Skip to content

Instantly share code, notes, and snippets.

@ph33nx

ph33nx/antivirus-scan-on-fedora-using-clamav.md

Last active October 23, 2025 03:00
Show Gist options
  • Save ph33nx/aa44bd69c6eda86d5e35dc9a1c2906fd to your computer and use it in GitHub Desktop.
Save ph33nx/aa44bd69c6eda86d5e35dc9a1c2906fd to your computer and use it in GitHub Desktop.
Download ZIP
Antivirus Scan on Fedora 42 using ClamAV (2025)
Raw
antivirus-scan-on-fedora-using-clamav.md

Step 0: Install ClamAV with Daemon and Updater

sudo dnf install clamav clamav-freshclam clamd

Step 1: Enable SELinux Boolean for Full System Scanning

sudo setsebool -P antivirus_can_scan_system 1

Step 2: Configure ClamAV Daemon for Multi-Core Scanning

Edit the daemon config:

sudo nano /etc/clamd.d/scan.conf

Make sure these lines are uncommented and tuned:

LocalSocket /run/clamd.scan/clamd.sock
TCPSocket 3310
User clamscan
MaxThreads 8             # set this to number of cores or half if you want to keep system responsive
FollowFileSymlinks yes
FollowDirectorySymlinks yes
ScanArchive yes
MaxScanSize 2G           # fix for “decompress file size exceeds limits”
MaxFileSize 2G           # fix for “decompress file size exceeds limits”

Save and exit.

Step 3: Start and Enable the Daemon

sudo systemctl enable --now [email protected]

Check it’s active:

sudo systemctl status [email protected]

Step 4: Update Virus Database

sudo freshclam

Step 5: Run Scans with Multi-Core Support (clamdscan)

  1. Scan only your home directory (replace yourusername):

    sudo clamdscan --multiscan --fdpass -i --remove \
  --exclude-dir="/home/yourusername/.cache" \
  --exclude-dir="/home/yourusername/.local/share/flatpak" \
  /home/yourusername

  2. Scan the entire system root (excluding noisy system dirs):

    sudo clamdscan --multiscan --fdpass -i --remove \
  --exclude-dir=/proc --exclude-dir=/sys --exclude-dir=/dev \
  --exclude-dir=/run --exclude-dir=/var/lib/flatpak \
  /

Step 6: Optional — Verify Parallel Usage

Run this in another terminal while scanning:

htop -t | grep clamd

You should see multiple clamd worker threads consuming CPU across cores.

Notes

  • --multiscan runs parallel threads managed by the clamd daemon.

  • --fdpass allows file descriptor passing under sudo, avoiding permission issues.

  • MaxScanSize and MaxFileSize options handle large compressed files to silence:

    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits

  • Adjust MaxThreads to match your CPU core count (nproc shows how many you have).

  • --remove automatically deletes infected files — switch to --move=/quarantine if you want a safer review workflow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment