Clam AntiVirus is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses. It was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF and Solaris.
It is a free and open source command line interface antivirus software program that can be used to detect trojans and malicious softwares including viruses. It can scan files quickly and can scan over one million viruses and trojans. One of its main uses is to scan emails on mail gateways.
Antiviruses are the software programs which run in the background and check for the viruses which cause problems. It is most commonly known as viruses do not exist in Linux but it is not true. Malwares and viruses do exist in Linux but they are not quite common. If you want to make your Linux machine more secure then you need to install antivirus.
In this guide, we will learn how to install and use ClamAV in Ubuntu.
Ensure your system is up to date
Before proceeding, ensure that your packages are up to date. Use these commands:
sudo apt update
sudo apt upgrade
Install ClamAV
Once our packages are up to date, we can install clamav. The ClamAV packages are available in the default repositories. Use this command to install:
sudo apt install clamav clamav-daemon
Once installed, confirm that it is working as expected by checking its version:
$ clamscan --version
ClamAV 0.103.6/26814/Thu Feb 16 08:40:04 2023
If the above command gives the version of ClamAV then it has been installed successfully.
Updating the ClamAV Signature Database
After successful install, we need to update the ClamAV Signature database.
To install ClamAV signature database, follow the given steps
- Stop freshclam service
- Update the signature database (Two methods)
- Update by running the command in the terminal
- Update by downloading daily.cvd file
- Start freshclam service
First step is to stop the clamav-freshclam service by running the following command in the terminal window
sudo systemctl stop clamav-freshclam
Next, we update the signature database manually. We can do this in one of the following ways. First Method involves to run the following command in the terminal
sudo freshclam
This command will install the signature database in your machine. If it works, you should see an output similar to this:
$ sudo freshclam
Fri Feb 17 07:27:54 2023 -> ClamAV update process started at Fri Feb 17 07:27:54 2023
Fri Feb 17 07:27:54 2023 -> ^Your ClamAV installation is OUTDATED!
Fri Feb 17 07:27:54 2023 -> ^Local version: 0.103.6 Recommended version: 0.103.8
Fri Feb 17 07:27:54 2023 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
Fri Feb 17 07:27:54 2023 -> daily.cvd database is up-to-date (version: 26814, sigs: 2020990, f-level: 90, builder: raynman)
Fri Feb 17 07:27:54 2023 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Fri Feb 17 07:27:54 2023 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
If this command does not work, then use the following link to download signature database file:
curl -LO https://database.clamav.net/daily.cvd
Now create a directory named “clamav”, if does not exist, in a specific location by running the following command
sudo mkdir /var/lib/clamav
And move the downloaded file in this location by running the following command
cp daily.cvd /var/lib/clamav/daily.cvd
Finally, start the freshclam service:
sudo systemctl start clamav-freshclam
Using ClamAV to scan
To scan a specific directory:
$ clamscan --infected --remove --recursive /home/eutychus/
----------- SCAN SUMMARY -----------
Known viruses: 8652920
Engine version: 0.103.6
Scanned directories: 5
Scanned files: 7
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 18.999 sec (0 m 18 s)
Start Date: 2023:02:17 07:32:58
End Date: 2023:02:17 07:33:17
In the above command, we have used some options. These options have following meanings
- –infected: prints only infected files
- –remove: removes infected files
- –recursive: all the subdirectories in the directory will be scanned
You can use further options with this command. Run the following command in the terminal window to see all the available options
man clamscan
You can scan your whole ubuntu system by running the following command in the terminal window
sudo clamscan --infected --recursive --remove /
NOTE: This can take some time depending upon the amount of data and processing speed of your system
Installing ClamTK
ClamTK is a Graphical User Interface for ClamAV software program. If you are on a desktop system, you can install ClamTK as a GUI for ClamAV. Use this command to install:
sudo apt-get install clamtk
Once installed, you can search clamtk on the start menu or launch it with this command in the terminal:
clamtk
From the UI, you should have options to Scan Directory among other things.
Uninstalling ClamAV and ClamTK
So far we have discussed how to install and use ClamAV and ClamTK, so what if you want to remove these packages from your system? You can remove these packages by running the following commands:
sudo apt-get remove clamav clamav-daemon
Conclusion
ClamAV is an antivirus program which can be used to detect and remove trojans, malicious softwares including viruses from your system. In this article, we have discussed how to install ClamAV in ubuntu. After this we discussed how to update the ClamAV signature database and how to use ClamAV using the command line interface to scan a directory. After this we discussed how to install ClamTK which gives a graphical user interface and makes it easier to use. Then we compared the performance of these packages. At the end we learned how to remove these two packages completely from your system.