ClamAV – Installation on CentOS – v8

Background

Need an AntiVirus on my CentOS box.

AntiVirus

ClamAV is free and works on CentOS.

Outline

  1. Package
    • Verify
      • ClamAV
        • yum
          • yum list installed
        • dnf
          • dnf list installed
    • Install
      • Identify Artifacts
      • Install Artifacts
    • Review
      • Review Packages
  2. Configure ClamAV
  3. Configure SELinux
  4. Configure Services
    • List of Services
      • clamd@.service
      • freshclam.service
    • Configure Service
      • Start Service
      • Review Service Status

Tasks

Package

Verify

ClamAV

yum – list
Syntax

yum list installed

Sample

yum list installed | grep -i 'clamav'

Output – Image

Output – Text


>yum list installed | grep -i clamav
>

dnf – list
Syntax

dnf list installed

Sample

dnf list installed | grep -i 'clamav'

Output – Image

Output – Text


Explanation
  1. An empty list means clamav is not yet installed

 

Install

ClamAV

yum – list
Info
  1. The command “yum list available”
    • Lists available packages
    • It seems that once a package is installed, it is no longer included as part of the available list
Syntax

yum list available

Sample

yum list available | egrep -i 'clamav|clamd'

Output – Image

Output – Text


>yum list available | grep -i 'clamav'
clamav.x86_64 0.102.4-1.el8 epel
clamav-data.noarch 0.102.4-1.el8 epel
clamav-devel.x86_64 0.102.4-1.el8 epel
clamav-filesystem.noarch 0.102.4-1.el8 epel
clamav-lib.x86_64 0.102.4-1.el8 epel
clamav-milter.x86_64 0.102.4-1.el8 epel
clamav-unofficial-sigs.noarch 7.0.1-5.el8 epel
clamav-update.x86_64 0.102.4-1.el8 epel
>

yum – install
Syntax

yum install [package]

Sample

yum -y install clamd
yum -y install clamav 
yum -y install clamav-data 
yum -y install clamav-devel 
yum -y install clamav-filesystem
yum -y install clamav-lib
yum -y install clamav-milter
yum -y install clamav-unofficial-sigs
yum -y install clamav-update

Output – Image

Output – Text


Last metadata expiration check: 2:04:51 ago on Thu 19 Nov 2020 11:52:54 AM PST.
Dependencies resolved.
================================================================================
 Package                  Architecture  Version               Repository   Size
================================================================================
Installing:
 clamav                   x86_64        0.102.4-1.el8         epel        454 k
Installing dependencies:
 clamav-data              noarch        0.102.4-1.el8         epel        200 M
 clamav-filesystem        noarch        0.102.4-1.el8         epel         42 k
 clamav-lib               x86_64        0.102.4-1.el8         epel        825 k
 libprelude               x86_64        5.2.0-1.el8           epel        326 k

Transaction Summary
================================================================================
Install  5 Packages

Total download size: 201 M
Installed size: 206 M
Downloading Packages:
(1/5): clamav-filesystem-0.102.4-1.el8.noarch.r  80 kB/s |  42 kB     00:00
(2/5): clamav-0.102.4-1.el8.x86_64.rpm          516 kB/s | 454 kB     00:00
(3/5): libprelude-5.2.0-1.el8.x86_64.rpm        266 kB/s | 326 kB     00:01
(4/5): clamav-lib-0.102.4-1.el8.x86_64.rpm      364 kB/s | 825 kB     00:02
(5/5): clamav-data-0.102.4-1.el8.noarch.rpm                                                                                             1.4 MB/s | 200 MB     02:25
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                   1.4 MB/s | 201 MB     02:25
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                1/1
  Running scriptlet: clamav-filesystem-0.102.4-1.el8.noarch                                                                                                         1/5
  Installing       : clamav-filesystem-0.102.4-1.el8.noarch                                                                                                         1/5
  Installing       : clamav-data-0.102.4-1.el8.noarch                                                                                                               2/5
  Installing       : libprelude-5.2.0-1.el8.x86_64                                                                                                                  3/5
  Running scriptlet: libprelude-5.2.0-1.el8.x86_64                                                                                                                  3/5
  Installing       : clamav-lib-0.102.4-1.el8.x86_64                                                                                                                4/5
  Installing       : clamav-0.102.4-1.el8.x86_64                                                                                                                    5/5
  Running scriptlet: clamav-0.102.4-1.el8.x86_64                                                                                                                    5/5
  Verifying        : clamav-0.102.4-1.el8.x86_64                                                                                                                    1/5
  Verifying        : clamav-data-0.102.4-1.el8.noarch                                                                                                               2/5
  Verifying        : clamav-filesystem-0.102.4-1.el8.noarch                                                                                                         3/5
  Verifying        : clamav-lib-0.102.4-1.el8.x86_64                                                                                                                4/5
  Verifying        : libprelude-5.2.0-1.el8.x86_64                                                                                                                  5/5
Installed products updated.

