Anti-Virus Solution Linux

Ubuntu Linux Protection on ClamAV & ClamTK: A Guide

Ubuntu Linux Protection: ClamAV & ClamTK Guide
Install, Manage, Use and Uninstall ClamAV and ClamTK

Looking for Ubuntu Linux protection? Clam AntiVirus (ClamAV) is a free and open-source antivirus software program with a command-line interface. It, along with ClamTK, can quarantine and remove malicious files, emails, web pages, and more. Moreover, ClamAV is available as a cPanel server plugin, making it a valuable tool for safeguarding your computer system from viruses.

As of today, several high-profile organizations use ClamAV, including Cisco, Google, IBM, McAfee, Microsoft, Sophos, and Symantec. ClamAV can detect trojans and malicious software, including viruses. Ubuntu Linux protection can scan files quickly and detect over one million viruses and Trojans. One of its primary applications is to scan emails on mail gateways. ClamAV and ClamTK are supported by the following Linux operating systems: Ubuntu (16.04, 18.04, and 20.04, and 2022), Debian (7,8), and CentOS (6,7). This blog post explains Ubuntu Linux Protection on ClamAV & ClamTK.

Securing Your Linux Machine: The Need for Antivirus Software

Similar to how we use antivirus software on Windows, the Linux operating system requires antivirus software to keep your computer virus-free. Although it is a general belief that viruses do not exist in Linux, this is not true. Malware and viruses do exist on Linux, but they are rare. If you want to make your Linux machine more secure, then you need to install an antivirus.

If you’re looking to learn more about various ways to secure your system, take a look at the following related posts: How to restore quarantined files in Microsoft Defender Antivirus, How to Configure and validate exclusions for Microsoft Defender Antivirus scans, How to Configure Attack Surface Reduction in Microsoft Defender using PowerShell and Group Policy, Periodic Scanning: How to schedule Windows Defender Antivirus to scan on Windows and How to fix repeated app blocking connection alerts from Norton on Mac

In this post, you will learn how to install, manage, use, and uninstall ClamAV and ClamTK on Ubuntu and how to use them to scan your system for viruses. You will also get to learn how to update the database and install the GUI to make scanning easier.


This is a hands-on demonstration. If you’d like to follow along, make sure you have an Ubuntu system ready to go. In this demonstration, we’re using Ubuntu 20.04 which can be downloaded here. Any recent version should work fine. Or you can also launch a Linux Virtual Machines on Microsoft or AWS Cloud platform and use it for this purpose.

Installing and Using ClamAV on Ubuntu Linux protection

Here we will install ClamAV using the apt package manager which is the most convenient way to install ClamAV on Ubuntu. Follow the steps below to get along with me:

Step 1: Open a terminal and run the following command to update the system package repository index before you install ClamAV on Ubuntu.

$apt update -y
Updating System Repository Package index
Updating System Repository Package index

Step 2: Run the below command to install ClamAV on Ubuntu. This command installs two packages: ClamAV and ClamAV-daemon. The former is the ClamAV scanner, while the latter is a background service that enables on-access scanning.

apt install clamav clamav-daemon -y
Installing ClamAV
Installing ClamAV

Step 3: After the installation, verify the ClamAV version by running the below command.

clamscan --version
Verifying version
Verifying ClamAV version

Updating Virus Definitions/Databases

ClamAV detects malware using virus signature databases. The most recent signatures are regularly updated in these databases. You must also download and install these updates on your ClamAV installation in order to stay protected Ubuntu Linux protection.

When you install ClamAV on Ubuntu, the freshclam service will automatically download database updates once per day by default. However, you can manually update the databases as well. Why do manual updates? There are two primary causes:

  1. You don’t want to wait for the automatic update; you want to scan for malware right away.
  2. The automatic updater is not working correctly.

The procedure for updating virus definitions is extremely simple. When you install ClamAV on Ubuntu, a built-in program named freshclam is available that may handle all the work for you, including downloading the databases and reloading ClamAV.

The steps for updating virus definitions are listed below: 

Step 1: Stop the clamav-freshclam service first before manually updating the databases Ubuntu Linux protection. This service is responsible for executing automated updates. Use the systemctl command listed below to turn off the clamav-freshclam service:

systemctl stop clamav-freshclam
Stopping Service
Stopping ClamAV Service

Step 2: Next, run freshclam to download the updates.

