[clamav-users] Questions about ClamAV installers

J.R. themadbeaker at gmail.com
Wed Aug 28 16:39:37 EDT 2019


Scott,

First - "clamd" is the daemon. It starts up and parses / loads all the
virus definitions into memory, then clamdscan (or other programs)
interact with it (via local unix socket) to scan files.

I checked my CentOS 7 server and I'm not seeing all those packages you
mentioned. Do you have other repos enabled too? It looks like the
systemd service files have been consolidated into the relevant other
RPMs.

All I see from epel is as follows:

clamav - Provides the basic scanning programs (i.e. clamscan & others)
and documentation.
clamav-data - Contains the 3 main official virus databases. (These
should be updated regularly via freshclam)
clamav-devel - headerfiles and libraries for developing other apps
(you don't need -devel packages for normal usage, they are for
"development")
clamav-filesystem - Looks just like it has some filesystem structure,
not sure WTF is going on with that...
clamav-lib - Typical dynamic libraries that other applications might use.
clamav-milter - Files for running a milter with your mail server.
clamav-update - The freshclam application, documentation, and such.
This program updates the virus definitions.
clamd - The ClamAV daemon.

clamav-unofficial-sigs - Not part of the main ClamAV package. This is
a 3rd party script, that in turn downloads 3rd party definition files.

If you want to see files within an RPM, the description, and all that
good stuff there are numerous websites with searchable databases.
However my favorite is probably: https://pkgs.org/

So, to answer your question. If you aren't building 3rd party
applications, the you can skip installing 'clamav-devel' as that will
just take up space. If you are not going to implement it directly into
your email server that uses the milter interface, then you can skip
'clamav-milter'. (Some 3rd party programs like spamassassin scan files
via the Clamav's unix socket).

Not sure about on-access scanning, I would assume it would require
clamd... that's something I'm sure the documentation explains more
in-depth.

What you want to scan depends on what you want to protect, who has
access, what the machine's use is, etc....  Please don't blindly set
it to '/'... Think about certain parts that would not respond well if
you tried to always scan on access... i.e.:  /dev, /proc,
high-transaction / large database files, log files, and possibly any
remote-mounted sources...


More information about the clamav-users mailing list