Installed:
  clamav-0.102.4-1.el8.x86_64  clamav-data-0.102.4-1.el8.noarch  clamav-filesystem-0.102.4-1.el8.noarch  clamav-lib-0.102.4-1.el8.x86_64  libprelude-5.2.0-1.el8.x86_64

Complete!
Last metadata expiration check: 2:07:32 ago on Thu 19 Nov 2020 11:52:54 AM PST.
Package clamav-data-0.102.4-1.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Last metadata expiration check: 2:07:34 ago on Thu 19 Nov 2020 11:52:54 AM PST.
Dependencies resolved.
========================================================================================================================================================================
 Package                                        Architecture                      Version                                       Repository                         Size
========================================================================================================================================================================
Installing:
 clamav-devel                                   x86_64                            0.102.4-1.el8                                 epel                               50 k
Installing dependencies:
 clamav-update                                  x86_64                            0.102.4-1.el8                                 epel                              128 k
 keyutils-libs-devel                            x86_64                            1.5.10-6.el8                                  BaseOS                             48 k
 krb5-devel                                     x86_64                            1.17-18.el8                                   BaseOS                            549 k
 libcom_err-devel                               x86_64                            1.45.4-3.el8                                  BaseOS                             38 k
 libselinux-devel                               x86_64                            2.9-3.el8                                     BaseOS                            199 k
 libsepol-devel                                 x86_64                            2.9-1.el8                                     BaseOS                             86 k
 libverto-devel                                 x86_64                            0.3.0-5.el8                                   BaseOS                             18 k
 openssl-devel                                  x86_64                            1:1.1.1c-15.el8                               BaseOS                            2.3 M
 pcre2-devel                                    x86_64                            10.32-1.el8                                   BaseOS                            605 k
 pcre2-utf16                                    x86_64                            10.32-1.el8                                   BaseOS                            228 k
 pcre2-utf32                                    x86_64                            10.32-1.el8                                   BaseOS                            220 k
 zlib-devel                                     x86_64                            1.2.11-16.el8_2                               BaseOS                             57 k

Transaction Summary
========================================================================================================================================================================
Install  13 Packages

Total download size: 4.5 M
Installed size: 8.3 M
Downloading Packages:
(1/13): libcom_err-devel-1.45.4-3.el8.x86_64.rpm                                                                                        199 kB/s |  38 kB     00:00
(2/13): keyutils-libs-devel-1.5.10-6.el8.x86_64.rpm                                                                                     173 kB/s |  48 kB     00:00
(3/13): libselinux-devel-2.9-3.el8.x86_64.rpm                                                                                           926 kB/s | 199 kB     00:00
(4/13): libsepol-devel-2.9-1.el8.x86_64.rpm                                                                                             358 kB/s |  86 kB     00:00
(5/13): libverto-devel-0.3.0-5.el8.x86_64.rpm                                                                                           160 kB/s |  18 kB     00:00
(6/13): krb5-devel-1.17-18.el8.x86_64.rpm                                                                                               816 kB/s | 549 kB     00:00
(7/13): pcre2-devel-10.32-1.el8.x86_64.rpm                                                                                              1.2 MB/s | 605 kB     00:00
(8/13): pcre2-utf32-10.32-1.el8.x86_64.rpm                                                                                              821 kB/s | 220 kB     00:00
(9/13): zlib-devel-1.2.11-16.el8_2.x86_64.rpm                                                                                           867 kB/s |  57 kB     00:00
(10/13): pcre2-utf16-10.32-1.el8.x86_64.rpm                                                                                             300 kB/s | 228 kB     00:00
(11/13): clamav-devel-0.102.4-1.el8.x86_64.rpm                                                                                          188 kB/s |  50 kB     00:00
(12/13): clamav-update-0.102.4-1.el8.x86_64.rpm                                                                                         523 kB/s | 128 kB     00:00
(13/13): openssl-devel-1.1.1c-15.el8.x86_64.rpm                                                                                         876 kB/s | 2.3 MB     00:02
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                   1.2 MB/s | 4.5 MB     00:03
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                1/1
  Installing       : clamav-update-0.102.4-1.el8.x86_64                                                                                                            1/13
  Running scriptlet: clamav-update-0.102.4-1.el8.x86_64                                                                                                            1/13
  Installing       : zlib-devel-1.2.11-16.el8_2.x86_64                                                                                                             2/13
  Installing       : pcre2-utf32-10.32-1.el8.x86_64                                                                                                                3/13
  Installing       : pcre2-utf16-10.32-1.el8.x86_64                                                                                                                4/13
  Installing       : pcre2-devel-10.32-1.el8.x86_64                                                                                                                5/13
  Installing       : libverto-devel-0.3.0-5.el8.x86_64                                                                                                             6/13
  Installing       : libsepol-devel-2.9-1.el8.x86_64                                                                                                               7/13
  Installing       : libselinux-devel-2.9-3.el8.x86_64                                                                                                             8/13
  Installing       : libcom_err-devel-1.45.4-3.el8.x86_64                                                                                                          9/13
  Installing       : keyutils-libs-devel-1.5.10-6.el8.x86_64                                                                                                      10/13
  Installing       : krb5-devel-1.17-18.el8.x86_64                                                                                                                11/13
  Installing       : openssl-devel-1:1.1.1c-15.el8.x86_64                                                                                                         12/13
  Installing       : clamav-devel-0.102.4-1.el8.x86_64                                                                                                            13/13
  Running scriptlet: clamav-devel-0.102.4-1.el8.x86_64                                                                                                            13/13
  Verifying        : keyutils-libs-devel-1.5.10-6.el8.x86_64                                                                                                       1/13
  Verifying        : krb5-devel-1.17-18.el8.x86_64                                                                                                                 2/13
  Verifying        : libcom_err-devel-1.45.4-3.el8.x86_64                                                                                                          3/13
  Verifying        : libselinux-devel-2.9-3.el8.x86_64                                                                                                             4/13
  Verifying        : libsepol-devel-2.9-1.el8.x86_64                                                                                                               5/13
  Verifying        : libverto-devel-0.3.0-5.el8.x86_64                                                                                                             6/13
  Verifying        : openssl-devel-1:1.1.1c-15.el8.x86_64                                                                                                          7/13
  Verifying        : pcre2-devel-10.32-1.el8.x86_64                                                                                                                8/13
  Verifying        : pcre2-utf16-10.32-1.el8.x86_64                                                                                                                9/13
  Verifying        : pcre2-utf32-10.32-1.el8.x86_64                                                                                                               10/13
  Verifying        : zlib-devel-1.2.11-16.el8_2.x86_64                                                                                                            11/13
  Verifying        : clamav-devel-0.102.4-1.el8.x86_64                                                                                                            12/13
  Verifying        : clamav-update-0.102.4-1.el8.x86_64                                                                                                           13/13
Installed products updated.

