Before installing ClamAV, it’s a good idea to update your system packages. Open a terminal window and run the following commands:
sudo apt update sudo apt upgrade
2. Install ClamAV
To install ClamAV, run the following command:
sudo apt install clamav clamav-daemon
3. Configure ClamAV
After the installation is complete, stop the ClamAV service to make configuration changes:
sudo systemctl stop clamav-daemon
Edit the ClamAV configuration file:
sudo nano /etc/clamav/clamd.conf Find the following line: #OnAccessIncludePath /home
Uncomment it by removing the '#' at the beginning and update the path to the directory you want to scan:
OnAccessIncludePath /path/to/scan
Enable the on-access scanning by adding the following lines at the end of the file:
OnAccessPrevention yes ScanOnAccess yes
Save the changes and exit the text editor by pressing `Ctrl + X`, then `Y`, and finally `Enter`.
4. Configure the ClamAV user
By default, ClamAV runs as the "clamav" user, which may not have sufficient permissions to scan all files. To change the user to "root", run the following command:
sudo nano /etc/systemd/system/multi-user.target.wants/clamav-daemon.service
Find the line:
User=clamav
Replace "clamav" with "root":
User=root
Save the changes and exit the text editor.
5. Reload the systemd configuration
To apply the changes made to the ClamAV user, reload the systemd configuration:
sudo systemctl daemon-reload
6. Start the ClamAV service
Start the ClamAV service with the following command:
sudo systemctl start clamav-daemon
7. Enable ClamAV to start on boot
To ensure that ClamAV starts automatically when your server boots, run the following command:
sudo systemctl enable clamav-daemon
8. Update the ClamAV virus database
Finally, update the ClamAV virus database by running:
sudo freshclam
You've now successfully installed ClamAV on your Ubuntu 22.04 server and configured it as an on-access scanner. To test the on-access scanning, you can download the EICAR test file (a harmless file used to test antivirus programs) and access it to see if ClamAV detects it:
wget https://secure.eicar.org/eicar.com cat eicar.com
If ClamAV is working correctly, you should see a message indicating that the file was blocked due to a virus.