Simple steps to install & configure ClamAV in CentOS 7


Security, How To, Linux

ClamAV is an open source antivirus tool. Its basic usage is for detecting viruses, malware, and malicious software on Linux-based machines. The threat from viruses, Trojans, and other forms of malware is real. They have grown exponentially in both quantity and in sophistication, and antivirus software have had to adopt sophisticated detection methods. While there's no guarantee that your system will not fall victim to these unwanted bits of code, remaining mindful when using the Internet and sharing files, implementing common-sense security policies, and using an up-to-date antivirus program can go a long way in protecting you.

 

This article will show you how to install and configure ClamAV on CentOS 7 and CentOS 8. I have also added some tips for Ubuntu.

Steps to install and configure ClamAV in Linux ( CentOS / RHEL 7 )

 

1. Install ClamAV packages

To install ClamAV on CentOS 7, we need to install and enable EPEL repository.

# yum install epel-release

You can follow clamav official website to get the details of installing ClamAV on other distributions

Then we can install ClamAV with all its useful tools:

# yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Below is a snippet from my server after the install was successful.
Simple steps to install & configure ClamAV in CentOS 7

Below are the list of clamav rpms from my CentOS 7 environment

# rpm -qa | grep -i clamav
clamav-0.102.4-1.el7.x86_64
clamav-data-0.102.4-1.el7.noarch
clamav-filesystem-0.102.4-1.el7.noarch
clamav-update-0.102.4-1.el7.x86_64
clamav-lib-0.102.4-1.el7.x86_64
clamav-devel-0.102.4-1.el7.x86_64

 

2. Manually update the feshclam database

To update the database for the first time we need to run freshclam to update the database manually and to check whether the configuration is successfully set:

# freshclam
ClamAV update process started at Tue Nov 6 15:51:59 2018
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): OK (IMS)
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Reading CVD header (daily.cvd): OK
Downloading daily-25006.cdiff [100%]
Downloading daily-25092.cdiff [100%]
Downloading daily-25093.cdiff [100%]
Downloading daily-25094.cdiff [100%]
Downloading daily-25095.cdiff [100%]
daily.cld updated (version: 25095, sigs: 2143057, f-level: 63, builder: neo)
Reading CVD header (bytecode.cvd): OK
bytecode.cvd is up to date (version: 327, sigs: 91, f-level: 63, builder: neo)
Database updated (6709397 signatures) from database.clamav.net (IP: 104.16.186.138)

 

This will add or update the existing database file inside

# ls -l /var/lib/clamav/
total 442156
-rw-r--r-- 1 clamupdate clamupdate    296388 Sep  5 17:16 bytecode.cvd
-rw-r--r-- 1 clamupdate clamupdate 334600704 Sep  5 14:44 daily.cld
-rw-r--r-- 1 clamupdate clamupdate 117859675 Nov 25  2019 main.cvd

 

3. Configure auto-update of freshclam database

Based on different distribution, the method to configure auto-update of freshclam database may differ. I see different behaviour in CentOS7 , CentOS 8 and Ubuntu.

 

3.1: On Ubuntu with /etc/clamav/freshclam.conf

In the /etc/clamav/freshclam.conf file of your Ubuntu machine, you'll see the following lines at the end:

# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net

So, essentially, this means that on Ubuntu, ClamAV will be checking for updates every hour.

 

3.2: On CentOS 7 with cron job

With clamav-update-0.102.4-1.el7.x86_64 I could find a cron job file which is responsible for performing periodic update to the freshclam database

# cat /etc/cron.d/clamav-update
## Adjust this line...
MAILTO=root

## It is ok to execute it as root; freshclam drops privileges and becomes
## user 'clamupdate' as soon as possible
0  */3 * * * root /usr/share/clamav/freshclam-sleep

The */3 in the second column from the left indicates that ClamAV will check for updates every 3 hours.

 

You can change the default time to check for updates if you like, but you'll also need to change the setting in the /etc/sysconfig/freshclam file.

Let's say that you want CentOS to also check for ClamAV updates every hour. In the cron job file, change */3 to *. (You don't need to do */1 because the asterisk by itself in that position already indicates that the job will run every hour.)