Installed:
  clamav-devel-0.102.4-1.el8.x86_64         clamav-update-0.102.4-1.el8.x86_64      keyutils-libs-devel-1.5.10-6.el8.x86_64      krb5-devel-1.17-18.el8.x86_64
  libcom_err-devel-1.45.4-3.el8.x86_64      libselinux-devel-2.9-3.el8.x86_64       libsepol-devel-2.9-1.el8.x86_64              libverto-devel-0.3.0-5.el8.x86_64
  openssl-devel-1:1.1.1c-15.el8.x86_64      pcre2-devel-10.32-1.el8.x86_64          pcre2-utf16-10.32-1.el8.x86_64               pcre2-utf32-10.32-1.el8.x86_64
  zlib-devel-1.2.11-16.el8_2.x86_64

Complete!
Last metadata expiration check: 2:07:44 ago on Thu 19 Nov 2020 11:52:54 AM PST.
Package clamav-filesystem-0.102.4-1.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Last metadata expiration check: 2:07:45 ago on Thu 19 Nov 2020 11:52:54 AM PST.
Package clamav-lib-0.102.4-1.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Last metadata expiration check: 2:07:46 ago on Thu 19 Nov 2020 11:52:54 AM PST.
Dependencies resolved.
========================================================================================================================================================================
 Package                                     Architecture                       Version                                     Repository                             Size
========================================================================================================================================================================
Installing:
 clamav-milter                               x86_64                             0.102.4-1.el8                               epel                                  123 k
Installing dependencies:
 sendmail-milter                             x86_64                             8.15.2-32.el8                               AppStream                              82 k

Transaction Summary
========================================================================================================================================================================
Install  2 Packages

Total download size: 205 k
Installed size: 355 k
Downloading Packages:
(1/2): sendmail-milter-8.15.2-32.el8.x86_64.rpm                                                                                         256 kB/s |  82 kB     00:00
(2/2): clamav-milter-0.102.4-1.el8.x86_64.rpm                                                                                           224 kB/s | 123 kB     00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                   149 kB/s | 205 kB     00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                1/1
  Installing       : sendmail-milter-8.15.2-32.el8.x86_64                                                                                                           1/2
  Running scriptlet: sendmail-milter-8.15.2-32.el8.x86_64                                                                                                           1/2
  Running scriptlet: clamav-milter-0.102.4-1.el8.x86_64                                                                                                             2/2
  Installing       : clamav-milter-0.102.4-1.el8.x86_64                                                                                                             2/2
  Running scriptlet: clamav-milter-0.102.4-1.el8.x86_64                                                                                                             2/2
  Verifying        : sendmail-milter-8.15.2-32.el8.x86_64                                                                                                           1/2
  Verifying        : clamav-milter-0.102.4-1.el8.x86_64                                                                                                             2/2
Installed products updated.

Installed:
  clamav-milter-0.102.4-1.el8.x86_64                                                sendmail-milter-8.15.2-32.el8.x86_64

Complete!
Last metadata expiration check: 2:07:52 ago on Thu 19 Nov 2020 11:52:54 AM PST.
Dependencies resolved.
========================================================================================================================================================================
 Package                                            Architecture                       Version                                   Repository                        Size
========================================================================================================================================================================
Installing:
 clamav-unofficial-sigs                             noarch                             7.0.1-5.el8                               epel                              60 k

Transaction Summary
========================================================================================================================================================================
Install  1 Package

Total download size: 60 k
Installed size: 241 k
Downloading Packages:
clamav-unofficial-sigs-7.0.1-5.el8.noarch.rpm                                                                                           164 kB/s |  60 kB     00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                    82 kB/s |  60 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                1/1
  Installing       : clamav-unofficial-sigs-7.0.1-5.el8.noarch                                                                                                      1/1
  Running scriptlet: clamav-unofficial-sigs-7.0.1-5.el8.noarch                                                                                                      1/1
  Verifying        : clamav-unofficial-sigs-7.0.1-5.el8.noarch                                                                                                      1/1
Installed products updated.

