{"id":9680,"date":"2021-07-20T12:07:46","date_gmt":"2021-07-20T09:07:46","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9680"},"modified":"2024-03-18T19:34:50","modified_gmt":"2024-03-18T16:34:50","slug":"install-clamav-on-rocky-linux-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-clamav-on-rocky-linux-8\/","title":{"rendered":"Install ClamAV on Rocky Linux 8"},"content":{"rendered":"\n<p>In this tutorial, we are going to learn how to install ClamAV on Rocky Linux 8.&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.clamav.net\/\" target=\"_blank\">ClamAV<\/a>&nbsp;is an open source antivirus engine for detecting trojans, viruses, malware, adwares, rootkits and other malicious threats.<\/p>\n\n\n\n<p>Some of the features of ClamAV include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>built-in support for various archive formats, including Zip, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others.<\/li>\n\n\n\n<li>built-in support for almost all mail file formats<\/li>\n\n\n\n<li>built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others;<\/li>\n\n\n\n<li>built-in support for popular document formats including Microsoft Office and Mac Office files, HTML, RTF and PDF.<\/li>\n\n\n\n<li>support multiple signature languages such as hash-based signature matching, wildcards, boolean logic and any custom rules written in Bytecode language.<\/li>\n<\/ul>\n\n\n\n<p>ClamAV includes a multi-threaded scanner daemon, command line utilities for on demand file scanning and automatic signature updates. One of its main uses is on mail servers as a server-side email virus scanner.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installing ClamAV on Rocky Linux 8<\/h2>\n\n\n\n<p>Install EPEL Repository on Rocky Linux 8, which provides the latest stable release of ClamAV.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install epel-release<\/code><\/pre>\n\n\n\n<p>Install ClamAV.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install -y clamav clamd clamav-update<\/code><\/pre>\n\n\n\n<p>The ClamAV packages installed include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>clamd<\/code>&nbsp;&#8211; The Clam AntiVirus Daemon<\/li>\n\n\n\n<li><code>clamav<\/code>&nbsp;&#8211; End-user tools for the Clam Antivirus scanner<\/li>\n\n\n\n<li><code>clamav-data<\/code>&nbsp;&#8211; Virus signature data for the Clam Antivirus scanner<\/li>\n\n\n\n<li><code>clamav-devel<\/code>&nbsp;&#8211; Header files and libraries for the Clam Antivirus scanner<\/li>\n\n\n\n<li><code>clamav-lib<\/code>&nbsp;&#8211; Dynamic libraries for the Clam Antivirus scanner<\/li>\n\n\n\n<li><code>clamav-milter<\/code>&nbsp;&#8211; Milter module for the Clam Antivirus scanner<\/li>\n\n\n\n<li><code>clamav-update<\/code>&nbsp;&#8211; Auto-updater for the Clam Antivirus scanner data-files<\/li>\n<\/ul>\n\n\n\n<p>There are other ClamAV tools that are installed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>clamdscan<\/code>&nbsp;&#8211; a simple scanning client<\/li>\n\n\n\n<li><code>on-access scanning<\/code>&nbsp;&#8211; provides real-time protection via a&nbsp;<code>clamd<\/code>&nbsp;instance<\/li>\n\n\n\n<li><code>clamdtop<\/code>&nbsp;&#8211; a resource monitoring interface for&nbsp;<code>clamd<\/code><\/li>\n<\/ul>\n\n\n\n<p>Also, there are two major ClamAV configuration files:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>clamd.conf<\/code>&nbsp;&#8211; for configuring the behavior of the ClamAV Daemon&nbsp;<code>clamd<\/code>&nbsp;and associated tools<\/li>\n\n\n\n<li><code>freschclam.conf<\/code>&nbsp;&#8211; for configuring the behavior of the signature database update tool,&nbsp;<code>freshclam<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Update the ClamAV Signature Database<\/h3>\n\n\n\n<p>For scanning to work, you need am updated virus database. There are two options for updating ClamAV database:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code><strong>clamav-freshclam<\/strong><\/code>: updates the database from Internet. This is recommended with Internet access.<\/li>\n\n\n\n<li><code><strong>Offline update<\/strong><\/code>&nbsp;for systems with no direct internet access.