Install, Update, and Scan with ClamAV on Linux – Step‑by‑Step Guide
This guide explains how to install the open‑source ClamAV antivirus on Linux, update its virus definitions, run recursive scans with various options, and automate deployment using Ansible, providing practical commands and sample outputs for effective malware protection.
ClamAV is a leading open‑source antivirus for Linux desktops and servers, operating from the command line with low memory and CPU usage while detecting a wide range of malware, email server exploits, viruses, and even Windows exploits.
Command‑line‑centric, lightweight.
Detects many virus types, including malware and email server vulnerabilities.
Suitable for both servers and Linux desktops.
Email scanning supports archives, executables, Office documents, HTML, PDF, etc.
Signature database updates every four hours.
Installation
Enable the EPEL repository and install ClamAV packages:
yum -y install epel-release
yum install -y clamav clamav-updateUpdating the Virus Database
Run freshclam to fetch the latest signatures. Example output:
[root@localhost ~]# freshclam
ClamAV update process started at Tue Mar 10 11:49:11 2020
WARNING: Your ClamAV installation is OUTDATED!
Local version: 0.101.5 Recommended version: 0.102.2
Downloading main.cvd [100%]
main.cvd updated (version: 59, sigs: 4564902, f‑level: 60)
Downloading daily.cvd [100%]
daily.cvd updated (version: 25746, sigs: 2212842, f‑level: 63)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 331, sigs: 94, f‑level: 63)
Database updated (6777838 signatures) from database.clamav.net
[root@localhost ~]#Scanning Files
Perform a recursive scan of the root directory, log results, and automatically remove infected files: # clamscan -ri / -l clamscan.log --remove Sample output highlights symbolic links, scan summary, and statistics:
----------- SCAN SUMMARY -----------
Known viruses: 6767433
Engine version: 0.101.5
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Time: 17.038 secOption Details
-r: recursive scan of sub‑directories. -i: show only infected files. -l <file>: write scan log to the specified file. --remove: delete infected files automatically. --move <dir>: move infected files to a quarantine directory.
Batch Deployment with Ansible
Copy a tarball to target servers and execute the scan remotely:
ansible server -m copy -a "src=/home/ansible/test.tar.gz dest=/home/ansible/test.tar.gz mode=664" -i testhost
ansible server -m shell -a "cd /home/ansible && tar -zxvf test.tar.gz && chmod +x test.sh && ./test.sh" -i testhost
ansible server -m shell -a "sudo nohup clamscan -r / -l /home/ansible/scan.log &" -i testhost
ansible server -m shell -a "sudo tail -n 10 /home/ansible/scan.log" -i testhostInventory example:
[server]
192.168.0.172
192.168.0.173
192.168.0.174
192.168.0.175
192.168.0.176
192.168.0.177
192.168.0.178
192.168.0.179
192.168.0.180
[server:vars]
ansible_ssh_user=ansible
ansible_ssh_port=22Source: https://www.cnblogs.com/xiaoyuxixi/p/12936105.html
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Liangxu Linux
Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.