How to run ClamAV as Windows Service

ClamAV (Clam AntiVirus) is a free, cross-platform and open-source antivirus software toolkit which can detect many types of malicious software. When you’re building Java application which needs antivirus then ClamAV is a really good choice. You can send a byte array via API and check it for viruses.

For a long time, we operated ClamAV as a standalone command line program. Recently, however, we needed to run everything on servers as Windows Services. There aren’t too many tutorials on how to run ClamAV on Windows Server as a Windows Service. So here you go.

  1. Download latest ClamAV (currently clamav-0.101.2.exe,
  2. Download runassvc (transforms normal applications into services, ). Classical Windows SC (Service Control) is pain.
  3. Install ClamAV (standard destination location “C:\Program Files\ClamAV”).
  4. Configure ClamAV freshclam.conf and clamd.conf. You can copy samples from conf_examples folder, which is under ClamAV root folder (“C:\Program Files\ClamAV\conf_examples”). You must place clamd.conf and freshclam.conf to root of ClamAV folder (“C:\Program Files\ClamAV”).
  5. In freshclam.conf (configuration for update module) you will probably:
    1. Comment Example line.
    2. Set path for DatabaseDirectory.
    3. Set path for UpdateLogFile.
    4. Uncomment LogTime.
    5. Configure DatabaseMirror to nearest local mirror.
    6. Proxy if you’re running ClamAV behind proxy.
  6. In clamd.conf (configuration for antivirus module) you will probably:
    • Comment Example line.
    • Set path for LogFile.
    • Uncomment LogTime.
    • Set path to DatabaseDirectory (same path as DatabaseMirror inside freshclam.conf).
  7. Extract archive with runassvc (place it on suitable place).

Now you will create one service for update module and second service for antivirus module. Run “RunAsSvc.exe” from extracted runassvc archive.

Update Module:

Go to Services find ClamAV_Update and open Properties:

You must specify account under which you will run the update module:

And lastly set recovery:

Similar approach for Antivirus Module:

Go to Services find ClamAV_Antivirus and open Properties:

Now you should start service with update module (ClamAV_Update) and wait for the virus database to download (you can monitor the progress in the log you configure before -> UpdateLogFile in freshclam.conf).

After the virus database is downloaded, turn on the ClamAV_Antivirus service with antivirus module.

You are now running ClamAV as a Windows Service. Good job.

2 thoughts on “How to run ClamAV as Windows Service

Leave a Reply

Your email address will not be published.