How to scan for viruses with ClamAV on Ubuntu 22.04

There aren't many viruses made for Linux distributions and as such, most people who use such systems don't even bother using antivirus software. Those however who do want to be able to scan their system or other Windows-based systems that are connected to a Linux PC through a network can use ClamAV. ClamAV is an open-source anti-virus engine that is built to detect viruses, trojans, malware, and other threats. It supports multiple file formats (documents, executables, or archives), utilizes multi-thread scanner features, and receives updates for its signature database at least 3-4 times a day.

ClamAV Antivirus

The first step is to install and get the latest signature updates. To do this on Ubuntu, you can open a terminal and insert “sudo apt-get install clamav” and press enter.

sudo apt install clamav

You may also build ClamAV from sources to benefit from better scanning performance. To update the signatures, you type “sudo freshclam” on a terminal session and press enter.

sudo freshclam

Now we are ready to scan our system. To do this, you can use the “clamscan” command. This is a rich command that can work with many different parameters so you'd better insert “clamscan –-help” on the terminal first and see the various things that what you can do with it.

clamscan –-help

Scan Files for Viruses with ClamAV

So, I will demonstrate a scan on my “Downloads” folder located under the home directory and I will choose to output only infected files and ring a bell when (and if) they are found. This translates to the following command on the terminal: “clamscan -r --bell -i /home/bill/Downloads”.

clamscan -r --bell -i /home/bill/Downloads

To scan the whole system (it may take a while) and remove all infected files in the process, you can use the command in the following form: “clamscan -r --remove /”.

clamscan -r --remove /

Sometimes, simply removing infected files can cause even more problems or breakages. I suggest that you should always check the output first and then take manual action. Alternatively, you may also use the “move” command integrated as a parameter in the form of” “--move=/home/bill/my_virus_collection” (example directory).

ClamTK - a GUI for ClamAV

If all this console stuff is simply too much for you, you can also install an additional package called “clamtk” that is basically a gtk-2 GUI for ClamAV.

sudo apt install clamtk

From the ClamTK top panel options menu, you can choose any directory or file to scan, specify whitelisted directories and manage quarantined files. You may also elect to perform quick or recursive scans, or even check a device such as a USB stick.

ClamTK's scheduler also allows for the easy setting up of scheduled scans as well as scheduled antivirus signature database updates (you'd better set the latter before the former). Moreover, if you find a file that is falsely marked as a threat, you can submit it for further analysis to the ClamAV team, directly from the ClamTK interface.

While I didn't perform speed comparison tests between the console and GUI scans, I didn't notice any significant difference in scan time. ClamTK is definitely simplifying the process, so I suggest that you install it along with ClamAV as well.

Links

view as pdf | print

Share this page:

22 Comment(s)

Add comment

Comments

By: BetterMJ at: 2015-07-31 11:07:10

clamscan -help

clamscan: illegal option -- e

ERROR: Unknown option passed

ERROR: Can't parse command line options

By: till at: 2015-07-31 11:18:27

Use "--help" and not "-help":

clamscan --help

By: Frits at: 2015-07-31 14:50:29

Nice artikel. Please do realize that Clamav does not scan compressed files like .zip.

You can use avg for linux, use avgscan -a.

By: Sammy at: 2015-07-31 16:07:15

Just created a bash to save and run every so often, this takes a while to run.

#!/bin/bash

#clam antivirus scan for linux takes a while to run

sudo apt-get install clamav -y

sudo freshclam

clamscan -r –remove /

exit 0

By: Keith R. Starkey at: 2015-08-22 18:48:55

Thanks very much!

By: Saad at: 2015-11-16 09:19:28

its actually

clamscan -r --bell -i /path/to/directoryits --bell not -bell

By: Rich at: 2017-02-01 18:41:29

Ha. I came to the comments to say the same thing.

By: Graham at: 2016-02-12 00:12:48

Thanks for sharing this, just what I was looking for

By: gsjdbf at: 2018-02-02 09:41:59

Instead of a manual scan, how can i set up clam av to scan a certain folder everyday?

By: till at: 2018-02-02 09:45:42

Create a cronjob that runs the clamscan command daily.

By: John Sowden at: 2018-10-20 19:30:08

My Linux boxes have been running slow for about a year, so I tried clamav. After installing, I entered a command

line to scan, which I found on the google list of solutions (not a web site):

clamav -r --bell -i / I go about 150 lines of:

LibClamAV Warning: fmap_readpage: pread fail: asked for4095 bytes @ offset 1, got 0

The 4095 and 1 varied. The got 0 was consistant. I am running xubuntu 18.04 LTS

with a hang at the end, no exit. Help?

By: James (KB5RIR) at: 2018-10-29 11:00:50

Your the man BIll Thanks for sharing your hard work.

By: Kanhaiya at: 2019-01-10 12:37:22

Known viruses: 6762421Engine version: 0.100.2 Scanned directories: 1 Scanned files: 20 Infected files: 0 Data scanned: 0.84 MB Data read: 0.73 MB (ratio 1.16:1)Time: 23.440 sec (0 m 23 s)

Can you please tell me how to remove viruses? Terminal command for linux

By: Dave Kimble at: 2019-01-24 01:00:35

Kanhaiya, read the --help again :)

Use "clamscan --remove --move=/home/<user>/viruses, but be careful, the removal might cause problems, especially if it was a false positive, so run it without the --remove first.

By: ahron at: 2019-02-27 18:17:00

this is great!!

By: MS at: 2019-06-29 17:04:58

I get this:

[email protected]:~$ sudo apt-get install clamav

Reading package lists... Done

Building dependency tree

Reading state information... Done

E: Unable to locate package clamav

[email protected]:~$ sudo freshclam

sudo: freshclam: command not found

By: John Arrasjid at: 2019-08-20 21:33:49

I too am having this problem. I get the same error when running 'sudo apt-get install clamav'.

By: Kologha at: 2020-05-22 17:40:55

Why do the writers of this type of software not give one the option of scheduling a scan say 10 or 15 minutes after booting up? Instead one has to select a time, and in my case my PC is not on all the time as I boot it up at odd intervals during the day and switch it off when I have finished doing my business. I therefore cannot say at precisely what time the PC will be active.

By: jahdiel at: 2020-10-15 12:41:29

Hi so I ran the full scan and it found three viruses, but it didn't remove them. So what do I do now? Do I have to manually remove them? I thought clamwin would automatically send the viruses to qourantine then delete them, right? here is the results:

----------- SCAN SUMMARY -----------

Known viruses: 8924011

Engine version: 0.102.4

Scanned directories: 151991

Scanned files: 855244

Infected files: 3

Total errors: 121196

Not removed: 3

Data scanned: 42162.97 MB

Data read: 69491.77 MB (ratio 0.61:1)

Time: 12472.445 sec (207 m 52 s)

[email protected]:~$

Can someone help me with this?

thanks, I'm a nooob to Linux, but I'm going in fulltime all the way fully converted to linux.

P,s, I heart Linux

By: furrple at: 2021-05-17 00:48:38

is there a way to stop it while scanning?

By: furrple_ at: 2021-06-02 20:03:18

just close the terminal window

By: silvester at: 2021-10-08 02:24:36

Thank you for this great program. Run it all the way.

Can we save the scan results in a map?

Just a linux novice.

warm greetings from the heart,

Silvester

Log in or Sign up