Installed:
  clamav-unofficial-sigs-7.0.1-5.el8.noarch

Complete!
Last metadata expiration check: 2:07:56 ago on Thu 19 Nov 2020 11:52:54 AM PST.
Package clamav-update-0.102.4-1.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
>

yum – info
Syntax

yum info [package]

Sample

yum info clamd

Output – Image

Output – Text

>yum info clamd
Last metadata expiration check: 23:09:57 ago on Thu 19 Nov 2020 12:37:06 PM PST.
Installed Packages
Name : clamd
Version : 0.102.4
Release : 1.el8
Architecture : x86_64
Size : 243 k
Source : clamav-0.102.4-1.el8.src.rpm
Repository : @System
From repo : epel
Summary : The Clam AntiVirus Daemon
URL : https://www.clamav.net/
License : GPLv2
Description : The Clam AntiVirus Daemon
: See the README file how this can be done with a minimum of effort.
: This package contains a generic system wide clamd service which is
: e.g. used by the clamav-milter package.

Review

Package

Using “yum info”, let us review the packages we just installed.

 

Package Description
clamd This package contains a generic system wide clamd service which is used by other applications and packages such as the clamav-milter package.
clamav Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command
line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE.
clamav-data This package contains the virus-database needed by clamav. This database should be updated regularly; the ‘clamav-update’ package ships a corresponding cron-job. Use this package when you want a working (but perhaps outdated) virus scanner immediately after package installation.
clamav-devel This package contains headerfiles and libraries which are needed to build applications using clamav.
clamav-filesystem This package provides the filesystem structure and contains the user-creation scripts required by clamav.
clamav-lib This package contains dynamic libraries shared between applications using the Clam Antivirus scanner.
clamav-milter This package contains files which are needed to run the clamav-milter.
clamav-unofficial-sigs This package contains scripts and configuration files that provide the capability to download, test, and update the 3rd-party signature databases provide by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, INetMsg and ScamNailer.
clamav-update This package contains programs which can be used to update the clamav anti-virus database automatically. It uses the freshclam(1) utility for this task. To activate it use, uncomment the entry in /etc/cron.d/clamav-update.
Use this package when you go updating the virus database regulary and do not want to download a >160MB sized rpm-package with outdated virus definitions.

 

Configure ClamAV

Outline

  1. Files
    • Daemon
      • /etc/clamd.d/scan.conf
    • Database
      • /etc/freshclam.conf

/etc/clamd.d/scan.conf

Outline

  1. In file /etc/clamd.d/scan.conf
    • Backup
      • Create Backup Folder
      • Backup File
    • Entries
      • LocalSocket
      • TCPSocket

Tasks

Task – Create Backup Folder
Syntax

mkdir -p /etc/clamd.d/backup/[TS]

Sample

mkdir -p /etc/clamd.d/backup/20201119.0330PM

Output – Image

Output – Text
 

mkdir -p /etc/clamd.d/backup/20201119.0330PM 

Task – Backup File
Syntax

sudo cp /etc/clamd.d/scan.conf /etc/clamd.d/backup/[TS]

Sample


sudo cp /etc/clamd.d/scan.conf /etc/clamd.d/backup/20201119.0330PM

Output – Image

Output – Text
 

>sudo cp /etc/clamd.d/scan.conf /etc/clamd.d/backup/20201119.0330PM
[sudo] password for dadeniji:
>

Review Socket Choice

Decide between LocalSocket or TCPSocket

  1. LocalSocket
  2. TCPSocket

Review Socket Choice
Syntax

cat /etc/clamd.d/scan.conf | egrep -i 'LocalSocket |TCPSocket '

Output – Text

>cat /etc/clamd.d/scan.conf | egrep -i 'LocalSocket |TCPSocket '
#LocalSocket /run/clamd.scan/clamd.sock
#TCPSocket 3310

Output – Image
Make Socket Choice

Using an editor such as vi, please edit /run/clamd.scan, and uncomment out the entry per your choice.

