Install and Use ClamAV on Ubuntu 22.04

In this guide, we want to teach you to Install and Use ClamAV antivirus on Ubuntu 22.04. Also, you will learn to Install ClamTK (Graphical User Interface for a ClamAV) on Ubuntu 22.04.

Introduction To ClamAV

ClamAV is a free, open-source antivirus. The program can detect viruses, trojans, and malware. One of ClamAV’s most popular applications is scanning emails on mail gateways and checking the attachment file in real time. ClamAV antivirus databases are constantly updated. The program supports the search for viruses in archives (in compressed files). ClamAV antivirus is managed through the command line. Although it is free, it is quite limited in its features.

ClamAV components consist of:

clamd (clamav-daemon) – This daemon is mainly responsible for loading the virus database to memory when scanning starts.

freshclam (clamav-freshclam) – This daemon is used to update, download and install the Virus signature database.

clamdscan – Tool to scan files and directories for viruses.

clamonacc – This daemon provides on-access scanner functionality for ClamAV

Steps To Install and Use ClamAV on Ubuntu 22.04

To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on Initial Server Setup with Ubuntu 22.04.

Install ClamAV Antivirus on Ubuntu 22.04

ClamAV packages are available in the default Ubuntu repository. First, update your local package index with the following command:

sudo apt update

Then, use the following command to install ClamAV packages on your server:

sudo apt install clamav clamav-daemon -y

You can verify your ClamAV installation by checking its version:

clamscan -V
ClamAV 0.103.6/26813/Wed Feb 15 08:29:30 2023

By default, clamav-freshclam service will be enabled and running. At this point, you can verify it by checking its status:

sudo systemctl status clamav-freshclam
● clamav-freshclam.service - ClamAV virus database updater
     Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; ven>
     Active: active (running) since Wed 2023-02-15 16:38:57 UTC; 2min 59s ago
       Docs: man:freshclam(1)
   Main PID: 2377 (freshclam)
      Tasks: 1 (limit: 4575)
     Memory: 232.5M
        CPU: 38.896s
     CGroup: /system.slice/clamav-freshclam.service
             └─2377 /usr/bin/freshclam -d --foreground=true

Note: If the service is not started, run the following command to start clamav-freshclam:

sudo systemctl start clamav-freshclam

Update ClamAV Signature Database for Viruses on Ubuntu 22.04

At this point, you need to update the ClamAV Signature Database for Viruses. freshclam command is used to download and update ClamAV’s official virus signature databases.

First, stop the clamav-freshclam service by using the command below:

sudo systemctl stop clamav-freshclam

Then, download and update the database manually using the following command:

sudo freshclam

If you get the following output, then the database is updated:

Wed Feb 15 16:46:31 2023 -> ClamAV update process started at Wed Feb 15 16:46:31 2023
Wed Feb 15 16:46:31 2023 -> ^Your ClamAV installation is OUTDATED!
Wed Feb 15 16:46:31 2023 -> ^Local version: 0.103.6 Recommended version: 0.103.7
Wed Feb 15 16:46:31 2023 -> DON'T PANIC! Read
Wed Feb 15 16:46:31 2023 -> daily.cvd database is up-to-date (version: 26813, sigs: 2020949, f-level: 90, builder: raynman)
Wed Feb 15 16:46:31 2023 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Feb 15 16:46:31 2023 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

At this point, you need to start your freshclam service again:

sudo systemctl start clamav-freshclam

Next, you need to start clamav-daemon service to load database definitions to memory:

sudo systemctl start clamav-daemon

Finally, you can check the ClamAV logs in /var/log/clamav/clamav.log:

tail /var/log/clamav/clamav.log
Wed Feb 15 17:21:36 2023 -> +++ Started at Wed Feb 15 17:21:36 2023
Wed Feb 15 17:21:36 2023 -> Received 0 file descriptor(s) from systemd.
Wed Feb 15 17:21:36 2023 -> clamd daemon 0.103.6 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Wed Feb 15 17:21:36 2023 -> Log file size limited to 4294967295 bytes.
Wed Feb 15 17:21:36 2023 -> Reading databases from /var/lib/clamav
Wed Feb 15 17:21:36 2023 -> Not loading PUA signatures.
Wed Feb 15 17:21:36 2023 -> Bytecode: Security mode set to "TrustSigned".
Wed Feb 15 17:22:08 2023 -> Loaded 8652879 signatures.

How To Test ClamAV Service

At this point, we want to test the ClamAV service by downloading a test virus to /tmp directory and scanning by using clamscan tool. To do this, run the following commands:

# cd /tmp
# wget
# clamscan --infected --remove
/tmp/ Win.Test.EICAR_HDB-1 FOUND
/tmp/ Removed.

----------- SCAN SUMMARY -----------
Known viruses: 8652879
Engine version: 0.103.6
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 40.417 sec (0 m 40 s)
Start Date: 2023:02:15 17:26:58
End Date:   2023:02:15 17:27:38

How To Use ClamAV on Ubuntu 22.04

The ClamAV configuration file is located at /etc/clamav/clamd.conf. The configuration file allows us to set scanning behavior, user name for clamd daemon (by default daemon is run by clamav), exclude directories from scanning, and much more.

ClamAV logs are stored in /var/log/clamav/, which contains information about each virus scan.

ClamAV comes with many inbuilt tools, among which clamscan is the most important tool. Clamscan is a clamd client used to scan files.

Let’s see some examples of using ClamAV.

From your current directory, you can scan all the files by using the command below:

clamscan -r /

You can scan the files but only show the infected files. To do this, you can use the command below:

clamscan -r -i /[path-to-folder]

Also, you can scan infected files in a specific directory recursively and then remove them by using the command below:

clamscan --infected --remove --recursive /home/ubuntu/Desktop/

The options used in the commands, means:

  • –infected: prints only infected files
  • –remove: removes infected files
  • –recursive: all directories and subdirectories in that path will be scanned

To scan your web server and everything in the standard Apache document root, you scan any suspicious files and unwanted applications with the following command:

sudo clamscan --infected --detect-pua=yes --recursive /var/www/html/

pua: Potential Unwanted Application

You can scan files and send the results of infected files to a new results file by using the command below:

clamscan -r /[path-to-folder] | grep FOUND >> /[path-folder]/[file].txt

Also, you can scan and move infected files to a different directory path by running the command below:

clamscan -r --move=/[path-to-folder] /[path-to-quarantine-folder]

To get more help about ClamAV, you can use the command below:

clamscan -h

Or, you can visit the ClamAV Documentation page.

Install ClamTK on Ubuntu 22.04

If you are more comfortable using GUI instead of the command line, you can install ClamTK. ClamTK is a Graphical User Interface for a ClamAV software program.

To install ClamTK, you can use the following command:

apt install clamtk -y

If you already have ClamAV installed on your system and need to upgrade it, use the command below:

apt --only-upgrade install clamav clamav-daemon

After installing clamTK, open it and you will get a nice GUI with all options including Configuration, History, Updates, and Analysis.


That’s it, you are done.


At this point, you have learned to Install and Use ClamAV Antivirus on Ubuntu 22.04. Also, you have learned to Install ClamTK the graphical user interface on your server.

Hope you enjoy it. You may be interested in these articles on the Orcacore website:

Install and Configure Cacti on Ubuntu 22.04

Install Fathom Analytics on Ubuntu 22.04

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Stay informed and not overwhelmed, subscribe now!