How to Install ClamAV on Ubuntu 24.04, 22.04 or 20.04

This guide will demonstrate how to install ClamAV on Ubuntu 24.04, 22.04, or 20.04 LTS utilizing the command-line terminal.

ClamAV is a robust, open-source antivirus engine designed to detect trojans, viruses, malware, and other malicious threats, offering your system a critical layer of protection. Its adaptability across various platforms makes it a preferred choice for users seeking comprehensive security solutions. Notable for its versatility, ClamAV includes a multi-threaded scanner daemon, command-line utilities for on-demand file scanning, and automatic signature updates. Its efficiency and reliability are enhanced by its compatibility with numerous file formats and signature languages. With ClamAV, users gain the assurance of a constantly updated virus database, ensuring timely defense against emerging threats.

Here are the key features of ClamAV:

  • Open-source antivirus engine renowned for its effectiveness and reliability.
  • Cross-platform versatility, functioning seamlessly across different operating systems.
  • Multi-threaded scanning daemon, optimizing performance and speed.
  • Command-line utilities facilitate on-demand file scanning.
  • Automatic updates of virus databases and signatures, ensuring current protection.
  • Supports a wide array of file formats, enhancing its scanning capabilities.
  • Recognizes numerous signature languages, broadening its detection range.
  • Actively maintained and supported, reflecting a commitment to user security.

Now, let’s delve into the technical steps to install ClamAV on your Ubuntu system, providing a secure foundation to guard against potential threats.

Update Ubuntu before ClamAV Installation

To avoid any potential conflicts during the installation of ClamAV, it is essential to ensure that all packages on your Ubuntu system are up-to-date. Before proceeding with the ClamAV installation, run a quick update by executing the following command in a terminal window:

sudo apt update && sudo apt upgrade

This command will update the package lists on your system and ensure that all packages are up-to-date before installing ClamAV.

Install ClamAV via APT on Ubuntu

The simplest way to install ClamAV on Ubuntu is to use the default APT repository. To install ClamAV, execute the following command in a terminal window:

sudo apt install clamav clamav-daemon

This command will install ClamAV and its daemon from the default Ubuntu repository, making it easy to install and use.

To verify that ClamAV is installed correctly, you can check the version installed by running the following command:

clamscan --version

Optional: Install ClamAV TK

Installing the ClamAV GUI (clamtk) is optional for Ubuntu users who prefer a graphical interface for managing the ClamAV virus scanner. To install the ClamAV GUI (clamtk) from the Ubuntu repository, run the following command:

sudo apt install clamtk

After installing ClamTK, you can launch it from the Applications menu or by running the following command in the terminal:

clamtk

Using ClamTK, you can easily configure the ClamAV virus scanner and perform scans with a graphical interface. The ClamAV GUI can be useful for novice or intermediate Linux users uncomfortable using the command line.

Display of ClamAV's tk user interface on Ubuntu 22.04 and 20.04 LTS versions.
Exploring ClamAV’s tk user interface on Ubuntu LTS.

Update the ClamAV Virus Database on Ubuntu

After installing ClamAV, it is crucial to update the virus database before using the virus scanner (clamscan). This ensures that your system is up-to-date and protected against the latest threats. Here’s how you can update the ClamAV virus database:

First, you must stop the “clamav-freshclam” service to update the virus definition database. To do this, type in the following command in a terminal window:

sudo systemctl stop clamav-freshclam

Update your virus definition database by executing the following command in a terminal window:

sudo freshclam

This command will download the latest ClamAV virus databases and definitions in the directory “/var/lib/clamav.”

Execution of the freshclam command in ClamAV on Ubuntu 22.04 and 20.04 LTS.
Updating ClamAV databases using freshclam on Ubuntu.

Once the database is updated, you can start the “clamav-freshclam” service by running the following command:

sudo systemctl enable clamav-freshclam --now

This command will activate the service and automatically enable it on system boot, which is highly recommended.

To view the directory of ClamAV and the dates of files, use the “ls -l” command. For example, to list the contents of the “/var/lib/clamav/” directory, run the following command:

ls -l /var/lib/clamav/

This command will display the contents of the “/var/lib/clamav/” directory, along with their file permissions, owners, and modification dates.

Location of ClamAV virus definitions on Ubuntu 22.04 and 20.04 LTS systems.
Identifying where ClamAV stores its virus definitions on Ubuntu LTS.

In case you need to disable “clamav-freshclam” in the future, you can run the following command:

sudo systemctl disable clamav-freshclam --now

ClamAV Terminal Commands (Basics)

The primary function of ClamAV is to scan files and directories for viruses and malware. Here are some commands that can help you perform scans:

Scan a specific file

clamscan /path/to/file

This command scans a specific file for viruses and malware.

