The ClamAV command can identify and relocate files on Linux that have been infected by viruses, but not remove the viruses themselves. Credit: WhataWin / Getty Images One popular and easy-to-use tool for detecting virus infections on Linux systems is ClamAV. It’s open source and free, and runs on many Linux systems, Ubuntu and Fedora included. In this post, we’ll take a look at how to install and use the tool on Ubuntu, Linux Mint, and related systems. Installing ClamAV on Linux Mint The first step for installing ClamAV on Ubuntu, Mint, and related distros should be to update your system. $ sudo apt update && sudo apt upgrade -y After that, you can install ClamAV and verify the installation with commands like these: $ sudo apt-get install clamav clamav-daemon $ clamscan --version ClamAV 0.103.5/26469/Wed Mar 2 04:27:25 2-22 ClamAV commands ClamAV‘s tools are clamscan to do the scanning and freshclam to update the list of known virus signatures. To start running freshclam as a service, you should run a command like this: $ sudo systemctl start clamav-freshclam Using the freshclam service To update the virus signatures, you can use the freshclam tool like this: $ sudo freshclam ClamAV update process started at Thu Mar 3 11:58:21 2022 daily.cld database is up-to-date (version: 26470, sigs: 1975358, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) To view the freshclam service, use a command like this: $ systemctl | grep clam clamav-freshclam.service loaded active running ClamAV virus database updater You can also use the -d (or —deamon) option with freshclam. It will then default to running 12 checks a day. The process you see should look like this: $ ps -ef | grep freshclam clamupd+ 2536188 1 0 Mar03 ? 00:00:02 /usr/bin/freshclam -d --foreground=true This means that you will get frequent updates of the virus signatures without having to install them yourself. ClamAV options ClamAV is extremely easy to use and examines individual files in whatever directory you point it at. It will report on the files and directories scanned and the number of infections. Depending on how large a directory you ask it to scan, it can report results fairly quickly or take hours to run. Here are some of the options and what they do: –verbose: shows the version of the tool –infected: displays only infected files –quiet: only lists error messages –remove: removes infected files –recursive: ensures that all subdirectories in the directory will be scanned –move: moves infected files into the specified directory A command like that shown below examines a single user account. As you can see, it took nearly half an hour to run, scanned 940 directories and nearly 34,000 files, but found no infected files. Without a file system location, clamscan will look through the current file system. $ clamscan --infected --remove --recursive /home/jdoe ----------- SCAN SUMMARY ----------- Known viruses: 8607279 Engine version: 0.103.5 Scanned directories: 940 Scanned files: 33946 Infected files: 0 Data scanned: 3147.79 MB Data read: 1735.15 MB (ratio 1.81:1) Time: 1734.069 sec (28 m 54 s) Start Date: 2022:03:02 14:47:09 End Date: 2022:03:02 15:16:03 The clamscan report also shows you how long it took to run along with both start and end times. Without the recursive option, clamscan would only look at the files in the specified directly, but not go any more deeply into the file system. In the command below, clamscan did not look at subdirectories, so it only scanned 39 files. $ clamscan --infected --remove /home/jdoe ----------- SCAN SUMMARY ----------- Known viruses: 8607279 Engine version: 0.103.5 Scanned directories: 1 Scanned files: 39 Infected files: 0 Data scanned: 242.30 MB Data read: 164.58 MB (ratio 1.47:1) Time: 107.981 sec (1 m 47 s) Start Date: 2022:03:02 15:18:47 End Date: 2022:03:02 15:20:35 Keep in mind that ClamAV does not disinfect files. It only removes them from the system or moves them to a specified location. It also doesn’t watch for infections. It scans when you ask and otherwise remains dormant. To view version information, use the -v (or –version) option. $ clamscan --version ClamAV 0.103.5/26470/Thu Mar 3 04:49:16 2022 Run the same command the next day and the report should display updates: $ clamscan --version ClamAV 0.103.5/26471/Fri Mar 4 04:24:47 2022 The numbers 26470 and 26471 in the above output show the version of the signatures that allow clamscan to recognize the viruses while the version of the clamscan tool itself is 0.103.5. The clamscan report below includes some information that can help you see that updates are being made along with details on what the tool detected: $ sudo clamscan --infected --remove --recursive /home/nemo ----------- SCAN SUMMARY ----------- Known viruses: 8607429 <== larger number confirms updates Engine version: 0.103.5 <== release Scanned directories: 39 Scanned files: 2145 Infected files: <== no infected files Data scanned: 4.68 MB Data read: 9.21 MB (ratio 0.51:1) Time: 52.778 sec (0 m 52 s) <== under 1 minute Start Date: 2022:03:04 10:15:43 End Date: 2022:03:04 10:16:36 One important thing to keep in mind is that clamscan can only read files that the user running the tool can read, so using sudo is generally required. Related content how-to How to examine files on Linux Linux provides very useful options for viewing file attributes, such as owners and permissions, as well as file content. By Sandra Henry Stocker Oct 24, 2024 6 mins Linux how-to 8 easy ways to reuse commands on Linux Typing the same command again and again can become tiresome. Here are a number of ways you can make repeating commands – or repeating commands but with some changes – a lot easier than you might expect. By Sandra Henry-Stocker Oct 15, 2024 5 mins Linux news SUSE Edge upgrade targets Kubernetes and Linux at the edge SUSE Edge 3.1 includes a new stack validation framework and an image builder tool that are aimed at improving the scalability and manageability of complex Kubernetes and Linux edge-computing deployments. By Sean Michael Kerner Oct 15, 2024 6 mins Edge Computing Linux Network Management Software how-to Lesser-known xargs command is a versatile time saver Boost your Linux command line options and simplify your work with xargs, a handy tool for a number of data manipulation tasks. By Sandra Henry Stocker Oct 11, 2024 6 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe