How to remove/reinstall ClamAV

Using the Cockpit interface, I removed Clam Antivirus under Applications by selecting remove using the 3 dot menu on the right. Now it doesn’t appear in the list of software in Software Center, but installed packages lists the following packages. I am guessing i did something wrong. How should I have removed the packages, and how to I get back to a consistent state?
lamav 0.103.3 0.103.3-8.el7
clamav-filesystem 0.103.3 0.103.3-8.el7
clamav-lib 0.103.3 0.103.3-8.el7
clamav-unofficial-sigs 7.2.4 7.2.4-1.el7
clamav-update 0.103.3 0.103.3-8.el7
clamd

NethServer doesn’t uninstall all required packages, data is kept too, only services are stopped.

It could be done with

yum autoremove

on command line.

Check what’s going to be removed carefully before removing.

To always use autoremove when removing packages:

mrmarkuz, thank you for the suggestion. I ran it, it removed clamav files and some other leftover things. But ClamAV does not appear in Software Center as available to install.

I guess it’s not in Software Center as it’s only used in combination with proxy or web content filter.

To install from command line:

yum install nethserver-antivirus

1 Like

Thank you. Should it be in Software Center? Or, should it be something that cannot be removed (disabled?) by selecting it in Applications the way I did it? Should i submit it as a problem?

No, it’s not installable from Software Center but shown in Applications page. It’s not a problem because it’s a requirement of Squidguard or Mailfilter so it will be installed when needed. If it’s removed in Applications page the modules using nethserver-antivirus like nethserver-squidguard will be removed too.

As stated by @mrmarkuz

Once was. Now it’s a dependance of two modules (Email, Content filter) and if it’s needed it’s installed.

The software (ClamAV) is configured and used by email module if necessary, so strictly you can’t disable clamav… unless you disable into email or content filtering the antivirus check. Moreover, you cannot even enable it without requesting the emailserver and content filter to check data coming from outside (attachments, non-encrypted internet traffic) for viruses.

IMO no. Packages are working as intended; if your installation performance is impacted by ClamAV you can consider to not use it or to upgrade a bit your hardware (more CPU, more RAM) for allowing smoother data flow.

1 Like

I don’t think I have a performance problem. I have a mini-ITX fanless system with a quad-core i7 mobile CPU, there are only two people in the household, the system is mostly a router and OpenVPN server. I can, when my Comcast connection isn’t overloaded because of other neighborhood users or the backhaul, see 1Gbps incoming, with 3 cores pretty much idle. I don’t run an email server (not even an SMTP server) but I was fooling around trying to test whether ClamAV was scanning all traffic.

My installation, which hadn’t been enabled, must have dated back to when it was separately installable. After messing around, i removed it under applications by clicking on the vertical 3 dot menu on the extreme right. It apparently unistalled part of it, or at least disabled it, but that left me with the paradox that it didn’t appear to be installed, it wasn’t configurable because there was no menu, and it wasn’t available to reinstall.

You might have many other priorities, but that looks to me like a mis-feature, which could be remedied by one of several methods, such as linking its removal to the mail server.

Based on your helpful guidance in this message thread, I removed the email server (since I am not running a mail server, for me this was a consequence-free action), reinstalled it, and ClamAV was back as it was.

In summary, you guys have a great product and a great community. I can agree with your statement that the packages are working as intended, but the fact that ClamAV appears in the Applications menu with a remove option, but no direct way to reverse that is a small inconsistency.

1 Like

I can see your point of view, but IMVHO there’s no inconsistency.
Try to think NethServer as a car. And ClamAV as an optional of an optional. IDK… a USB-C set of ports of the rear seat central armrest.
The counter-intuitivity of the car example is that you don’t add and remove optionals as you need during the life of the car but… Try to follow the think please :wink:
Maybe for 3 months you don’t need the USB ports in the back of the car so for saving fuel and energy… you remove them. Maybe for 6 months you don’t need the armrest in the back seat (car became a lorry) so you remove the whole seat and the armrest. In that situation, you cannot install back the USB ports… you don’t have a place to put them!

In a similar way, ClamAV is useful only if the server receive and make available data, so MailServer, FileServer, Proxy. If you want you can install it, but only “following” the primary modules.
Also, GUI sometimes have to come to compromises, so a “good for everything” is still a goal, but hard to achieve.

Probably your system is powerful enough to drive all your needs, unfortunately… ClamAV is designed for one thing only.
https://docs.clamav.net/

(Nice. I now know that OpenSource community have to thank Cisco for ClamAV, because brought Sourcefire in 2013)
And sometimes… ClamAV, especially with large definition file, is… inefficient.
So following 1GBE internet traffic could be… A tough job, even with a nice consumer CPU like an i7 mobile.

If, as you say, ClamAV on Nethserver can scan traffic being processed by a fileserver or proxy, then maybe it isn’t as small an inconsistency as I thought, because what I infer that you are saying is that a decision was made that ClamAV was only uninstallable as part of the mail server, even though it could be used with a fileserver or proxy, that is not installed as part of the mail server.

Which, if any, packages will ClamAV work with other than mail accounts registered with Nethserver’s mail server?

In general, I think the Nethserver Dev team has done a good job of building a composable system where users can pick using menus what functions they want to include. In the general case, if a package, in this case, the mail server, has separate packages it depends on, then commanding the system to install the mail server will trigger the installation of the dependencies, in this case, ClamAV.

In well-designed systems, if a request is made to remove one of the dependencies, then the system will warn you. In fact, I would argue that in order to keep the system consistent, then it should also tell you that if you proceed, it will also remove the packages it depends on, since doing otherwise will leave the system in an inconsistent state. Nethserver does neither.

Think about the following sequence of steps (ignoring the fact that in my case, I had installed ClamAV long ago when it was a separate package):
1.Install the mail server
2.leave ClamAV unconfigured
3. Configure the mail server
4. Remove ClamAV using the applications menu (I said i was going to ignore the fact that I had installed ClamAV long ago, but from my knowledge at this step, the fact that there won’t be a ClamAV package in the list of available packages like there used to be).

I now have a situation where I have a mail server, and I have no obvious way to configure or reinstall the ClamAV I removed.At this state, the system is inconsistent.

As I said, trial and error taught le that I could remove and reinstall the mail server, which appears to have returned the system to a consistent state.