ClamAV is one of the best tools for detecting viruses, malware, and malicious software on the server. At Bobcares, we often get requests to do ClamAV configuration on Linux servers as part of our Server Management Services.
Today, let’s get into the details and see how our Support Engineers install and configure ClamAV on Linux servers.
How we do ClamAV configuration on Linux servers
ClamAV is a free antivirus tool used to detect viruses, malware, and malicious software on Linux-based machines.
Here, we’ll see how our Support Engineers install and configure ClamAV on CentOS / RHEL 7.
1. Initially, we install the EPEL repository
yum install epel-release2. Then, we install ClamAV on the server by using the following command.
yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd3. Next, we remove the Example string from the configuration file.
sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf4. Also, we open the configuration file /etc/clamd.d/scan.conf
5. Then, we set up a path to local socket file the daemon will listen on. For that, we remove the ‘ # ‘ for LocalSocket
LocalSocket /var/run/clamd.scan/clamd.sock6. Again, we remove Example string from ClamAV’s freshclam update engine configuration file.
sed -i -e "s/^Example/#Example/" /etc/freshclam.confFreshclam is the automatic database update tool for Clam AntiVirus.
7. Next, we execute the virus definition database update,
freshclam7. Finally, we start the Clamd service
systemctl start clamd@scan
systemctl enable clamd@scanThat’s it.
How we fixed the common errors related to ClamAV configuration
At Bobcares, where we have more than a decade of expertise in managing servers, we see many customers face problems while managing ClamAV errors.
Now, let’s see the major reasons for the ClamAV related errors error and how our Support Engineers fix the top errors.
Improper ClamAV update
Recently, one of our customers had a problem with his ClamAV. He installed ClamAV on the cPanel server. However, the ClamAV was not working.
On checking, our Support Engineers found that the ClamAV updating improperly.
Therefore, we updated ClamAV by running the following command via an SSH session
/usr/local/cpanel/3rdparty/bin/freshclamAfter that, it started to work again without any problems.
Problem with clamav-daemon
Similarly, another customer had an error after installing ClamAV on a Webmin server. When he tried to enable ClamAV on the server he got an error like,
ClamAV server scanner : ERROR: Can't connect to clamd: No such file or directory
On checking, our Support Engineers found that the clamav-daemon wasn’t running on the server.
When we run the command/etc/init.d/clamav-daemon restart and the following was the output,
Stopping ClamAV daemon: clamd.
Clamav signatures not found in /var/lib/clamav ... failed!
Please retrieve them using freshclam ... failed!
Then run '/etc/init.d/clamav-daemon start' ... failed!So, we execute the virus definition database update.
freshclamAfter that, we execute the following command to start the clamav-daemon.
/etc/init.d/clamav-daemon startThen, we login into Virtualmin’s web interface, we clicked yes for Run ClamAV server scanner >> Then, click on Next button.
Everything worked fine.
[Need assistance to fix ClamAV errors? We’ll help you.]
Conclusion
In short, Clam AntiVirus is an open-source antivirus tool to detect many types of malicious software, including viruses. Today, we saw how our Support Engineers did ClamAV configuration and fixed the related errors.
What file actually updates the clamav scan engine version number from say 0.103.x to 0.105.x. It can’t be the daily file. I have read that one just can’t update the daily files and at some point the scan engine needs to be update as well as things can greatly get out of sync and not work correctly based on the lastest signatures if not kept in sync. I am trying to fix some clamav issues and I am seeing the clamscan version number is 2 or 3 years old, but is using a recent release of signatures. No one talks about this, they just say run freshclam to get the latest updates. This is all done on separate networks not connected to the internet. It happens in a similar way of using RH Satellite servers and using playbooks etc and I need to understand correctly how clamav works exactly to make sure things are setup correctly. Too many vague articles just skim over the update process.
Hello Jim,
freshclam is a virus database update tool for ClamAV. It routinely checks for software updates and the latest virus definitions.
If your clamav is in EOL, you should update the clamav to its newer version.
If you want any help regarding clamav issue, Please contact our support team via live chat(click on the icon at right-bottom).