Header Ads

ClamAV Antivirus in Linux - Installation and Usage

Linux distributions such as Ubuntu, Debian, Fedora are considered to be more secure in comparison with Windows operating system.

However, there are slight chances of vulnerabilities like Malware, Trojans and viruses.

As cybersecurity cases rapidly increase, it's worth adding an extra layer of security that ClamAV antivirus offers.

Installing ClamAV Antivirus in Linux - Part I


I. Why ClamAV Antivirus?

  • ClamAV is an open-source antivirus software program, to perform various security operations like web scanning, email scanning, etc..
  • ClamAV offers multiple utilities, including the command line scanner and automatic signature database updates.
  • Graphical tool of the ClamAV helps in managing ClamAV more effectively.
  • Built-in support for almost all standard mail file formats.
  • Support for various archive file formats like the Zip, RAR, SIS, and many more.
  • ClamAV provides advanced level of internet security, IP protection, and web threat management.
  • Two-factor authorization prevents unauthorized access and provides an additional layer of security.

II. How To Install ClamAV in Linux

Update the system and begin the installation of ClamAV by entering following command
   
`sudo apt update && sudo apt install -y clamav clamav-daemon clamav-freshclam clamav-unofficial-sigs`


Once the installation process is complete, check for ClamAV version to check installation using the following command

`clamscan --version`


Installing-Clamav-using-terminal


If the version of the ClamAV displayed in the command prompt means ClamAV has been successfully installed.


III. Installing The ClamAV Signature Database

Once the ClamAV utility has been installed, it is required to install the ClamAV signatures database. Here is how to install ClamAV signatures database,
  • Quit the freshclam service.
  • Run command in the terminal to update the signature database
  • If not, download the daily.cvd file to update the signature database.
  • Begin the freshclam service.

The first step is to quit the freshclam service

`sudo systemctl stop clamav-freshclam`

Then update the signature database using 'freshclam' fetch command

`sudo freshclam`
 
If the above command fails (or keeps trying) as shown below, quit the process (ctrl+z).

Clamav-download-cvd-error

And download the signature database file directly using wget command

`wget -O 'daily.cvd' 'https://database.clamav.net/daily.cvd'`

Check if directory "clamav" exists, else create one

`ls /var/lib/clamav`

`sudo mkdir /var/lib/clamav`

Move the downloaded database file to the newly created directory "clamav"

`sudo mv daily.cvd /var/lib/clamav/daily.cvd`

Restart the ClamAV fetch service to complete installation

`sudo systemctl restart clamav-freshclam`

Run your first scan for home directory (To scan all, replace "/home/" with "/")

`sudo clamscan --infected --remove --recursive /home/`

Options used,

    --infected:- display the infected files only.
    --remove:- Help in removing the infected files.
    --recursive:- Scanned all the sub-directories within the directories.

To learn more about the options in clamscan, check help page or man page

 `clamscan -h`

 `man clamscan`

In the following image,  we tried downloading a test virus signature to a folder, made it accessible only to root and ran a scan first without sudo and then with sudo

You can see the difference here, without sudo, an error is shown, but with sudo the infected file gets deleted

Hence, we recommend you to always run scan command at root level using sudo

clamav-scan-detecting-virus


This command usually takes time to generate the results depending upon the speed of the system.


IV. Installing ClamTK GUI for ClamAV

ClamAV antivirus program is a command-line tool but can be used as a graphical tool with the ClamTK. 

ClamTK is the graphical interface available for ClamAV software. The graphical user interface makes it easy to use ClamAV antivirus.

Run the following command to begin the ClamTK installation.

`sudo apt install -y clamtk`


Starting With The ClamTK

To scan a directory with the help of ClamTK, start ClamTK package by running following command

`sudo clamtk`

Click "Scan a directory" option and choose the desired directory. ClamTK begins scanning of the desired directory and display scan results. Browse through ClamTK to schedule scanning of directories and updates.


clamav-scanning-using-clamtk-gui


Next,

Using GUI should be enough to handle security for normal usage. However, if you need more advanced and up-to-date virus signatures database and cron setups, check the following post explaining how to install unofficial signatures for advanced usage.


:::author|103:::

No comments