Introduction
	ClamAV is an open-source anti-virus toolkit for Unix, designed first and foremost for scanning mail on a server. It pairs naturally with the mail system described in The Mail Server and SpamAssassin: where SpamAssassin scores a message for spam, ClamAV inspects it (and its attachments) for malware. It can also be run by hand to scan any directory of files. ClamAV has three moving parts you will hear about: clamd, the resident scanning daemon that keeps the signature database in memory so each scan is fast; freshclam, which downloads updated virus signatures several times a day; and the command-line scanners clamscan (loads the database itself) and clamdscan (asks the running clamd to do the work). NOTE: ClamAV protects your server. It is not a substitute for anti-virus software on the workstations that connect to it, and it does not defend against network attacks — that is the job of your firewall and SSH hardening.
	Installation
	Connect to your VPS, become root, and install ClamAV with your system's package manager. Package names occasionally change between releases, so a quick pkg search clamav or dnf search clamav first confirms the current names. On FreeBSD 15: # pkg install clamav # sysrc clamav_freshclam_enable=YES # sysrc clamav_clamd_enable=YES # freshclam # fetch the signature database the first time # service clamav-freshclam start # service clamav-clamd start On Rocky Linux 10: (the packages are in EPEL — see Installing Software) # dnf install clamav clamav-update clamd # freshclam # fetch the signature database the first time # systemctl enable --now clamav-freshclam.service # systemctl enable --now clamd@scan.service The freshclam service then keeps the database current on its own (by default it checks for updates several times a day). You can run freshclam manually at any time to update immediately.
	Scanning Files on Demand
	The quickest way to confirm everything works is to scan a directory. clamdscan uses the running daemon and is the fastest option; clamscan works even when the daemon is not running: $ clamdscan -i ~/public_html # -i prints only infected files $ clamscan -r -i /tmp # -r recurses into sub-directories To test detection without a real virus, scan the standard EICAR test file — a harmless string every scanner recognises as a stand-in for malware. If ClamAV reports it as Eicar-Signature FOUND, your installation and signature database are working.
	Scanning Incoming Mail
	To check mail automatically, ClamAV is wired into Sendmail with clamav-milter — the same "milter" mechanism used by SpamAssassin. Install the milter, point it at clamd, and add it to Sendmail's configuration: On FreeBSD 15: # pkg install clamav-milter # sysrc clamav_milter_enable=YES # service clamav-milter start On Rocky Linux 10: # dnf install clamav-milter # systemctl enable --now clamav-milter.service Then add the milter to Sendmail's .mc file (next to the SpamAssassin milter, if you run one), rebuild, and restart Sendmail — the mail server page covers editing and rebuilding .mc: INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl NOTE: ClamAV's resident daemon holds the full signature database in memory. Together with SpamAssassin it can want a fair amount of RAM on a small VPS — after enabling both, watch top (see Server Maintenance) to confirm there is headroom.
	Documentation
	The manual pages installed with the package — clamscan(1), clamd(8), freshclam(1), clamd.conf(5), and freshclam.conf(5) — document every option. The project also publishes a full manual: ClamAV Documentation