ClamAV Antivirus on Ubuntu
April 3, 2020 / Eternal Team
What is ClamAV & What it is used for ?
- ClamAV is an open source antivirus engine for identifying trojans, infections, malware, adwares, rootkits and different malignant dangers. It underpins various document arrangements, record and chronicle unloading, and different mark dialects, for example, hash-based mark coordinating, trump cards, boolean rationale and any custom principles written in Bytecode language.
- ClamAV incorporates a multi-string scanner daemon, command line utilities for on request document checking and automatic signature updates. One of its main utilizations is on mail servers as a server-side email scanner for neutralizing threats.
- Well right now, we will figure out how to introduce and utilize ClamAV on Ubuntu 18.04 to continually examine for viruses and some other malevolent danger.
- ClamAV is available on Ubuntu repositories and thus you can run the command below to install it.
# sudo apt-get update
# sudo apt-get install clamav clamav-daemon -y
Update the ClamAV Signature Database
- Once the installation is complete, you should update the ClamAV signatures. Stop the clamav-freshclam service and run the freshclam command to manually update the signatures database.
# systemctl stop clamav-freshclam
- Once the virus database update is done, start the clamav-freshclam service so it keeps updating the signature database in the background whenever required.
# systemctl start clamav-freshclam
- You are now ready to use ClamAV to protect your system against viruses. ClamAV comes with a command line utility called clamscan that scans files and directories for viruses.
- To see the clamscan command line usage, run either of the commands below.
# clamscan --help
# man clamscan
Clamscan CLI Options and Example Usage
- From the man pages, the clamscan command syntax is:
# clamscan [options] [file/directory/-]
- Some of the clamscan command options and their example usage is illustrated below;
Print help information and exit.
# clamscan -h
Print version number and exit.
# clamscan -V
Only print infected files.
# clamscan -i /home/
Skip printing OK files
Sound bell on virus detection.
# clamscan -r --bell -i /home
-d FILE/DIR, --database=FILE/DIR
Load virus database from FILE or load all virus database files from DIR.
# clamscan -d /tmp/newclamdb -r /tmp
-l FILE, --log=FILE
Save scan report to FILE.
Scan directories recursively. All the subdirectories in the given directory will be scanned.
# clamscan -r --remove /
-f FILE, --file-list=FILE
Scan files listed line by line in FILE.
Remove infected files. Be careful as this removes the file completely.
# clamscan -r --remove /home/USER
Move infected files into DIRECTORY. Directory must be writable for the user or unprivileged user running clamscan.
# clamscan -r --move=/home/USER/VIRUS /home/
Copy infected files into DIRECTORY. Directory must be writable for the user or unprivileged user running clamscan.
# clamscan -r --copy=/home/USER/VIRUS /home/
- Note that most of the options are simple switches which enable or disable some features. Options marked with [=yes/no(*)] can be optionally followed by =yes or =no. If they get called without the boolean argument the scanner will assume ‘yes’. The asterisk marks the default internal setting for a given option.
- For a comprehensive list of options, check the clamscan man pages
ClamAV Return Codes
- The following are the exit return codes for ClamAV.
- 0 : No virus found.
- 1 : Virus(es) found.
- 2 : Some error(s) occurred.
- Before we can wrap up this tutorial, it is good to understand that clamscan can be CPU intensive. To limit the clamscan CPU time to certain levels, you can use two tools; nice and cpulimit commands. cpulimit limits absolute cpu time, and nice lowers the priority of clamscan (limits relative cpu time).
- To use nice command,
# nice -n 15 clamscan && clamscan -ir /
- As long as no other process requires cpu time, clamscan will maximize it. But as soon as another process with a higher priority needs cpu time, clamscan will lose it.
- Using cpulimit;
# cpulimit -z -e clamscan -l 50 & clamscan -ir /