Install EPEL repo first

Clamav is available on EPEL repo. Please install EPEL first then, run the following command:

[code]yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd[/code]

Remove “Example” line from freshclam.conf and /etc/clamd.d/scan.conf in default locatiof of clamd.conf!

[code]sed -i -e “s/^Example/#Example/” /etc/freshclam.conf[/code]

[code]sed -i -e “s/^Example/#Example/” /etc/clamd.d/scan.conf[/code]

Run freshclam to update database manually.

 [code]freshclam[/code]

Fresclam is run by cron job from /etc/cron.d/clamav-update 

[code] cat /etc/cron.d/clamav-update[/code]
## Adjust this line…
MAILTO=root

## It is ok to execute it as root; freshclam drops privileges and becomes
## user ‘clamupdate’ as soon as possible
0  */3 * * * root /usr/share/clamav/freshclam-sleep

# /usr/share/clamav/freshclam-sleep
WARNING: update of clamav database is disabled; please see
‘/etc/sysconfig/freshclam’
for information how to enable the periodic update resp. how to turn
off this message.

It seems that freshclam update via cron is disabled. Remove the last line (REMOVE ME) from /etc/sysconfig/freshclam file to active…

# tail /etc/sysconfig/freshclam
## ‘disabled-warn’  …  disables the automatic freshclam update and
##                         gives out a warning
## ‘disabled’       …  disables the automatic freshclam silently
# FRESHCLAM_DELAY=

### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
FRESHCLAM_DELAY=disabled-warn    # REMOVE ME

run clamd manually for testing purposes

[code]/usr/sbin/clamd -c /etc/clamd.d/scan.conf –nofork=yes[/code]
ERROR: Please define server type (local and/or TCP)

If you get error like above, then we need to define server type. Use socket option.

Comment out the following line in /etc/clamd.d/scan.conf

#LocalSocket /var/run/clamd.scan/clamd.sock

to

LocalSocket /var/run/clamd.scan/clamd.sock

Enable on startup

# systemctl  enable clamd@scan
ln -s ‘/usr/lib/systemd/system/clamd@scan.service’ ‘/etc/systemd/system/multi-user.target.wants/clamd@scan.service

and start the service, check the status

# systemctl  start clamd@scan
# systemctl  status clamd@scan
[code]

clamd@scan.service – Generic clamav scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled)
   Active: active (running) since Mon 2015-01-05 14:45:08 EET; 3s ago
 Main PID: 13588 (clamd)
   CGroup: /system.slice/system-clamd.slice/clamd@scan.service
           └─13588 /usr/sbin/clamd -c /etc/clamd.d/scan.conf –nofork=yes

Jan 05 14:45:08 Centos7-min systemd[1]: Started Generic clamav scanner daemon.
Jan 05 14:45:08 Centos7-min clamd[13588]: clamd daemon 0.98.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 05 14:45:08 Centos7-min clamd[13588]: Running as user clamscan (UID 995, GID 994)
Jan 05 14:45:08 Centos7-min clamd[13588]: Log file size limited to 1048576 bytes.
Jan 05 14:45:08 Centos7-min clamd[13588]: Reading databases from /var/lib/clamav
Jan 05 14:45:08 Centos7-min clamd[13588]: Not loading PUA signatures.
Jan 05 14:45:08 Centos7-min clamd[13588]: Bytecode: Security mode set to “TrustSigned”.

[/code]

Run a test scan:

# clamdscan -c /etc/clamd.d/scan.conf /etc/hosts
/etc/hosts: OK

———– SCAN SUMMARY ———–
Infected files: 0
Time: 0.002 sec (0 m 0 s)