Installing anti-malware on Red Hat Enterprise Linux Server or SUSE Linux Enterprise Server

ClamAV is not automatically included with Red Hat Enterprise Linux Server or SUSE Linux Enterprise Server. You must first install it on Red Hat Enterprise Linux Server or SUSE Linux Enterprise Server uiAgents before you can use it with the PowerSC GUI

Important: Due to compatibility concerns, only specific versions can access the ClamAV virus definition databases. See Version Support Matrix for supported versions.
  1. Verify that your available version satisfies the database requirements in Version Support Matrix . For example, with zypper on SUSE Linux Enterprise Server: 
    zypper se --provides -v clamav
    For example, with dnf on Red Hat Enterprise Linux Server:
    dnf list clamav
    You may need to add an additional repository if the available version does not satisfy the database requirements.
  2. Install ClamAV on the PowerSC GUI agent if it is not already installed. For example, with zypper on SUSE Linux Enterprise Server: 
    zypper install clamav
    For example, with dnf on Red Hat Enterprise Linux Server:
    dnf install clamav clamav-update -y
    Important: See Installing PowerSC included packages for information on how to install ClamAV from the RPMS packaged with PowerSC.
  3. Decide where you want to install the ClamAV database:
    • On a location that is local to the PowerSC GUI agent.
    • On a shared location that is accessible to all the PowerSC GUI uiAgents on which you want to configure anti-malware. Ensure that a high-speed connection exists between the PowerSC GUI uiAgents and the shared drive.
  4. Run the following command to install and update the ClamAV database on your chosen location: 
    # freshclam update --datadir=/path/to/clamav/db/

ClamAV update process started at Wed Jun  8 14:03:11 2022
daily database available for download (remote version: 26566)
Time:    0.0s, ETA:    0.0s [========================>]   56.03MiB/56.03MiB3MiB
Testing database: '/var/lib/clamav/tmp.ec54693cc3/clamav-c3277a98baa10bb2ce605eb298d748eb.tmp-daily.cvd' ...
Database test passed.
:
:
  5. Click the ellipse to the right of the PowerSC GUI endpoint for which you want to edit the malware configuration options.
  6. Click Malware.
  7. Click Configure Malware.
  8. Select the file paths to scan.
  9. Click Configuration
  10. The version is displayed. You can optionally update the following malware fields:
    Note: The default values are displayed, but are not actually created until you run a scan.
    • Command. Location of ClamAV (clamscan) executable script.
    • Database location. Location of the ClamAV malware (virus definitions) database. Must include the trailing slash.
    • Quarantine posix permission. Represents the traditional POSIX file system object permission model. It defines the read, write and execute permissions for the three classes of users, 'owner', 'group' and 'other'.
    • Quarantine location. Location where malicious files will be moved.
    • Quarantine detection action. You can choose to move or copy detected malware files. The default is move. You might choose to copy any detected malware files based on your site requirements and policies or to prevent a break in functionality due to a needed file being falsely diagnosed as infected.
      Important: If you select Copy, detected files remain in their original location. These files require your prompt review and action.
    • Sigtool command path. The default location is /usr/bin/sigtool, but you can change this based on your site requirements and policies.
    • Log File location. Location where ClamAV related logs will be stored.
    • Freshclam command. Location of ClamAV (freshclam) executable script.
    • Exclude file set. Provide a comma-separated list of paths that should be excluded from the scan.
    • Skip NFS mounts. When enabled, NFS-mounted file systems are not scanned.
    • Max file size defines the maximum size (in megabytes) of an individual file that can be scanned. Max scan size specifies the maximum total size (in megabytes) that can be scanned during a single scan. Possible values are 1 to 2000. The default is 2000.
  11. Click Save.
    The PowerSC GUI agent recognizes that anti-malware is installed and makes some initial configuration changes.