ClamAV

ClamAV is Article description::an open-source (GPL-2) anti-virus engine. The base package provides a number of utilities, including a daemon, a command line scanner , an on-access file scanner , and a tool for fetching updates.

ClamAV is a flexible tool, and can be used in many different ways including:
 * Providing email virus scanning as part of a mail gateway
 * Web scanning
 * Endpoint Security (desktop scanning)

This is often accomplished by an application or service calling ClamAV as part of its workflow, for example Postfix can be configured to connect to a ClamAV daemon listening for connections on the system.

= Installation =

First, install ClamAV:

Run to download the latest ClamAV detection database.

Start the ClamAV and freshclam services, and add them to the default runlevel:

You may also want to do the same for the or  services. On-access scanning is discussed below. Scan a directory to validate the installation:

= Configuration =

The default Gentoo configuration of is usable for both desktop systems and mail servers; changes can be made to  if the defaults are not suitable. If the desired functionality is the ability to scan files for viruses on demand, no changes need to be made.

The ClamAV daemon on Gentoo (under both OpenRC and systemd) creates a world-writable socket at. Users who want to scan a file or directory should ask the daemon to do it using the  command:

The flag sends a file descriptor to clamd rather than a path name, and avoids the need for the  user to be able to read everyone's files. As a result, the daemon should be able to run as the default user in any scenario. The administrator should not have to mess with any users or groups.

Integration with
This works "out of the box" after you configure amavis to use to invoke the virus scanner. For example,

Contrary to many how-to documents scattered about the internet, you do not need to change any users or groups to make amavisd-new work with ClamAV.

On Access File Scanning
On Linux systems ClamAV is able to use the fanotify API to perform on-access file scanning of nominated directories. is the included utility that provides this functionality and it shares its configuration with in

In the following example the directory will be recursively watched by :

Download an eicar test file to a location within the include path.

Invoke with elevated permissions to test the configuration

Attempt to access the eicar test file ( should prevent it):

Additional clamonacc configuration
If the default performance is insufficient, and there are available system resources, the following configuration values can be adjusted (increased from the default) in :


 * MaxQueue
 * MaxThreads
 * OnAccessMaxThreads

ClamAV GUI
can be installed to provide users with a GUI for that can (among other things): configure scan settings, schedule scans of the user's home directory, and launch on-demand scans of individual files or folders.

External resources

 * ClamAV (Arch Wiki)