: Print help information and exit

  • -v, –verbose: Be verbose

  • -l FILE, –log=FILE: Save scan report to FILE

  • -f FILE, –file-list=FILE: Scan files listed line by line in FILE

  • -r, –recursive: Scan directories recursively. All the subdirectories in the given directory will be scanned. These options can be used multiple times.

  • -i: Print infected files

  • –remove[=yes/no(*)]: Remove infected files

  • –move=DIRECTORY: Move infected files into DIRECTORY. Directory must be writeable for the user or unprivileged user running clamscan.

  • –copy=DIRECTORY: Copy infected files into DIRECTORY. Directory must be writeable for the user or unprivileged user running clamscan.