ClamAV is an actively maintained and highly secure open source antivirus software. It is extremely lightweight, which makes it ideal for any device. It is available for all major operating systems including Linux, MacOS, Windows and Solaris. In this article, we demonstrate how to install and run an antivirus scan using ClamAV.
Antivirus software is an important add-on to any operating system, especially if the OS is connected to other computers on a network. While there are not many malware or trojans created specifically to target Linux, your computer may still be vulnerable to other vulnerable computers on the network. Linux is highly secure, but not infallible. So you need an open source, highly secure, regularly updated and (ideally) lightweight antivirus for your Linux based OS. And that is exactly the requirement that ClamAV fulfils. With its latest stable version (v0.102.0) released recently, ClamAV is currently the only open source antivirus software that is updated and maintained regularly by an active community.
• The salient features of ClamAV are:
• Open source and regularly updated
• Highly secure
• Supports all major operating systems (Linux, MacOS, Windows and Solaris)
• Extremely lightweight and runs well on devices with low configurations
• Capable of detecting infections in a wide array of file types
While the installation process for ClamAV is pretty straightforward in most operating systems, there are a couple of more steps involved if you are trying to do so on Windows or MacOS machines. For instance, for MacOS, the best option is to install ClamAV using Homebrew. To keep things simple, I will cover ClamAV installation on a Linux distribution. However, if you would like to install it on a different operating system, detailed guides are available at the link given in the Reference section.
ClamAV provides separate packages for different Linux distros with specific installation instructions for each.
For Ubuntu/Debian, we can install ClamAV by simply executing an apt-get command. Just open up a terminal and run the following code:
sudo apt-get install clamav
You will be asked whether you want to allot the disk space required. Press ‘y’ for ‘Yes’ and hit the return key to continue with the installation.
Running a scan
Running a scan on ClamAV is a pretty straightforward and easy process. The first step is to update the signatures. A signature is used to differentiate between a clean file and an infected one. ClamAV signatures are primarily text based and conform to one of the ClamAV-specific signature formats associated with a given method of detection. Run the following code to update signatures:
We can scan a specific file or a directory containing multiple sub-directories and files. We use the clamscan command for this purpose. There are many parameters that can go with clamscan as it is a multi-option rich command. Type the following code to see all the different things you can do with clamscan:
I have created a test folder on my desktop with some sample files to scan, using ClamAV. Let us go ahead and run the clamscan command to see what results we get.
clamscan -r --bell -i /home/shah/Desktop/testfolder
The bell keyword in the above code causes ClamAV to make a bell sound upon detecting an infected file.
If any infected files are detected, you can remove the files using the following command:
clamscan -r --remove
Using a GUI for ClamAV
So far, we have seen how easy it can be to run ClamAV from a terminal. However, if the terminal is simply not your thing and you crave for a GUI to run ClamAV, then ClamTk is just the solution you are looking for. ClamTk is a gtk2 GUI for ClamAV. You can install it by using the following command:
sudo apt-get install clamtk
Once installed, you will find it in your applications dashboard. Open ClamTk and choose any directory that you would like to scan by selecting the ‘Scan a directory’ option. You can also schedule regular automated scans for your computer using ClamTk.