Skip to main content
This section is a work in progress and may be incomplete. The instructions provided should work, but additional details and explanations may be added in future updates.

Why

While Linux is less susceptible to viruses than other operating systems, it’s not immune. ClamAV helps detect viruses, malware, and malicious files that could harm your system or be transmitted to other systems.

How It Works

ClamAV consists of several components:
  • ClamAV - The virus scanner itself
  • ClamAV-Freshclam - A service that keeps virus definitions updated automatically
  • ClamAV-Daemon - Keeps the clamd process running to make scanning faster

Goals

  • ClamAV installed and configured for manual or scheduled virus scanning
  • Automatic virus definition updates

Notes

  • These instructions do not configure the ClamAV daemon service for real-time monitoring
  • The clamd daemon is primarily useful if you’re running a mail server
  • For most servers, scanning files manually or on a schedule is sufficient
  • ClamAV does not provide real-time file monitoring

References

Installation and Setup

1

Install ClamAV

On Debian based systems:
sudo apt install clamav clamav-freshclam clamav-daemon
2

Configure freshclam

Make a backup of clamav-freshclam’s configuration file:
sudo cp --archive /etc/clamav/freshclam.conf /etc/clamav/freshclam.conf-COPY-$(date +"%Y%m%d%H%M%S")
The default settings are probably sufficient, but you can customize them by editing /etc/clamav/freshclam.conf or using:
sudo dpkg-reconfigure clamav-freshclam
The default settings update virus definitions 24 times per day. To change the interval, check the Checks setting in /etc/clamav/freshclam.conf.
3

Start the freshclam service

Start the automatic virus definition updater:
sudo service clamav-freshclam start
Verify it’s running:
sudo service clamav-freshclam status
You should see it downloading virus definition databases.
4

Configure clamav-daemon (optional)

Make a backup of the daemon configuration:
sudo cp --archive /etc/clamav/clamd.conf /etc/clamav/clamd.conf-COPY-$(date +"%Y%m%d%H%M%S")
Customize settings by editing /etc/clamav/clamd.conf or using:
sudo dpkg-reconfigure clamav-daemon

Scanning Files and Folders

Using clamscan

To scan files and folders, use the clamscan program: 
# Scan a single file
clamscan /path/to/file

# Scan a directory recursively
clamscan -r /path/to/folder

# Only print infected files
clamscan -r -i /path/to/folder
  • clamscan runs as the user executing it and needs read permissions to scan files
  • Avoid running clamscan as root - if a file is actually a virus, it could exploit root privileges
  • Consider creating a dedicated user for virus scanning operations

Common Options

OptionDescription
-rScan directories recursively
-iOnly print infected files
-l FILESave scan report to FILE
--removeRemove infected files
--move=DIRECTORYMove infected files to DIRECTORY
Check man clamscan for more options and detailed usage information.

Automated Scanning

You can create a cron job to scan your system regularly. Many guides provide sample scripts for automated scanning with email notifications. Check the references above for examples.

Build docs developers (and LLMs) love

Get started for freeTalk to us