With the increasing threat of malicious activities and cyberattacks, scanning files and folders is crucial to detect and remove threats from your system. For this reason, it’s essential to have antivirus software installed on your system to ensure the security of your sensitive information from these attacks. One powerful command-line antivirus tool is ClamAV.

This article will cover the installation and configuration process of ClamAV on Ubuntu.

What is ClamAV?

ClamAV is an open-source command-line anti-virus toolkit that detects and removes malware from the computer. It was developed by the Cisco Talos Intelligence group in 2002. It’s a Unix-based software with third-party versions for Linux, Windows, and macOS.

Basically, it detects infected files and filters them out to safeguard the computer and the sensitive information stored on it.

The basic syntax of ClamAV is as follows:

$ clamscan [options] [file/directory]

You can view brief details about its available options by executing the clamscan –help command.

NOTE: Although ClamAV is a CLI-based antivirus tool, the Cisco Talos Intelligence Group also offers a GUI version known as ClamTk. You can utilize ClamTk on your Ubuntu system. However, we won’t explore it in this blog post as it’s not within the scope of this article.

Install ClamAV on Ubuntu

Let’s now learn how you can install ClamAV on your Ubuntu system.

Firstly, it’s essential to make sure that all packages are freshly updated:

$ sudo apt update
$ sudo apt upgrade 

Next, you can run the installation command for ClamAV:

$ sudo apt install clamav clamav-daemon -y

After installing ClamAV, you must upgrade its virus signatures. A ClamAV signature is a unique code string that helps identify malicious software or viruses on your computer. Therefore, it’s crucial to ensure that ClamAV signatures are up-to-date.

To update the ClamAV signature, you first need to stop the ClamAV database process

$ sudo systemctl stop clamav-freshclam

Now, you can run the following freshclam command to update the antivirus database:

$ sudo freshclam

Then, manually restart the database:

$ sudo systemctl start clamav-freshclam

Finally, you’ve updated the ClamAV database successfully.

Usage of ClamAV

Now, you’re ready to scan for infected files located in a specific directory by customizing the behavior of Clamscan using various flags according to your needs:

$ clamscan [options] /path-to-directory

However, if you want to scan for infected files in the current directory, you can use the –infected flag without mentioning a specific directory path:

$ clamscan --infected

Additionally, you can scan and remove infected files from the directory by using the –remove flag:

$ clamscan --remove

For scanning files in a directory and all its sub-directories, use the –recursive flag:

$ clamscan --recursive

Apart from the above-mentioned flags, ClamAV offers numerous others, such as verbose, debug, quiet, bell, and more, to modify its scanning behavior.

Closing Thoughts

To wrap up, ClamAV is a powerful, free, and open-source antivirus tool designed for major operating systems including Linux. This article has covered the installation and configuration process of ClamAV, and the basic scanning commands that can be used. Notably, the software is efficient, but performing regular scans, email scanning, and keeping ClamAV updated are essential.

If this blog post was beneficial to you, please leave a comment below. Also, I’d love to hear which topic you’d like me to cover next on Linux Fellas!