ClamAV detects viruses on all platforms. Other antivirus programs running on Ubuntu can be found here.

Installing ClamAV from Ubuntu

By Default 'ClamAV' is in the Main repository so it can install it by the Software Center or Synaptic Package Manager. Just Search for 'clamAV' and install it.

ClamAV has two modes of operation, a program that loads into memory only when you want to scan a file, or for more regular use (such as scanning all incoming e-mail), a program that connects to a daemon that is always running.

Database updates can also be downloaded automatically.

  • For manual use: install the package clamav.

  • For automated use: install the package clamav-daemon.

Both methods will also install the updater clamav-freshclam.

If one wants a GUI, then install the package clamtk.

_Screenshot-Virus Scanner-1.png

Using ClamAV in the Terminal

Update Virus Definitions

Use freshclam.

You will see an output like this:

sudo freshclam
ClamAV update process started at Wed Apr 27 00:06:47 2005
main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm)
daily.cvd is up to date (version: 855, sigs: 714, f-level: 4, builder: ccordes)  


If you are using a http proxy to connect to the internet you will have to edit the file /etc/clamav/freshclam.conf adding:

HTTPProxyServer serveraddress
HTTPProxyPort portnumber

Scan Files

Use clamscan to check nearly all files on the computer, and report only warnings and infections:

sudo clamscan --max-filesize=3999M --max-scansize=3999M --exclude-dir=/sys/* -i -r /

When ClamAV has finished scanning it will report a summary:

----------- SCAN SUMMARY -----------
Known viruses: 33840
Scanned directories: 145
Scanned files: 226
Infected files: 1
Data scanned: 54.22 MB
I/O buffer size: 131072 bytes
Time: 20.831 sec (0 m 20 s)

IconsPage/info.png ClamAV can only read files that the user running it can read. If you want to check all files on the system, use the sudo command (see UsingSudo for more information).

Infected files reporting

when scanning recursively, one may generate a report via:  sudo clamscan -v -r /FOLDERTOSCAN | grep FOUND >> /path/to/save/report/file.txt 

ClamAV doesn't disinfect files, it either moves or removes them. This can be problematic. For example, if using Wine and it deletes an infected file, it could break a program without having the data saved.

Run ClamAV as a Daemon

Install clamav-daemon. You can then use clamdscan where you would previously have used clamscan. Lots of programs, especially e-mail servers, can connect to a ClamAV daemon. This speeds up virus scanning as the program is always in memory.

The clamav-daemon package creates a 'clamav' user; in order to allow ClamAV to scan system files, such as your mail spool, you can add clamav to the group that owns the files.

Let ClamAV listen for Incoming Scans

There are cases where you may want ClamAV daemon to act as a scanner for other systems, so you don't have to run everything locally on the system.

To do this, you simply have to modify the clamd.conf file and add TCPSocket PORTNUMBER and TCPAddr IPADDRESS arguments to the clamd.conf file and reload the daemon. The daemon will then accept connections to it via the IP address and Port combination you specify.

Check to find if Clamscan is running

Look for it in the processt list, or use this handy shortcut: ps ax | grep [c]lamd

Remove Infected Files

You can add --remove to the clamscan or clamdscan command-line.

IconsPage/warning.png Note: No virus scanner is 100% accurate. It is always best to manually check the files you delete, if you are not totally sure that this is what you want to do.

Find ClamAV Version Number

Use clamdscan -V:

user@ubuntu:/etc/clamav # clamdscan -V
ClamAV 0.83/855/Tue Apr 26 06:40:32 2005  

Learn About ClamAv's Other Options

man clamscan.

Schedule ClamAV

You can use the at command to schedule clamscan or freshclam. For example:

at 3:30 tomorrow
at>clamscan -i /home/user | mail
at> <CTRL-D> 
job 3 at 2005-04-28 03:30

You have now scheduled a ClamAV scan to happen on your home directory at 3:30 AM tomorrow. The output (showing only infected files) will be sent to you by e-mail.

External Links

* ClamAV homepage


ClamAV (last edited 2017-07-10 22:54:01 by 245)