Objective
Install ClamAV on Ubuntu, and scan for viruses.
Distributions
Ubuntu 18.04
Requirements
A working install of Ubuntu 18.04 with root privileges
Difficulty
Easy
Conventions
- # – requires given linux commands to be executed with root privileges either directly as a root user or by use of
sudocommand - $ – given linux commands to be executed as a regular non-privileged user
Introduction
Viruses on Linux aren’t all that common, but they do still exist. So, it’s a good idea to set up an antivirus on your Linux desktop, and perform a scan every so often. It’s also a good idea to scan any new files you bring on to your computer to ensure that they’re safe.
On Linux, there isn’t the same wealth of antivirus options as there is on other operating systems. That’s mostly because there isn’t a need. That’s alright, though. ClamAV does the job very well.
It’s also worth noting that ClamAV doesn’t behave like a Windows antivirus. It doesn’t hog up RAM or run in the background all the time. It also doesn’t have all of the extra bells and whistles. It scans for viruses, and that’s about all.
Install ClamAV
ClamAV is available in the Ubuntu repositories, you can just install it with Apt.
$ sudo apt install clamav
Update The Threat Database
The first time you use ClamAV, you should update your virus database. The database update runs as a service in the background by default, so you won’t have to do this again. Just leave the service running.
In order to manually update the database, you’re going to need to stop the service temporarily. So, do that.
$ sudo systemctl stop clamav-freshclam
Next, run the freshclam utility to update the virus definitions.
$ sudo freshclam
It’ll take a few minutes to complete. When it’s done, restart the service.
$ sudo systemctl start clamav-freshclam
Command Line Scan
This is Linux, so there’s always a command line option. There isn’t really a big advantage either way with ClamAV. The linux command line and the GUI give you about the same options.
The command line does provide a more direct route, though, and ClamAV is scriptable. You can absolutely include it in a cron job.
Options
ClamAV has a lot of options that you can throw into your scan, and you can see them all with --help, but there are only a few that you really need to run your scan.
First, the -i and -r flags. -i tells ClamAV to only display infected files. This doesn’t affect the results report at the end, but it does minimize the amount of junk that gets spit out onto your terminal during the scan. The -r flag makes the scan recursive. More often than not, you’ll be scanning a folder. Scanning its contents is obviously important.
The next two controls that you need set limits on the scan size. The --max-scansize= flag sets the maximum amount of data that you want ClamAV to crawl through. The max is 4000M Keep in mind that this is the actual data being read, not the size of the files.
File size is the next flag. --max-filesize= sets the maximum size of the files that you want ClamAV to scan. This is for individual files. Again, the limit is 4000M.
Run The Scan
You’re now ready to put it all together and perform your scan. Say you want to scan your Downloads directory, you can run this:
$ clamscan -i -r --max-scansize=4000M --max-filesize=4000M ~/Downloads
That’s all there is to it. It might look like it’s not doing anything because the -i flag suppressed everything but infected files, but it will eventually print the results in your terminal.
Graphical Scan
If you prefer to work with a graphical tool, ClamAV has a great graphical interface in the form of ClamTK. It’s a simple GTK GUI, but it absolutely gets the job done.
Install ClamTK
Ubuntu has ClamTK available in its repositories. Install it.
$ sudo apt install clamtk
Set The Options
Open up ClamTK. As you can see, the interface is simple enough to use. Before you can get started with your scan, you probably want to set a few options. Click on the “Settings” icon under the “Configuration” heading.
A new window will open up with a list of options with associated checkboxes. Check the boxes to scan recursively, scan hidden files, and scan files larger than 20MB. Hit the “Back” button to return to the main menu.
Run The Scan
Now, you can run your scan. At the bottom of the window, click the icon to scan a directory. Select your directory, and the scan will begin immediately.
ClamTK gives you a nice progress bar to illustrate the scan’s progress. When the scan is finished, it’ll give you a breakdown of you scan’s results, including any infected files. If you do have any threats, it also provides an interface with options for how to handle them.
Closing Thoughts
ClamAV provides an excellent solution for virus scans on Linux. It allows you to scan your system in a variety of ways and control the scans. Don’t forget that ClamAV can scan files from your Windows partitions too.