In this guide, we want to teach you to Install and Use ClamAV antivirus on Ubuntu 22.04. Also, you will learn to Install ClamTK (Graphical User Interface for a ClamAV) on Ubuntu 22.04.
Introduction To ClamAV
ClamAV is a free, open-source antivirus. The program can detect viruses, trojans, and malware. One of ClamAV’s most popular applications is scanning emails on mail gateways and checking the attachment file in real time. ClamAV antivirus databases are constantly updated. The program supports the search for viruses in archives (in compressed files). ClamAV antivirus is managed through the command line. Although it is free, it is quite limited in its features.
ClamAV components consist of:
clamd (clamav-daemon) – This daemon is mainly responsible for loading the virus database to memory when scanning starts.
freshclam (clamav-freshclam) – This daemon is used to update, download and install the Virus signature database.
clamdscan – Tool to scan files and directories for viruses.
clamonacc – This daemon provides on-access scanner functionality for ClamAV
Steps To Install and Use ClamAV on Ubuntu 22.04
To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on Initial Server Setup with Ubuntu 22.04.
Install ClamAV Antivirus on Ubuntu 22.04
ClamAV packages are available in the default Ubuntu repository. First, update your local package index with the following command:
sudo apt update
Then, use the following command to install ClamAV packages on your server:
sudo apt install clamav clamav-daemon -y
You can verify your ClamAV installation by checking its version:
Output ClamAV 0.103.6/26813/Wed Feb 15 08:29:30 2023
By default, clamav-freshclam service will be enabled and running. At this point, you can verify it by checking its status:
sudo systemctl status clamav-freshclam
Output ● clamav-freshclam.service - ClamAV virus database updater Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; ven> Active: active (running) since Wed 2023-02-15 16:38:57 UTC; 2min 59s ago Docs: man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/ Main PID: 2377 (freshclam) Tasks: 1 (limit: 4575) Memory: 232.5M CPU: 38.896s CGroup: /system.slice/clamav-freshclam.service └─2377 /usr/bin/freshclam -d --foreground=true ...
Note: If the service is not started, run the following command to start clamav-freshclam:
sudo systemctl start clamav-freshclam
Update ClamAV Signature Database for Viruses on Ubuntu 22.04
At this point, you need to update the ClamAV Signature Database for Viruses. freshclam command is used to download and update ClamAV’s official virus signature databases.
First, stop the clamav-freshclam service by using the command below:
sudo systemctl stop clamav-freshclam
Then, download and update the database manually using the following command:
If you get the following output, then the database is updated:
Output Wed Feb 15 16:46:31 2023 -> ClamAV update process started at Wed Feb 15 16:46:31 2023 Wed Feb 15 16:46:31 2023 -> ^Your ClamAV installation is OUTDATED! Wed Feb 15 16:46:31 2023 -> ^Local version: 0.103.6 Recommended version: 0.103.7 Wed Feb 15 16:46:31 2023 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html Wed Feb 15 16:46:31 2023 -> daily.cvd database is up-to-date (version: 26813, sigs: 2020949, f-level: 90, builder: raynman) Wed Feb 15 16:46:31 2023 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Wed Feb 15 16:46:31 2023 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
At this point, you need to start your freshclam service again:
sudo systemctl start clamav-freshclam
Next, you need to start clamav-daemon service to load database definitions to memory:
sudo systemctl start clamav-daemon
Finally, you can check the ClamAV logs in /var/log/clamav/clamav.log:
Output Wed Feb 15 17:21:36 2023 -> +++ Started at Wed Feb 15 17:21:36 2023 Wed Feb 15 17:21:36 2023 -> Received 0 file descriptor(s) from systemd. Wed Feb 15 17:21:36 2023 -> clamd daemon 0.103.6 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Wed Feb 15 17:21:36 2023 -> Log file size limited to 4294967295 bytes. Wed Feb 15 17:21:36 2023 -> Reading databases from /var/lib/clamav Wed Feb 15 17:21:36 2023 -> Not loading PUA signatures. Wed Feb 15 17:21:36 2023 -> Bytecode: Security mode set to "TrustSigned". Wed Feb 15 17:22:08 2023 -> Loaded 8652879 signatures.
How To Test ClamAV Service
At this point, we want to test the ClamAV service by downloading a test virus to /tmp directory and scanning by using clamscan tool. To do this, run the following commands:
# cd /tmp # wget http://www.eicar.org/download/eicar.com # clamscan --infected --remove eicar.com
Output /tmp/eicar.com: Win.Test.EICAR_HDB-1 FOUND /tmp/eicar.com: Removed. ----------- SCAN SUMMARY ----------- Known viruses: 8652879 Engine version: 0.103.6 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 40.417 sec (0 m 40 s) Start Date: 2023:02:15 17:26:58 End Date: 2023:02:15 17:27:38
How To Use ClamAV on Ubuntu 22.04
The ClamAV configuration file is located at /etc/clamav/clamd.conf. The configuration file allows us to set scanning behavior, user name for clamd daemon (by default daemon is run by clamav), exclude directories from scanning, and much more.
ClamAV logs are stored in /var/log/clamav/, which contains information about each virus scan.
ClamAV comes with many inbuilt tools, among which clamscan is the most important tool. Clamscan is a clamd client used to scan files.
Let’s see some examples of using ClamAV.
From your current directory, you can scan all the files by using the command below:
clamscan -r /
You can scan the files but only show the infected files. To do this, you can use the command below:
clamscan -r -i /[path-to-folder]
Also, you can scan infected files in a specific directory recursively and then remove them by using the command below:
clamscan --infected --remove --recursive /home/ubuntu/Desktop/
The options used in the commands, means:
- –infected: prints only infected files
- –remove: removes infected files
- –recursive: all directories and subdirectories in that path will be scanned
To scan your web server and everything in the standard Apache document root, you scan any suspicious files and unwanted applications with the following command:
sudo clamscan --infected --detect-pua=yes --recursive /var/www/html/
pua: Potential Unwanted Application
You can scan files and send the results of infected files to a new results file by using the command below:
clamscan -r /[path-to-folder] | grep FOUND >> /[path-folder]/[file].txt
Also, you can scan and move infected files to a different directory path by running the command below:
clamscan -r --move=/[path-to-folder] /[path-to-quarantine-folder]
To get more help about ClamAV, you can use the command below:
Or, you can visit the ClamAV Documentation page.
Install ClamTK on Ubuntu 22.04
If you are more comfortable using GUI instead of the command line, you can install ClamTK. ClamTK is a Graphical User Interface for a ClamAV software program.
To install ClamTK, you can use the following command:
apt install clamtk -y
If you already have ClamAV installed on your system and need to upgrade it, use the command below:
apt --only-upgrade install clamav clamav-daemon
After installing clamTK, open it and you will get a nice GUI with all options including Configuration, History, Updates, and Analysis.
That’s it, you are done.
At this point, you have learned to Install and Use ClamAV Antivirus on Ubuntu 22.04. Also, you have learned to Install ClamTK the graphical user interface on your server.
Hope you enjoy it. You may be interested in these articles on the Orcacore website:
Install and Configure Cacti on Ubuntu 22.04