Difference between revisions of "ClamAV"

From ArchWiki
Jump to: navigation, search
m (Starting the daemon: Fixing style of the daemon section: https://wiki.archlinux.org/index.php/Help:Style#Daemon_operations)
Line 14: Line 14:
== Starting the daemon ==
== Starting the daemon ==
To start the daemon:
The service is called {{ic|clamd.service}}. Read [[Daemons]] for more information about starting it and enabling it to start at boot.
# systemctl start clamd
To start it automatically at boot:
Also change the start options from "no" to "yes":
# systemctl enable clamd
Also in {{ic|/etc/conf.d/clamav}} change the start options from "no" to "yes".
# change these to "yes" to start
# change these to "yes" to start
== Updating database ==
== Updating database ==

Revision as of 17:13, 7 January 2013

zh-CN:ClamAV Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. Because ClamAV's main use is on file/mail servers for Windows desktops it primarily detects Windows viruses and malware.


ClamAV can be installed with package clamav, available in the Official Repositories.


Whether you are going to use clamav as a daemon or use it as a simple file checker you need to comment out the line that contains the word Example, usually it is found at the beginning of /etc/clamav/freshclam.conf and /etc/clamav/clamd.conf files.

Starting the daemon

The service is called clamd.service. Read Daemons for more information about starting it and enabling it to start at boot.

Also change the start options from "no" to "yes":

# change these to "yes" to start

Updating database

Edit the below file and comment out the line saying "Example"

# Comment or remove the line below.
# Example

Update the virus definitions with:

# freshclam

The database files are saved in:


Scan for Viruses

clamscan can be used to scan certain files, home directory, or an entire system:

$ clamscan myfile
$ clamscan -r -i /home
$ clamscan -r -i --exclude-dir=^/sys\|^/proc\|^/dev /

If you would like clamscan to remove the infected file use the --remove option in the command.


If you get the following messages after running freshclam:

WARNING: Clamd was NOT notified: Cannot connect to clamd through 
/var/lib/clamav/clamd.sock connect(): No such file or directory

Add a sock file for clamav:

# touch /var/lib/clamav/clamd.sock
# chown clamav:clamav /var/lib/clamav/clamd.sock

Then, edit /etc/clamav/clamd.conf – uncomment this line:

LocalSocket /var/lib/clamav/clamd.sock

Save the file and restart the daemon systemctl restart clamd

If you get the next error when starting the daemon:

LibClamAV Error: cli_loaddb(): No supported database files found
in /var/lib/clamav ERROR: Not supported data format

Run freshclam as root:

# freshclam -v

If you get a:

# can't create temporary directory

error, along with a 'HINT' containing a UID and a GID number.

Do the following:

# chown UID:GID /var/lib/clamav & chmod 755 /var/lib/clamav 
# ex: chown 64:64