How to Install ClamAV on Ubuntu

Please Subscribe to our YouTube Channel

ClamAV is a free and open-source antivirus software toolkit. The latest version of ClamAV, ClamAV v0.104.3, can be installed on Ubuntu in several steps.

Update the package index

Open the terminal and run the following command to update the package index:

sudo apt-get update

Install ClamAV and ClamAV-daemon. ClamAV-daemon is a background service that allow on-demand scanning.

sudo apt install clamav clamav-daemon

After the installation is complete, start the ClamAV-daemon:

sudo systemctl start clamav-daemon

Check the status of the ClamAV-daemon:

sudo systemctl status clamav-daemon

If the ClamAV-daemon is running, you should see a message indicating that it is active and running.

Update the ClamAV database:

sudo freshclam

This will download the latest virus definitions and update the ClamAV database.

Configure ClamAV:

sudo nano /etc/clamav/clamd.conf

Here, you can change various settings, such as the maximum size of files that will be scanned, the quarantine directory, and the logging level. Here is a sample configuration file that sets up the ClamAV log file and database directory, updates the virus database automatically, and specifies which types of files to scan and exclude from scanning. It also sets up actions to take on infected files and sets up a quarantine directory for infected files.

Note that some settings, such as the directories and paths, may need to be modified to fit the user’s environment. It is also recommended to review and customize the configuration file based on the user’s specific needs and requirements.

# Example ClamAV configuration file

LogFile /var/log/clamav/clamav.log

# Update settings
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/freshclam.log
LogVerbose
LogFileMaxSize 0
LogTime yes
Foreground yes
# Set frequency of database updates
Checks 24
NotifyClamd /usr/local/sbin/clamd

# Scanning options
ScanMail yes
ScanArchive yes
ScanOLE2 yes
ScanPDF yes
ScanHTML yes
ScanPE yes
ScanELF yes
# Exclude scanning of files with certain extensions
ExcludeArchive .tar.bz2
ExcludeArchive .zip
ExcludeArchive .7z
ExcludePath /sys/
ExcludePath /proc/
MaxFileSize 100M
MaxRecursion 15
MaxScanSize 100M

# Actions to take on infected files
Alert yes
AlertEncrypted yes
AlertBroken yes
OnInfected /usr/local/bin/clamav-action.sh

# Quarantine options
QuarantineDirectory /var/quarantine
QuarantineMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned

Configure ClamAV-daemon:

sudo nano /etc/clamav/freshclam.conf

Here, you can set the frequency of database updates and other settings. Here is an example of freshclam.conf, but you may need to adjust the settings based on your specific requirements and system setup. It’s important to ensure that the DatabaseDirectory is set to the correct path for your system, and that the UpdateLogFile points to a valid log file location. It download updates from database.clamav.net. When configuring freshclam.conf, it’s also important to ensure that the file has the correct ownership and permissions. In most cases, the file should be owned by the ClamAV user and group, and have permissions of 0644

# Comment or remove the Example line below.
Example

# Path to the local database directory.
DatabaseDirectory /var/lib/clamav

# Path to the daily.cvd file.
UpdateLogFile /var/log/freshclam.log

# The log file mode.
LogFileMode 0644

# The number of database checks to perform per day.
Checks 24

# The maximum amount of data to download in a single session.
MaxBytes 51200000

# The minimum number of database updates to perform per week.
MinDatabaseRevisions 2

# The time to wait between updates.
NotifyClamd /usr/sbin/clamd

# Number of retries to perform if a download fails.
OnUpdateRetry 3

# The time to wait before retrying a download.
OnUpdateRetryWait 60

# The user and group to run as.
User clamav
AllowSupplementaryGroups true

# Enable autoupdates.
DatabaseMirror database.clamav.net

# Comment or remove the line below to disable.
Checks 24
NotifyClamd /usr/sbin/clamd

How to Scan with ClamAV?

To scan a specific file:

clamscan /path/to/file

To scan an entire directory:

clamscan -r /path/to/directory

The -r flag tells ClamAV to scan recursively through subdirectories.

How to set up autoscan?

To set up an automatic scan, you can use a tool such as “corn” to schedule the scan to run at a specific time or interval. For example, to run a daily scan at midnight, you could add the following line to your “Crontab.”

0 0 * * * /usr/bin/clamscan -r /home/user

This will run the clamscan command with the -r flag (to recursively scan all files in the directory) on the /home/users/ directory at midnight each day.