Install and configure ClamAV on Ubuntu

Objective

Install and configure ClamAV to scan for viruses on a local machine

Distributions

The distribution in this walkthrough will be based on Ubuntu 16.04, there shouldn't however be any issues with new distributions.

Introductions

Compared to an operating system like Windows, malicious software isn't all that common - they do however exist. Very often, valuable assets are placed on Linux based operating systems, it is, therefore, a good idea to install some form of anti-virus software to routinely scan form malicious content.

Compared to the typical Windows-based antivirus software, ClamAV will not constantly run in the background and therefore use less system resources (such as RAM, etc...).

Install ClamAV

The needed dependencies for ClamAV will be available in the Ubuntu repository, and can therefore simply be installed with aptitude.

$ sudo apt install clamav

Update the local threat database

To make sure the signature database ClamAV uses are up-to-date, we will start by updating the local database. Once the service has started, the update daemon will run quietly in the background and it shouldn't be necessary to manually update the database again later.

If we want to update the database manually, we need to temporally stop the ClamAV service

$ sudo systemctl stop clamav-freshclam

Now we run freshclam to update the local virus definitions

$ sudo freshclam

After that is completed, we need to start the service again.

$ sudo systemctl start clamav-freshclam

ClamAV should now be updated and the daemon should be running in the background

Command options

ClamAV has alot of different command-line options, by using a set of different paraments you can display the information you find relevant.
By using the command clamscan --help you can see some of the possible parameters

In this example, I will be running clamscan with the following parameters
$ clamscan -i -r --max-scansize=4000M --max-filesize=4000M ~/Downloads

  • -i  Tells ClamAV to take the resoult of the scan and only disply infected files
  • -r  Will make the scan recursive
  • --max-scansize= This is the maximum amount of data we will allow ClamAV to scan through, in our case we set it to 4000MB
  • --max-filesize=  This is the maximum file size for each individual file, in our perameter we set the limit to 4000MB

 

Leave a Reply

Your email address will not be published. Required fields are marked *