Archive for July, 2016

CentOS 7, VestaCP and the Irritating clamd

July 9, 2016 1 comment

Here is the step by step guide in getting clamav to work in CentOS 7 for a VestaCP setup

Install Updated ClamAV components
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y

Link scan.conf to the default VestaCP clamd config file
rm -f /etc/clamd.d/scan.conf
ln -s /etc/clamd.conf /etc/clamd.d/scan.conf

Create freshclam service (Running it as a service will automatically update your AV definitions)
vi /usr/lib/systemd/system/clam-freshclam.service

Description = freshclam scanner
After =
Type = forking
ExecStartPre=/usr/bin/mkdir -p /var/lib/clamav/
ExecStartPre=/usr/bin/chown -R clam.clam /var/lib/clamav
ExecStartPre=/usr/bin/chmod 755 /var/lib/clamav
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true

Register and start freshclam service
systemctl enable clam-freshclam.service
systemctl restart clam-freshclam.service
systemctl status clam-freshclam.service -l

Update clamd@ service to create the neccessary folders
vi /usr/lib/systemd/system/clamd@.service
Description = clamd scanner (%i) daemon
After =

Type = simple
***ADD these 2 lines below, they must be before ExecStart
ExecStartPre = /usr/bin/mkdir -p /var/log/clamav/
ExecStartPre = /usr/bin/chown -R clam:clam /var/log/clamav/
ExecStart = …

Update startup to use the new clamd service
cd /usr/lib/systemd/system

systemctl disable clamd.service

systemctl enable clamd@scan.service
systemctl restart clamd@scan.service
systemctl status clamd@scan.service

Test scan, make sure it is successful
clamdscan -c /etc/clamd.d/scan.conf –fdpass


Categories: CentOS, Vesta