Scott, First - "clamd" is the daemon. It starts up and parses / loads all the virus definitions into memory, then clamdscan (or other programs) interact with it (via local unix socket) to scan files.
I checked my CentOS 7 server and I'm not seeing all those packages you mentioned. Do you have other repos enabled too? It looks like the systemd service files have been consolidated into the relevant other RPMs. All I see from epel is as follows: clamav - Provides the basic scanning programs (i.e. clamscan & others) and documentation. clamav-data - Contains the 3 main official virus databases. (These should be updated regularly via freshclam) clamav-devel - headerfiles and libraries for developing other apps (you don't need -devel packages for normal usage, they are for "development") clamav-filesystem - Looks just like it has some filesystem structure, not sure WTF is going on with that... clamav-lib - Typical dynamic libraries that other applications might use. clamav-milter - Files for running a milter with your mail server. clamav-update - The freshclam application, documentation, and such. This program updates the virus definitions. clamd - The ClamAV daemon. clamav-unofficial-sigs - Not part of the main ClamAV package. This is a 3rd party script, that in turn downloads 3rd party definition files. If you want to see files within an RPM, the description, and all that good stuff there are numerous websites with searchable databases. However my favorite is probably: https://pkgs.org/ So, to answer your question. If you aren't building 3rd party applications, the you can skip installing 'clamav-devel' as that will just take up space. If you are not going to implement it directly into your email server that uses the milter interface, then you can skip 'clamav-milter'. (Some 3rd party programs like spamassassin scan files via the Clamav's unix socket). Not sure about on-access scanning, I would assume it would require clamd... that's something I'm sure the documentation explains more in-depth. What you want to scan depends on what you want to protect, who has access, what the machine's use is, etc.... Please don't blindly set it to '/'... Think about certain parts that would not respond well if you tried to always scan on access... i.e.: /dev, /proc, high-transaction / large database files, log files, and possibly any remote-mounted sources... _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
