ObjectiveInstall ClamAV on Ubuntu, and scan for viruses.
RequirementsA working install of Ubuntu 18.04 with root privileges
- # - requires given linux commands to be executed with root privileges either directly as a root user or by use of
- $ - given linux commands to be executed as a regular non-privileged user
IntroductionViruses on Linux aren't all that common, but they do still exist. So, it's a good idea to set up an antivirus on your Linux desktop, and perform a scan every so often. It's also a good idea to scan any new files you bring on to your computer to ensure that they're safe.
On Linux, there isn't the same wealth of antivirus options as there is on other operating systems. That's mostly because there isn't a need. That's alright, though. ClamAV does the job very well.
It's also worth noting that ClamAV doesn't behave like a Windows antivirus. It doesn't hog up RAM or run in the background all the time. It also doesn't have all of the extra bells and whistles. It scans for viruses, and that's about all.
Install ClamAVClamAV is available in the Ubuntu repositories, you can just install it with Apt.
$ sudo apt install clamav
Update The Threat DatabaseThe first time you use ClamAV, you should update your virus database. The database update runs as a service in the background by default, so you won't have to do this again. Just leave the service running.
In order to manually update the database, you're going to need to stop the service temporarily. So, do that.
$ sudo systemctl stop clamav-freshclamNext, run the
freshclamutility to update the virus definitions.
$ sudo freshclamIt'll take a few minutes to complete. When it's done, restart the service.
$ sudo systemctl start clamav-freshclam
Command Line ScanThis is Linux, so there's always a command line option. There isn't really a big advantage either way with ClamAV. The linux command line and the GUI give you about the same options.
The command line does provide a more direct route, though, and ClamAV is scriptable. You can absolutely include it in a cron job.
OptionsClamAV has a lot of options that you can throw into your scan, and you can see them all with
--help, but there are only a few that you really need to run your scan.
-itells ClamAV to only display infected files. This doesn't affect the results report at the end, but it does minimize the amount of junk that gets spit out onto your terminal during the scan. The
-rflag makes the scan recursive. More often than not, you'll be scanning a folder. Scanning its contents is obviously important.
The next two controls that you need set limits on the scan size. The
--max-scansize=flag sets the maximum amount of data that you want ClamAV to crawl through. The max is
4000MKeep in mind that this is the actual data being read, not the size of the files.
File size is the next flag.
--max-filesize=sets the maximum size of the files that you want ClamAV to scan. This is for individual files. Again, the limit is
Run The ScanYou're now ready to put it all together and perform your scan. Say you want to scan your
Downloadsdirectory, you can run this:
$ clamscan -i -r --max-scansize=4000M --max-filesize=4000M ~/DownloadsThat's all there is to it. It might look like it's not doing anything because the
-iflag suppressed everything but infected files, but it will eventually print the results in your terminal.
Graphical ScanIf you prefer to work with a graphical tool, ClamAV has a great graphical interface in the form of ClamTK. It's a simple GTK GUI, but it absolutely gets the job done.
Install ClamTKUbuntu has ClamTK available in its repositories. Install it.
$ sudo apt install clamtk