How to Install ClamAV on Fedora 40 or 39

ClamAV is a robust antivirus toolkit that offers vital protection for Fedora Linux systems against malicious software, including viruses and trojans. Below are some of the key features of ClamAV:

• Versatile Protection: ClamAV diligently guards against various forms of malware, providing a secure environment for your Fedora Linux system.
• Regular Updates: With frequent database updates, ClamAV ensures your system is shielded against the latest known threats, enhancing your security landscape.
• Command-Line Interface: ClamAV operates through a straightforward command-line interface, making it accessible and easy to navigate for users familiar with terminal commands.
• Scanning Options: The toolkit offers flexible scanning options, allowing users to thoroughly check files, directories, and system areas prone to infections.
• Open Source: ClamAV is an open-source project that invites contributions from the community, which leads to continuous improvement and updated features.

Following the outlined steps in this guide, users can install ClamAV on Fedora Linux, update its virus databases, and initiate basic scans to safeguard their systems effectively. Let’s proceed with the instructions.

Refresh Fedora System Packages Before ClamAV Installation

First, run a quick update to ensure all packages are up-to-date to avoid conflicts during ClamAV installation.

sudo dnf upgrade --refresh

Install ClamAV via DNF Command

By default, ClamAV is available in the standard repository. Fedora focuses on being an upstream release, so the version provided is generally up-to-date and compatible with other Linux distributions. To install ClamAV, run the following command:

sudo dnf install clamav clamd clamav-update

With ClamAV installed, you can now update the virus database.

Update the ClamAV Virus Database

Ensure your system connects to the Internet to update the virus definitions. Before updating the database, stop the clamav-freshclam service:

sudo systemctl stop clamav-freshclam

Now, update your virus definition database using the freshclam command:

sudo freshclam

Once the database is updated, start the clamav-freshclam service and enable it to run automatically on system boot:

sudo systemctl enable clamav-freshclam --now

Example output:

Created symlink /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service → /usr/lib/systemd/system/clamav-freshclam.service.

If you need to disable clamav-freshclam in the future, use the following command:

sudo systemctl disable clamav-freshclam --now

To view the ClamAV directory and the dates of the files, use the ls -l command:

ls -l /var/lib/clamav/

Scan with ClamAV (Clamscan)

After successfully installing and updating ClamAV on your Fedora Linux system, initiate a system scan to verify its cleanliness. The clamscan command is your primary tool for this task.

Basic Clamscan Command Syntax

The fundamental syntax for deploying the clamscan command is straightforward:

sudo clamscan [options] [file/directory/-]

Common Clamscan Commands

Below are prevalent clamscan commands to facilitate a smooth start:

Print ClamAV Help

To view ClamAV’s help section, use:

sudo clamscan -h

Scan a file with ClamAV

For scanning a designated file, execute:

sudo clamscan /home/script.sh

Scan a directory with ClamAV

Initiate a scan within a specific directory with the following:

sudo clamscan /home/

Print infected files only with ClamAV

To display only the infected files, run the following:

sudo clamscan -i /home/

Skip printing OK files with ClamAV

Exclude files marked ‘OK’ from the scan results by using:

sudo clamscan -o /home/

Do not print the summary of the scan with ClamAV

If you prefer not to view the scan summary, execute:

sudo clamscan --no-summary /home/

Bell notification on virus detection with ClamAV

Receive an audible bell notification upon virus detection with the following:

sudo clamscan --bell -i /home

Scan directories recursively with ClamAV

To scan directories recursively, use:

sudo clamscan --bell -i -r /home

Save the scan report to file with ClamAV

Direct the scan report to a specific file by running:

sudo clamscan --bell -i -r /home -l output.txt

Scan files listed line by line in the file with ClamAV

Scan files listed line-by-line in a specified file with:

sudo clamscan -i -f /tmp/scan

Remove infected files with ClamAV

To automatically remove infected files detected during the scan, execute:

sudo clamscan -r --remove /home/USER

This deletes the file from your system. If it’s a false positive, you won’t be able to retrieve the file.

Move infected files into quarantine with ClamAV

Move all files requiring quarantine into the specified location:

sudo clamscan -r -i --move=/home/USER/infected /home/

Limit ClamAV CPU Usage

ClamAV can be CPU-intensive during scanning, which may be problematic for systems with limited or older hardware. To limit CPU usage during the scan, use the nice command before each ClamAV command.

For example, to reduce ClamAV CPU usage, use:

sudo nice -n 15 clamscan && sudo clamscan --bell -i -r /home

The benefit of using this method is that ClamAV, with clamscan, will maximize CPU usage if nothing else is using the CPU. However, if another process with a higher priority requires CPU, clamscan will scale down effectively to allow the other process to take priority.

Scheduled ClamAV Scans

To set up automatic scheduled scans on Fedora Linux, use a task scheduler such as GNOME Schedule or Cron. These tools regularly scan your system for malware, eliminating the need for manual scans. Set up scheduled scans with Cron as follows:

First, open the terminal. Then, run the following command to access the crontab configuration file for the current user:

crontab -e

If the command above does not work, install the following package:

sudo dnf install cronie

Add a new line with the following format to schedule a daily scan:

0 1 * * * /usr/bin/clamscan -r --quiet --move=/home/USER/infected /home/

This line schedules a daily scan at 1 AM, scanning the /home/ directory recursively and moving infected files to the /home/USER/infected directory.

Save the file and exit the editor. The new scheduled task will take effect immediately.

Customizing ClamAV Settings

To customize ClamAV settings, such as adjusting the sensitivity of the scanner or specifying which file types to scan, edit the ClamAV configuration file located at /etc/clamav/clamd.conf. Some common settings to customize include:

• MaxFileSize: Adjust the maximum file size that ClamAV will scan.
• MaxScanSize: Change the maximum data size that ClamAV will scan within an archive or a file.
• HeuristicScanPrecedence: Enable or disable heuristic scanning, which uses techniques to detect unknown malware.

For a complete list of configuration options, consult the ClamAV documentation.

Troubleshoot Tips with ClamAV

If you encounter issues during installation or while using ClamAV, consult the following common problems and their solutions:

• Permission denied: If you encounter permission errors during a scan, try running the command with sudo.
• Outdated virus database: Make sure to update the ClamAV virus database regularly using freshclam.
• High CPU usage: If ClamAV is using too much CPU during scans, use the nice command to limit its CPU usage.

Updates and Maintenance Commands with ClamAV

Maintaining and monitoring the software is essential to keep ClamAV effective in protecting your system. In addition to regularly updating the ClamAV binary using:

sudo dnf update --refresh

Additionally, it would be best if you also did the following:

• Monitor ClamAV log files located in /var/log/clamav for any issues or potential threats.
• Check the ClamAV mailing lists and forums for updates, news, or known issues.
• Periodically review and update your ClamAV settings to match your system’s needs and requirements.

By staying up-to-date with ClamAV’s updates and maintenance, you’ll ensure the software provides adequate protection for your Fedora Linux system.

Install ClamTk GUI (ClamAV GUI)

ClamTk is a popular graphical user interface for ClamAV, providing an alternative for users who prefer a GUI over the command line. To install ClamTk, run the following command:

sudo dnf install clamtk

After installation, you can launch ClamTk from your application menu. The ClamTk interface allows you to scan files and folders, update the virus database, and view scan history.

Additional Commands

Remove (Uninstall) ClamAV

If you decide to uninstall ClamAV, first disable the service:

sudo systemctl disable clamav --now

Next, use the following command to remove all traces of ClamAV and its dependencies:

sudo dnf remove clamav clamd clamav-update

ClamTK users, use the following command:

sudo dnf remove clamtk

Conclusion

In this tutorial, you’ve learned how to install ClamAV on Fedora Linux, update the signature database, and perform basic scanning commands to ensure your system’s security. Fedora’s focus on being an upstream repository means the ClamAV version provided should be up-to-date and compatible with other Linux distributions, ensuring maximum compatibility and protection for your system. Regularly updating and scanning your system will help maintain its security and integrity.