Created
July 24, 2019 12:02
-
-
Save alinetskyi/7de225f4ecb50ba59dcf64fa5d879abd to your computer and use it in GitHub Desktop.
ClamAV installation script on CentOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Install ClamAV and all the dependencies | |
| yum install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd | |
| # Configure SEL to be used with ClamAV | |
| setsebool -P antivirus_can_scan_system 1 | |
| # Configure ClamAV | |
| cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf | |
| sed -i '/^Example/d' /etc/clamd.d/clamd.conf | |
| sed -i 's/#ScanOnAccess yes/ScanOnAccess yes/' /etc/clamd.d/clamd.conf | |
| sed -i 's/#LocalSocket \/var\/run\/clamd.<SERVICE>\/clamd.sock/LocalSocket \/var\/run\/clamd.<SERVICE>\/clamd.sock/g' /etc/clamd.d/clamd.conf | |
| sed -i 's/User <USER>/User clamscan/' /etc/clamd.d/clamd.conf | |
| # Configure ClamAV DB updator | |
| cp /etc/freshclam.conf /etc/freshclam.conf.bak | |
| sed -i '/^Example/d' /etc/freshclam.conf | |
| # Configure Fresh Clam updator service | |
| cat > /usr/lib/systemd/system/clam-freshclam.service <<EOF | |
| # Run the freshclam as daemon | |
| [Unit] | |
| Description = freshclam scanner | |
| After = network.target | |
| [Service] | |
| Type = forking | |
| ExecStart = /usr/bin/freshclam -d -c 4 | |
| Restart = on-failure | |
| PrivateTmp = true | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| # Enable and start Fresh Clam Updator service | |
| systemctl enable clam-freshclam.service | |
| systemctl start clam-freshclam.service | |
| # Configure ClamAV service | |
| mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service | |
| sed -i 's/.include \/lib\/systemd\/system\/clamd@.service/.include \/lib\/systemd\/system\/clamd.service/' /usr/lib/systemd/system/clamd@scan.service | |
| cat > /usr/lib/systemd/system/clamd.service << EOF | |
| [Unit] | |
| Description = clamd scanner daemon | |
| After = syslog.target nss-lookup.target network.target | |
| [Service] | |
| Type = simple | |
| ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --foreground=yes | |
| Restart = on-failure | |
| PrivateTmp = true | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| mv /usr/lib/systemd/system/clamd.service /usr/lib/systemd/system/clamd.service | |
| # Enable and start all the services | |
| systemctl enable clamd.service | |
| systemctl enable clamd@scan.service | |
| systemctl start clamd.service | |
| systemctl start clamd@scan.service | |
| # Enable cronjob to scan every Monday at midnight | |
| echo "0 0 * * MON root clamscan -ri /" >> /etc/crontab | |
| systemctl restart crond |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment