Getting started with ClamAV Antivirus for Linux

No replies
Erra
Erra's picture
Offline
Neophyte
Joined: 2014/05/01

It is paramount that you consider grabbing an antivirus for your Linux machine, the problem is that there aren't that many out there, probably 7-8 companies that do. So I decided to make a post on ClamAV which is a free antivirus developed by Cisco, which you can read more about here:
https://en.wikipedia.org/wiki/Clam_AntiVirus

A quick note out there I am using Ubuntu 18.04 to install this, here's my version of an install guide for both via source and the package manager:
[Installing From Package Manager (Bionic Beaver Realease)]
First install the package:

$sudo apt install clamav #installs clamav
$sudo freshclam # attempts to update the database

If the update spits out an error about the freshclam.log file it means you need to find the running process and kill it to do this run:
$sudo lsof /var/log/clamav/freshclam.log
$sudo kill <insert pid here>

and run the freshclam command again.

To uninstall simply run:

 $sudo apt remove clamav

[Installing From Source]
Navigate to https://www.clamav.net/downloads and then download/extract the contents. On your terminal navigate to the directory, and first make a new group and user for clamav:

# groupadd clamav
# useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

Then install it:
$ ./configure --sysconfdir=/etc
$ make
$ su -c "make install

Note that you need root priveleges for all of these commands! Also if you want to uninstall it simply navigate back to the extracted folder and run:
$sudo make uninstall

[Scanning Files]

Always remember to update the virus definitions with:

$sudo freshclam

Then you can scan for viruses using this format:

clamscan OPTIONS File/Folder

If necessary start with root permissions: sudo clamscan
Examples:
To check all files on the computer, displaying the name of each file:

clamscan -r /

To check all files on the computer, but only display infected files and ring a bell when found:
clamscan -r --bell -i /

To scan all files on the computer but only display infected files when found and have this run in the background:
clamscan -r -i / &

Note - Display background process's status by running the jobs command.
To check files in the all users home directories:
clamscan -r /home

To check files in the USER home directory and move infected files to another folder:
clamscan -r --move=/home/USER/VIRUS /home/USER

To check files in the USER home directory and remove infected files (WARNING: Files are gone.):
clamscan -r --remove /home/USER

To see more options:
clamscan --help

For more info on other commands consult the manual

"This is our world now... the world of the electron and the switch, the
beauty of the baud."
-The Mentor