How to install and use ClamAV on Ubuntu

ClamAV is a free and open-source antivirus software package for Unix-like operating systems. It can be used to scan files and directories for viruses, worms, Trojan horses, and other malware. ClamAV is available for a variety of platforms, including Ubuntu.

In this tutorial, we will show you how to install and use ClamAV on Ubuntu Server 22.04, 20.04, and 18.04.

Prerequisites

• A running instance of Debian or Ubuntu Server 22.04, 20.04, or 18.04.
• A user with sudo privileges.

Step 1 : Install ClamAV

To install ClamAV, open a terminal window and run the following command:

$ sudo apt install clamav

This will install the ClamAV package and all of its dependencies.

Step 2 : Update the ClamAV virus database

ClamAV uses a virus database to identify known malware. This database is updated regularly, so it is important to update it before scanning for viruses.

To update the ClamAV virus database, run the following command:

$ sudo freshclam

Step 3 : Scanning Folders with ClamAV

Using a tool like ClamAV to scan your website’s directories for malware is an important part of maintaining a secure and SEO-friendly website.

As an example With the command :

$ clamscan -r /home*/*/public_html

ClamAV can scan all public_html folders within any home directories that are two levels deep, which can help detect and remove any malicious files or scripts that could harm your website’s visitors or negatively impact your search engine rankings.

Step 4 : Use –infected, –remove, and –recursive switches

ClamAV has a number of switches that can be used to customize its behavior. Some of the most useful switches are:

• –infected

The –infected switch tells ClamAV to only report infected files. This is useful if you only want to know which files are infected, and you don’t want to remove them.

• –remove

The –remove switch tells ClamAV to remove infected files. This is the default behavior, so you don’t need to use this switch unless you want to override the default behavior.

• –recursive

The –recursive switch tells ClamAV to scan a directory and all of its subdirectories. This is useful for scanning large directories or directories that may contain infected files.

Here are some examples of how to use these switches:

• To scan the current directory for infected files and report them to the standard output, use the following command:

$ clamscan --infected .

• To scan the current directory for infected files and remove them, use the following command:

$ clamscan --remove .

• To scan the current directory and all of its subdirectories for infected files and report them to the standard output, use the following command:

$ clamscan --recursive --infected .

• To scan the current directory and all of its subdirectories for infected files and remove them, use the following command:

$ clamscan --recursive --remove .

Step 5 : Use regex to scan specific files

To scan files with a specific file extension using a regular expression with ClamAV, you can use the --include or --exclude options followed by a regular expression pattern. The --include option specifies which files to include in the scan, while the --exclude option specifies which files to exclude from the scan.

For example, to scan only files with the extension .txt using a regular expression, you can use the following command:

$ clamscan --include='.*\.txt$' /path/to/scan

This command will scan all files in the directory /path/to/scan that have the extension .txt. The regular expression pattern .*\.txt$ matches any file name that ends with .txt. The --include option is used to include only the files that match this pattern in the scan.

You can also use the --exclude option to exclude files that match a certain pattern. For example, to exclude files with the extension .log, you can use the following command:

$ clamscan --exclude='.*\.log$' /path/to/scan

This command will scan all files in the directory /path/to/scan, except for files that end with .log. The regular expression pattern .*\.log$ matches any file name that ends with .log. The --exclude option is used to exclude the files that match this pattern from the scan.

Note that regular expressions can be very powerful and complex, so it’s important to use them carefully and test them thoroughly before using them in a production environment.

Step 6 : Set ClamAV to scan automatically

You can set ClamAV to scan automatically at regular intervals. This is a good way to ensure that your system is always protected from viruses.

To set ClamAV to scan automatically, open the ClamAV configuration file.

$ sudo nano /etc/clamav/clamd.conf

Find the ScanInterval directive.

Change the value of the ScanInterval directive to the desired interval in seconds.

For example, to scan every 15 minutes, set the value to 900.

Save the file and exit the editor.

Restart the ClamAV daemon.

$ sudo service clamav-freshclam restart

Step 7 : Manually Scan a Directory

You can also manually scan a directory for viruses. This is useful if you want to scan a specific directory for viruses, or if you want to scan a directory that is not included in the automatic scan schedule.

To manually scan a directory, open a terminal window and run the following command:

$ clamscan [OPTIONS] PATH

For example, to scan the current directory for viruses, run the following command:

$ clamscan .

You can also use the –recursive option to scan a directory and all of its subdirectories:

$ clamscan --recursive .

This option is useful for scanning large directories or directories that may contain infected files.

Step 8 : Configure ClamAV

ClamAV has a number of configuration options that can be used to customize its behavior. To view the ClamAV configuration options, open the ClamAV configuration file.

$ sudo nano /etc/clamav/clamd.conf

The ClamAV configuration file is a text file, so you can use any text editor to edit it.

Step 9 : Scanning Incoming Emails

ClamAV can be used to scan incoming emails for viruses. To do this, you will need to configure your mail server to use ClamAV. The configuration process will vary depending on your mail server software.

For example, to configure Postfix to use ClamAV, edit the main.cf file and add the following lines:

smtpd_virus_scan_incoming = yes
smtpd_virus_quarantine_enable = yes
smtpd_recipient_restrictions =
   permit_mynetworks
  [other restrictions]
  check_policy_service unix:private/clamav-clamd

check_policy_service unix:private/clamav-clamd

Once you have configured your mail server to use ClamAV, all incoming emails will be scanned for viruses. If a virus is detected, the email will be quarantined and the sender will be notified.

By scanning incoming emails for viruses, you can help to protect your system from malware that is spread through email.

Troubleshoot ClamAV

ClamAV logs all virus scanning activity to a log file. This log file can be used to troubleshoot problems or to track the activity of viruses on your system.

If you have any problems with ClamAV, you can troubleshoot them using the ClamAV log file located at /var/log/clamav/clamd.log.

Conclusion

In conclusion, ClamAV is a free and open-source antivirus software package that can be used to scan files and directories for viruses, worms, Trojan horses, and other malware. It is a powerful tool that can help to protect your system from viruses and other malware. By following the steps in this tutorial, you can install ClamAV and start scanning your files for viruses.

To keep your system safe, you should keep ClamAV up to date, scan frequently, and scan incoming email. You can also use ClamAV as a gateway scanner.