Editor – Contents – Visual

 

Editor – Contents – Text

# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
# dadeniji 2020-11-19 03:58 PM
#LocalSocket /run/clamd.scan/clamd.sock
LocalSocket /run/clamd.scan/clamd.sock

Explanation
  1. In our case, chose local socket ( LocalSocket ) over TCP/IP

/etc/freshclam.conf

Outline

  1. file /etc/freshclam.conf
    • Review File
    • Create Backup Folder
    • Backup File
    • Comment out Example Tag

Review File

Command – grep
Syntax

cat /etc/freshclam.conf

Sample

sudo cat /etc/freshclam.conf | egrep -i 'Example '

Output – Image

Output – Text

sudo cat /etc/freshclam.conf | egrep -i 'Example '

Explanation

In our case, the Example Tag is already commented out and so we will skip this step.

 

Configure SE-Linux

Outline

  1. Get SE-Linux Configuration
  2. Set SE-Linux Configuration

Get SE-Linux Configuration

Outline

Please review the following items:

  1. antivirus_can_scan_system
  2. antivirus_use_jit

getsebool

Syntax

sudo getsebool

Sample

sudo getsebool -a | grep antivirus

Output – Image

Output – Text

>sudo getsebool -a | grep antivirus
antivirus_can_scan_system --> off
antivirus_use_jit --> off
>
Explanation
  1. antivirus_can_scan_system => OFF
  2. antivirus_use_jit => OFF

 

Set SE-Linux Configuration

Outline

Please adjust the following items:

  1. antivirus_can_scan_system
  2. antivirus_use_jit

setsebool

Syntax

sudo setsebool -P <item> <value>

Item – antivirus_can_scan_system
Sample

sudo setsebool -P antivirus_can_scan_system 1

Output – Image

Output – Text
>sudo setsebool -P antivirus_can_scan_system 1
[sudo] password for dadeniji:
>

 

Item – antivirus_use_jit
Sample

sudo setsebool -P antivirus_use_jit 1

Output – Image

Output – Text

sudo setsebool -P antivirus_use_jit 1
[sudo] password for dadeniji:

Explanation

Within SE-Linux the following settings are enabled:-

  1. antivirus_can_scan_system
  2. antivirus_use_jit

 

Configure Services/Daemons

Outline

  1. List of CLAMAV Services
    • clamd@.service
    • freshclam.service
  2. Configure CLAMAV Services
    • Start Service
    • Review Service Status
  3. Review CLAMAV Services
    • Issue systemctl

List of Services

  1. clamd@.service
    • ClamAV daemon
  2. freshclam.service
    • Get the latest ClamAV Antivirus signatures

clamd@.service

Outline

  1. Enable Service
  2. Start Service
  3. Review Service Status

systemctl

systemctl – enable
Syntax

sudo systemctl enable [service]

Sample

sudo systemctl enable clamd@

Output – Image

Output – Text

>sudo systemctl enable clamd@
Created symlink /etc/systemd/system/multi-user.target.wants/clamd@.service → /us r/lib/systemd/system/clamd@.service.

Explanation
  1. clamd@
    • Registered as a system daemon ( service )

 

systemctl – start
Syntax

sudo systemctl start [service]

Sample

sudo systemctl start clamd@scan

Output – Image

Output – Text

>sudo systemctl start clamd@scan

>

Explanation
  1. clamd@scan
    • Successfully started service

 

systemctl – status
Syntax

sudo systemctl status [service]

Sample

sudo systemctl status clamd@scan

Output – Image
Output – Text

>sudo systemctl status clamd@scan
● clamd@scan.service - clamd scanner (scan) daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2020-11-19 18:22:45 PST; 3min 23s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Process: 69509 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan.conf (code=exited, status=0/SUCCESS)
Main PID: 69512 (clamd)
Tasks: 2 (limit: 23516)
Memory: 1.1G
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
└─69512 /usr/sbin/clamd -c /etc/clamd.d/scan.conf

Nov 19 18:22:41 dbLinux clamd[69512]: ELF support enabled.
Nov 19 18:22:41 dbLinux clamd[69512]: Mail files support enabled.
Nov 19 18:22:41 dbLinux clamd[69512]: OLE2 support enabled.
Nov 19 18:22:41 dbLinux clamd[69512]: PDF support enabled.
Nov 19 18:22:41 dbLinux clamd[69512]: SWF support enabled.
Nov 19 18:22:41 dbLinux clamd[69512]: HTML support enabled.
Nov 19 18:22:41 dbLinux clamd[69512]: XMLDOCS support enabled.
Nov 19 18:22:41 dbLinux clamd[69512]: HWP3 support enabled.
Nov 19 18:22:41 dbLinux clamd[69512]: Self checking every 600 seconds.
Nov 19 18:22:45 dbLinux systemd[1]: Started clamd scanner (scan) daemon.
>
Explanation
  1. clamd@scan
    • List supported features
      • ELF
      • Mail
      • OLE2
      • PDF
      • SWF
      • HTML
      • XMLDOCS
      • HWP3

 

freshclam.service

Outline

  1. Enable Service
  2. Start Service
  3. Review Service Status

systemctl

systemctl – enable
Syntax

sudo systemctl enable [service]

Sample

sudo systemctl enable clamav-freshclam.service

Output – Image

Output – Text

>sudo systemctl enable clamav-freshclam.service
Created symlink /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service → /usr/lib/systemd/system/clamav-freshclam.service.
>
Explanation
  1. clamav-freshclam.service
    • Registered as a system daemon ( service )

 

systemctl – start
Syntax

sudo systemctl start [service]

Sample

sudo systemctl start clamav-freshclam.service

Output – Image

Output – Text

>sudo systemctl start clamav-freshclam.service
[sudo] password for dadeniji:
Explanation
  1. clamav-freshclam
    • Service successfully started

 

systemctl – status
Syntax

sudo systemctl status [service]

Sample

sudo systemctl status clamav-freshclam.service

Output – Image

Output – Text
>sudo systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2020-11-19 21:51:37 PST; 6min ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://www.clamav.net/documents
Main PID: 74426 (freshclam)
Tasks: 1 (limit: 23516)
Memory: 3.1M
CGroup: /system.slice/clamav-freshclam.service
└─74426 /usr/bin/freshclam -d --foreground=true

Nov 19 21:51:37 dbLinux systemd[1]: Started ClamAV virus database updater.
Nov 19 21:51:37 dbLinux freshclam[74426]: ClamAV update process started at Thu Nov 19 21:51:37 2020
Nov 19 21:51:37 dbLinux freshclam[74426]: daily.cld database is up to date (version: 25993, sigs: 4346475, f-level: 63, builder: raynman)
Nov 19 21:51:37 dbLinux freshclam[74426]: main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Nov 19 21:51:37 dbLinux freshclam[74426]: bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
>

Explanation
  1. clamav-freshclam
    • Is running as a system daemon ( service )
    • Service Info
      • ClamAV virus database updater

 

CLAMAV Services Status

  1. systemctl
    • Options
      • list-unit-files

systemctl

systemctl – list-unit-files
Syntax

sudo systemctl list-unit-files --all

Sample

sudo systemctl list-unit-files --all | grep 'clam'

Output – Image

Output – Text

>systemctl list-unit-files --all | grep 'clam'
clamav-freshclam.service enabled
clamav-milter.service disabled
clamav-unofficial-sigs.service disabled
clamd@.service enabled
clamonacc.service disabled
clamav-unofficial-sigs.timer disabled
Explanation
  1. Services
    • Enabled
      • clamav-freshclam
      • clamd@

Summary

A lot to cover in a single blog post.

Will come back and clean it up on subsequent posts.

 

Moral of the Story

Don’t wait forever to install an AntiVirus.

 

References

  1. Albert Valbuena
    • How to install the Clamav antivirus on CentOS 8
      Link
  2. StackExchange
    • Unix&Linux
      • systemctl list all possible (including disabled) services
        Link

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s