ClamAV can only detect viruses and move any infected files into a quarantined folder; it cannot remove them from files. ClamAv detects viruses on all platforms, but it is primarily useful for Windows viruses and malware.
Other antivirus programs running on Ubuntu can be found here.
Installing ClamAV from Ubuntu 10.04
By Default 'ClamAV' is in the Main repository so it can install it by the Software Center or Synaptic Package Manager. Just Search for 'clamAv' and install it.
ClamAV has two modes of operation; a program that loads into memory only when you want to scan a file, or for more regular use (such as scanning all incoming e-mail), a program that connects to a daemon that is always running.
Database updates can also be downloaded automatically .
For manual use: install the package clamav.
For automated use: install the package clamav-daemon.
Both methods will also install clamav-freshclam, the updater.
ClamAV Does not come with a GUI by default so you must use the Terminal to use it. How ever you can install ClamTK http://clamtk.sourceforge.net/ which will add a GUI front for ClamAV you can install it in any package manager but a more update version can be found on the website http://clamtk.sourceforge.net/. Once installed search for Virus scanner and open to use.
Using the ClamAV PPA from Ubuntu 10.04
Updated packages are usually available from the Ubuntu-clamav team, https://launchpad.net/~ubuntu-clamav/+archive/ppa. Note that the packages may not be completely functional and are supported by the community only. ClamAV has official support in Ubuntu for packages installed from the Main repository. It takes some time to get them tested.
To install the updated PPA packages on Ubuntu 10.04 :
- Open the Software sources then open the 'other software' tab, click add then enter the following and close : ppa:ubuntu-clamav/ppa
Using ClamAV in the Terminal
Update Virus Definitions
You will see an output like this:
user@ubuntu:/etc/clamav # sudo freshclam ClamAV update process started at Wed Apr 27 00:06:47 2005 main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm) daily.cvd is up to date (version: 855, sigs: 714, f-level: 4, builder: ccordes)
If you are using a http proxy to connect to the internet you will have to edit the file /etc/clamav/freshclam.conf adding:
HTTPProxyServer serveraddress HTTPProxyPort portnumber
To check files in the all users home directories: clamscan -r /home
To check all files on the computer, displaying the name of each file: clamscan -r /
To check all files on the computer, but only display infected files and ring a bell when found: clamscan -r --bell -i /
When ClamAV has scanned all the files you asked it to, it will report a summary:
----------- SCAN SUMMARY ----------- Known viruses: 33840 Scanned directories: 145 Scanned files: 226 Infected files: 1 Data scanned: 54.22 MB I/O buffer size: 131072 bytes Time: 20.831 sec (0 m 20 s)
ClamAV can only read files that the user running it can read. If you want to check all files on the system, use the sudo command (see UsingSudo for more information).
Infected files reporting
In case you are recursively scanning the whole /home folder (or even the whole system) from a terminal emulator on your GUI, possibly there will be lots of files. In that case, as the output you will get is not infinite, it probably will help to generate a report containing the paths to all infected files. In that case you can do the following:
sudo clamscan -r /folder/to/scan/ | grep FOUND >> /path/to/save/report/file.txt
Be patient if you run that command and it doesn't seem to be working because even if you don't see the complete output it is really scanning the files. When you see the prompt again, that will mean the scan is finished and that you can open the file it has created to check any infected file detected in your system.
As Clamav doesn't disinfect the files, sometimes will be better to just know what are the infected files before putting it on quarantine or removing it. For example, you could be using Wine and by deleting an infected file you could break a program without having saved some data.
Run ClamAV as a Daemon
Install clamav-daemon. You can then use clamdscan where you would previously have used clamscan. Lots of programs, especially e-mail servers, can connect to a ClamAV daemon. This speeds up virus scanning as the program is always in memory.
The clamav-daemon package creates a 'clamav' user; in order to allow ClamAV to scan system files, such as your mail spool, you can add clamav to the group that owns the files.
Let ClamAV listen for Incoming Scans
There are cases where you may want ClamAV daemon to act as a scanner for other systems, so you don't have to run everything locally on the system.
To do this, you simply have to modify the clamd.conf file and add TCPSocket PORTNUMBER and TCPAddr IPADDRESS arguments to the clamd.conf file and reload the daemon. The daemon will then accept connections to it via the IP address and Port combination you specify.
Check to find if Clamscan is running
Look for it in the processt list, or use this handy shortcut: ps ax | grep [c]lamd
Remove Infected Files
You can add --remove to the clamscan or clamdscan command-line.
Note: No virus scanner is 100% accurate. It is always best to manually check the files you delete, if you are not totally sure that this is what you want to do.
Find ClamAV Version Number
Use clamdscan -V:
user@ubuntu:/etc/clamav # clamdscan -V ClamAV 0.83/855/Tue Apr 26 06:40:32 2005
Learn About ClamAv's Other Options
Try man clamscan.
You can use the at command to schedule clamscan or freshclam. For example:
at 3:30 tomorrow at>clamscan -i /home/user | mail email@example.com at> <CTRL-D> job 3 at 2005-04-28 03:30
You have now scheduled a ClamAV scan to happen on your home directory at 3:30 AM tomorrow. The output (showing only infected files) will be sent to you by e-mail.