How to Install and Use ClamAV Antivirus on Ubuntu 18.04

Last Updated:
Install and Use ClamAV Antivirus on Ubuntu

In this tutorial, you will learn how to install and use ClamAV antivirus on Ubuntu 18.04. ClamAV is an open source antivirus engine for detecting trojans, viruses, malware, adwares, rootkits and other malicious threats. It supports multiple file formats, file and archive unpacking, and multiple signature languages such as hash-based signature matching, wildcards, boolean logic and any custom rules written in Bytecode language.

ClamAV includes a multi-threaded scanner daemon, command line utilities for on demand file scanning and automatic signature updates. One of its main uses is on mail servers as a server-side email virus scanner.

How to Install and Use ClamAV Antivirus on Ubuntu 18.04

Install ClamAV on Ubuntu 18.04

ClamAV is available on Ubuntu repositories and thus  you can run the command below to install it.

apt update
apt install clamav clamav-daemon -y

Update the ClamAV Singature Database

Once the installation is complete, you should update the ClamAV signatures.

Stop the clamav-freshclam service and run the freshclam command to manually update the signatures database.

systemctl stop clamav-freshclam

Once the virus database update is done, start the clamav-freshclam service so it keeps updating the signature database in the background whenever.

systemctl start clamav-freshclam

You are now ready to use ClamAV to protect your system against viruses.

ClamAV comes with a command line utility called clamscan that scans files and directories for viruses.

To see the clamscan command line usage, run either of the commands below.

  • clamscan –help
  • man clamscan

Clamscan CLI Options and Example Usage

From the man pages, the clamscan command syntax is:

clamscan [options] [file/directory/-]

Some of the clamscan command options and their example usage is illustrated below;

-h, --help
     Print help information and exit.
     # clamscan -h      
-V, --version
     Print version number and exit.
     # clamscan -V
     ClamAV 0.100.1/25021/Tue Oct  9 15:52:08 2018
     Do not display summary at the end of scanning.
     # clamscan --no-summary /home/
-i, --infected
     Only print infected files.
     # clamscan -i /home/
-o, --suppress-ok-results
     Skip printing OK files 
     Sound bell on virus detection.
     # clamscan -r --bell -i /home
-d FILE/DIR, --database=FILE/DIR
     Load virus database from FILE or load all virus database files from DIR.
     # clamscan -d /tmp/newclamdb -r /tmp
-l FILE, --log=FILE
     Save scan report to FILE.
-r, --recursive
     Scan directories recursively. All the subdirectories in the given directory will be scanned.
     # clamscan -r --remove /
-f FILE, --file-list=FILE
     Scan files listed line by line in FILE. 
     Remove infected files. Be careful as this removes file completely.
     # clamscan -r --remove /home/USER
    Move infected files into DIRECTORY. Directory must be writable for the user or unprivileged user running clamscan.
    # clamscan -r --move=/home/USER/VIRUS /home/
    Copy infected files into DIRECTORY. Directory must be writable for the user or unprivileged user running clamscan.
    # clamscan -r --copy=/home/USER/VIRUS /home/

Note that most of the options are simple switches which enable or disable some features. Options marked with [=yes/no(*)] can be optionally followed by =yes or =no. If they get called without the boolean argument the scanner will assume ‘yes’. The asterisk marks the default internal setting for a given option.

For a comprehensive list of options, check the clamscan man pages

man clamscan

ClamAV Return Codes

The following are the exit return codes for ClamAV.

  • 0 : No virus found.
  • 1 : Virus(es) found.
  • 2 : Some error(s) occured.

Before we can wrap up this tutorial, it is good to understand that clamscan can be CPU intensive. To limit the clamscan CPU time to certain levels, you can use two tools; nice and cpulimit commands. cpulimit limits absolute cpu time, and nice lowers the priority of clamscan (limits relative cpu time).

To use nice command,

nice -n 15 clamscan && clamscan -ir /

As long as no other process requires cputime, clamscan will maximize it. But as soon as another process with a higher priority needs cputime, clamscan will lost it.

Using cpulimit;

cpulimit -z -e clamscan -l 50 & clamscan -ir /

That concludes our guide on how to install and use ClamAV Antivirus on Ubuntu 18.04.

Other Tutorials

How to Install RKHunter (RootKit Hunter) On Ubuntu 18.04

Install OpenVAS 9 with PostgreSQL in Ubuntu 18.04

How to Install and Configure Maltrail on Ubuntu 18.04


We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
I am the Co-founder of, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

3 thoughts on “How to Install and Use ClamAV Antivirus on Ubuntu 18.04”

    • Hey, I had the same problem and it did that because it didn’t download quick enough I think?

      In the end disconnecting from my vpn while I ran freshclam worked, the signature database really should allow a longer connection before it closes you out, maybe they’ll extend the max session time in the future 😉

  1. I had the same problem too. In /etc/clamav/freshclam.conf there are two timeout variables set to 30. After increasing them to 90 (or higher) freshclam downloaded the updates properly.
    ConnectTimeout 90
    ReceiveTimeout 90


Leave a Comment