On this page

  1. ClamAV
  2. ClamTK
  3. Links

How to scan for viruses with ClamAV on Ubuntu


There aren't many viruses made for Linux distributions and as such, most people who use such systems don't even bother using an antivirus software. Those however who do want to be able to scan their system or other Windows-based systems that are connected to a Linux PC through a network, they can use ClamAV. ClamAV is an open source anti-virus engine that is built to detect viruses, trojans, malware and other threats. It supports multiple file formats (documents, executables or archives), utilizes multi-thread scanner features and receives updates for its signature database at least 3-4 times a day.

The first step is to install and get the latest signature updates. To do this on Ubuntu, you can open a terminal and insert “sudo apt-get install clamav” and press enter.

sudo apt-get install clamav

You may also build ClamAV from sources to benefit from better scanning performance. To update the signatures, you type “sudo freshclam” on a terminal session and press enter.

sudo freshclam

Install ClamAV on Ubuntu

Now we are ready to scan our system. To do this, you can use the “clamscan” command. This is a rich command that can work with many different parameters so you'd better insert “clamscan –-help” on the terminal first and see the various things that what you can do with it.

clamscan –-help

Clamscan help

So, I will demonstrate a scan on my “Downloads” folder located under the home directory and I will choose to output only infected files and ring a bell when (and if) they are found. This translates to the following command on the terminal: “clamscan -r --bell -i /home/bill/Downloads”.

clamscan -r --bell -i /home/bill/Downloads

Scan a directory for viruses with clamscan

To scan the whole system (it may take a while) and remove all infected files in the process, you can use the command in the following form: “clamscan -r --remove /”.

clamscan -r --remove /

Sometimes, simply removing infected files can cause even more problems or breakages. I suggest that you should always check the output first and then take manual action. Alternatively, you may also use the “move” command integrated as a parameter in the form of” “--move=/home/bill/my_virus_collection” (example directory).


If all this console stuff is simply too much for you, you can also install an additional package called “clamtk” that is basically a gtk-2 GUI for ClamAV.

sudo apt-get install clamtk

Scan for viruses with ClamTK

From the ClamTK top panel options menu, you can choose any directory or file to scan, specify whitelisted directories and manage quarantined files. You may also elect to perform quick or recursive scans, or even check a device such as a USB stick.

ClamTK's scheduler also allows for the easy setting up of scheduled scans as well as scheduled antivirus signature database updates (you'd better set the latter before the former). Moreover, if you find a file that is falsely marked as a threat, you can submit it for further analysis to the ClamAV team, directly from the ClamTK interface.

Scheduled virus scans with ClamTK

While I didn't perform speed comparison tests between the console and GUI scans, I didn't notice any significant difference on the time. ClamTK is definitely simplifying the process, so I suggest that you install it along with ClamAV as well.

Share this page:

Suggested articles

8 Comment(s)

Add comment


From: BetterMJ at: 2015-07-31 11:07:10

clamscan -help

clamscan: illegal option -- e

ERROR: Unknown option passed

ERROR: Can't parse command line options


From: till at: 2015-07-31 11:18:27

Use "--help" and not "-help":

clamscan --help

From: Frits at: 2015-07-31 14:50:29

Nice artikel. Please do realize that Clamav does not scan compressed files like .zip.

You can use avg for linux, use avgscan -a.

From: Sammy at: 2015-07-31 16:07:15

Just created a bash to save and run every so often, this takes a while to run. 


#clam antivirus scan for linux takes a while to run

sudo apt-get install clamav -y

sudo freshclam

clamscan -r –remove /

exit 0


From: Keith R. Starkey at: 2015-08-22 18:48:55

Thanks very much!

From: Saad at: 2015-11-16 09:19:28

its actually 

clamscan -r --bell -i /path/to/directoryits --bell not -bell 

From: Rich at: 2017-02-01 18:41:29

Ha. I came to the comments to say the same thing.


From: Graham at: 2016-02-12 00:12:48

Thanks for sharing this, just what I was looking for