ClamAV is arguably the most popular anti-virus package for GNU/Linux systems.

Installing ClamAV

Super simple, set use flags and emerge. The clamdtop flag is recommended because, to quote euse -i clamdtop "A Top like tool which shows what clamd is currently scanning amongst other things".

root@host # grep clamav /etc/portage/package.use
app-antivirus/clamav bzip2 clamdtop iconv ipv6

root@host # emerge -pv clamav
[ebuild  N    ] app-antivirus/clamav-0.95.3  USE="bzip2 clamdtop iconv ipv6 -milter (-selinux)" 26,289 kB

Configure ClamAV

First update the virus database using freshclam, then ClamAV can run as a daemon for processing. Other applications (maybe CVS) can use clamscan to process individual files.

Updating Virus Database

Use the tool freshclam, which you may want to configure in /etc/freshclam.conf. The DatabaseMirror should be set to db.[ISO2 Country Code].clamav.net, database.clamav.net is a fallback.

root@host # cat /etc/freshclam.conf
AllowSupplementaryGroups yes
DatabaseMirror db.us.clamav.net
DatabaseMirror database.clamav.net
DatabaseOwner clamav
LogFacility LOG_LOCAL1
LogSyslog yes
NotifyClamd /etc/clamd.conf
PidFile /var/run/clamav/freshclam.pid
ScriptedUpdates yes
UpdateLogFile /var/log/clamav/freshclam.log

Ubuntu systems configs are in /etc/clamav, other paths should be adjusted as well.

root@host freshclam -v --debug
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Wed Feb 24 13:16:29 2010
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 855
Software version from DNS: 0.95.3
main.cvd version from DNS: 52
LibClamAV debug: in cli_untgz()
LibClamAV debug: cli_untgz: Unpacking ./clamav-c4d3b527d0a1f3f962452ec7825f96a1/COPYING
LibClamAV debug: cli_untgz: Unpacking ./clamav-c4d3b527d0a1f3f962452ec7825f96a1/main.info
LibClamAV debug: cli_untgz: Unpacking ./clamav-c4d3b527d0a1f3f962452ec7825f96a1/main.db
LibClamAV debug: cli_untgz: Unpacking ./clamav-c4d3b527d0a1f3f962452ec7825f96a1/main.hdb
LibClamAV debug: cli_untgz: Unpacking ./clamav-c4d3b527d0a1f3f962452ec7825f96a1/main.mdb
LibClamAV debug: cli_untgz: Unpacking ./clamav-c4d3b527d0a1f3f962452ec7825f96a1/main.ndb
LibClamAV debug: cli_untgz: Unpacking ./clamav-c4d3b527d0a1f3f962452ec7825f96a1/main.zmd
LibClamAV debug: cli_untgz: Unpacking ./clamav-c4d3b527d0a1f3f962452ec7825f96a1/main.fp
Retrieving http://database.clamav.net/main-52.cdiff
Trying to download http://database.clamav.net/main-52.cdiff (IP: 168.143.19.95)
Downloading main-52.cdiff [100%]
cdiff_apply: Parsed 159797 lines and executed 159797 commands
main.cld updated (version: 52, sigs: 704727, f-level: 44, builder: sven)
daily.cvd version from DNS: 10450
LibClamAV debug: in cli_untgz()
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/COPYING
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.cfg
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.ign
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.ftm
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.info
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.db
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.hdb
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.hdu
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.mdb
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.mdu
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.ndb
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.ndu
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.ldb
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.zmd
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.fp
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.pdb
LibClamAV debug: cli_untgz: Unpacking ./clamav-9ff7ebcd179699ae017b7626ea19ba97/daily.wdb
Retrieving http://database.clamav.net/daily-9956.cdiff
Trying to download http://database.clamav.net/daily-9956.cdiff (IP: 168.143.19.95)
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 168.143.19.95)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-9956.cdiff
Trying to download http://database.clamav.net/daily-9956.cdiff (IP: 64.246.134.219)
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 64.246.134.219)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-9956.cdiff
Ignoring mirror 168.143.19.95 (due to previous errors)
Trying host database.clamav.net (194.8.197.22)...
Trying to download http://database.clamav.net/daily-9956.cdiff (IP: 194.8.197.22)
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 194.8.197.22)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/daily.cvd
Trying host database.clamav.net (208.72.56.53)...
Trying to download http://database.clamav.net/daily.cvd (IP: 208.72.56.53)
Downloading daily.cvd [100%]
LibClamAV debug: MD5(.tar.gz) = 1f57d428fa6448f3a2d8beb8aea1ec6a
LibClamAV debug: cli_versig: Decoded signature: 1f57d428fa6448f3a2d8beb8aea1ec6a
LibClamAV debug: cli_versig: Digital signature is correct.
daily.cvd updated (version: 10450, sigs: 16484, f-level: 44, builder: ccordes)
Database updated (721211 signatures) from database.clamav.net (IP: 208.72.56.53)

ClamAV Daemon

This runs resident scanner, that is faster for other applications to hook into as the virus database is always loaded. In place of scanning with clamscan use clamdscan. Also notice START_FRESHCLAM=yes which will have freshclam running according to it's configuration.

Configure this in /etc/conf.d/clamd and start the clamd init script.

root@host # cat /etc/conf.d/clamd
START_CLAMD=yes
START_FRESHCLAM=yes
CLAMD_NICELEVEL=3
FRESHCLAM_NICELEVEL=19

root@host # rc-update -a clamd
root@host # /etc/init.d/clamd start

See Also

• ClamAV on Ubuntu