How to Use the Free ClamAV Linux Antivirus Software

Scan your Linux or Windows system for the latest threats

ClamTK Graphical Linux Antivirus screenshot

 

Lifewire

by Gary Newell
Gary Newell was a freelance contributor, application developer, and software tester with 20+ years in IT, working on Linux, UNIX, and Windows.
Updated December 13, 2019

Linux is considered by many people to be more secure than Windows, but like any computer, it can be vulnerable to malware, viruses, and trojans. Though the risk for contracting viruses on Linux may be somewhat low, it is still present, and many people don't use antivirus software on their Linux systems.

As cybersecurity and attacks increase in prevalence, it is worth adding the extra peace of mind that antivirus software offers. That doesn't mean you have to spend a lot, however. This is where ClamAV comes in.

A Free Antivirus Solution

ClamAV is an open-source antivirus software toolkit that is used to detect malicious software and viruses on a variety of operating systems, including Linux. It is often used on mail servers to scan for viruses in emails. Updates to ClamAV are available for free.

Three good reasons you should consider ClamAV for Linux include:

  1. You have sensitive data on your computer, and you want to lock down your machine as much as possible.
  2. You dual boot with Windows. You can use ClamAV to scan all of your drive partitions and all additional drives on your computer.
  3. You want to create a system rescue CD, DVD, or USB that can be used to troubleshoot for viruses on a friend's Windows-based computer.

By using a system rescue USB drive with an antivirus package installed, you can search for viruses without actually having to boot into the operating system, and ClamAV offers this ability for Linux drives. This prevents the viruses from having an effect while trying to clear them.

Installing ClamAV

ClamAV works through the command line, which might be a bit complicated for an average user. Fortunately, there is a tool called ClamTK that provides a nice and simple graphical interface for using ClamAV. This guide will show you how to install ClamAV and use the graphical tool ClamTK to manage it.

You will find ClamTK within the package managers of most distributions. For instance, Ubuntu users will find it in the Software Centre and openSUSE users will find it within Yast. Use the graphical desktop for your distribution to locate and run the ClamTK package. The process is slightly different depending on the desktop environment and distribution.

If you want to skip all that and install ClamAV and ClamTK from the command line, here's how:

Ubuntu/Debian/Mint

apt install clamav clamtk

Fedora

dnf install clamav clamtk

OpenSUSE

zypper install clamav clamtk

Arch Linux/Manjaro

pacman -S clamav clamtk

Now, you're ready to launch ClamTK graphically on your desktop. For example, to load ClamTK in Ubuntu open up the Dash and search for ClamTK. Within Xubuntu, click on the menu icon in the top left corner and enter ClamTK into the search box.

ClamAV on Linux

The main application is split into four sections:

  • Configuration is used to set up how you want ClamAV to run.
  • History lets you see the results of previous scans.
  • Updates enables you to import new virus definitions.
  • Analysis shows you how to start the scans.
Linux ClamAV updates

Before you scan for viruses, load up-to-date virus definitions. Select Updates, and then press OK to check for updates. This will download the latest virus definitions.

Customizing ClamAV

ClamAV has settings that let you customize how it runs. For instance, when you choose a folder to scan you might just want to scan that one folder and not the subfolders, or you might want to scan very large files separate, which will obviously take longer to process.

Linux ClamAV settings

To change the settings, select the Settings icon. Hovering over each checkbox will display a tooltip explaining the purpose of each option. The first four checkboxes allow you scan for password checkers, large files, hidden files, and scan folders recursively. The other two checkboxes update and toggle how the icons work within the application (e.g., whether you have to click them once or twice).

Scanning for Viruses

To scan for viruses, select either the Scan a File icon or Scan a Folder icon. As a starting point, choose the Scan a Folder icon. You will be shown a browse dialog box.

Linux ClamAV scanning

Choose the drive you wish to scan (e.g., the Windows drive), and press OK. ClamAV will search recursively through the folders, depending on settings, looking for suspicious elements.

ClamAV doesn't claim to offer 100 percent protection, but no antivirus software can make this claim. ClamAV is effective, however. The ClamAV Wikipedia page has details on its effectiveness and history.