Clamav for Ubuntu

Clamav is a free cross platform anti-virus package.

Reviewed by Bil Hays on 7/25/2013.

Clamav is a free and open source virus scanning tool. For personal use Installing clamav is pretty straightforward, there’s a version that runs in user space:

sudo apt-get install clamav

Run freshclam to update the signatures:

sudo freshclam

Then to scan the system, use clamscan.

clamscan -r --bell -i /afs/cs.unc.edu/home/hays

The command above will scan my home directory, all files recursively, and it will ring the bell if it finds an infected file. If you want to scan the entire system, you’ll need to run clamscan with sudo. If you’re doing that on a machine that runs afs, you’ll also want to exclude /afs:

sudo clamscan -r --bell -i --exclude="/afs" /

If you would like to use a GUI for running clamav, install clamtk. It’s a good option in that you can use it to schedule regular scans if you’re not comfortable with the command line and cron, and it give you easy access to the basic functionality. To set a scheduled scan, open clamtk and press Ctrl-t to open the advanced settings menu.

Depending on how you use your computer, you may find some false positives. The best thing to do in that case is whitelist those files. Once you’re run a few scans and have what you need whitelisted, then you can make a folder called quarantine, and run clamav to move infected files there.

clamscan -r --bell -i --move=/afs/cs.unc.edu/home/hays/quarantine /afs/cs.unc.edu/home/hays

Obviously, false positive can be a real problem. Perl modules in cpan and javascript files may be tagged as problems, so use the quarantine option with care.

If you’d like to test this or other anti-virus software you can get a fake malware sample from¬†eicar.