ClamAV Installation, Update And Scan Guide.
ClamAV is an open-source antivirus engine designed to detect trojans, viruses, malware, and other malicious threats. This guide provides a step-by-step method to install, update, and configure ClamAV along with an automation script.
1. Supported Distributions.
This script supports the following Linux distributions:
- Ubuntu / Debian
- CentOS 7
- RHEL / CentOS Stream / Rocky Linux / AlmaLinux
- Fedora
2. Features of the Script.
Automatic
- OS detection
- ClamAV and required services.
Installs
- Configures and enables FreshClam (auto virus database updater)
- initial malware scan.
Performs
- Moves infected files to quarantine
- Saves detailed logs under /var/log/clamav/
3. Manual Installation Steps.
- On Debian / Ubuntu
sudo apt update
sudo apt install -y clamav clamav-daemon.
- On CentOS 7
sudo yum install -y epel-release
sudo yum install -y clamav clamav-update
- On RHEL / Rocky Linux / AlmaLinux / Fedora
sudo dnf install -y epel-release
sudo dnf install -y clamav clamav-update
4. Update Virus Database.
Before scanning, always update ClamAV virus definitions:
sudo systemctl stop clamav-freshclam
sudo freshclam
sudo systemctl start clamav-freshclam
5. Running a Scan
Quick Scan
clamscan -r /home
Full System Scan (excluding system directories)
sudo clamscan -r -i \
--exclude-dir="^/sys" \
--exclude-dir="^/proc" \
--exclude-dir="^/dev" \
--move=/var/quarantine \
--log=/var/log/clamav/scan.log /
6. Automation Script
Save the following as clamav-installer.sh
#!/bin/bash
# ==========================================================
# ClamAV Auto Installer, Updater, and Scanner
# Works on: Ubuntu, Debian, CentOS, RHEL, Rocky, AlmaLinux, Fedora
# ==========================================================
LOGDIR="/var/log/clamav"
SCANLOG="$LOGDIR/initial-scan.log"
QUARANTINE="/var/quarantine"
# Ensure log and quarantine directories exist
sudo mkdir -p "$LOGDIR" "$QUARANTINE"
echo "[+] Detecting OS..."
if [ -f /etc/debian_version ]; then
echo "[+] Debian/Ubuntu detected"
sudo apt update
sudo apt install -y clamav clamav-daemon
elif [ -f /etc/redhat-release ]; then
if grep -q "CentOS Linux release 7" /etc/redhat-release; then
echo "[+] CentOS 7 detected"
sudo yum install -y epel-release
sudo yum install -y clamav clamav-update
else
echo "[+] RHEL / CentOS Stream / Fedora detected"
sudo dnf install -y epel-release
sudo dnf install -y clamav clamav-update
fi
else
echo "[!] Unsupported distribution"
exit 1
fi
echo "[+] Enabling FreshClam auto-updater..."
sudo systemctl enable clamav-freshclam
sudo systemctl start clamav-freshclam
echo "[+] Updating virus database..."
sudo systemctl stop clamav-freshclam
sudo freshclam
sudo systemctl start clamav-freshclam
echo "[+] Running initial malware scan..."
sudo clamscan -r -i \
--exclude-dir="^/sys" \
--exclude-dir="^/proc" \
--exclude-dir="^/dev" \
--move="$QUARANTINE" \
--log="$SCANLOG" /
echo "[+] Scan complete."
echo " → Log file: $SCANLOG"
echo " → Quarantine dir: $QUARANTINE"
7. Usage Instructions
- Save the script:
nano clamav-installer.sh
(Paste the code above, then save and exit CTRL+O, CTRL+X)
- Make it executable
chmod +x clamav-installer.sh
- Run the script:
./clamav-installer.sh
8. Output & Logs
- Logs are stored in:
/var/log/clamav/initial-scan.log
- Infected files are moved to:
/var/quarantine
9. Schedule Regular Scans (Optional).
Create a cron job for daily scans:
- Open the root crontab:
sudo crontab -e
- Add this line at the bottom:
0 2 * * * /usr/bin/clamscan -r -i --move=/var/quarantine --log=/var/log/clamav/daily-scan.log /