How to Install and Use ClamAV Antivirus on Ubuntu 18.04

In this tutorial, you will learn how to install and use ClamAV antivirus on Ubuntu 18.04. ClamAV is an open source antivirus engine for detecting trojans, viruses, malware, adwares, rootkits and other malicious threats. It supports multiple file formats, file and archive unpacking, and multiple signature languages such as hash-based signature matching, wildcards, boolean logic and any custom rules written in Bytecode language.

ClamAV includes a multi-threaded scanner daemon, command line utilities for on demand file scanning and automatic signature updates. One of its main uses is on mail servers as a server-side email virus scanner.

How to Install and Use ClamAV Antivirus on Ubuntu 18.04

ClamAV is available on Ubuntu repositories and thus  you can run the command below to install it.

apt update
apt install clamav clamav-daemon -y

Update the ClamAV Singature Database

Once the installation is complete, you should update the ClamAV signatures.

Stop the clamav-freshclam service and run the freshclam command to manually update the signatures database.

systemctl stop clamav-freshclam

freshclam

Once the virus database update is done, start the clamav-freshclam service so it keeps updating the signature database in the background whenever.

systemctl start clamav-freshclam

You are now ready to use ClamAV to protect your system against viruses.

ClamAV comes with a command line utility called clamscan that scans files and directories for viruses.

To see the clamscan command line usage, run either of the commands below.

• clamscan –help
• man clamscan

Clamscan CLI Options and Example Usage

From the man pages, the clamscan command syntax is:

clamscan [options] [file/directory/-]

Some of the clamscan command options and their example usage is illustrated below;

-h, --help
     Print help information and exit.
     # clamscan -h      
-V, --version
     Print version number and exit.
     # clamscan -V
     ClamAV 0.100.1/25021/Tue Oct  9 15:52:08 2018
--no-summary
     Do not display summary at the end of scanning.
     # clamscan --no-summary /home/
-i, --infected
     Only print infected files.
     # clamscan -i /home/
-o, --suppress-ok-results
     Skip printing OK files 
--bell
     Sound bell on virus detection.
     # clamscan -r --bell -i /home
-d FILE/DIR, --database=FILE/DIR
     Load virus database from FILE or load all virus database files from DIR.
     # clamscan -d /tmp/newclamdb -r /tmp
-l FILE, --log=FILE
     Save scan report to FILE.
-r, --recursive
     Scan directories recursively. All the subdirectories in the given directory will be scanned.
     # clamscan -r --remove /
-f FILE, --file-list=FILE
     Scan files listed line by line in FILE. 
--remove[=yes/no(*)]
     Remove infected files. Be careful as this removes file completely.
     # clamscan -r --remove /home/USER
--move=DIRECTORY
    Move infected files into DIRECTORY. Directory must be writable for the user or unprivileged user running clamscan.
    # clamscan -r --move=/home/USER/VIRUS /home/
--copy=DIRECTORY
    Copy infected files into DIRECTORY. Directory must be writable for the user or unprivileged user running clamscan.
    # clamscan -r --copy=/home/USER/VIRUS /home/

Note that most of the options are simple switches which enable or disable some features. Options marked with [=yes/no(*)] can be optionally followed by =yes or =no. If they get called without the boolean argument the scanner will assume ‘yes’. The asterisk marks the default internal setting for a given option.

For a comprehensive list of options, check the clamscan man pages

man clamscan

ClamAV Return Codes

The following are the exit return codes for ClamAV.

• 0 : No virus found.
• 1 : Virus(es) found.
• 2 : Some error(s) occured.

Before we can wrap up this tutorial, it is good to understand that clamscan can be CPU intensive. To limit the clamscan CPU time to certain levels, you can use two tools; nice and cpulimit commands. cpulimit limits absolute cpu time, and nice lowers the priority of clamscan (limits relative cpu time).

To use nice command,

nice -n 15 clamscan && clamscan -ir /

As long as no other process requires cputime, clamscan will maximize it. But as soon as another process with a higher priority needs cputime, clamscan will lost it.

Using cpulimit;

cpulimit -z -e clamscan -l 50 & clamscan -ir /

In our next tutorial, we will learn how to create a bash script that automates ClamAV Virus Scanning and email results. Stay connected.

Other Tutorials

How to Install RKHunter (RootKit Hunter) On Ubuntu 18.04

Install OpenVAS 9 with PostgreSQL in Ubuntu 18.04

How to Install and Configure Maltrail on Ubuntu 18.04