Then, in the /etc/sysconfig/freshclam file, look for this line:

# FRESHCLAM_MOD=

Uncomment that line and add the number of minutes that you want between updates. To set it to 1 hour, so that it matches the cron job, it will look like this:

FRESHCLAM_MOD=60

 

To disable the auto-update you can modify

# FRESHCLAM_DELAY=

Uncomment this line and add disabled to this value:

FRESHCLAM_DELAY=disabled

 

3.3: On CentOS 8 with systemd clamav-freshclam.service

In CentOS 8 with clamav-update-0.102.4-1.el8.x86_64 I observed that below files were missing

  • /usr/share/clamav/freshclam-sleep
  • /etc/cron.d/clamav-update files
  • /etc/sysconfig/freshclam

It is possible with CentOS 8, the developer wants us to use /usr/lib/systemd/system/clamav-freshclam.service to handle auto updates of freshclam database. If you check the content of this service unit file

[Unit]
Description=ClamAV virus database updater
Documentation=man:freshclam(1) man:freshclam.conf(5) https://www.clamav.net/documents
# If user wants it run from cron, don't start the daemon.
ConditionPathExists=!/etc/cron.d/clamav-freshclam
Wants=network-online.target
After=network-online.target

[Service]
ExecStart=/usr/bin/freshclam -d --foreground=true
StandardOutput=syslog

[Install]
WantedBy=multi-user.target

We have a condition

# If user wants it run from cron, don't start the daemon.
ConditionPathExists=!/etc/cron.d/clamav-freshclam

So if /etc/cron.d/clamav-freshclam exists then user cannot start this daemon. You can find more details in this Red Hat Bugzilla where the developer seems to have done this intentionally so moving forward in RHEL/CentOS we can expect to only see the service unit file.

 

But this service unit file with CentOS 8 is not well developed to handle the auto-update of the ClamAV database.

 

With cron we had a timer which was configured to perform the auto-update. Similarly in systemd we should have an equivalent clamav-freshclam.timer file for clamav-freshclam.service but this was missing from my node.

So I decided to create my own systemd timer unit file /etc/systemd/system/clamav-freshclam.timer with below content.

# cat /etc/systemd/system/clamav-freshclam.timer
[Unit]
Description=ClamAV virus database updater
After=network-online.target

[Timer]
OnCalendar=daily
Persistent=true

[Install]
WantedBy=timers.target

 

There was one more problem though..

The existing clamav-freshclam.service is configured to start as a daemon in the foreground. When I was testing this, the timer never worked i.e. it failed to execute the freshclam daemon. The reason was because the daemon was always in running state

# ps -ef | grep freshclam
clamupd+    4874       1  0 17:14 ?        00:00:00 /usr/bin/freshclam -d --foreground=true
root        4907    2074  0 17:14 pts/1    00:00:00 grep --color=auto freshc

 

So if a daemon is already running, it is obvious that the timer won't be able to start the service again to initiate the auto update. So I decided to modify this unit file and created my own file where I am just executing freshclam without any arguments as I would do from the terminal to update the database:

# cat /etc/systemd/system/clamav-freshclam.service
[Unit]
Description=ClamAV virus database updater
Documentation=man:freshclam(1) man:freshclam.conf(5) https://www.clamav.net/documents
# If user wants it run from cron, don't start the daemon.
ConditionPathExists=!/etc/cron.d/clamav-freshclam
Wants=network-online.target
After=network-online.target

[Service]
ExecStart=/usr/bin/freshclam
StandardOutput=syslog

[Install]
WantedBy=multi-user.target

Next enable and start the clamav-freshclam.timer. We don't need to start and enable the service as timer will take care of that.

# systemctl enable clamav-freshclam.timer --now

 

So we are all done, check the status of the timer:

Steps to install and configure ClamAV in Linux CentOS 7
service status for clamav-freshclam.timer

 

Verify the list of available timers and check the time when the clamav-freshclam.timer will be next executed. So our clamav-freshclam.timer is configured to start the service next at Sun 2020-09-06 00:00:00

Steps to install and configure ClamAV in Linux CentOS 7
List the available systemd timers

 

Once the service is executed, we should see logs similar to below in journalctl

Steps to install and configure ClamAV in Linux CentOS 7
clamav database is getting updated

 

4. Configure /etc/clamd.d/scan.conf

The configuration file for ClamAV is available at /etc/clamd.d/scan.conf. The default user for performing scan is clamscan which is created as soon as we install clamav rpms

# id clamscan
uid=982(clamscan) gid=979(clamscan) groups=979(clamscan),980(virusgroup)

But we will change this to "root" user, search for

User clamscan

Comment this line and add a new line

User root

We can leave all other configuration options to default and next start the service:

 

5. Configure and start clamd.service

We have an example service file /usr/lib/systemd/system/clamd@.service that we need to copy into the system services folder.

