Linux is known for its stability, flexibility, and open-source nature. Its presence is vast. A recent study says Linux is the only operating system running on top 500 supercomputers, 50% of the top 1000 websites are running on Linux, Linux has coves the 90% of the cloud landscape. There is no doubt that Linux is powerful and universal. However, this doesn’t mean that Linux is threat-proof. Hundreds of vulnerabilities have been getting discovered every day. This made Linux systems prone to attacks. This shows that Linux systems should also need a good anti-malware solution like other operating systems. ClamAV is one of the best open-source anti-malware solutions available today. Let’s see how to install and install ClamAV on Linux Mint.
ClamAV is an open-source, cross-platform, and anti-malware tool kit developed by Cisco Systems Inc. It comes with basic protection against trojans, viruses, worms, and other types of new malware. Primarily it is designed to scan and protect the email gateways. Since it supports multiple platforms., it can be used to protect Linux, mac, and Windows operating systems. In essence, it’s a lightweight command-line antivirus engine when combined with other tools FreshClam, ClamDaemon, ClamDTop, ClamScan, and Clamtk will provide great functionalities like automatic database updates, real-time scanning, scheduled scanning, and many more.
Some major features it is loaded with are:
It’s lightweight and fast.
It can be used in both interfaces CLI and GUI.
It provides Real-time protection when used with ClamDaemon.
It has an up-to-date database. It detects millions of viruses, worms, trojans, and other malware, including Microsoft Office macro viruses, mobile malware, and other threats.
It uses a signed signature database that allows ClamAV to use only trusted signatures.
It scans archived files and protects against archive bombs.
It comes with an advanced database updater that supports scripted updates, digital signatures, and DNS-based database version queries.
You don’t have to worry much about the system requirement. ClamAV is a lightweight tool which is designed to run on CLI machine as well.
Since it is developed for multiple platforms. It supports Alpine, Ubuntu, Debian, CentOS, Fedora, FreeBSD, macOS, and Windows operating systems.
It is recommended to have 2GB of RAM on Linux and 3 GB of RAM on Windows.
It runs on any processor which has more than 2Ghz clock frequency.
You can install ClamAV on pretty much any operating system. The procedure remains the same until some changes in the native commands on the different operating systems. We have chosen Linux Mint for this tutorial. Let’s see how to install ClamAV on Linux Mint.
Let’s begin with the repo update and if possible system upgrades.
$ sudo apt update && sudo apt upgrade -y
Installation is very simple. Just run this command to install ClamAV & ClamDaemon on Linux Mint.
$ sudo apt install clamav clamav-daemon
Ensure ClamAV by checking the version. Use this command to check the version of ClamAV.
$ clamscan –version
So far, we have just installed the ClamAV. Our next step must be upgrading the signature database. A signature database is the core component of any antivirus solution. Let’s understand the process of upgradation. This can be achieved in two ways. However, both procedures required freshclam service to be stopped before beginning.
Method 1: Running ‘freshclam’ utility from CLI.1. Stop freshclam service
$ sudo systemctl stop clamav-freshclam
2. Run freshclam command
$ sudo freshclam
3. Start freshclam service
$ sudo systemctl start clamav-freshclam
Method 2: Download ‘daily.cvd’ file.1. Stop freshclam service
$ sudo systemctl stop clamav-freshclam
2. Create a directory named clamav under /var/lib/
$ sudo mkdir /var/lib/clamav
3. Move the downloaded file inside clamav directory.
$ mv daily.cvd /var/lib/clamav/daily.cvd
3. Start freshclam service
$ sudo systemctl start clamav-freshclam
Ensure freshclam service is active.
Run this command to start the freshclam service.
$ sudo systemctl start clamav-freshclam
Run this command to start the freshclam service at boot.
$ sudo systemctl enable clamav-freshclam
clamscan is a command-line tool used to scan files and/or directories for malware. Let’s see the command syntax with some examples.
Command to see man page of clamscan:
$ man clamscan
For help:
$ clamscan –help
General syntax:
$ clamscan [options] [file/directory/-]
Options:
–infected: prints only infected files
–remove: removes infected files
–recursive: all the subdirectories in the directory will be scanned
Run this to scan the files in the current directory:
$ clamscan .
Run this to scan all the files in the current directory:
$ clamscan –recursive .
Run this to scan ALL the files on your system. You can cancel it at any time by pressing Ctrl + c:
Linux:
$ clamscan –recursive /
Windows:
$ clamscan.exe –recursive C:\
ClamTK is just a graphical facade for ClamTK and ClamDaemon. It will ease life with its GUI option. The command to install ClamTK on Linux Mint is:
$ sudo apt install clamtk -y
Run ClamTK
It is very simple to run ClamTK on Linux. You just need to type clamtk on the terminal. We encourage you to explore the options available on the ClamTK.
$ clamtk
At last, if you want to uninstall ClamAV for any reason, you can do that by running these two commands.
$ sudo apt remove clamav clamav-daemon
The above command will also remove ClamTK. You don’t have to append ClamTK in the above command. However, this command doesn’t remove the other tools that come along with the ClamAV suite.
Following the above, there is another command you should run to remove all the database contents and remaining dependent utilities.
$ sudo apt autoremove
This completes the uninstallation of CalmAV.
After reading this post. You will be able to install, scan, schedule, update, and at last, remove the ClamAV from any Linux distros.
Thanks for reading this post. We have covered most of the things required to manage ClamAV on Linux Mint. Please let us know if you need anything else which is not covered. We will try to answer through this blog. You can submit your suggestion also. We will try to cover more antimalware solutions in the upcoming posts.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.