How to Install ClamAV on Ubuntu and Configure It [12 Easy Steps]

Written by

Reviewed by

Last updated: June 5, 2024

Expert verified

SVG Image

TL;DR

To install ClamAV on Ubuntu, you can follow this step-by-step guide:

  1. Open Terminal and run sudo apt update to update package lists.
  2. Execute sudo apt install clamav clamav-daemon -y to install ClamAV and its daemon.
  3. Run sudo freshclam to download the latest signature database.
  4. Use clamscan /path/to/directory to scan a specific directory for viruses.
  5. Edit the ClamAV configuration file with sudo nano /etc/clamav/clamd.conf. Adjust the ScanInterval value for automatic scans, save, and restart the ClamAV daemon with sudo systemctl restart clamav-daemon.

Read the guide below to explore the step-by-step method to install ClamAV on Ubuntu, how to configure it, andenhance security with CamlAV.

Keeping your Ubuntu system secure from malware can be a real challenge, especially with new threats popping up all the time. But don’t worry, there’s a great solution: ClamAV. In this guide, I’ll show you how to install and configure ClamAV, a free and open-source antivirus tool, to keep your system safe. You’ll learn about its key features, why it’s a smart choice, and how to boost your security with regular updates and scheduled scans. By the end of this post, you’ll have ClamAV up and running smoothly, protecting your Ubuntu system effectively.

What is ClamAV?

ClamAV is a free, open-source antivirus software designed to help detect and remove malware from your computer. Here’s a detailed overview:

Key Features of ClamAV:

  • Virus Scanner: ClamAV scans files and directories for viruses, trojans, and other malicious software. Though primarily used for on-demand scanning, ClamAV can be configured for real-time protection with third-party tools. It detects a wide range of threats including viruses, worms, trojans, and other forms of malware.
  • Mail Gateway Scanning: ClamAV scans incoming and outgoing email attachments for malware. It integrates with mail servers like Postfix, Sendmail, and Exim to provide email scanning capabilities. Helps prevent the spread of infected attachments, safeguarding your network.
  • Scheduled Scans: You can set up automated scans to run at specific intervals (daily, weekly, etc.). Regularly scheduled scans ensure your system remains protected without manual intervention. You can specify what directories to scan and at what times, tailoring the scans to your needs.
  • Database Updates: ClamAV regularly updates its virus definition database to include the latest threats. You can configure ClamAV to automatically update its database. Updates can also be performed manually if needed.
  • Cross-Platform: Widely used on Linux servers and desktops. Available for Windows users, providing additional security. Compatible with macOS, making it a versatile tool across different platforms.

Why Use ClamAV?

  • Free: ClamAV is free to use, providing robust protection without any financial investment. Its zero-cost nature makes it accessible to individuals, small businesses, and large organizations alike.
  • Open-Source: As open-source software, ClamAV’s code is publicly available for review, ensuring transparency. A large community of developers contributes to its ongoing development and improvement. Users can modify the source code to suit specific needs or contribute enhancements.
  • Versatile: Works across multiple operating systems including Linux, Windows, and macOS. Suitable for personal use, small businesses, and large enterprises. Easily integrates with other software and systems, enhancing its functionality.

How to Install ClamAV on Ubuntu

To Ubuntu install ClamAV, start by opening your terminal. First, update your package lists with sudo apt update. Next, install ClamAV and its daemon using sudo apt install clamav clamav-daemon -y.

After the installation, update the virus definitions by running sudo freshclam. To verify the installation, check the version with clamscan --version. You can now scan your system by running clamscan /path/to/directory. For example, use clamscan ~ to scan your home directory.

Here are the detailed steps to install ClamAV on Ubuntu and configure it:

  1. Open the Terminal window.
opening terminal 8
  1. Execute the following commands to update your system:
sudo apt update

This command updates the package lists on your system.

updating system package list 2
  1. ClamAV install Ubuntu by running the following command:
sudo apt install clamav clamav-daemon -y
instaling clamav on ubuntu
  1. Once ClamAV is installed, you can confirm the version by running the following command:
clamscan --version

You should see the following output:

verifying clamav version
  1. To update the ClamAV signature database, run the following command:
sudo freshclam

This command downloads the latest signature database from the ClamAV website.

updating clamav database
  1. Once the signature database is updated, you can scan your system for viruses by running the following command:
clamscan /path/to/directory
  1. For example, to scan your home directory for viruses, you would run the following command:
clamscan ~

This command scans the specified directory for viruses.

scanning home directory using clamav
  1. If any viruses are found, ClamAV will quarantine them. You can view the quarantined files by running the following command:
clamdscan --infected

This command displays the list of quarantined files.

viewing any quarantine viruses
  1. To remove the quarantined files, run the following command:
clamdscan --remove

This command permanently deletes the quarantined files from your system.

removing quarantine files
  1. You can also set ClamAV to scan your system automatically at regular intervals. To do this, open the ClamAV configuration file:
sudo nano /etc/clamav/clamd.conf

This command opens the configuration file in the Nano editor.

opening clamav configuration file
  1. Find the line that says SelfCheck and change the value to the desired interval in seconds. For example, to scan every 15 minutes, you would set the value to 900. Save the file and exit the editor.
setting scan time in configuration file
  1. Restart the ClamAV daemon:
sudo systemctl restart clamav-daemon

This command restarts the ClamAV daemon, enabling automatic system scans based on the configured interval.

restarting clamav

ClamAV is now installed and configured on your Ubuntu system.

GUI Method: Scanning for Viruses Using ClamTk

ClamTk is a user-friendly graphical interface for the ClamAV antivirus engine. It allows you to easily scan your Linux system for viruses and malware. Here’s how you can use ClamTk to scan for viruses:

  1. First, you need to install ClamTk on your Linux system. Open your terminal and type the following command:
sudo apt-get install clamtk

This command installs ClamTk and its dependencies.

installing clamtk on ubuntu
  1. Once installed, you can open ClamTk from your application menu. Look for ClamTk and click on it to launch the program.
launching clamtk from application menu
  1. Before scanning, make sure your virus definitions are up to date. Click on the Update button in ClamTk. This ensures that ClamTk can detect the latest threats.
ensuring virus definitions are up to date
  1. To perform a quick scan, click on Scan a directory in the main window.
performing a quick scan
  1. Select the directory you want to scan. You can choose your home directory or any specific folder. Click OK to start the scan.
choosing a directory to scan
  1. ClamTk will scan the selected directory and display the results.
displaying results of quick scan
  1. To ensure your system stays clean, schedule regular scans. Click on Scheduler in the main window.
scheduling scanning for system
  1. Set up a daily or weekly scan according to your preference.
setting a daily scanning schedule

Enhancing Security with ClamAV: Additional Measures

In addition to its powerful antivirus capabilities, ClamAV offers various features to enhance your Ubuntu system’s security. By integrating ClamAV with other components, you can create a comprehensive defense against potential threats. Explore the following four measures to enhance your security posture:

  • 📧 Integrating ClamAV with Email Servers: Integrating ClamAV with your email server adds an extra layer of protection against email-borne malware. By scanning incoming and outgoing emails, ClamAV helps identify and neutralize potential threats before they reach your inbox or spread to other recipients. Safeguard your communication channels and prevent the dissemination of malicious attachments or links.
  • 🔒 Scanning Files in File-Sharing Services: When sharing files through services like Samba or FTP, leveraging ClamAV’s scanning capabilities ensures that infected files do not propagate across your network. By scanning files before sharing, you prevent malware from spreading to other connected devices. Safely exchange files and maintain the integrity of your network and shared resources.
  • 🌐 Protecting Web Content with ClamAV: Integrating ClamAV with your web server allows you to scan uploaded files and web content, providing an additional security layer. Examining files for potential malware before users access them protects your website’s visitors from harmful content. Ensure a safe browsing experience and protect your online assets from malicious files or scripts.
  • ⏱️ Utilizing ClamAV for On-Demand Scanning: In addition to regular system scans, you can perform on-demand scans using ClamAV. If you suspect a specific file or directory might be compromised, initiate a scan to detect any potential threats. This proactive approach helps identify and isolate malware, ensuring a secure system environment. Take control of your system’s security by scanning specific areas whenever needed.

Install ClamAV Ubuntu: In a Nutshell

I hope this guide has helped you to install ClamAV on Ubuntu and configure it effectively. By following the step-by-step instructions, you can ensure your system is well-protected. Don’t forget to enhance your security by integrating ClamAV with your email servers, file-sharing services, and web servers.

To explore more, you might want to check out:

  • Discover how to fix the critical Sudo bug CVE-2021-3156, which will help you secure your system from known vulnerabilities.
  • Learn how to clear apt cache in Ubuntu, which can free up disk space and resolve package management issues.
  • Explore how to install a specific version of a package using apt, ensuring compatibility and stability for your software dependencies.

Frequently Asked Questions 

Can ClamAV run alongside other antivirus software on Ubuntu?

Yes, ClamAV can run alongside other antivirus software on Ubuntu without issues. It complements existing security measures by providing additional scanning capabilities. Running multiple antivirus tools can enhance your system’s security, ensuring comprehensive protection against various threats. Just make sure they do not conflict during real-time scanning.

What should I do if ClamAV detects a false positive?

If ClamAV detects a false positive, first verify the file’s integrity by scanning it with another antivirus tool. If confirmed as a false positive, whitelist the file by adding its path to the ExcludePath directive in the ClamAV configuration file. Report the false positive to the ClamAV team for further analysis.

How do I exclude specific directories from ClamAV scans?

To exclude specific directories from ClamAV scans, edit the configuration file located at /etc/clamav/clamd.conf. Add the paths you want to exclude using the ExcludePath directive. For example, ExcludePath /path/to/directory. Save the file and restart the ClamAV daemon using sudo systemctl restart clamav-daemon for the changes to take effect.

Can I use ClamAV to scan Windows files on my Ubuntu system?

Yes, you can use ClamAV to scan Windows files on your Ubuntu system. ClamAV is platform-agnostic and can scan files from different operating systems, including Windows. Simply point ClamAV to the directory containing the Windows files, and it will scan them for viruses and malware, ensuring cross-platform security.
You can integrate ClamAV with popular email servers like Postfix, Sendmail, and Exim by using tools like ClamSMTP or Amavis. These tools act as intermediaries, scanning incoming and outgoing emails for viruses before they reach the server. Configure ClamAV to work with these tools for seamless email protection.

How does ClamAV compare to other open-source antivirus tools?

ClamAV stands out among open-source antivirus tools for its comprehensive feature set, including real-time scanning, email gateway protection, and scheduled scans. Its strong community support and regular updates ensure it stays effective against new threats. While not the fastest, ClamAV’s versatility and reliability make it a popular choice for many users.

Ojash

Author

Ojash is a skilled Linux expert and tech writer with over a decade of experience. He has extensive knowledge of Linux's file system, command-line interface, and software installations. Ojash is also an expert in shell scripting and automation, with experience in Bash, Python, and Perl. He has published numerous articles on Linux in various online publications, making him a valuable resource for both seasoned Linux users and beginners. Ojash is also an active member of the Linux community and participates in Linux forums.

Akshat

Reviewer

Akshat is a software engineer, product designer and the co-founder of Scrutify. He's an experienced Linux professional and the senior editor of this blog. He is also an open-source contributor to many projects on Github and has written several technical guides on Linux. Apart from that, he’s also actively sharing his ideas and tutorials on Medium and Attirer. As the editor of this blog, Akshat brings his wealth of knowledge and experience to provide readers with valuable insights and advice on a wide range of Linux-related topics.

Share this article
Shareable URL
Prev Post

How to Use the Netcat Command in Linux [6 Best Uses]

Next Post

How to Install Git Debian [2 Simple Methods]

Leave a Reply

Your email address will not be published. Required fields are marked *

Read next