Clam AntiVirus (ClamAV) is a free and open source command line interface antivirus software program. It is used to detect trojans and malicious softwares including viruses. It can scan files quickly and can scan over one million viruses and trojans. One of its main uses is to scan emails on mail gateways. ClamAV is supported by the following Linux Operating Systems Ubuntu (16.04, 18.04), Debian (7,8), CentOS (6,7). In this blog we will discuss how to install and use ClamAV in Ubuntu.
Does Ubuntu Need AntiVirus?
If you have been using Windows Operating system, you will be familiar with antiviruses. Antiviruses are the software programs which run in the background and check for the viruses which cause problems.
It is most commonly known as viruses do not exist in Linux but it is not true. Malwares and viruses do exist in Linux but they are not quite common. If you want to make your Linux machine more secure then you need to install antivirus.
Installing ClamAV
In order to install ClamAV on your machine, first of all run the following command to update your system
ubuntu@ubuntu:~$ sudo apt-get update
After updating your machine, now run the following command to install ClamAV
ubuntu@ubuntu:~$ sudo apt-get install clamav clamav-daemon
Now ClamAV has been installed on your machine. Run the following command to check whether it has been installed or not
ubuntu@ubuntu:~$ clamscan –version
If the above command gives the version of ClamAV then it has been installed successfully.
Updating the ClamAV Signature Database
So far you have installed ClamAV on your machine, now you need to update the ClamAV signature database. To install ClamAV signature database, follow the given steps
- Stop freshclam service
- Update the signature database (Two methods)
- Update by running the command in the terminal
- Update by downloading daily.cvd file
- Start freshclam service
First step is to stop the clamav-freshclam service by running the following command in the terminal window
ubuntu@ubuntu:~$ sudo systemctl stop clamav-freshclam
In the Second Step, now we have to update the signature database manually. There are two ways to do so. First Method involves to run the following command in the terminal
ubuntu@ubuntu:~$ sudo freshclam
This command will install the signature database in your machine. If this command does not work, then goto the following link to download signature database file
https://database.clamav.net/daily.cvd
Now create a directory named “clamav”, if does not exist, in a specific location by running the following command
ubuntu@ubuntu:~$ sudo mkdir /var/lib/clamav
And move the downloaded file in this location by running the following command
ubuntu@ubuntu:~$ cp daily.cvd /var/lib/clamav/daily.cvd
Now the third step is to start the clamav-freshclam service by running the following command.
ubuntu@ubuntu:~$ sudo systemctl start clamav-freshclam
In the above command, we have used some options. These options have following meanings
- –infected: prints only infected files
- –remove: removes infected files
- –recursive: all the subdirectories in the directory will be scanned
You can use further options with this command. Run the following command in the terminal window to see all the available options
ubuntu@ubuntu:~$ man clamscan
You can scan your whole ubuntu system by running the following command in the terminal window
ubuntu@ubuntu:~$ sudo clamscan –infected –recursive –remove /
NOTE: This can take some time depending upon the amount of data and processing speed of your system
Installing ClamTK
ClamTK is a Graphical User Interface for ClamAV software program. If you have issues while using the ClamAV command line interface, you can install ClamTK that is a graphical user interface for ClamAV. In order to install ClamTK, run the following command in the terminal window
ubuntu@ubuntu:~$ sudo apt-get install clamtk
Getting Started with ClamTK
Here we will discuss how to scan a directory using ClamTK. First of all run the following command to start ClamTK package
A window, as shown in the following figure, will appear
Now click on the “Scan a directory” from the analysis group and select the desired directory. ClamTK will scan that directory and display the result as shown in the following figure
Performance Comparison between ClamAV and ClamTK
While using ClamAV and ClamTK, I did not notice any difference between the performance of the two packages. So you can use any of them but the best choice is to use ClamTK as it provides a graphical user interface which makes it easier to use, specially for beginners.
Uninstalling ClamAV and ClamTK
So far we have discussed how to install and use ClamAV and ClamTK, so what if you want to remove these packages from your system? You can remove these packages by running the following commands
ubuntu@ubuntu:~$ sudo apt-get remove clamav clamav-daemon
Scanning a Directory
Now ClamAV is ready to use and can be used in Ubuntu by using clamscan command. Run the following command to scan the desktop directory.
ubuntu@ubuntu:~$ sudo clamscan –infected –remove –recursive
/home/ubuntu/Desktop
The above command will scan the Desktop directory and gives us its statistics related to scanning as shown in the figure below
When you run the above command, it will automatically remove ClamTK as well. Now run the following command to remove unwanted files from your system
ubuntu@ubuntu:~$ sudo apt-get autoremove
Now ClamAV and ClamTK have been removed completely from your system.
Conclusion
ClamAV is an antivirus program which can be used to detect and remove trojans, malicious softwares including viruses from your system. In this blog, we have discussed how to install ClamAV in ubuntu. After this we discussed how to update the ClamAV signature database and how to use ClamAV using the command line interface to scan a directory. After this we discussed how to install ClamTK which gives a graphical user interface and makes it easier to use. Then we compared the performance of these packages. At the end we learnet how to remove these two packages completely from your system.
After reading this blog, you will be able to use ClamAV and ClamTK easily. I have explained everything in detail and hope you will find this blog useful.
About the author
Usama Azad
A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14