Install EPEL repo:
Before we can do proceed, you must ensure that you have the EPEL yum repository enabled. To do this,
CentOS 6.x
#rpm -Uvh
http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
CentOS 5.x
#rpm -Uvh
http://mirror.pnl.gov/epel/5/x86_64/epel-release-5-4.noarch.rpm
Install clamAV
# yum -y install clamav clamd
# chkconfig clamd on
Update the clamav virus database
# /usr/bin/freshclam
Error:
# /usr/bin/freshclam
ERROR: Please edit the example config file
/etc/freshclam.conf
ERROR: Can't open/parse the config file /etc/freshclam.conf
To fix this above error Comment out the Line with “Example”
#vim /etc/freshclam.conf
##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing
this file.
##
# Comment or remove the line below.
Example
Change to
#vim /etc/freshclam.conf
##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing
this file.
##
# Comment or remove the line below.
# Example
Run freshclam again
# /usr/bin/freshclam
Start Clamav
# service clamd start
Starting Clam AntiVirus Daemon: ERROR: Please edit the
example config file /etc/clamd.conf
ERROR: Can't open/parse the config file /etc/clamd.conf
[FAILED]
Edit the config file, comment out “Example”
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this
file.
##
# Comment or remove the line below.
#Example
"ERROR: Please define server type (local and/or
TCP)"
You may need to uncomment the "TCPSocket" line in
clamd.conf.
Set Clamav to run a daily scan
#vim /etc/cron.daily/clamscan
#!/bin/bash
# setup the scan location and scan log
CLAM_SCAN_DIR="/var/www/vhosts"
CLAM_LOG_FILE="/var/log/clamav/dailyscan.log"
# update the virus database
/usr/bin/freshclam
# run the scan
/usr/bin/clamscan -i -r $CLAM_SCAN_DIR >>
$CLAM_LOG_FILE
MAILTO=user@domain.com
or
#clamscan -i -r --log=/var/log/clamscan-date.txt
/var/www/vhosts/*
Set the cron file as an executible
#chmod 555 /etc/cron.daily/clamscan
Test your installation and cron job
#/etc/cron.daily/clamscan
Try to
scan.
[root@mail ~]# clamscan --infected --remove --recursive
/home #/home is your scan folder
----------- SCAN SUMMARY -----------
Known viruses: 3509099
Engine version: 0.98.4
Scanned directories: 94
Scanned files: 109
Infected files: 0
Data scanned: 0.95 MB
Data read: 0.89 MB (ratio 1.07:1)
Time: 8.485 sec (0 m 8 s)
# Download trial virus
[root@amir ~]# wget http://www.eicar.org/download/eicar.com
[root@amir ~]# clamscan --infected --remove --recursive .
./eicar.com: Eicar-Test-Signature FOUND
./eicar.com: Removed. # just detected
----------- SCAN SUMMARY -----------
Known viruses: 3509099
Engine version: 0.98.4
Scanned directories: 110
Scanned files: 147
Infected files: 1
Data scanned: 0.78 MB
Data read: 0.64 MB (ratio 1.21:1)
Time: 7.982 sec (0 m 7 s)