Update clamAV Database
Update Database

Step 3 –  After the updates, start the clamav-freshclam service so that it will automatically update the databases in the future.

systemctl start clamav-freshclam
Starting Service and Checking the status
Starting ClamAV Service and Checking the status

Scanning for Viruses Using the CLI on Ubuntu Linux protection

It’s time to scan your system for viruses now that ClamAV has been installed and the databases have been updated. The command line and the graphical user interface are the two methods available to accomplish this.

If you wish to learn how to use the GUI, you can skip to the next section. The CLI will be highlighted in this section Ubuntu Linux protection. The clamscan command is the command-line tool for running the virus scan. You can list the options available with the clamscan by looking up the man pages for clamscan

Running a Directory Scan

Despite the fact that clamscan has a variety of options, the ones you’ll utilize in this section are:

-i, –infected – Display only the infected files on the screen and will not show clean files. Use this option to suppress

-r, –recursive – Performs a recursive scan of the folder and subfolders. Do not use this option to limit the scan to the top folder.

--remove - Automatically remove infected files. Be careful when using this option because ClamAV will also remove those files if a false-positive detection happens.

Depending on how many files you have on your system, the scan could take anything from a few minutes to several hours. You might want to think about leaving it running overnight or when you’re not using the computer.

For instance, I run the command below to scan a directory called Downloads-Folder on my system recursively. The Downloads-Folder directory contains 4 files

clamscan --infected --remove --recursive ~/Downloads-Folder

A summary of the scan’s findings is displayed immediately when the scan is completed. Below, you can see that the scan only discovered one malicious file Ubuntu Linux protection. The file was also destroyed by clamscan automatically because the –remove option was present.

Scanning a Directory with ClamAV
Scanning a Directory with ClamAV

From the summary, we can see the number of known viruses and the number of directories scanned.

Running a File Scan

You have the option to do an on-demand scan to check the file’s safety after receiving or downloading it. The clamscan command is still present, and the file path to be scanned follows. If the file is malicious, the –remove option will automatically remove it.

clamscan --remove ~/Documents/
Scan a file
Scan a file

Scanning for Viruses Using GUI

Installing ClamTk, a lightweight GUI for ClamAV will give you a graphical user interface if you desire one.

Installing ClamTk on Ubuntu Linux protection

For Linux desktop users, ClamTk is a free software graphical user interface for the ClamAV command line antivirus tool. If your Ubuntu Operating System has a graphical user interface, ClamTk makes it easy for you to run directories and files scan using the normal graphical user interface instead of using a terminal.

To install ClamTK, run the command below:

apt install clamtk -y
Install Clamtk

To launch the Clam Tk application after the installation, run the below command:


Unfortunately, my Ubuntu doesn’t have a Graphical User Interface. So I won’t be to demonstrate further but in your case where there is a GUI on your Ubuntu OS, you should see a window containing a list of applications, directories/folders and files appearing after running the clamtk command above.

From the above, you will be given the option to scan a file or scan a directory. By simply clicking on any of them, you will have them scanned for viruses and malware.

Comparison of ClamAV and ClamTK’s performance on Ubuntu Linux protection

When I used both ClamAV and ClamTK, I did not observe any performance differences between ClamAV and ClamTK. You can therefore choose to use any of them, but ClamTK is the best option because it offers a graphical user interface that makes it simpler to use, especially for novices.

Uninstalling ClamAV and ClamTK on Ubuntu Linux protection

What if you want to uninstall ClamAV and ClamTK from your system after learning to install and use them? You can get rid of these packages by running the below commands:

$sudo apt-get remove clamav clamav-daemon
Uninstalling ClamAV
Uninstalling ClamAV

To remove ClamTK Ubuntu Linux protection and every other component completely, run:

sudo apt-get autoremove
ClamAV and ClamTK were completely removed from the system
ClamAV and ClamTK were completely removed from the system

Now ClamAV and ClamTK have been completely removed from your system.


In conclusion, ClamAV can be used to scan and get rid of viruses, malware, and trojans from your computer. We have covered how to install ClamAV in Ubuntu in this post. After that, we talked about utilizing ClamAV’s command line interface to scan a directory and a file and how to update the signature database. After that, we talked about installing ClamTK, which has an easier-to-use graphical user interface. Then we evaluated these packages’ performance in comparison. Finally, we learned how to totally uninstall these two packages from your computer.

I hope you found this blog post Ubuntu Linux Protection on ClamAV & ClamTK helpful. Please let me know in the comment session if you have any questions.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x