I will copy this file to /etc/systemd/system/clamd.service. I hope you are familiar with the different systemd service file locations so you can understand why I preferred this location instead of /usr/lib/systemd/system

# cp -ap /usr/lib/systemd/system/clamd@.service /etc/systemd/system/clamd.service

 

Next replace %i with scan.conf from both the Description and ExecStart options in /etc/systemd/system/clamd.serviceSimple steps to install & configure ClamAV in CentOS 7

 

Enable and start the clamd service

# # systemctl enable clamd.service --now
Created symlink /etc/systemd/system/multi-user.target.wants/clamd.service → /etc/systemd/system/clamd.service

 

Check the status to make sure the service is active and running:

Steps to install and configure ClamAV in Linux CentOS 7
clamd service status

 

6. Configure periodic scan using clamdscan (Optional)

You can follow this step if you wish to configure auto scan of any directory as by default you will have to initiate manual scan.

We will create a new systemd service unit file :

# cat /etc/systemd/system/clamdscan-home.service
[Unit]
Description=ClamAV virus scan
Requires=clamd.service
After=clamd.service

[Service]
ExecStart=/usr/bin/clamdscan /home
StandardOutput=syslog

[Instal]
WantedBy=multi-user.target

 

To perform a periodic scan we also need a mapping timer unit file. Here I have added time value of 18:40 to start the scan:

# cat /etc/systemd/system/clamdscan-home.timer
[Unit]
Description=Scan /home directory using ClamAV

[Timer]
OnCalendar=18:40:00
Persistent=true

[Install]
WantedBy=timers.target

 

Next enable and start the timer

# systemctl enable clamdscan-home.timer --now
Created symlink /etc/systemd/system/timers.target.wants/clamdscan-home.timer → /etc/systemd/system/clamdscan-home.timer.

We don't need to start the service unit file as it will be controlled by the timer file

 

Now we monitor the journalctl logs at 18:40 PM

Sep 05 18:40:05 server.example.com systemd[1]: Started ClamAV virus scan.
Sep 05 18:40:17 server.example.com clamdscan[10901]: /home: OK
Sep 05 18:40:17 server.example.com clamdscan[10901]: ----------- SCAN SUMMARY -----------
Sep 05 18:40:17 server.example.com clamdscan[10901]: Infected files: 0
Sep 05 18:40:17 server.example.com clamdscan[10901]: Time: 11.725 sec (0 m 11 s)

 

 

7. Perform manual scan with clamscan

For a test scan of the current folder, we run the following command:

# clamscan --infected --remove --recursive ./

----------- SCAN SUMMARY -----------
Known viruses: 6702413
Engine version: 0.100.2
Scanned directories: 7
Scanned files: 9
Infected files: 0
Data scanned: 0.01 MB
Data read: 0.00 MB (ratio 2.00:1)
Time: 25.439 sec (0 m 25 s)

 

Here,

  • infected: prints only infected files
  • remove: removes infected files
  • recursive: all the sub-directories in the provided directory will also be scanned

 

Conclusion

In this tutorial we learned about ClamAV scanner and it's configuration in Linux. With different version of clamav the stepsof configuration seems to be changing. As I am more comfortable with systemd, I have used the same to demonstrate all the steps in this tutorial but you are free to write custom scripts with crond to perform auto scan and auto update of the freshclam database.

Lastly I hope the steps from the article to configure ClamAV on Ubuntu, CentOS 7 and CentOS 8 Linux was helpful. So, let me know your suggestions and feedback using the comment section.

 

References

I have used below external references for this tutorial guide
man page for systemd timer

Deepak Prasad

Deepak Prasad

Deepak Prasad is the founder of GoLinuxCloud, bringing over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, Networking, and Security. His extensive experience spans development, DevOps, networking, and security, ensuring robust and efficient solutions for diverse projects.

