ClamAV: Use this Open Source Software to Protect your Operating System

0
4161

ClamAV is an actively maintained and highly secure open source antivirus software. It is extremely lightweight, which makes it ideal for any device. It is available for all major operating systems including Linux, MacOS, Windows and Solaris. In this article, we demonstrate how to install and run an antivirus scan using ClamAV.

Antivirus software is an important add-on to any operating system, especially if the OS is connected to other computers on a network. While there are not many malware or trojans created specifically to target Linux, your computer may still be vulnerable to other vulnerable computers on the network. Linux is highly secure, but not infallible. So you need an open source, highly secure, regularly updated and (ideally) lightweight antivirus for your Linux based OS. And that is exactly the requirement that ClamAV fulfils. With its latest stable version (v0.102.0) released recently, ClamAV is currently the only open source antivirus software that is updated and maintained regularly by an active community.

• The salient features of ClamAV are:
• Open source and regularly updated
• Highly secure
• Supports all major operating systems (Linux, MacOS, Windows and Solaris)
• Extremely lightweight and runs well on devices with low configurations
• Capable of detecting infections in a wide array of file types

Figure 1: Packages for different Linux distros

Installing ClamAV
While the installation process for ClamAV is pretty straightforward in most operating systems, there are a couple of more steps involved if you are trying to do so on Windows or MacOS machines. For instance, for MacOS, the best option is to install ClamAV using Homebrew. To keep things simple, I will cover ClamAV installation on a Linux distribution. However, if you would like to install it on a different operating system, detailed guides are available at the link given in the Reference section.

ClamAV provides separate packages for different Linux distros with specific installation instructions for each.

Figure 2: Installing ClamAV on Ubuntu/Debian

For Ubuntu/Debian, we can install ClamAV by simply executing an apt-get command. Just open up a terminal and run the following code:

sudo apt-get install clamav

You will be asked whether you want to allot the disk space required. Press ‘y’ for ‘Yes’ and hit the return key to continue with the installation.

Running a scan
Running a scan on ClamAV is a pretty straightforward and easy process. The first step is to update the signatures. A signature is used to differentiate between a clean file and an infected one. ClamAV signatures are primarily text based and conform to one of the ClamAV-specific signature formats associated with a given method of detection. Run the following code to update signatures:

sudo freshclam

We can scan a specific file or a directory containing multiple sub-directories and files. We use the clamscan command for this purpose. There are many parameters that can go with clamscan as it is a multi-option rich command. Type the following code to see all the different things you can do with clamscan:

clamscan --help

I have created a test folder on my desktop with some sample files to scan, using ClamAV. Let us go ahead and run the clamscan command to see what results we get.

clamscan -r --bell -i /home/shah/Desktop/testfolder

The bell keyword in the above code causes ClamAV to make a bell sound upon detecting an infected file.
If any infected files are detected, you can remove the files using the following command:

clamscan -r --remove

And that’s it! You have successfully used ClamAV to run a scan to check for infected files. ClamAV can run antivirus scans on a wide array of files including HTML and JavaScript files. This is helpful to check your Web application for potentially risky third party JavaScript extensions before uploading them on the server.

Figure 3: Options that can be used with the clamscan command
Figure 4: Scan results for testfolder

Using a GUI for ClamAV
So far, we have seen how easy it can be to run ClamAV from a terminal. However, if the terminal is simply not your thing and you crave for a GUI to run ClamAV, then ClamTk is just the solution you are looking for. ClamTk is a gtk2 GUI for ClamAV. You can install it by using the following command:

sudo apt-get install clamtk
Figure 5: Scanning using the ClamTk GUI

Once installed, you will find it in your applications dashboard. Open ClamTk and choose any directory that you would like to scan by selecting the ‘Scan a directory’ option. You can also schedule regular automated scans for your computer using ClamTk.

LEAVE A REPLY

Please enter your comment!
Please enter your name here