Fedora Discussion

Clamscan vs clamdscan

vgaetera (Vladislav Grigoryev) November 21, 2024, 11:18pm 2

clamscan

An app to scan fils/dirs directly.
Runs with user permissions, can be elevated.
Uses unconfined SELinux context.
Loads the DB each time it starts.
Performs single-threaded scanning.

clamdscan

A client interface for the scanning service.
Runs with service permissions, configurable.
Uses confined SELinux context.
Keeps the DB in memory.
Allows multi-threaded scanning.

Additional notes for clamdscan:

The user should join the virusgroup to use the tool.
Requires the clamd service to run and listen on the socket.
Scanning the whole filesystem:
- Requires an explicit config change to elevate the privileges.
- Requires an explicit SELinux boolean modification.
- Apparently triggers some dontaudit rules:
  - Still fails to access certain files without denials.
  - Works in permissive SELinux mode.

See also: Use clamdscan on workstation F38 - #3 by vgaetera

Configuring ClamAV for local use

Topic		Replies	Views	Activity
Use clamdscan on workstation F38 Ask Fedora f38 , antivirus , selinux , workstation	4	2035	November 23, 2023
Configuring ClamAV for local use Ask Fedora	11	3236	April 7, 2025
Clamd@scan, Amavis permission denied on /run/clamd.scan/clamd.sock Ask Fedora f38	8	1032	April 29, 2023
Atomic + ClamAV on-demand scanning Ask Fedora silverblue	3	620	July 12, 2024
ClamAV scan entire filesystem Ask Fedora	2	1379	November 23, 2024