Skip to content

Instantly share code, notes, and snippets.

@benzntech

benzntech/ClamAV.md

Last active January 10, 2023 19:40
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save benzntech/47251d57a3d975592c03e721c5cbc8c0 to your computer and use it in GitHub Desktop.
Save benzntech/47251d57a3d975592c03e721c5cbc8c0 to your computer and use it in GitHub Desktop.
Download ZIP
ClamAV Antivirus Scanner For Linux (Review + Installation + Usage)
Raw
ClamAV.md

ClamAV Antivirus Scanner For Linux (Review + Installation + Usage)

ClamAV Antivirus for linux Malware, Viruses and Trojans on Linux are rare but not impossible as many would have you believe. So for the few times, you may need an antivirus ClamAV is an awesome choice. Though, I have never used any Antiviruses in Linux but I think one may need in some cases. There is an article on LinuxAndUbuntu that discusses in detail when you might want to use an Antivirus in Linux.

How Can Your Linux Be Hacked Using malware, worms etc?

ClamAV is an open source antivirus software which is used in a variety of situations including email scanning, web scanning, and endpoint security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates. Yup, ClamAV is a command line tool only but then there is a graphical tool ClamAV available to manage ClamAV. ClamAV is also cross-platform and is available for a host of desktop OSes including Windows and MacOS. Features At A Glance ClamAV is not a real-time virus scanner. That is, it won’t scan files as you open them. Nonetheless, it comes with some other essential features including -

Command-line scanner
Milter interface for sendmail
Advanced database updater with support for scripted updates and digital signatures
Virus database updated multiple times per day
Built-in support for all standard mail file formats
Built-in support for various archive formats, including Zip, RAR, Dmg, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others
Built-in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
Built-in support for popular document formats including MS Office and Mac Office files, HTML, Flash, RTF and PDF

How To Install ClamAV? ClamAV installation is very simple can be found for Ubuntu in the apt repository. Run this command to install ClamAV:

sudo apt-get install clamav

If you need clamd, you may also want to run:

sudo apt-get install clamav-daemon

ClamTk is a frontend for ClamAV. You can install it via Terminal with:

sudo apt-get install clamtk

EPEL writes ClamAV packages for Fedora (as well as EPEL-enabled CentOS and RHEL). To install run the following command - dnf install clamav

Usage ClamAV is mostly a command line tool but the third party package ClamTK provides a very simple GUI that allows beginners who are not most comfortable to use CLI. Upon launching ClamTk, you will be presented with a clean GUI with 4 main sections. clamtk antivirus scanner First is the configuration section which enables users to set up or configure ClamAV and how it runs. For example, you may choose to scan a folder and not the sub folders. You may also whitelist some files or folders to exclude them from your scans, scan large files, hidden files and for password checkers. clamav virus scanner settings

The second section is the history section which provides users with details about previous scans. There is also a quarantine section from where you check for infected files that have been quarantined from scans.
The third section is the updates section. This is where new virus definitions may be imported to ClamAV. Upon installing ClamAV, the very first thing you are required to do is to load the latest virus definitions by clicking on Updates.
And the last section is the analysis section. This is where you start your ClamAV scans.

How Effecting Is It To Use ClamAV? ClamAV might not be the best antivirus software around but for the most part, it is going to serve you well if you are on a Linux-only desktop. Some other times also, you have false-positives and these are usually more when compared to other top antivirus software. On a Windows PC or partition, I would not recommend ClamAV as the sheer volume of viruses and malware. Also, ClamAV scored some very low points (detected only 15.3% of Windows malware and ranked 16 out of 16) in a test of Linux antivirus conducted by AV-Test, an independent IT-security institute. Things were better with regards to Linux malware but not particularly impressive. ClamAV detected 66.1% of the attackers directed at it. ClamAV ranked 13 out of 16 for Linux malware and viruses beating McAfee, Comodo and F-prot. Conclusion ClamAV might not be the best antivirus software around but for the most part, it is going to serve you well if you are on a Linux-only desktop. Some other times also, you have false-positives and these are usually more when compared to other top antivirus software. On a Windows PC or partition, I would not recommend ClamAV as the sheer volume of viruses and malware. Also, ClamAV scored some very low points (detected only 15.3% of Windows malware and ranked 16 out of 16) in a test of Linux antivirus conducted by AV-Test, an independent IT-security institute. Things were better with regards to Linux malware but not particularly impressive. ClamAV detected 66.1% of the attackers directed at it. ClamAV ranked 13 out of 16 for Linux malware and viruses beating McAfee, Comodo and F-prot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment