By default, clamd provides a general "scan" service that requires minimal configuration. To configure, edit /etc/clamd/scan.conf and: * set LocalSocket for localhost access or TCPSocket for network access. Default configuration will: * Log to syslog * Run as the user "clamscan" When LogFile feature is wanted, it must be writable for the assigned User. The recommended way is to: * make it owned by the User's *group* * assign at least 0620 (u+rw,g+w) permissions A suitable command might be | # touch | # chgrp | # chmod 0620 | # restorecon NEVER use 'clamav' as the user since it can modify the database. This is the user who is running the application; e.g. for mimedefang (http://www.roaringpenguin.com/mimedefang), the user might be 'defang'. Theoretically, distinct users could be used, but it must be made sure that the application-user can write into the socket-file, and that the clamd-user can access the files asked by the application to be checked. The default service can be enabled and started with: systemctl enable clamd@scan.service systemctl start clamd@scan.service To create other individual clamd-instances take the following files in /usr/share/doc/clamd/ and modify/copy them in the suggested way: clamd.conf, copy to /etc/clamd.d/.conf * Change as to match name of config file * Any other changes as noted above clamd.logrotate: (only when LogFile feature is used) * set the correct value for the logfile * place it into /etc/logrotate.d Additionally, when using LocalSocket instead of TCPSocket, the directory for the socket file must be created. For tmpfiles based systems, you might want to create a file /etc/tmpfiles.d/clamd..conf with a content of | d /run/clamd. Adjust (0710 should suffice for most cases) and + so that the socket can be accessed by clamd and by the applications using clamd. Make sure that the socket is not world accessible; else, DOS attacks or worse are trivial. After emulating these steps by hand (or else rebooting), you still need set SELinux: chcon -t clamd_var_run_t /run/clamd. or restorecon -R -v "/run/clamd." More SELinux notes: you may need run: setsebool -P antivirus_can_scan_system 1 and also maybe this one (I need to confirm that is obsolete) setsebool -P antivirus_use_jit 1 The new service can be enabled and started with: systemctl enable clamd@.service systemctl start clamd@.service [Disclaimer: this file and the script/configfiles are not part of the official clamav package. Please send complaints and comments to https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=clamav]