Clam AntiVirus (ClamAV) is a free and open-source command-line interface antivirus software program. ClamAV and ClamTK have the ability to quarantine and remove malicious files, emails, web pages, and more. Additionally, ClamAV is accessible as a cPanel server plugin. When you want to protect your computer system from viruses, ClamAV is a good tool to use. As of today, several high-profile organizations use ClamAV, including Cisco, Google, IBM, McAfee, Microsoft, Sophos, and Symantec. ClamAV can detect trojans and malicious software, including viruses. It can scan files quickly and detect over one million viruses and Trojans. One of its primary applications is to scan emails on mail gateways. ClamAV and ClamTK are supported by the following Linux operating systems: Ubuntu (16.04, 18.04, and 20.04, and 2022), Debian (7,8), and CentOS (6,7).
Similar to how we use antivirus software on Windows, the Linux operating system requires antivirus software to keep your computer virus-free. Although it is a general belief that viruses do not exist in Linux, this is not true. Malware and viruses do exist on Linux, but they are rare. If you want to make your Linux machine more secure, then you need to install an antivirus. If you’re looking to learn more about various ways to secure your system, take a look at the following related posts: How to restore quarantined files in Microsoft Defender Antivirus, How to Configure and validate exclusions for Microsoft Defender Antivirus scans, How to Configure Attack Surface Reduction in Microsoft Defender using PowerShell and Group Policy, Periodic Scanning: How to schedule Windows Defender Antivirus to scan on Windows and How to fix repeated app blocking connection alerts from Norton on Mac
In this post, you will learn how to install, manage, use, and uninstall ClamAV and ClamTK on Ubuntu and how to use them to scan your system for viruses. You will also get to learn how to update the database and install the GUI to make scanning easier.
This is a hands-on demonstration. If you’d like to follow along, make sure you have an Ubuntu system ready to go. In this demonstration, we’re using Ubuntu 20.04 which can be downloaded here. Any recent version should work fine. Or you can also launch a Linux Virtual Machines on Microsoft or AWS Cloud platform and use it for this purpose.
Installing and Using ClamAV
Here we will install ClamAV using the apt package manager which is the most convenient way to install ClamAV on Ubuntu. Follow the steps below to get along with me:
Step 1: Open a terminal and run the following command to update the system package repository index before you install ClamAV on Ubuntu.
$apt update -y
Step 2: Run the below command to install ClamAV on Ubuntu. This command installs two packages: ClamAV and ClamAV-daemon. The former is the ClamAV scanner, while the latter is a background service that enables on-access scanning.
apt install clamav clamav-daemon -y
Step 3: After the installation, verify the ClamAV version by running the below command.
Updating Virus Definitions/Databases
ClamAV detects malware using virus signature databases. The most recent signatures are regularly updated in these databases. You must also download and install these updates on your ClamAV installation in order to stay protected.
When you install ClamAV on Ubuntu, the
freshclam service will automatically download database updates once per day by default. However, you can manually update the databases as well. Why do manual updates? There are two primary causes:
- You don’t want to wait for the automatic update; you want to scan for malware right away.
- The automatic updater is not working correctly.
The procedure for updating virus definitions is extremely simple. When you install ClamAV on Ubuntu, a built-in program named
freshclam is available that may handle all the work for you, including downloading the databases and reloading ClamAV.
The steps for updating virus definitions are listed below:
Step 1: Stop the
clamav-freshclam service first before manually updating the databases. This service is responsible for executing automated updates. Use the
systemctl command listed below to turn off the
systemctl stop clamav-freshclam
Step 2: Next, run
freshclam to download the updates.
Step 3 – After the updates, start the
clamav-freshclam service so that it will automatically update the databases in the future.
systemctl start clamav-freshclam
Scanning for Viruses Using the CLI
It’s time to scan your system for viruses now that ClamAV has been installed and the databases have been updated. The command line and the graphical user interface are the two methods available to accomplish this.
If you wish to learn how to use the GUI, you can skip to the next section. The CLI will be highlighted in this section. The
clamscan command is the command-line tool for running the virus scan. You can list the options available with the
clamscan by looking up the
man pages for clamscan
Running a Directory Scan
Despite the fact that
clamscan has a variety of options, the ones you’ll utilize in this section are:
-i, –infected – Display only the infected files on the screen and will not show clean files. Use this option to suppress -r, –recursive – Performs a recursive scan of the folder and subfolders. Do not use this option to limit the scan to the top folder. --remove - Automatically remove infected files. Be careful when using this option because ClamAV will also remove those files if a false-positive detection happens.
Depending on how many files you have on your system, the scan could take anything from a few minutes to several hours. You might want to think about leaving it running overnight or when you’re not using the computer.
For instance, I run the command below to scan a directory called Downloads-Folder on my system recursively. The Downloads-Folder directory contains 4 files
clamscan --infected --remove --recursive ~/Downloads-Folder
A summary of the scan’s findings is displayed immediately when the scan is completed. Below, you can see that the scan only discovered one malicious file. The file was also destroyed by
clamscan automatically because the –remove option was present.
From the summary, we can see the number of known viruses and the number of directories scanned.
Running a File Scan
You have the option to do an on-demand scan to check the file’s safety after receiving or downloading it. The
clamscan command is still present, and the file path to be scanned follows. If the file is malicious, the –remove option will automatically remove it.
clamscan --remove ~/Documents/file1.zip
Scanning for Viruses Using GUI
Installing ClamTk, a lightweight GUI for ClamAV will give you a graphical user interface if you desire one.
For Linux desktop users, ClamTk is a free software graphical user interface for the ClamAV command line antivirus tool. If your Ubuntu Operating System has a graphical user interface, ClamTk makes it easy for you to run directories and files scan using the normal graphical user interface instead of using a terminal.
To install ClamTK, run the command below:
apt install clamtk -y https://adamtheautomator.com/install-clamav-on-ubuntu/ https://linuxhint.com/install_clamav_ubuntu/
To launch the Clam Tk application after the installation, run the below command:
Unfortunately, my Ubuntu doesn’t have a Graphical User Interface. So I won’t be to demonstrate further but in your case where there is a GUI on your Ubuntu OS, you should see a window containing a list of applications, directories/folders and files appearing after running the clamtk command above.
From the above, you will be given the option to scan a file or scan a directory. By simply clicking on any of them, you will have them scanned for viruses and malware.
Comparison of ClamAV and ClamTK’s performance
When I used both ClamAV and ClamTK, I did not observe any performance differences between ClamAV and ClamTK. You can therefore choose to use any of them, but ClamTK is the best option because it offers a graphical user interface that makes it simpler to use, especially for novices.
Uninstalling ClamAV and ClamTK
What if you want to uninstall ClamAV and ClamTK from your system after learning to install and use them? You can get rid of these packages by running the below commands:
$sudo apt-get remove clamav clamav-daemon
To remove ClamTK and every other component completely, run:
sudo apt-get autoremove
Now ClamAV and ClamTK have been completely removed from your system.
In conclusion, ClamAV can be used to scan and get rid of viruses, malware, and trojans from your computer. We have covered how to install ClamAV in Ubuntu in this post. After that, we talked about utilizing ClamAV’s command line interface to scan a directory and a file and how to update the signature database. After that, we talked about installing ClamTK, which has an easier-to-use graphical user interface. Then we evaluated these packages’ performance in comparison. Finally, we learned how to totally uninstall these two packages from your computer.