ClamAV - The Open Source Antivirus for Linux Users


Table of Contents

Malware, Viruses and Trojans on Linux are rare but not impossible as many would have you believe. So sometimes, you may need an antivirus. ClamAV is an awesome choice.

Though I have never used any Antiviruses on Linux but I think one may need in some cases. There is an article on LinuxAndUbuntu that discusses in detail when you might want to use an Antivirus in Linux.

ClamAV – Antivirus for Linux

ClamAV is an open source antivirus software which is used in a variety of situations including email scanning, web scanning, and endpoint security. It provides a number of tools including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.

Yup, ClamAV is a command-line tool only but then there is a graphical tool ClamAV available to manage ClamAV. ClamAV is also cross-platform and is available for a host of desktop OSes including Windows and MacOS.

Features At A Glance

ClamAV is not a real-time virus scanner. It means it will not scan files as you open them. Nonetheless, it comes with some other essential features including –

  1. Command-line scanner
  2. Milter interface for sendmail
  3. Advanced database updater with support for scripted updates and digital signatures
  4. Virus database updated multiple times per day
  5. Built-in support for all standard mail file formats
  6. Built-in support for various archive formats, including Zip, RAR, Dmg, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others
  7. Built-in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
  8. Built-in support for popular document formats including MS Office and Mac Office files, HTML, Flash, RTF and PDF

How To Install ClamAV?

ClamAV installation is very simple can be found for Ubuntu in the apt repository. Run this command to install ClamAV:

sudo apt-get install clamav

If you need clamd, you may also want to run:

sudo apt-get install clamav-daemon

ClamTk is a frontend for ClamAV. You can install it via Terminal with:

sudo apt-get install clamtk

EPEL writes ClamAV packages for Fedora (as well as EPEL-enabled CentOS and RHEL). To install run the following command – dnf install clamav  

How to use ClamAV?

ClamAV is mostly a command-line tool but the third party package ClamTK provides a very simple GUI that allows beginners who are not most comfortable to use CLI. Upon launching ClamTk, you will have a clean GUI with 4 main sections.

clamtk antivirus scanner

First is the configuration section which enables users to set up or configure ClamAV and how it runs. For example, you may choose to scan a folder and not the subfolders. You may also whitelist some files or folders to exclude them from your scans, scan large files, hidden files and for password checkers.

clamav virus scanner settings
  1. The second section is the history section which provides users with details about previous scans. There is also a quarantine section from where you check for infected files that have been quarantined from scans.
  2. The third section is the updates section. This is where new virus definitions may be imported to ClamAV. Upon installing ClamAV, the very first thing you are required to do is to load the latest virus definitions by clicking on Updates.
  3. And the last section is the analysis section. This is where you start your ClamAV scans.

How Effecting Is It To Use ClamAV?

ClamAV might not be the best antivirus software around but for the most part, it is going to serve you well if you are on a Linux-only desktop. Some other times also, you have false-positives and these are usually more when compared to other top antivirus software.

On a Windows PC, I would not recommend ClamAV as the sheer volume of viruses and malware. Also, ClamAV scored some very low points (detected only 15.3% of Windows malware and ranked 16 out of 16) in a test of Linux antivirus conducted by AV-Test, an independent IT-security institute. Things were better with regards to Linux malware but not particularly impressive. ClamAV detected 66.1% of the attackers directed at it. ClamAV ranked 13 out of 16 for Linux malware and viruses beating McAfee, Comodo and F-prot.