ClamAV is a free and open-source antivirus software package for Unix-like operating systems. It can be used to scan files and directories for viruses, worms, Trojan horses, and other malware. ClamAV is available for a variety of platforms, including Ubuntu.
In this tutorial, we will show you how to install and use ClamAV on Ubuntu Server 22.04, 20.04, and 18.04.
Prerequisites
- A running instance of Debian or Ubuntu Server 22.04, 20.04, or 18.04.
- A user with sudo privileges.
Step 1 : Install ClamAV
To install ClamAV, open a terminal window and run the following command:
$ sudo apt install clamav
This will install the ClamAV package and all of its dependencies.
Step 2 : Update the ClamAV virus database
ClamAV uses a virus database to identify known malware. This database is updated regularly, so it is important to update it before scanning for viruses.
To update the ClamAV virus database, run the following command:
$ sudo freshclam
Step 3 : Scanning Folders with ClamAV
Using a tool like ClamAV to scan your website’s directories for malware is an important part of maintaining a secure and SEO-friendly website.
As an example With the command :
$ clamscan -r /home*/*/public_html
ClamAV can scan all public_html
folders within any home directories that are two levels deep, which can help detect and remove any malicious files or scripts that could harm your website’s visitors or negatively impact your search engine rankings.
Step 4 : Use –infected, –remove, and –recursive switches
ClamAV has a number of switches that can be used to customize its behavior. Some of the most useful switches are:
- –infected
The –infected switch tells ClamAV to only report infected files. This is useful if you only want to know which files are infected, and you don’t want to remove them.
- –remove
The –remove switch tells ClamAV to remove infected files. This is the default behavior, so you don’t need to use this switch unless you want to override the default behavior.
- –recursive
The –recursive switch tells ClamAV to scan a directory and all of its subdirectories. This is useful for scanning large directories or directories that may contain infected files.
Here are some examples of how to use these switches:
- To scan the current directory for infected files and report them to the standard output, use the following command:
$ clamscan --infected .
- To scan the current directory for infected files and remove them, use the following command:
$ clamscan --remove .
- To scan the current directory and all of its subdirectories for infected files and report them to the standard output, use the following command:
$ clamscan --recursive --infected .
- To scan the current directory and all of its subdirectories for infected files and remove them, use the following command:
$ clamscan --recursive --remove .
Step 5 : Use regex to scan specific files
To scan files with a specific file extension using a regular expression with ClamAV, you can use the --include
or --exclude
options followed by a regular expression pattern. The --include
option specifies which files to include in the scan, while the --exclude
option specifies which files to exclude from the scan.
For example, to scan only files with the extension .txt
using a regular expression, you can use the following command:
$ clamscan --include='.*\.txt$' /path/to/scan
This command will scan all files in the directory /path/to/scan
that have the extension .txt
. The regular expression pattern .*\.txt$
matches any file name that ends with .txt
. The --include
option is used to include only the files that match this pattern in the scan.
You can also use the --exclude
option to exclude files that match a certain pattern. For example, to exclude files with the extension .log
, you can use the following command:
$ clamscan --exclude='.*\.log$' /path/to/scan
This command will scan all files in the directory /path/to/scan
, except for files that end with .log
. The regular expression pattern .*\.log$
matches any file name that ends with .log
. The --exclude
option is used to exclude the files that match this pattern from the scan.
Note that regular expressions can be very powerful and complex, so it’s important to use them carefully and test them thoroughly before using them in a production environment.
Step 6 : Set ClamAV to scan automatically
You can set ClamAV to scan automatically at regular intervals. This is a good way to ensure that your system is always protected from viruses.
To set ClamAV to scan automatically, open the ClamAV configuration file.
$ sudo nano /etc/clamav/clamd.conf
Find the ScanInterval directive.
Change the value of the ScanInterval directive to the desired interval in seconds.
For example, to scan every 15 minutes, set the value to 900.
Save the file and exit the editor.
Restart the ClamAV daemon.
$ sudo service clamav-freshclam restart
Step 7 : Manually Scan a Directory
You can also manually scan a directory for viruses. This is useful if you want to scan a specific directory for viruses, or if you want to scan a directory that is not included in the automatic scan schedule.
To manually scan a directory, open a terminal window and run the following command:
$ clamscan [OPTIONS] PATH
For example, to scan the current directory for viruses, run the following command:
$ clamscan .
You can also use the –recursive option to scan a directory and all of its subdirectories:
$ clamscan --recursive .
This option is useful for scanning large directories or directories that may contain infected files.
Step 8 : Configure ClamAV
ClamAV has a number of configuration options that can be used to customize its behavior. To view the ClamAV configuration options, open the ClamAV configuration file.
$ sudo nano /etc/clamav/clamd.conf
The ClamAV configuration file is a text file, so you can use any text editor to edit it.
Step 9 : Scanning Incoming Emails
ClamAV can be used to scan incoming emails for viruses. To do this, you will need to configure your mail server to use ClamAV. The configuration process will vary depending on your mail server software.
For example, to configure Postfix to use ClamAV, edit the main.cf file and add the following lines:
smtpd_virus_scan_incoming = yes
smtpd_virus_quarantine_enable = yes
smtpd_recipient_restrictions =
permit_mynetworks
[other restrictions]
check_policy_service unix:private/clamav-clamd
check_policy_service unix:private/clamav-clamd
Once you have configured your mail server to use ClamAV, all incoming emails will be scanned for viruses. If a virus is detected, the email will be quarantined and the sender will be notified.
By scanning incoming emails for viruses, you can help to protect your system from malware that is spread through email.
Troubleshoot ClamAV
ClamAV logs all virus scanning activity to a log file. This log file can be used to troubleshoot problems or to track the activity of viruses on your system.
If you have any problems with ClamAV, you can troubleshoot them using the ClamAV log file located at /var/log/clamav/clamd.log
.
Conclusion
In conclusion, ClamAV is a free and open-source antivirus software package that can be used to scan files and directories for viruses, worms, Trojan horses, and other malware. It is a powerful tool that can help to protect your system from viruses and other malware. By following the steps in this tutorial, you can install ClamAV and start scanning your files for viruses.
To keep your system safe, you should keep ClamAV up to date, scan frequently, and scan incoming email. You can also use ClamAV as a gateway scanner.
6 thoughts on - How to install and use ClamAV on Ubuntu
very good
nice
Scanning incoming E-mail’s is good.
But is it also possible to scan, directly, uploaded files by a Nginx web-site?
Clamav support On-Access prevention to scan all new created files.
But this functionality give error messages.
The latest Clamav version on Ubuntu is 0.103.11
The latest Clamav version is 1.2.1
Is it possible to get Clamav version 1.2.1 on Ubuntu and use the On-Access functionality?
That version is not released as a stable release, we will update the article once it is.
Hi, I’m Dang & want to know this ClamAV will work on Linux Mint? I’m a new Ubuntu learner.
Thank you for your tremendous help how to install & run ClamAV. I really enjoyed it very much
Hello,
ClamAv Support all different Linux distros .
Best regards.