ClamAV Setup

Security Controls

Control Tool Description Required

Disk Encryption

LUKS

Full disk encryption at install

Mandatory

Antivirus

ClamAV

clamd daemon + freshclam updates

Mandatory

Firewall

UFW

Host-based firewall (default deny)

Mandatory

802.1X Auth

EAP-TLS

Certificate-based network access

Mandatory

Arch Linux Installation

sudo pacman -S clamav
sudo freshclam
sudo systemctl enable --now clamav-daemon

Fedora/RHEL Installation

sudo dnf install clamav clamav-update clamd
sudo freshclam
sudo systemctl enable --now clamd@scan

Verification

# Check ClamAV status
sudo systemctl status clamav-daemon

# Check virus definitions age
stat /var/lib/clamav/daily.cvd | grep Modify

# Test scan
clamscan --infected --recursive /home

UFW Firewall

# Enable UFW
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Verify status
sudo ufw status verbose