Clam AntiVirus is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses. It was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF and Solaris.

It is a free and open source command line interface antivirus software program that can be used to detect trojans and malicious softwares including viruses. It can scan files quickly and can scan over one million viruses and trojans. One of its main uses is to scan emails on mail gateways.

Antiviruses are the software programs which run in the background and check for the viruses which cause problems. It is most commonly known as viruses do not exist in Linux but it is not true. Malwares and viruses do exist in Linux but they are not quite common. If you want to make your Linux machine more secure then you need to install antivirus.

In this guide, we will learn how to install and use ClamAV in Ubuntu.

Ensure your system is up to date

Before proceeding, ensure that your packages are up to date. Use these commands:

1
2

sudo apt update
sudo apt upgrade

Install ClamAV

Once our packages are up to date, we can install clamav. The ClamAV packages are available in the default repositories. Use this command to install:

1

sudo apt install clamav clamav-daemon

Once installed, confirm that it is working as expected by checking its version:

1
2

$ clamscan --version
ClamAV 0.103.6/26814/Thu Feb 16 08:40:04 2023

If the above command gives the version of ClamAV then it has been installed successfully.

Updating the ClamAV Signature Database

After successful install, we need to update the ClamAV Signature database.

To install ClamAV signature database, follow the given steps

• Stop freshclam service
• Update the signature database (Two methods)
  • Update by running the command in the terminal
  • Update by downloading daily.cvd file
• Start freshclam service

First step is to stop the clamav-freshclam service by running the following command in the terminal window

1

sudo systemctl stop clamav-freshclam

Next, we update the signature database manually. We can do this in one of the following ways. First Method involves to run the following command in the terminal

1

sudo freshclam

This command will install the signature database in your machine. If it works, you should see an output similar to this:

1
2
3
4
5
6
7
8

$ sudo freshclam
Fri Feb 17 07:27:54 2023 -> ClamAV update process started at Fri Feb 17 07:27:54 2023
Fri Feb 17 07:27:54 2023 -> ^Your ClamAV installation is OUTDATED!
Fri Feb 17 07:27:54 2023 -> ^Local version: 0.103.6 Recommended version: 0.103.8
Fri Feb 17 07:27:54 2023 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
Fri Feb 17 07:27:54 2023 -> daily.cvd database is up-to-date (version: 26814, sigs: 2020990, f-level: 90, builder: raynman)
Fri Feb 17 07:27:54 2023 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Fri Feb 17 07:27:54 2023 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

If this command does not work, then use the following link to download signature database file:

1

curl -LO https://database.clamav.net/daily.cvd

Now create a directory named clamav, if does not exist, in a specific location by running the following command

1

sudo mkdir /var/lib/clamav

And move the downloaded file in this location by running the following command

1

cp daily.cvd /var/lib/clamav/daily.cvd

Finally, start the freshclam service:

1

sudo systemctl start clamav-freshclam

Using ClamAV to scan

To scan a specific directory:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

$ clamscan --infected --remove --recursive /home/eutychus/

----------- SCAN SUMMARY -----------
Known viruses: 8652920
Engine version: 0.103.6
Scanned directories: 5
Scanned files: 7
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 18.999 sec (0 m 18 s)
Start Date: 2023:02:17 07:32:58
End Date:   2023:02:17 07:33:17

In the above command, we have used some options. These options have following meanings

• -infected: prints only infected files
• -remove: removes infected files
• -recursive: all the subdirectories in the directory will be scanned

You can use further options with this command. Run the following command in the terminal window to see all the available options

1

man clamscan

You can scan your whole ubuntu system by running the following command in the terminal window

1

sudo clamscan --infected --recursive --remove /

NOTE: This can take some time depending upon the amount of data and processing speed of your system

Installing ClamTK

ClamTK is a Graphical User Interface for ClamAV software program. If you are on a desktop system, you can install ClamTK as a GUI for ClamAV. Use this command to install:

1

sudo apt-get install clamtk

Once installed, you can search clamtk on the start menu or launch it with this command in the terminal:

1

clamtk

From the UI, you should have options to Scan Directory among other things.

Uninstalling ClamAV and ClamTK

So far we have discussed how to install and use ClamAV and ClamTK, so what if you want to remove these packages from your system? You can remove these packages by running the following commands:

1

sudo apt-get remove clamav clamav-daemon

Conclusion

ClamAV is an antivirus program which can be used to detect and remove trojans, malicious softwares including viruses from your system. In this article, we have discussed how to install ClamAV in ubuntu. After this we discussed how to update the ClamAV signature database and how to use ClamAV using the command line interface to scan a directory. After this we discussed how to install ClamTK which gives a graphical user interface and makes it easier to use. Then we compared the performance of these packages. At the end we learned how to remove these two packages completely from your system.