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Update Signature Database with&nbsp;<code>clamav-freshclam<\/code><\/h4>\n\n\n\n<p>If you have internet access, you can use&nbsp;<strong><code>clamav-freshclam<\/code><\/strong>&nbsp;to update the ClamAV virus signature database.<\/p>\n\n\n\n<p>To use this method, stop the&nbsp;<code>clamav-freshclam<\/code>&nbsp;service (if it is running) and execute&nbsp;<code>freshclam<\/code>, the virus database update tool.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl stop clamav-freshclam<\/code><\/pre>\n\n\n\n<p>Before running the ClamAV database update, ensure the line <strong>Example<\/strong> is commented out on <strong><code>\/etc\/freshclam.conf<\/code><\/strong> configuration;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Comment or remove the line below.\n<strong>#Example<\/strong><\/code><\/pre>\n\n\n\n<p>Next, run the database update.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>freshclam<\/code><\/pre>\n\n\n\n<p>If the database is up-to-date, then you might get an output similar to below (Otherwise, the command will pull database updates)<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nClamAV update process started at Tue Jul 20 07:44:30 2021\ndaily database available for update (local version: 26231, remote version: 26237)\nCurrent database is 6 versions behind.\nDownloading database patch # 26232...\nERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed\nERROR: downloadPatch: Can't apply patch\nWARNING: Incremental update failed, trying to download daily.cvd\nTime:  1m 02s, ETA:    0.0s [========================&gt;]   54.81MiB\/54.81MiB\nTesting database: '\/var\/lib\/clamav\/tmp.a8d880a9dd\/clamav-143b07bc043cf326726dc09c22415a8d.tmp-daily.cvd' ...\nDatabase test passed.\ndaily.cvd updated (version: 26237, sigs: 1962599, f-level: 90, builder: raynman)\nmain database available for update (local version: 59, remote version: 61)\nCurrent database is 2 versions behind.\nDownloading database patch # 60...\nERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed\nERROR: downloadPatch: Can't apply patch\nWARNING: Incremental update failed, trying to download main.cvd\nTime:  3m 11s, ETA:    0.0s [========================&gt;]  160.41MiB\/160.41MiB\nTesting database: '\/var\/lib\/clamav\/tmp.a8d880a9dd\/clamav-ff23841557b15f1321d3185d3f333093.tmp-main.cvd' ...\nDatabase test passed.\nmain.cvd updated (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)\nbytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)\n<\/code><\/pre>\n\n\n\n<p>Next, start the&nbsp;<code>clamav-freshclam&nbsp;<\/code>service so it keeps updating the signature database in the background whenever.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl start clamav-freshclam<\/code><\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status clamav-freshclam<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf clamav-freshclam.service - ClamAV virus database updater\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/clamav-freshclam.service; disabled; vendor preset: disabled)\n   Active: active (running) since Tue 2021-07-20 08:32:34 EAT; 12s ago\n     Docs: man:freshclam(1)\n           man:freshclam.conf(5)\n           https:\/\/www.clamav.net\/documents\n Main PID: 2875 (freshclam)\n    Tasks: 1 (limit: 11388)\n   Memory: 4.9M\n   CGroup: \/system.slice\/clamav-freshclam.service\n           \u2514\u25002875 \/usr\/bin\/freshclam -d --foreground=true\n\nJul 20 08:32:34 rocky8.kifarunix-demo.com systemd[1]: Started ClamAV virus database updater.\nJul 20 08:32:35 rocky8.kifarunix-demo.com freshclam[2875]: ClamAV update process started at Tue Jul 20 08:32:35 2021\nJul 20 08:32:40 rocky8.kifarunix-demo.com freshclam[2875]: daily.cvd database is up-to-date (version: 26237, sigs: 1962599, f-level: 90, builder: raynman)\nJul 20 08:32:40 rocky8.kifarunix-demo.com freshclam[2875]: main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)\nJul 20 08:32:40 rocky8.kifarunix-demo.com freshclam[2875]: bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)\n<\/code><\/pre>\n\n\n\n<p>Ensure the service is enabled to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable clamav-freshclam<\/code><\/pre>\n\n\n\n<p><code><strong>freshclam<\/strong><\/code>&nbsp;downloads the ClamAV databases, CVDs, and