ClamAV (Clam AntiVirus) is GNU free software. It is a signature-based virus scanner and a phishing-filter.
Installation
clamav can be installed with the PakFire web interface or via the Console:
pakfire install clamav
Usage
There is no web interface for this Addon. After the installation ClamAV is configured to a basic level only and activates itself automatically, which can be verified under the menu Status -> Services.
Configuration
ClamAV is now installed but to add more advanced settings to it the clamd and freshclam configuration files in the /var/ipfire/clamav/ directory need to be manually edited using the console or an SSH session.
The default setting with ClamAV is to enable non-blocking (multi-threaded/concurrent) database reloads. This feature will temporarily load a second scanning engine while scanning continues using the first engine. Once loaded, the new engine takes over. The old engine is removed as soon as all scans using the old engine have completed. This requires a significant amount of memory and a minimum amount is usually defined as 4GB.
If you find that you are getting "Out of Memory Killer" warnings related to clamd, this is an indication that you don't have enough memory to run ClamAV in non-blocking mode.
You can add the following line to your clamd.conf file
ConcurrentDatabaseReload no
This will stop ClamAV from doing any scanning during the database download. It will use less memory but it will block your scanning process while the download occurs.
Testing and Optimisation
To test the security of your ClamAV installation, you can use the standard Anti-Malware test file from the EICAR organisation using HTTP (not HTTPS!).
This is not an actual virus and should do no damage to your system.
However you will need to have set up your clamav configuration appropriately to test this. See the ClamAV documentation link at the end of this page.
Manual virus signature update
You can manually update your virus signatures with the following command using an SSH session or on the Console:
/usr/bin/freshclam --quiet