ClamAV installation and email the scan result

ClamAV has been the most used antivirus for Linux. And being open source can add the advantage of modifying the scan and display results as per the needs. Here is a link that explains more about ClamAV – Link. Installing ClamAV is one of the easiest tasks that can be performed to get one step towards security. In this post, I have mentioned instructions to install ClamAV and script to send an email when malware is found. Let’s get started.

Note: This a script for Redhat based Linux distro.

  • Install Epel repository. More info on Epel repo – Link
sudo yum -y install epel-release
  • Now it will install ClamAV and it’s optional components. Feel free to only install ClamAV.
sudo yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
  • Now let’s edit freshclam config file using the following command to remove “Example” word from it.
sudo sed -i '/^Example$/d' /etc/freshclam.conf
  • This command will edit another freshclam file to start an auto-update for definition files.
sudo sed -i '/REMOVE ME/d' /etc/sysconfig/freshclam
  • If you have installed the ClamAV daemon. Use this command to remove the word “Example” from the config file.
sudo sed -i '/^Example$/d' /etc/clamd.d/scan.conf
  • This command will update the scan.conf file to define the local socket file location.
sudo sed -i -e 's/#LocalSocket \/var\/run\/clamd.scan\/clamd.sock/LocalSocket \/var\/run\/clamd.scan\/clamd.sock/g' /etc/clamd.d/scan.conf
  • Now let’s update the ClamAV malware definition.
sudo freshclam
  • For example, if you want to scan the /home directory use the following command.
sudo clamscan -r /home

Now here are some links that can be helpful for installation and scan technics.


Let’s head for the script to send mail about ClamAV scan results. Note: You have to do the email settings first. Here is my instructions for email settings – Link

LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log";
EMAIL_MSG="Please see the log file attached.";

for S in ${DIRTOSCAN}; do
 DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);

 echo "Starting a daily scan of "$S" directory.
 Amount of data to be scanned is "$DIRSIZE".";

 clamscan -ri "$S" >> "$LOGFILE";

 # get the value of "Infected lines"
 MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3);

 # if the value is not equal to zero, send an email with the log file attached
 if [ "$MALWARE" -ne "0" ];then
 # using heirloom-mailx below
 echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO";

exit 0

EMAIL_MSG=”Please see the log file attached.”;

Change following the above variables as per your ClamAV environment.

For help with this post email me:-

2 thoughts on “ClamAV installation and email the scan result”

Leave a Comment