Certifications and Credentials:

  • Certified Kubernetes Application Developer (CKAD)
  • Go Developer Certification
  • Linux Foundation Certified System Administrator (LFCS)
  • Certified Ethical Hacker (CEH)
  • Python Institute PCAP (Certified Associate in Python Programming)
You can connect with him on his LinkedIn profile and join his Facebook and LinkedIn page.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

34 thoughts on “Simple steps to install & configure ClamAV in CentOS 7”

  1. Hope this thread is still alive!
    I’ve got this error following the instructions on my centos7 :

    [root@localhost ~]# systemctl enable clamd.service --now
    Job for clamd.service failed because the control process exited with error code. See "systemctl status clamd.service" and "journalctl -xe" for details.

    systemctl status clamd.service command says :

    [maux57@localhost system]$ systemctl -l status clamd.service
    ● clamd.service - clamd scanner (scan.conf) daemon
       Loaded: loaded (/etc/systemd/system/clamd.service; enabled; vendor preset: disabled)
       Active: failed (Result: start-limit) since Wed 2022-09-07 15:31:33 CEST; 8min ago
         Docs: man:clamd(8)
               man:clamd.conf(5)
               https://www.clamav.net/documents/
      Process: 13707 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan.conf (code=exited, status=1/FAILURE)
    
    Sep 07 15:31:33 localhost.localdomain systemd[1]: Failed to start clamd scanner (scan.conf) daemon.
    Sep 07 15:31:33 localhost.localdomain systemd[1]: Unit clamd.service entered failed state.
    Sep 07 15:31:33 localhost.localdomain systemd[1]: clamd.service failed.
    Sep 07 15:31:33 localhost.localdomain systemd[1]: clamd.service holdoff time over, scheduling restart.
    Sep 07 15:31:33 localhost.localdomain systemd[1]: Stopped clamd scanner (scan.conf) daemon.
    Sep 07 15:31:33 localhost.localdomain systemd[1]: start request repeated too quickly for clamd.service
    Sep 07 15:31:33 localhost.localdomain systemd[1]: Failed to start clamd scanner (scan.conf) daemon.
    Sep 07 15:31:33 localhost.localdomain systemd[1]: Unit clamd.service entered failed state.
    Sep 07 15:31:33 localhost.localdomain systemd[1]: clamd.service failed.

    journalctl -xe command says:

    [root@localhost ~]# journalctl -xe
    -- The result is failed.
    Sep 07 15:44:52 localhost.localdomain systemd[1]: Unit clamd.service entered failed state.
    Sep 07 15:44:52 localhost.localdomain systemd[1]: clamd.service failed.
    Sep 07 15:44:52 localhost.localdomain systemd[1]: clamd.service holdoff time over, scheduling restart.
    Sep 07 15:44:52 localhost.localdomain systemd[1]: Stopped clamd scanner (scan.conf) daemon.
    -- Subject: Unit clamd.service has finished shutting down
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit clamd.service has finished shutting down.
    Sep 07 15:44:52 localhost.localdomain systemd[1]: Starting clamd scanner (scan.conf) daemon...
    -- Subject: Unit clamd.service has begun start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit clamd.service has begun starting up.
    Sep 07 15:44:52 localhost.localdomain clamd[14401]: Received 0 file descriptor(s) from systemd.
    Sep 07 15:44:52 localhost.localdomain clamd[14401]: Please define server type (local and/or TCP).
    Sep 07 15:44:52 localhost.localdomain clamd[14400]: ERROR: Please define server type (local and/or TCP).
    Sep 07 15:44:52 localhost.localdomain systemd[1]: clamd.service: control process exited, code=exited status=1
    Sep 07 15:44:52 localhost.localdomain systemd[1]: Failed to start clamd scanner (scan.conf) daemon.
    -- Subject: Unit clamd.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit clamd.service has failed.
    -- 
    -- The result is failed.
    Sep 07 15:44:52 localhost.localdomain systemd[1]: Unit clamd.service entered failed state.
    Sep 07 15:44:52 localhost.localdomain systemd[1]: clamd.service failed.
    Sep 07 15:44:53 localhost.localdomain systemd[1]: clamd.service holdoff time over, scheduling restart.
    Sep 07 15:44:53 localhost.localdomain systemd[1]: Stopped clamd scanner (scan.conf) daemon.
    -- Subject: Unit clamd.service has finished shutting down
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit clamd.service has finished shutting down.
    Sep 07 15:44:53 localhost.localdomain systemd[1]: start request repeated too quickly for clamd.service
    Sep 07 15:44:53 localhost.localdomain systemd[1]: Failed to start clamd scanner (scan.conf) daemon.
    -- Subject: Unit clamd.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit clamd.service has failed.
    -- 
    -- The result is failed.
    Sep 07 15:44:53 localhost.localdomain systemd[1]: Unit clamd.service entered failed state.
    Sep 07 15:44:53 localhost.localdomain systemd[1]: clamd.service failed.
    lines 1801-1848/1848 (END)

    I am a vanilla linux user….please help if you can

    Reply
  2. Can someone help. My periodic scan doesn’t work and i don’t see anything in my logs i.e journalctl..where am i going wrong !

