How to Install ClamAV on Arch Linux


ClamAV is an open-source and free antivirus toolkit that detects many types of malicious software, including viruses, trojans, malware, adware, rootkits, and other malicious threats. One of its primary uses of ClamAV is on mail servers as a server-side email virus scanner or file hosting servers to periodically scan to ensure files are clean, especially if the public can upload to the server.

ClamAV supports multiple file formats (documents, executables, or archives), utilizes multi-thread scanner features, and receives updates for its signature database daily to sometimes numerous times per day for the latest protection.

The following tutorial will teach you how to configure ClamAV on Arch Linux desktop or server and some basic scan commands using the command line terminal.

Update Arch Linux

Before you proceed, run a quick update to ensure all packages are up-to-date to avoid conflicts during ClamAV installation.

sudo pacman -Syu

Install ClamAV

Install ClamAV from the default repository by executing the following command.


sudo pacman -Sy clamav

Now that you have installed ClamAV, you can proceed to update the virus database.

Update the ClamAV Virus Database

With ClamAV installed, update your ClamAV database before using the virus scanner (clamscan). To update the definitions, you will need your system to be connected to the Internet using the (freshclam) terminal command.


Firstly, you need to stop the (clamav-freshclam) service before you can update. To do this, type in the following command:

sudo systemctl stop clamav-freshclam

Now you can proceed to update your virus definition database by the following terminal command:

sudo freshclam

Once the database is updated, you can start the (clamav-freshclam) service.

sudo systemctl enable clamav-freshclam --now

The above command will activate the service and automatically enable it on system boot, which is highly recommended.


In the future, if you need to disable clamav-freshclam, the following command will do the trick.

sudo systemctl disable clamav-freshclam --now

Note, (freshclam) downloads the ClamAV CVDS and databases in the directory location (/var/lib/clamav).

Lastly, for learning purposes, to view the directory of clamav and the dates of files, use the (ls -l) command.

ls -l /var/lib/clamav/

Example output:

How to Install ClamAV on Arch Linux

How Scan with ClamAV (Clamscan)

Now that you have installed and updated ClamAV, it is time to scan your system to ensure it is clean. This is done with the (clamscan) command.

An example of the syntax is below.


sudo clamscan [options] [file/directory/-]

The following is a list of examples of common commands; these can be changed to suit your scanning requirements as you see fit.

Print ClamAV help:

sudo clamscan -h

Scan a file:

sudo clamscan /home/

Scan a directory:

sudo clamscan /home/

Print infected files only:

sudo clamscan -i /home/

Skip printing OK files:

sudo clamscan -o /home/

Do not print the summary at the end of the scan:

sudo clamscan --no-summary /home/

Bell notification on virus detection:

sudo clamscan --bell -i /home

Scan directories recursively:

sudo clamscan --bell -i -r /home

Save scan report to file:

sudo clamscan --bell -i -r /home -l output.txt

Scan files listed line by line in the file:

sudo clamscan -i -f /tmp/scan

Remove infected files:

sudo clamscan -r --remove /home/USER

Note that this deletes the file from your system. If it’s a false positive, you won’t be able to retrieve the file.

Move infected files into the quarantine directory:

sudo clamscan -r -i --move=/home/USER/infected /home/

Limit ClamAV CPU Usage

ClamAV during scanning can be quite CPU intensive, and systems that operate on limited or older hardware may find the process too taxing on their systems. A simple way to limit the (CPU) during the scan is to use the (nice) command before each ClamAV command.

Example of a (nice) command to reduce ClamAV CPU:

sudo nice -n 15 clamscan && sudo clamscan --bell -i -r /home

The great benefit of using this method is that if nothing else is using the CPU, ClamAV using (clamscan) will maximize CPU usage. However, if another process with a higher priority requires CPU, clamscan will scale down effectively to allow the other process to take priority.

However, there are a few other options; the (nice) command is the best solution. It will maximize CPU if free and scale down when other processors need it, effectively giving you the best combination of performance and safety.


How to Update/Upgrade ClamAV

Given that ClamAV was installed using Pacman from Arch Linux’s default package manager and repository, use the following command to check for updates for ClamAV or any other system package installed.

sudo pacman -Syu

For desktop users, you should use the terminal command even with auto-notifications or automatic upgrades set. This ensures all packages are updated correctly, and the terminal will never fail.

How to Remove (Uninstall) ClamAV

First, disable the service for users no longer interested in using ClamAV.

sudo systemctl disable clamav --now

Next, use the following command to remove all traces of the ClamAV and its dependencies.

sudo pacman -Rs clamav 

Comments and Conclusion

Overall, ClamAV is an excellent virus scanner. Is it the best? Well, that is up to a constant debate with other products rising and falling; however, ClamAV is always in the top 1 to 3 in most people’s books and is a solid effort to help protect your operating system and email and or web servers from viruses, malware, and other threats.

Please note, as much as these types of antivirus software are available to use freely on your system, it should not give you the sense of protection as much as making sure your webserver or desktop is hardened with reasonable procedures will most likely save you more than any software can. However, ClamAV is another tool in the arsenal to combat the ever-growing threat of cyber ransomware, malware, and more if you do the procedures first.


For more information on using ClamAV, visit the official documentation.

Share on: