ClamAV detects viruses on all platforms. Other antivirus programs running on Ubuntu can be found here.
Installing ClamAV from Ubuntu
By Default 'ClamAV' is in the Main repository so it can install it by the Software Center or Synaptic Package Manager. Just Search for 'clamAV' and install it.
ClamAV has two modes of operation, a program that loads into memory only when you want to scan a file, or for more regular use (such as scanning all incoming e-mail), a program that connects to a daemon that is always running.
Database updates can also be downloaded automatically.
For manual use: install the package clamav.
For automated use: install the package clamav-daemon.
Both methods will also install the updater clamav-freshclam.
If one wants a GUI, then install the package clamtk.
Using ClamAV in the Terminal
Update Virus Definitions
You will see an output like this:
sudo freshclam ClamAV update process started at Wed Apr 27 00:06:47 2005 main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm) daily.cvd is up to date (version: 855, sigs: 714, f-level: 4, builder: ccordes)
If you are using a http proxy to connect to the internet you will have to edit the file /etc/clamav/freshclam.conf adding:
HTTPProxyServer serveraddress HTTPProxyPort portnumber
Use clamscan to check nearly all files on the computer, and report only warnings and infections:
sudo clamscan --max-filesize=3999M --max-scansize=3999M --exclude-dir=/sys/* -i -r /
When ClamAV has finished scanning it will report a summary:
----------- SCAN SUMMARY ----------- Known viruses: 33840 Scanned directories: 145 Scanned files: 226 Infected files: 1 Data scanned: 54.22 MB I/O buffer size: 131072 bytes Time: 20.831 sec (0 m 20 s)
ClamAV can only read files that the user running it can read. If you want to check all files on the system, use the sudo command (see UsingSudo for more information).
Infected files reporting
when scanning recursively, one may generate a report via: sudo clamscan -v -r /FOLDERTOSCAN | grep FOUND >> /path/to/save/report/file.txt
ClamAV doesn't disinfect files, it either moves or removes them. This can be problematic. For example, if using Wine and it deletes an infected file, it could break a program without having the data saved.
Run ClamAV as a Daemon
Install clamav-daemon. You can then use clamdscan where you would previously have used clamscan. Lots of programs, especially e-mail servers, can connect to a ClamAV daemon. This speeds up virus scanning as the program is always in memory.
The clamav-daemon package creates a 'clamav' user; in order to allow ClamAV to scan system files, such as your mail spool, you can add clamav to the group that owns the files.
Let ClamAV listen for Incoming Scans
There are cases where you may want ClamAV daemon to act as a scanner for other systems, so you don't have to run everything locally on the system.
To do this, you simply have to modify the clamd.conf file and add TCPSocket PORTNUMBER and TCPAddr IPADDRESS arguments to the clamd.conf file and reload the daemon. The daemon will then accept connections to it via the IP address and Port combination you specify.
Check to find if Clamscan is running
Look for it in the processt list, or use this handy shortcut: ps ax | grep [c]lamd
Remove Infected Files
You can add --remove to the clamscan or clamdscan command-line.
Note: No virus scanner is 100% accurate. It is always best to manually check the files you delete, if you are not totally sure that this is what you want to do.
Find ClamAV Version Number
Use clamdscan -V:
user@ubuntu:/etc/clamav # clamdscan -V ClamAV 0.83/855/Tue Apr 26 06:40:32 2005
Learn About ClamAv's Other Options
You can use the at command to schedule clamscan or freshclam. For example:
at 3:30 tomorrow at>clamscan -i /home/user | mail email@example.com at> <CTRL-D> job 3 at 2005-04-28 03:30
You have now scheduled a ClamAV scan to happen on your home directory at 3:30 AM tomorrow. The output (showing only infected files) will be sent to you by e-mail.
* ClamAV homepage http://www.clamav.net/