ClamAV is an open-source and free antivirus software toolkit able to detect many types of malicious software, including viruses, trojans, malware, adware, rootkits and other malicious threats. One of its main uses of ClamAV is on mail servers as a server-side email virus scanner or used on file hosting servers to periodically scan to make sure files are clean, especially if the public can upload to the server. ClamAV supports multiple file formats (documents, executables, or archives), utilizes multi-thread scanner features, and receives updates for its signature database daily to sometimes multiple times per day for the latest protection.
In the following tutorial, you will learn how to configure ClamAV on Ubuntu 20.04 LTS. The same principle will work for the newer version Ubuntu 21.04 (Hirsute Hippo).
- Recommended OS: Ubuntu 20.04 – optional (Ubuntu 21.04 and Linux Mint 20)
- User account: A user account with sudo or root access.
Check and update your Ubuntu 20.04 operating system firstly with the following command:
sudo apt update && sudo apt upgrade -y
ClamAV comes in the Ubuntu default repository, which is often up to date, given ClamAV is a security product. Ubuntu do updates in a timely matter, even on an LTS release such as 20.04.
To install ClamAV from the APT repository, execute the following command:
sudo apt install clamav clamav-daemon -y
Now that you have installed ClamAV, you can proceed to update the virus database.
Updating the ClamAV Virus Database
You will now need to update your ClamAV database before beginning using the virus scanner (clamscan). To update the definitions, you will need your system to be connected to the Internet using the (freshclam) terminal command.
Firstly, you need to stop the (clamav-freshclam) service before you can update. To do this, type in the following command:
sudo systemctl stop clamav-freshclam
Now you can proceed to update your virus definition database by the following terminal command:
In the output, you should get the following as an example:
Once the database is updated, you can start the (clamav-freshclam) service, so it keeps updating the signature database in the background with the following command:
sudo systemctl start clamav-freshclam
Note, make sure you have enabled or disabled ClamAV on boot. You would mostly want this enabled; however, you can have this automatically disabled for systems that are limited resources and or need to be manually used on the odd occasion when you need to perform manual scans.
Enable ClamAV on startup:
sudo systemctl enable clamav-freshclam
Disable ClamAV on startup:
sudo systemctl disable clamav-freshclam
Note, (freshclam) downloads the ClamAV CVDS and databases in the directory location (/var/lib/clamav).
To view the directory, use the (ls) command:
To remove ClamAV from your Ubuntu 20.04 operating system is a quick process. Execute the following terminal command to remove:
sudo apt remove clamav clamav-daemon -y
How to use Clamscan with Examples
Now that you have installed and updated ClamAV, it is time to scan your system to make sure it is clean. This is done with the (clamscan) command. An example of the syntax:
sudo clamscan [options] [file/directory/-]
The following is a list of examples:
Print ClamAV help:
sudo clamscan -h
Scan a file:
sudo clamscan /home/script.sh
Scan a directory:
sudo clamscan /home/
Print infected files only:
sudo clamscan -i /home/
Skip printing OK files:
sudo clamscan -o /home/
Do not print summary at the end of scan:
sudo clamscan --no-summary /home/
Bell notification on virus detection:
sudo clamscan --bell -i /home
Scan directories recursively:
sudo clamscan --bell -i -r /home
Save scan report to file:
sudo clamscan --bell -i -r /home -l output.txt
Scan files listed line by line in file:
sudo clamscan -i -f /tmp/scan
Remove infected files:
sudo clamscan -r --remove /home/USER
Note, this deletes the file from your system. If it’s a false positive, you won’t be able to retrieve the file.
Move infected files into quarantine directory:
sudo clamscan -r -i --move=/home/USER/infected /home/
Limit ClamAV CPU Usage
ClamAV during scanning can be quite CPU intensive, and systems that operate on limited or older hardware may find the process to taxing on their systems. A simple way is to limit the (CPU) during the scan is to use the (nice) command before each ClamAV command.
Example of a (nice) command to reduce ClamAV CPU:
sudo nice -n 15 clamscan && sudo clamscan --bell -i -r /home
The great benefit of using this method is that if nothing else is using the CPU, ClamAV using (clamscan) will maximize CPU usage. However, if another process with a higher priority requires CPU, then clamscan will scale down effectively to allow the other process to take priority.
There are a few other options; however, the (nice) command is the best solution. It will maximize CPU if free and scale down when other processors need it, effectively giving you the best combination of performance and safety.
Comments and Conclusion
You have learned how to install, update, and use ClamAV examples on your Ubuntu 20.04 distribution in the following tutorial. Overall, ClamAV is a great virus scanner. Is it the best? Well, that is up to a constant debate with other products rising and falling; however, ClamAV is always in the top 1 to 3 in most people’s books and is a solid effort to help protect your operating system and email and or web servers from viruses, malware and other threats.
Please note, as much as these types of antivirus software are available to use freely on your system, it should not give you the sense of protection as much as making sure your webserver or desktop is hardened with good procedures will most likely save you more than any software can. However, ClamAV is another tool in the arsenal to combat the ever-growing threat of cyber ransomware, malware, and more if you do the procedures in the first place.
For more information on using ClamAV, visiting the official documentation.