Install ClamAV
# Install
sudo dnf install epel-release -y
sudo dnf update -y
sudo dnf install clamav clamd clamav-update #
Install clamav, clamd background runner, clamav-update updater
# user is: clamscan
# Allows access to some system files
sudo setsebool -P antivirus_can_scan_system 1
# Update database
sudo freshclam # show here: /var/lib/clamav
# Edit /etc/clamd.d/scan.conf for Enable LocalSocket
sudo sed -i 's/#LocalSocket \/run/LocalSocket \/run/g' /etc/clamd.d/scan.conf
# Start the system database updater and start immediately
systemctl enable --now clamav-freshclam
systemctl status clamav-freshclam
# Start the Clamd Scanner service in the background
systemctl enable --now clamd@scan
systemctl status clamd@scan
# Manually scan the entire machine if desired (-r is recursive, not remove)
sudo clamscan -r /
# Feature to scan file when it is accessed clamonacc
## Editfile /etc/clamd.d/scan.conf
### Enable clamonacc feature
sudo sed -i 's/#OnAccessPrevention yes/OnAccessPrevention yes/g' /etc/clamd.d/scan.conf
### Specify the directory where clamonacc is applied
sudo sed -i 's/#OnAccessIncludePath \/home/OnAccessIncludePath \/home/g' /etc/clamd.d/scan.conf
### Exclude clamscan from clamonacc so it won't be blocked
sudo sed -i 's/#OnAccessExcludeUname clamav/OnAccessExcludeUname clamscan/g' /etc/clamd.d/scan.conf
### Run service clamonacc at startup:
#### Editfile /usr/lib/systemd/system/clamav-clamonacc.service, add:
Restart=on-failure
RestartSec=7s
#### Start
sudo systemctl daemon-reload
sudo systemctl enable --now clamav-clamonacc # or clamonacc
sudo systemctl status clamav-clamonacc
Install Linux Malware Detect
ClamAV should be install first, helpful for Linux Malware Detect.
Install Linux Malware Detect:
sudo wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvf maldetect-current.tar.gz
cd maldetect-{version}
bash ./install.sh
maldet -uScan:
maldet –scan-all /home/domain.com/public_html/*.phpShow quarantine files:
ls /usr/local/maldetect/quarantine/