ClamAV DirectAdmin installation with Email and FTP scanning

ClamAV DirectAdminThis tutorial explains how to install ClamAV on DirectAdmin using the CustomBuild tool included with DirectAdmin installations. It only takes a few steps to install it! With ClamAV it is possible to automatically scan every email that comes in. In addition, it is possible to scan all files on your server or VPS for unwanted files. In addition to installing, it explains how to update the virus definitions automatically every day and how to manually scan your system.

What you need:

  • Logged in as root
  • DirectAdmin installation with CustomBuild 2.0 or higher
  • Recommended: 1 GB of free RAM, clamd takes a lot of RAM

This tutorial is written for Rocky Linux 8 / CentOS 8 / AlmaLinux 8 or other RHEL 8 variants.

Note: Always make a snapshot and/or backup of your system before you upgrade the software! This way you can always fall back on a working configuration if something goes wrong.

Step 1 – ClamAV Directadmin Installation with CustomBuild

In addition to installing and optimizing SpamAssassin, you can install ClamAV which scans every email message for viruses or other unwanted content. In addition, with ClamAV you can scan the entire server or set up cronjobs that your system can run on a daily basis. Install ClamAV the following commands:

dnf install bzip2-devel

cd /usr/local/directadmin/custombuild/
./build update
./build set clamav yes
./build update
./build clamav

That’s all! Because you are using the latest exim.conf via CustomBuild 2.0, it automatically checks whether ClamAV is installed and is also used by Exim. You can check this by viewing the headers of a new email message. It should now contain the following:

X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

If not, check if you are using CustomBuild 2.0. The exim.conf must contain the following file that is included:

/etc/exim.clamav.load.conf

If not, update your exim.conf to the latest version as follows:

Note: Any previous changes to the exim.conf will be overwritten, unless you’ve implemented it correctly with .include_if_exists. For an example such as the DKIM configuration, see the manual on the DirectAdmin website (step 2).

cd /usr/local/directadmin/custombuild/
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build update
./build exim_conf

Step 2 – Scan uploaded files with FTP

In addition to scanning e-mails, it’s possible to scan all files uploaded with FTP. To set that up, you must first find out which FTP software you are using. By default in CustomBuild 2.0 it is now PureFTPd. Check this with the command:

cd /usr/local/directadmin/custombuild/
cat options.conf

CustomBuild FTPD setting

Now search for the FTP section and you will see which FTP software you are using. To enable FTP scanning, do the following:

./build set pureftpd_uploadscan yes (For PureFTPd)
./build set proftpd_uploadscan yes (For ProFTPd)

./build pureftpd (For PureFTPd)
./build proftpd (For proftpd)

At the end of the FTP build the upload scanning script is installed.

Step 3 – ClamAV DirectAdmin: Verify installation

Verify that ClamAV is running correctly:

systemctl status clamd.service (ClamAV)
systemctl status freshclam.service (Virus Definitions Updater)

DirectAdmin ClamAV systemd status

DirectAdmin ClamAV - Freshclam systemd status

Useful scan commands

ClamAV has a lot of options to scan your server according to your own wishes. For an overview of all options:

clam scan --help

Commonly used scan commands:

Scan a file

clamscan name_of_the_file

Scan all files and show the name of each file

Scans all files on your system with the -r recursive option. This might take a while!

clamscan -r /

Scan all files but only show the infected files

Options:

  • -r = recursive
  • -i = show only infected files
clamscan -r -i /

Scan all files in the /home folder

Options:

  • -r = recursive
  • -i = show only infected files
clamscan -r -i /home/

Scan all files in the /home/ folder and output log to a file

clamscan -r -i -l /var/log/clamscan.log /home/