My notes on getting ClamAV working on CentOS 7

clamav-notes

# How to get ClamAV working on CentOS 7

yum -y install epel-release && yum -y update
yum -y install clamav clamav-data clamav-scanner clamav-scanner-systemd clamav-server clamav-server-systemd clamav-unofficial-sigs clamav-update

cat <<EOF > /etc/clamd.d/freshclam.conf
# Automatically created by the clamav-freshclam postinst
Bytecode true
CompressLocalDatabase no
ConnectTimeout 30
DatabaseDirectory /var/lib/clamav
DatabaseMirror database.clamav.net
DatabaseMirror db.local.clamav.net
DatabaseMirror db.us.clamav.net
DatabaseOwner clamupdate
Debug false
DNSDatabaseInfo current.cvd.clamav.net
Foreground false
#LogFacility LOG_LOCAL6
#LogFileMaxSize 0
#LogRotate true
LogSyslog false
LogTime true
LogVerbose false
MaxAttempts 5
NotifyClamd /etc/clamd.d/clamd.conf
ReceiveTimeout 30
SafeBrowsing true
ScriptedUpdates yes
TestDatabases yes
#UpdateLogFile /var/log/clamav/freshclam.log
EOF

cat <<EOF > /usr/lib/systemd/system/clamav-freshclam.service
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target

[Service]
Type = forking
ExecStart = /bin/ionice -c3 /bin/nice -n 19 /usr/bin/freshclam --config-file /etc/clamd.d/freshclam.conf -d -c 2
Restart = on-failure
PrivateTmp = true

[Install]
WantedBy = multi-user.target
EOF

systemctl enable clamav-freshclam.service && systemctl start clamav-freshclam.service
setsebool -P antivirus_can_scan_system 1 && setsebool -P antivirus_use_jit 1

cat <<EOF > /etc/clamd.d/clamd.conf
#Automatically Generated by clamav-daemon postinst
AlgorithmicDetection true
AllowAllMatchScan true
ArchiveBlockEncrypted false
BytecodeSecurity Paranoid
BytecodeTimeout 60000
Bytecode true
CommandReadTimeout 5
#CrossFilesystems true
DatabaseDirectory /var/lib/clamav
Debug false
DetectBrokenExecutables false
DetectPUA false
DisableCache false
DisableCertCheck false
ExitOnOOM false
ExtendedDetectionInfo true
FixStaleSocket true
FollowDirectorySymlinks false
FollowFileSymlinks true
ForceToDisk false
Foreground false
HeuristicScanPrecedence false
IdleTimeout 30
LeaveTemporaryFiles false
LocalSocketGroup clamscan
LocalSocketMode 666
LocalSocket /var/run/clamd.scan/clamd.ctl
#LogClean false
#LogFacility LOG_LOCAL6
#LogFileMaxSize 0
#LogFileUnlock false
#LogFile /var/log/clamav/clamav.log
#LogRotate true
LogSyslog true
LogTime true
LogVerbose false
MaxConnectionQueueLength 15
MaxDirectoryRecursion 15
MaxEmbeddedPE 10M
MaxFiles 10000
MaxFileSize 25M
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxIconsPE 100
MaxPartitions 50
MaxQueue 100
MaxRecHWP3 16
MaxRecursion 16
MaxScanSize 100M
MaxScriptNormalize 5M
MaxThreads 12
MaxZipTypeRcg 1M
OfficialDatabaseOnly false
OLE2BlockMacros false
OnAccessIncludePath /home
OnAccessMaxFileSize 5M
PartitionIntersection false
PCREMatchLimit 10000
PCREMaxFileSize 25M
PCRERecMatchLimit 5000
PhishingAlwaysBlockCloak false
PhishingAlwaysBlockSSLMismatch false
PhishingScanURLs true
PhishingSignatures true
ReadTimeout 180
ScanArchive true
ScanELF true
ScanHTML true
ScanHWP3 true
ScanMail true
ScanOLE2 true
ScanOnAccess true
ScanPartialMessages false
ScanPDF true
ScanPE true
ScanSWF true
ScanXMLDOCS true
SelfCheck 3600
SendBufTimeout 200
StatsEnabled false
StatsHostID auto
StatsPEDisabled false
StatsTimeout 10
StreamMaxLength 25M
StructuredDataDetection false
#User clamscan
User root
EOF

mv /usr/lib/systemd/system/[email protected] /usr/lib/systemd/system/clamd.service
cat <<EOF > /usr/lib/systemd/system/clamd.service
# Run the clamd scanner
[Unit]
Description = clamd scanner (%i) daemon
After = syslog.target nss-lookup.target network.target

[Service]
Type = simple
ExecStart = /bin/ionice -c3 /bin/nice -n 19 /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --foreground=yes
Restart = on-failure
PrivateTmp = true
MemoryMax=50%
CPUQuota=50%

[Install]
WantedBy = multi-user.target
EOF
sed -i 's/[email protected]/clamd.service/g' /usr/lib/systemd/system/[email protected]
systemctl enable clamd.service && systemctl start clamd.service