    Reply
    • Is your systemd service running properly to handle the scheduled run? You can manually try to check the status of that service and timer file

      Reply
  3. I have tried and tried to get clamav on Fedora running for longer than I care to mention. This one ALMOST worked. This was written for Centos 7 and 8, but Centos, RHEL and Fedora are all closely related.

    root@COMPUTER Downloads] $ systemctl status clamd.service
    ● clamd.service - clamd scanner (scan.conf) daemon
         Loaded: loaded (/etc/systemd/system/clamd.service; enabled; vendor preset: disabled)
         Active: failed (Result: exit-code) since Sat 2020-11-14 05:17:53 PST; 36min ago
           Docs: man:clamd(8)
                 man:clamd.conf(5)
                 https://www.clamav.net/documents/
        Process: 851977 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan.conf (code=exited, status=1/FAILURE)
    
    Nov 14 05:17:53 COMPUTER systemd[1]: clamd.service: Scheduled restart job, restart counter is at 5.
    Nov 14 05:17:53 COMPUTER systemd[1]: Stopped clamd scanner (scan.conf) daemon.
    Nov 14 05:17:53 COMPUTER systemd[1]: clamd.service: Start request repeated too quickly.
    Nov 14 05:17:53 COMPUTER systemd[1]: clamd.service: Failed with result 'exit-code'.
    Nov 14 05:17:53 COMPUTER systemd[1]: Failed to start clamd scanner (scan.conf) daemon.

    So, I searched on clamd “scheduled restart job, restart counter is at 5” and found https://serverfault.com/questions/1007700/clamav-on-centos-8-installation. One user comment in this thread was close; the first suggestion at serverfault.com is this:

    One solution mentions to ensure both these lines in the config file are not commented out

    LocalSocket /tmp/clamd.socket
    FixStaleSocket yes

    In my scan.conf, they were (still) commented out (and LocalSocket points somewhere else). I uncommented both lines, saved the conf and exited, then attempted a restart of the service.

    It worked. FINALLY.

    Reply
  4. Here is what I am trying to run.

    systemctl enable clamd.service --now

    Job for clamd.service failed because the control process exited with error code.
    See “systemctl status clamd.service” and “journalctl -xe” for details.

    Output from journalctl -xe

    -- Unit clamd.service has finished shutting down.
    Oct 26 12:14:44 localhost.localdomain systemd[1]: Starting clamd scanner (scan.conf) daemon...
    -- Subject: Unit clamd.service has begun start-up
    -- Defined-By: systemd
    -- Support: https://access.redhat.com/support
    -- 
    -- Unit clamd.service has begun starting up.
    Oct 26 12:14:44 localhost.localdomain clamd[13367]: Received 0 file descriptor(s) from systemd.
    Oct 26 12:14:44 localhost.localdomain clamd[13367]: ERROR: Please define server type (local and/or TCP).
    Oct 26 12:14:44 localhost.localdomain clamd[13367]: Please define server type (local and/or TCP).
    Oct 26 12:14:44 localhost.localdomain systemd[1]: clamd.service: Control process exited, code=exited sta>
    Oct 26 12:14:44 localhost.localdomain systemd[1]: clamd.service: Failed with result 'exit-code'.
    Oct 26 12:14:44 localhost.localdomain systemd[1]: Failed to start clamd scanner (scan.conf) daemon.
    -- Subject: Unit clamd.service has failed
    -- Defined-By: systemd
    -- Support: https://access.redhat.com/support
    -- 
    -- Unit clamd.service has failed.
    -- 
    -- The result is failed.
    Oct 26 12:14:44 localhost.localdomain systemd[1]: clamd.service: Service RestartSec=100ms expired, sched>
    Oct 26 12:14:44 localhost.localdomain systemd[1]: clamd.service: Scheduled restart job, restart counter >
    -- Subject: Automatic restarting of a unit has been scheduled
    -- Defined-By: systemd
    -- Support: https://access.redhat.com/support
    -- 
    -- Automatic restarting of the unit clamd.service has been scheduled, as the result for
    -- the configured Restart= setting for the unit.
    Oct 26 12:14:44 localhost.localdomain systemd[1]: Stopped clamd scanner (scan.conf) daemon.
    -- Subject: Unit clamd.service has finished shutting down
    -- Defined-By: systemd
    -- Support: https://access.redhat.com/support
    -- 
    -- Unit clamd.service has finished shutting down.
    Oct 26 12:14:44 localhost.localdomain systemd[1]: clamd.service: Start request repeated too quickly.
    Oct 26 12:14:44 localhost.localdomain systemd[1]: clamd.service: Failed with result 'exit-code'.
    Oct 26 12:14:44 localhost.localdomain systemd[1]: Failed to start clamd scanner (scan.conf) daemon.
    -- Subject: Unit clamd.service has failed
    -- Defined-By: systemd
    -- Support: https://access.redhat.com/support
    -- 
    -- Unit clamd.service has failed.
    -- 
    -- The result is failed.
    Reply
    • Looks like I just needed to uncomment “LocalSocket /run/clamd.scan/clamd.sock