place them on under,&nbsp;<code>\/var\/lib\/clamav\/<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ls \/var\/lib\/clamav\/ -1<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>bytecode.cvd\n daily.cld\n freshclam.dat\n main.cvd<\/code><\/pre>\n\n\n\n<p>For more configuration options for <strong>freshclam<\/strong>, check the config file, <code><strong>\/etc\/freshclam.conf<\/strong><\/code>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Offline Database Update<\/h4>\n\n\n\n<p>If your system do not have internet access, simply download the CVDs from&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.clamav.net\/downloads\" target=\"_blank\">ClamAV downloads pag<\/a><a href=\"https:\/\/www.clamav.net\/downloads\" target=\"_blank\" rel=\"noreferrer noopener\">e<\/a>&nbsp;and place them under the&nbsp;<code>\/var\/lib\/clamav<\/code>.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/05\/clamav-vcds.png\"><img loading=\"lazy\" decoding=\"async\" width=\"880\" height=\"151\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/05\/clamav-vcds.png\" alt=\"install ClamAV on Rocky Linux 8\" class=\"wp-image-5824\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/05\/clamav-vcds.png 880w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/05\/clamav-vcds-768x132.png 768w\" sizes=\"(max-width: 880px) 100vw, 880px\" \/><\/a><\/figure>\n\n\n\n<p>Once the downloaded CVDs are placed on the ClamAV database, be sure to change the ownership and permissions accordingly;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown -R clamupdate: \/var\/lib\/clamav\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chmod 644 \/var\/lib\/clamav\/*.cvd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-clamd\">Configuring Clamd<\/h3>\n\n\n\n<p>There are a few configuration options that needs to be adjusted in order to use the ClamAV.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/clamd.d\/scan.conf<\/code><\/pre>\n\n\n\n<p>Ensure the line below is commented out (hash is put at the beginning of the line) or removed.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Comment or remove the line below.\n<strong>#Example<\/strong><\/code><\/pre>\n\n\n\n<p>Define the path to a local socket file the daemon will listen on and adjust the permissions. You can thus uncomment these lines:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>#LocalSocket \/run\/clamd.scan\/clamd.sock<\/li>\n\n\n\n<li>#LocalSocketMode 660<\/li>\n<\/ul>\n\n\n\n<p>Such that your configuration file looks like;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Path to a local socket file the daemon will listen on.\n# Default: disabled (must be specified by a user)\n<strong>LocalSocket \/run\/clamd.scan\/clamd.sock\n<\/strong>\n...\n\n# Sets the permissions on the unix socket to the specified mode.\n# Default: disabled (socket is world accessible)\n<strong>LocalSocketMode 660<\/strong><\/code><\/pre>\n\n\n\n<p>Save and exit the file.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Create Clamd Systemd Service<\/h4>\n\n\n\n<p>To control clamd with systemd, create the service file by running the command below;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat &gt; \/etc\/systemd\/system\/clamd.service &lt;&lt; 'EOL'\n[Unit]\nDescription = clamd scanner daemon\nDocumentation=man:clamd(8) man:clamd.conf(5) https:\/\/www.clamav.net\/documents\/\nAfter = syslog.target nss-lookup.target network.target\n\n[Service]\nType = forking\nExecStart = \/usr\/sbin\/clamd -c \/etc\/clamd.d\/scan.conf\n# Reload the database\nExecReload=\/bin\/kill -USR2 $MAINPID\nRestart = on-failure\nTimeoutStartSec=420\n\n[Install]\nWantedBy = multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Start Clamd;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now clamd<\/code><\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status clamd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf clamd.service - clamd scanner daemon\n   Loaded: loaded (\/etc\/systemd\/system\/clamd.service; enabled; vendor preset: disabled)\n   Active: active (running) since Tue 2021-07-20 09:44:21 EAT; 10s ago\n     Docs: man:clamd(8)\n           man:clamd.conf(5)\n           https:\/\/www.clamav.net\/documents\/\n  Process: 2307 ExecStart=\/usr\/sbin\/clamd -c \/etc\/clamd.d\/scan.conf (code=exited, status=0\/SUCCESS)\n Main PID: 2308 (clamd)\n    Tasks: 2 (limit: 11388)\n   Memory: 1.1G\n   CGroup: \/system.slice\/clamd.service\n           \u2514\u25002308 \/usr\/sbin\/clamd -c \/etc\/clamd.d\/scan.conf\n\nJul 20 09:44:19 rocky8.kifarunix-demo.com clamd[2308]: ELF support enabled.