ClamAV requires a bit of configuration, and as a Fedora user, you must work around some issues with the packages. This tutorial should also apply to other Linux distributions, although some of the tools and package names may be different.

Every command must be executed as the root system user.

Installation ClamAV is found in the default Fedora package repository, and installing the package requires just a single command: dnf install clamav-scanner clamav-scanner-systemd clamav-update This will get you the SystemD configuration files and the virus definition update agent as well as the ClamAV engine and daemon. Because of a bug in the Fedora distribution of the clamav-scanner package (since at least Fedora 17 up through 27), you will also need to create a symbolic link from Fedora’s installation path to a hard-coded path expected by ClamAV: ln -s /etc/clamd.d/scan.conf /etc/clamd.conf Before proceeding, you should also make sure to set the SELinux boolean for giving the ClamAV engine unrestricted access to the system: setsebool -P antivirus_can_scan_system 1 At this point, you should have installed ClamAV properly and can move on to configuring it for your system.

Configuring the ClamAV daemon Open up the file /etc/clamd.conf for editing, and apply the following changes: Comply with the request to “ Comment or remove the line below ” near the top of the file.

” near the top of the file. Uncomment the line with the “ LocalSocket ” option. The default value is okay.

” option. The default value is okay. Uncomment the line with the “ ExitOnOOM ” option. The default value is okay. That is it for the essential configuration. You may skip ahead to the next section, or read on if you’re running on a lower-end machine or a server. Now, to keep ClamAV’s impact on the systems resources low, we’re also going to add some custom options to lower the task’s priority in the system. We’ll achieve this through SystemD. Copy the default SystemD service configuration file into your local configuration folder so you can edit it without losing changes on future updates. cp /usr/lib/systemd/system/clamd@.service /etc/systemd/system/clamd@.service Open up the file /etc/systemd/system/clamd@.service for editing, and apply the following changes at the bottom of the “ [Service] ” section: Nice=18 IOSchedulingClass=idle CPUSchedulingPolicy=idle Have SysetmD reload all configuration files to inform it of your changes. Proceed to test-start the clamd@scan service and check up on its status: systemctl daemon-reload systemctl start clamd@scan systemctl status clamd@scan You should review your logs and configuration files if the service failed to start. Assuming that the service is marked as running, you can go on and enable the service by default on system boot: systemctl enable clamd@scan

Setting up periodic scans Please be aware that virus scanning requires 700+ MB of memory of your system and growing every year. It also requires a significant chunk of CPU and I/O disk operations. The modifications to the service file will reduce the effects of CPU and I/O load on your system at the expense of scans taking more time. There isn’t much that can be done with the memory-consumption. The virus scanner requires knowledge of all the world’s viruses, the virus definitions, while scanning your files. As you can’t decide what viruses and malware that will appear on your system, you’ve no reasonable expectation of lowering the memory consumption. Set your scan schedule to times when your PC or server doesn’t have to perform other tasks to minimize the impact. We’ll once again rely on crontab to run our reoccurring periodic tasks on a schedule: Run EDITOR=nano crontab -e to modify your crontab using the nano text editor. Insert the below task: 0 5 * * 0 nice -n 16 systemd-cat --identifier="clamav-scan" clamdscan --quiet --fdpass /var/www 30 5 * * 7 nice -n 18 systemd-cat --identifier="clamav-scan" clamdscan --quiet --fdpass / These are slightly more complex tasks than we set up before. This will scan your /var/www/ directory every day at 05:00 , and your entire file system / on the first Sunday of every month at 05:30 in the morning. One day per month, you’ll have a duplicate scan of your /var/www/ directory but we can live with that. Adjust the example scan targets and schedule to fit your needs.

Review your virus scan logs! Detecting the presence of malware, viruses, and other badware is only half the battle. You’ll have to act on the detection threat information manually. Thought the use of systemd-cat , every log message from virus definition updates to virus scanning has been passed on to the SystemD journal. Definition updates are logged in the clamav-update page, and virus scans are logged in the clamav-scan page. To learn how to select specific pages of the journal, see my short introduction to systemd-cat and dealing with journal pages. This will quickly get you up to speed on the relevant commands. Set up a reoccurring calendar reminder on your phone or calendar program to remind yourself to periodically review your PC or servers virus scan logs.

I hope you’ll never see a virus or badware on any of your systems, but with ClamAV you should at least be able to detect it if the unspeakable were to happen!