How to install ClamAV for Node.js on macOS, Linux and Windows
pompelmi delegates all antivirus scanning to ClamAV — a free, open-source engine maintained by Cisco. pompelmi itself is installed via npm, but ClamAV must be installed separately at the system level.
This guide covers every supported platform. Once ClamAV is installed and the virus database is downloaded, you are ready to follow the 5-minute getting started guide and run your first scan.
clamscan binary. You do not need
clamd (the background daemon) for basic usage. The installation
steps below install clamscan.
macOS
The easiest way to install ClamAV on macOS is through
Homebrew. If you don't have Homebrew, install
it first from brew.sh.
brew install clamav
Homebrew installs clamscan and freshclam to:
/opt/homebrew/bin/on Apple Silicon (M1/M2/M3)/usr/local/bin/on Intel
Both locations are on the default PATH after a standard Homebrew setup.
Configure freshclam on macOS
Before running freshclam, you need to create its configuration
file. Homebrew installs a sample configuration at:
/opt/homebrew/etc/clamav/freshclam.conf.sample # Apple Silicon /usr/local/etc/clamav/freshclam.conf.sample # Intel
Copy it and remove the Example line:
# Apple Silicon cp /opt/homebrew/etc/clamav/freshclam.conf.sample \ /opt/homebrew/etc/clamav/freshclam.conf sed -i '' '/^Example/d' /opt/homebrew/etc/clamav/freshclam.conf # Intel cp /usr/local/etc/clamav/freshclam.conf.sample \ /usr/local/etc/clamav/freshclam.conf sed -i '' '/^Example/d' /usr/local/etc/clamav/freshclam.conf
Then download the virus database:
freshclam
mkdir -p /opt/homebrew/var/lib/clamav (Apple Silicon) or
mkdir -p /usr/local/var/lib/clamav (Intel) to create it.
Ubuntu and Debian
sudo apt-get update sudo apt-get install -y clamav clamav-freshclam
On Debian-based systems, the clamav-freshclam package installs
a background service that keeps the virus database updated automatically.
However, it locks the database files while running. Stop it before updating
manually:
sudo systemctl stop clamav-freshclam sudo freshclam sudo systemctl start clamav-freshclam
If you want to run freshclam only manually (not as a service), disable the service:
sudo systemctl disable --now clamav-freshclam sudo freshclam
clamav. On older releases it
may be split into clamav-base and clamav-daemon.
Verify with apt-cache search clamav.
RHEL, Fedora, and CentOS
Fedorasudo dnf install -y clamav clamav-updateRHEL 8 / CentOS Stream (requires EPEL)
sudo dnf install -y epel-release sudo dnf install -y clamav clamav-updateCentOS 7 (older)
sudo yum install -y epel-release sudo yum install -y clamav clamav-update
Update virus definitions:
sudo freshclam
sudo setsebool -P antivirus_can_scan_system 1 to allow
ClamAV to access system directories.
Windows
The recommended method on Windows is the official ClamAV installer, which
includes both clamscan.exe and freshclam.exe.
Option A — Official installer
- Download the Windows installer from clamav.net/downloads.
- Run the setup wizard and note the installation directory (default:
C:\Program Files\ClamAV\). - Add
C:\Program Files\ClamAV\to your systemPATH. - Copy
freshclam.conf.sampletofreshclam.confin the same directory. - Open the file and delete (or comment out) the line that reads
Example. - Run
freshclamfrom a Command Prompt to download the database.
Option B — Chocolatey
choco install clamav -y
Chocolatey handles the PATH and configuration file setup automatically.
Verify on Windows
clamscan --version
You should see output like ClamAV 1.x.x. If you get
"'clamscan' is not recognized", the ClamAV directory is not on your PATH.
Re-check the installation directory and add it manually via System Properties →
Environment Variables.
Downloading and updating virus definitions
ClamAV requires virus definitions to work. Without them, every scan returns
an error. Definitions are downloaded using freshclam.
freshclam # macOS, Windows (from an elevated prompt if needed) sudo freshclam # Linux
freshclam downloads three files into the ClamAV database directory:
main.cvd— main virus database (~160 MB)daily.cvd/daily.cld— daily updates (~60 MB)bytecode.cvd— bytecode signatures
New malware is discovered daily. Keep definitions current by scheduling
freshclam to run once a day (cron on Linux/macOS, Task Scheduler
on Windows).
# Linux / macOS cron — run freshclam daily at 02:00 0 2 * * * /usr/bin/freshclam --quiet
Verify the full setup
After installing ClamAV and downloading definitions, run a quick sanity check with the EICAR test file — a harmless string that every AV engine detects as malware for testing purposes.
# Create EICAR test file echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' \ > /tmp/eicar.txt # Scan it directly with clamscan (before involving pompelmi) clamscan /tmp/eicar.txt
Expected output:
/tmp/eicar.txt: Win.Test.EICAR_HDB-1 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 8700000 ... Infected files: 1
If you see FOUND, ClamAV is working. Now install pompelmi and
follow the getting started guide.
Common installation problems
| Problem | Cause | Fix |
|---|---|---|
clamscan: command not found |
ClamAV is not on PATH. | Find where it was installed (which clamscan or check package install output) and add that directory to PATH. |
LibClamAV Error: cli_loaddbdir() |
Virus database not found or empty. | Run freshclam (or sudo freshclam on Linux) to download definitions. |
ERROR: Problem with internal logger |
freshclam config has "Example" line uncommented. | Open freshclam.conf and delete the line that reads Example. |
| freshclam fails on Linux with "locked" | The clamav-freshclam service holds the database lock. |
Run sudo systemctl stop clamav-freshclam before freshclam. |
Scan always returns ScanError |
Definitions are corrupt or the process lacks read permissions on the database directory. | Re-run freshclam. Check that the user running Node.js can read the ClamAV database directory. |