\nJul 20 09:44:19 rocky8.kifarunix-demo.com clamd[2308]: Mail files support enabled.\nJul 20 09:44:19 rocky8.kifarunix-demo.com clamd[2308]: OLE2 support enabled.\nJul 20 09:44:19 rocky8.kifarunix-demo.com clamd[2308]: PDF support enabled.\nJul 20 09:44:19 rocky8.kifarunix-demo.com clamd[2308]: SWF support enabled.\nJul 20 09:44:19 rocky8.kifarunix-demo.com clamd[2308]: HTML support enabled.\nJul 20 09:44:19 rocky8.kifarunix-demo.com clamd[2308]: XMLDOCS support enabled.\nJul 20 09:44:19 rocky8.kifarunix-demo.com clamd[2308]: HWP3 support enabled.\nJul 20 09:44:19 rocky8.kifarunix-demo.com clamd[2308]: Self checking every 600 seconds.\nJul 20 09:44:21 rocky8.kifarunix-demo.com systemd[1]: Started clamd scanner daemon.\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Clamscan CLI Options and Example Usage<\/h3>\n\n\n\n<p>Clamscan is used to scan files and directories for viruses. From the man pages, the clamscan command syntax is:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan [options] [file\/directory\/-]<\/code><\/pre>\n\n\n\n<p>Some of the clamscan command options and their example usage is illustrated below;<\/p>\n\n\n\n<p>Print help information using&nbsp;<code>-h<\/code>&nbsp;or&nbsp;<code>--help<\/code>&nbsp;option.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan -h<\/code><\/pre>\n\n\n\n<p><strong>Note:<\/strong>&nbsp;Options marked with [=yes\/no(*)] can be optionally followed by&nbsp;<strong>=yes&nbsp;<\/strong>or&nbsp;<strong>=no.&nbsp;<\/strong>If they get called without the boolean argument the scanner will assume \u2018yes\u2019. The asterisk marks the default internal setting for a given option.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scan specific directory or file;<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan \/home\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan \/home\/filename.docx<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not display summary at the end of scanning.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan --no-summary \/home\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Print infected files only (<strong><code>-i<\/code><\/strong>,&nbsp;<code><strong>--infected<\/strong><\/code>);<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan -i \/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Skip printing OK files (<strong><code>-o<\/code>,&nbsp;<code>--suppress-ok-results<\/code><\/strong>);<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan <strong>-o<\/strong> \/home\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sound a bell on virus detection (<strong><code>--bell<\/code><\/strong>);<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan <strong>--bell<\/strong> -i \/home<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scan directories recursively&nbsp;<em>(<code>-r<\/code><\/em>,&nbsp;<em><code>--recursive<\/code><\/em>).<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan --bell -i <strong>-r<\/strong> \/home<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Save scan report to FILE (<em><strong><code>-l FILE<\/code>,&nbsp;<code>--log=FILE<\/code><\/strong><\/em>);<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan --bell -i <strong>-r<\/strong> \/home <strong>-l home-scan.txt<\/strong><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scan files listed line by line in FILE (<strong><code>-f FILE<\/code>,<code>&nbsp;--file-list=FILE<\/code><\/strong>).<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan -i <strong>-f \/tmp\/scan<\/strong><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Remove infected files (<code><strong>--remove[=yes\/no(*)]<\/strong><\/code>). Be careful as this removes file completely.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>&nbsp;clamscan -r --remove \/home\/USER<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Move infected files into DIRECTORY&nbsp;<code>(--move=DIRECTORY<\/code>). Directory must be writable for the user or unprivileged user running clamscan.