How to Install ClamAV on CentOS 7: A Step-by-Step Guide

Do you want to protect your Linux VPS or server from dangerous malware and viruses? You can easily do that by installing an antivirus. There are plenty of options out there, but we do recommend to install ClamAV. It’s a great open-source antivirus solution against trojans, malware, and other security threats.

In this article, you will learn how to install ClamAV on CentOS 7 for better server protection!

Why Do You Need Antivirus on Linux Server?

While Linux is known to be one of the more secure operating systems, that doesn’t mean it is impenetrable to virus attacks. One study has shown that 36% of total top malware cases in Q1 2017 were reported on Linux systems. What’s worse, is that these numbers are not going down.

It also states that 82% of the attacks target webservers. That’s more than enough to alert anyone about their VPS and server security. Therefore, you need an antivirus to give your system better online protection.

Thankfully, we have ClamAV, one of the best Linux security solutions to get rid of numerous malware threats. It’s reliable, easy to set up, and free. Just keep in mind that this guide will show you how to install ClamAV on CentOS 7 distribution.

Before we begin, make sure that you have root access to your CentOS 7 server or VPS. For Hostinger users, the required credential can be found on the Servers tab in hPanel.

Additionally, you need to know how to use Putty (Windows) or Terminal (macOS, Linux) to establish the SSH connection.

How to Install ClamAV on CentOS 7

We’ll divide this tutorial into three steps – installing ClamAV on CentOS 7, configuring SELinux, and configuring ClamAV. So, let’s get started!

1. Installing ClamAV on CentOS 7

1. By default, ClamAV doesn’t come prepackaged in the CentOS software repository. We have to add the additional repository by running yum commands one after the other:

   sudo yum -y install epel-release

   sudo yum clean all

2. Now, it’s time to install ClamAV on CentOS 7. Simply run the following command:

   sudo yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

You have installed ClamAV, but we still need to make several additional configurations to make it work properly.

2. Configuring SELinux

SELinux is a security measure aimed at protecting changes to some files. Additional configuration is required if you want to use ClamAV with enabled SELinux kernel module. Otherwise, ClamAV will not be able to read certain sections of your files.

1. To configure SELinux, execute the following commands one by one:

   sudo setsebool -P antivirus_can_scan_system 1

   sudo setsebool -P clamd_use_jit 1

2. Next, you have to verify the changes:

   sudo getsebool -a | grep antivirus

   You should get this result:

   antivirus_can_scan_system --> on
   antivirus_use_jit --> off

Once ClamAV is ready to run alongside SELinux, it is time to configure the antivirus.

3. Configuring ClamAV

1. Before you can enable ClamAV configuration, you need to remove Example string from the configuration file:

   sudo sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf

2. Next, you will have to specify the server type. Open the configuration file using your favorite text editor. In this example, we will use nano. If it’s not already installed, you can do it using yum:

   sudo yum install nano -y

   Next, open the configuration file:

   sudo nano /etc/clamd.d/scan.conf

   Find the following line:

   #LocalSocket /var/run/clamd.scan/clamd.sock

   Remove the # symbol and save your changes.

3. Now, remove Example string from ClamAV’s freshclam update engine configuration file:

   sudo sed -i -e "s/^Example/#Example/" /etc/freshclam.conf

4. Once that’s done, you can run virus definition database update:

   sudo freshclam

   You should get a similar output:

   ClamAV update process started at Tue Dec  19 09:30:20 2016
   main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
   Trying host database.clamav.net (69.163.100.14)...
   Downloading daily.cvd [100%]
   daily.cvd updated (version: 22739, sigs: 1100989, f-level: 63, builder: neo)
   Downloading bytecode-279.cdiff [100%]
   Downloading bytecode-280.cdiff [100%]
   Downloading bytecode-281.cdiff [100%]
   Downloading bytecode-282.cdiff [100%]
   Downloading bytecode-283.cdiff [100%]
   bytecode.cld updated (version: 285, sigs: 57, f-level: 63, builder: bbaker)
   Database updated (5319836 signatures) from database.clamav.net (IP: 168.143.19.95)

5. Lastly, start Clamd service and run it on boot:

   sudo systemctl start clamd@scan

   sudo systemctl enable clamd@scan

Conclusion

Viruses can harm computers and even web servers at any given time, regardless of what operating system you’re using. Therefore, if you own a Linux VPS or a server, you must install an antivirus to protect it from malicious attacks.

You’ve learned how to install ClamAV on CentOS 7 using the command line. Let’s review the steps once more:

1. Download the EPEL repository and install ClamAV on CentOS 7.
2. Configure SELinux to make sure ClamAV can thoroughly read all of your files.
3. Configure ClamAV and start the service.

That’s it! Feel free to leave a comment below if you have any questions.