      Read through the previous comments a few more times and found that another user had needed to do this and it seems to have worked.

      My apologies for the multiple posts. Hopefully my errors add something for anyone who needs it.

      Reply
      • Thank you for sharing all the details. Now since there are two users complaining the same thing then I must check this again. I will try to setup ClamAV again and see if this additional step which you have highlighted is based on some environmental factor or mandatory and accordingly will update the article.

        Reply
  5. Well, this was working but now an hour later clamd.service is erroring when I try to start it. Even when I started from scratch.

    Reply
      • I will post check as soon as I can and post it. Have been away for a few days working on another project. In the mean time, I followed all the instructions and it worked great until I had replicated the steps using ansible to push them out to other machines. All the steps seem to work fine except for the clamd.service.

        I will get more info as soon as I am able but I saw this site has quite bit of ansible info and figured you may know more about what might cause that before I can get to it.

        Thanks again for the excellent guide!

        Reply
  6. I had a small hiccup that was fairly easily fixed. Otherwise the tutorial was great.

    I was getting the error clamd[14338]: Please define server type (local and/or TCP). when trying to enable / start the daemon.

    In /etc/clamd.d/scan.conf, I had to uncomment the line LocalSocket /run/clamd.scan/clamd.sock. It is also possible to uncomment the line TCPSocket 3310. “Local” is the recommended option.

    Hope this is helpful.

    Reply
  7. On the RHEL/CentOS 8 freshclam service, there is an easy way to specify the update interval to your hearts content;-) From the freshclam man page: ”

           -d, --daemon
                  Run in a daemon mode. Defaults to 12 checks per day unless otherwise specified by --checks or freshclam.conf."

    So, there really no need for another service or anything.

    Reply
    • Thanks for sharing. Yes, that is true but systemd timer and service would give more control to the end user to use it as per individual’s requirement

      Reply
  8. If you have SELinux set to enforcing you will have issues when attempting to start the clamd service. This was the only error I could see from systemctland journalctl

    Sep 22 09:28:40 localhost.localdomain systemd[1]: clamd.service: Failed with result 'exit-code'.

    However once I tried to enable logging I received a new message through journalctl

    Sep 22 10:14:41 localhost.localdomain python3[27818]: SELinux is preventing clamd from open access on the file /var/log/clamd.scan

    I set SELinux to permissive, and disabled it in the configuration file.

    [root@localhost ~]# setenforce Permissive
    /etc/selinux/config
    SELINUX=disabled

    Now clamd.service was no longer having any issues starting.
    A note for Fedora, CentOS, and Redhat users.

    Reply
  9. 1) You have first

    # mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service

    and then you want to edit the file which was just renamed

    # vim /usr/lib/systemd/system/clamd@scan.service

    IMHO John above probably refers to that …

    2) You rename and/or edit files in /usr/lib/systemd/system (and/or similar). These belong to the installed packages (check with `rpm -qf`) and removing/changing them is a total no-go (unless you never will simply `dnf update` it).
    For starters: With systemd, the files can be overloaded with a file with the same name somewhere under /etc/systemd/ (or disabled/ignored with a symlinkl there to /dev/null).

    Reply
    • Hi Bernd,

      Thank you for highlighting this, I may have overlooked earlier. I agree we should prefer to use /etc/systemd/system but since we are not using the default clamd@scan.service for our configuration, a dnf update will not break anything.

      Based on your feedback I did some trials today and realised alot has changed since I wrote this article, so I have updated the article completely based on the new clamav packages

      Reply

Leave a Comment