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan -r -i --move=\/home\/USER\/infected \/home\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Copy infected files into DIRECTORY (\u2013copy=DIRECTORY). Directory must be writable for the user or unprivileged user running clamscan.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan -r -i --copy=\/home\/USER\/infected \/home\/<\/code><\/pre>\n\n\n\n<p>There is quite long list of options for various usage of clamscan. Consult&nbsp;<code>man clamscan<\/code>&nbsp;for more details.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ClamAV On-Access Scanning<\/h3>\n\n\n\n<p>ClamAV On-Access scan feature helps to block processes from attempting to access malicious files. This prevention occurs in kernel-space, and thus offers stronger protection than a purely user-space solution.<\/p>\n\n\n\n<p>Read more on <a href=\"https:\/\/docs.clamav.net\/manual\/OnAccess.html\" target=\"_blank\" rel=\"noreferrer noopener\">ClamAV On-Access Scanning<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ClamAV Return Codes<\/h3>\n\n\n\n<p>The following are the exit return codes for ClamAV.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>0 : No virus found.<\/li>\n\n\n\n<li>1 : Virus(es) found.<\/li>\n\n\n\n<li>2 : Some error(s) occurred.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Limiting Clamscan CPU Usage<\/h3>\n\n\n\n<p><code>clamscan<\/code>&nbsp;can be CPU intensive especially if it scanning a large directory.<\/p>\n\n\n\n<p>To limit the clamscan CPU time to certain levels, you can use two tools;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><code>nice<\/code><\/strong>: lowers the priority of clamscan (limits relative cpu time).<\/li>\n\n\n\n<li><strong><code>cpulimit<\/code><\/strong>: limits absolute cpu time.<\/li>\n<\/ul>\n\n\n\n<p>To use nice command,<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>nice -n 15 clamscan &amp;&amp; clamscan -ir \/<\/code><\/pre>\n\n\n\n<p>As long as no other process requires cputime, clamscan will maximize it. But as soon as another process with a higher priority needs cputime, clamscan will lost it.<\/p>\n\n\n\n<p>Using cpulimit;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cpulimit -z -e clamscan -l 20 &amp; clamscan -ir \/<\/code><\/pre>\n\n\n\n<p>Limits clamscan cpu time to 15% when scanning the entire root directory.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Further Reading<\/h3>\n\n\n\n<p>Read more about ClamAV on the documentation page.<\/p>\n\n\n\n<p><a href=\"https:\/\/docs.clamav.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">ClamAV Documentation<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-nikto-web-scanner-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Nikto Web Scanner on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/detecting-malicious-files-with-wazuh-and-virustotal\/\" target=\"_blank\" rel=\"noreferrer noopener\">Detecting Malicious Files with Wazuh and VirusTotal<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, we are going to learn how to install ClamAV on Rocky Linux 8.&nbsp;ClamAV&nbsp;is an open source antivirus engine for detecting trojans, viruses,<\/p>\n","protected":false},"author":3,"featured_media":9745,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,150],"tags":[169,3874,1578,3873,3875],"class_list":["post-9680","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-vulnerability-scanners","tag-clamav","tag-clamd","tag-freshclam","tag-install-clamav-on-rocky-linux-8","tag-virus-scan-linux","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9680"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=9680"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9680\/revisions"}],"predecessor-version":[{"id":21724,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9680\/revisions\/21724"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9745"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=9680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=9680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=9680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}