Scan a specific directory

clamscan -r /path/to/directory

This command scans a specific directory and all its subdirectories for viruses and malware.

Scan a specific file and write the results to a file

clamscan /path/to/file -l /path/to/logfile

This command scans a specific file for viruses and malware and writes the results to a file.

Scan a specific directory and write the results to a file

clamscan -r /path/to/directory -l /path/to/logfile

This command scans a specific directory and all its subdirectories for viruses and malware and writes the results to a file.

Scan a specific file and remove infected files

clamscan /path/to/file --remove

This command scans a specific file for viruses and malware and removes any infected files.

These are just some commands; run the following command to print help into your terminal to get a complete list of commands.

clamscan --help

Additional Tips for ClamAV on Ubuntu

Limit ClamAV CPU Usage

ClamAV scanning can be CPU-intensive, and older or limited hardware may struggle to keep up. To mitigate this issue, you can use the “nice” command to limit ClamAV CPU usage. This can be especially helpful when performing system scans or running other resource-intensive applications.

The “nice” command adjusts the priority level of a process, allowing you to allocate more or fewer system resources to specific tasks. By default, ClamAV has a priority level of zero, but using the “nice” command can reduce this level, freeing up more system resources for other tasks.

Here’s an example of how to use the “nice” command to limit ClamAV CPU usage during a scan:

sudo nice -n 15 clamscan && sudo clamscan --bell -i -r /home

In this command, the “nice” command sets the priority level of the “clamscan” command to 15. ClamAV will use fewer system resources during the scan, allowing other processes to take priority. The “&&” operator is then used to run a second “clamscan” command with the options “–bell -i -r /home” after the first scan completes.

While the “nice” command is the best option for limiting ClamAV CPU usage, other options are also available. For example, you could adjust ClamAV’s configuration file to reduce the number of threads used during a scan. However, using the “nice” command is a simple and effective way to balance system resources between ClamAV and other processes.

Creating a Cron Job for ClamAV

Cron is a built-in utility in Ubuntu that allows users to automate tasks on a schedule. This can be especially helpful when running regular virus scans with ClamAV. This section will demonstrate creating a cron job for ClamAV on Ubuntu.

Create a shell script that will run the ClamAV scan. To do this, enter the following command in the terminal:

nano clamscan.sh

This will open a new file in the nano text editor, where you can enter the ClamAV command you want to run. For example, if you want to scan the entire “/home” directory, you can enter the following command:

#!/bin/bash
clamscan -r /home

Once you have entered the command, press “Ctrl + X” to exit nano, and then press “Y” to save the file.

Before you can run the shell script, you must make it executable. To do this, enter the following command in the terminal:

chmod +x clamscan.sh

This will give the shell script execute permissions.

Now that the shell script is ready, you can create a cron job that will run the script regularly. To do this, enter the following command in the terminal:

crontab -e

This will open the cron table in the nano text editor. In this file, you can enter the schedule for the ClamAV scan. For example, if you want to run the scan every day at 3:00 a.m., you can enter the following line:

0 3 * * * /path/to/clamscan.sh

Replace “/path/to/clamscan.sh” with the actual path to your shell script. Once you have entered the line, press “Ctrl + X” to exit nano, and press “Y” to save the changes.

To confirm that the cron job is set up correctly, you can use the following command in the terminal:

crontab -l

This will display the list of cron jobs on your system. If the ClamAV cron job is set up correctly, it should appear here.

Remove ClamAV

If you no longer need ClamAV on your system, you may want to remove it to free up space and reduce clutter. Fortunately, removing ClamAV is straightforward and can be completed using just a few terminal commands.

To begin, you’ll want to disable the ClamAV service to ensure it isn’t running during uninstallation. To do this, enter the following command in the terminal:

sudo systemctl disable clamav --now

This command turns off the ClamAV service, preventing it from running in the background and interfering with the uninstallation process.

Next, you’ll want to remove all traces of ClamAV from your system. This includes the ClamAV software and any dependencies or associated files that may have been installed alongside it. To do this, enter the following command in the terminal:

sudo apt remove clamav clamav-daemon

Also, ClamAV TK installations can remove the graphical interface by themselves by running the command:

sudo apt remove clamavtk

Conclusion

To sum up, ClamAV is a powerful, open-source antivirus solution that provides comprehensive protection for your Ubuntu system. Its robust features, such as an extensive signature database, command-line interface, on-access scanning, and integration with mail servers, make it a solid choice for safeguarding your Linux environment from digital threats.

Relevant Links

Explore these external resources to deepen your understanding of ClamAV and its integration with Ubuntu.

Leave a Comment


Your Mastodon Instance
Share to...