$ sudo dnf install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd$ sudo setsebool -p antivirus_can_scan_system 1$ sudo cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
$ sudo sed -i '/^example/d' /etc/clamd.d/clamd.confuser <user>user clamscan#localsocket /var/run/clamd.<service>/clamd.socklocalsocket /var/run/clamd.scan/clamd.sock$ cd /usr/lib/systemd/system
$ sudo mv [email protected] clamd.service
$ sudo mv [email protected] clamdscan.servicenote: the only change is removing the @ from the top level include statement.
.include /lib/systemd/system/[email protected].include /lib/systemd/system/clamd.servicereplace the contents of /usr/lib/systemd/system/clamd.service with:
[unit]
description = clamd scanner daemon
after = syslog.target nss-lookup.target network.target
[service]
type = simple
execstart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --foreground=yes
restart = on-failure
privatetmp = true
[install]
wantedby=multi-user.target$ sudo systemctl enable clamd.service
$ sudo systemctl start clamd.service
$ sudo systemctl enable clamdscan.service
$ sudo systemctl start clamdscan.service
note: this is performance intensive. it's going to constantly scan the whole system. budgeting hardware resources for this is probably worth it on an exposed production system, but internal systems may be better off with these services installed for convenience, but stopped and disabled most of the time. ymmv.
$ sudo sed -i '/^example/d' /etc/freshclam.confwrite the following content to /usr/lib/systemd/system/freshclam.service:
# run the freshclam as daemon
[unit]
description = freshclam scanner
after = network.target
[service]
type = forking
execstart = /usr/bin/freshclam -d -c 4
restart = on-failure
privatetmp = true
[install]
wantedby=multi-user.target$ sudo systemctl enable freshclam.service
$ sudo systemctl start freshclam.service