This guide will help you install and configure ClamAV Antivirus (clamd) as a daemon on a RHEL server. This setup will enable the ClamAV daemon to run as a background service. You need at least 4GB of memory on your machine before you start.

Step 1: Install ClamAV and Dependencies

Start by updating and installing the required packages, including the Extra Packages for Enterprise Linux (EPEL) repository:

  sudo yum update
  
  sudo yum install epel-release
  
  sudo yum install clamav-server clamav-data clamav-filesystem clamav-lib clamav-update clamav clamav-devel

Step 2: Configure freshclam for Updates

The freshclam tool is used to update the ClamAV virus database. To configure it:

  1. Backup the original freshclam configuration file:
  sudo cp /etc/freshclam.conf /etc/freshclam.conf.bak
  1. Remove the Example line to enable the configuration:
  sudo sed -i '/^Example/d' /etc/freshclam.conf

Step 3: Configure ClamAV Daemon (clamd)

Next, configure the clamd service:

  1. Open the /etc/clamd.d/scan.conf file:
  vi /etc/clamd.d/scan.conf
  1. Update the following lines (if these lines are commented out, make sure to uncomment them):
  LocalSocket /run/clamd.scan/clamd.sock
User root
LocalSocketGroup virusgroup
LocalSocketMode 666

Step 4: Enable and Start the clamd Service

Enable and start the ClamAV daemon:

  sudo systemctl enable clamd@scan
  
  sudo systemctl start clamd@scan

Step 5: Manual Scanning and Database Updates

To update the virus database manually, run:

  sudo freshclam

To scan a specific file for viruses, use:

  clamdscan <file_name>

Step 6 (optional): Configure Group Permissions for Apache

If you are using Apache and want it to access ClamAV, add the Apache user to the virusgroup:

  sudo usermod -aG virusgroup apache

Additional Note: SELinux Considerations

If SELinux is enabled on your server, additional configuration may be required. Consider reviewing and modifying SELinux policies to allow clamd to function correctly. Check the SELinux logs (/var/log/audit/audit.log) if you encounter any permission issues.

Conclusion

ClamAV is now installed and running as a daemon on your RHEL server, with automatic updates and a background scanning service. This setup ensures that your server is actively protected against viruses.