How to Install ClamAV on Ubuntu 24.04, 22.04 or 20.04

ClamAV is an open-source antivirus engine designed to detect trojans, viruses, malware, and other malicious threats. Widely used on Linux systems, it provides essential protection for servers, email scanning, and system security. Equipped with a command-line scanner, automatic database updates, and a multi-threaded daemon for improved performance, ClamAV is a reliable tool for safeguarding your system.

On Ubuntu, ClamAV is readily available via the default repositories, ensuring quick and straightforward installation. This guide will walk you through the installation process on Ubuntu 24.04, 22.04, and 20.04, along with essential configuration tips such as enabling automatic updates and scheduling regular scans. Following this tutorial will help you secure your system effectively and maintain a strong defense against potential threats.

Update Ubuntu Before Installing ClamAV

To ensure a smooth installation of ClamAV and avoid potential conflicts, it is essential to update your Ubuntu system. Keeping your system up-to-date resolves dependency issues, applies critical security patches, and ensures compatibility with the latest software versions.

Step 1: Open the Terminal

If you are using a desktop environment, you can launch the terminal by pressing Ctrl + Alt + T or searching for “Terminal” in the application menu. If you are already on a server, the terminal is readily accessible.

Step 2: Update and Upgrade Packages

Run the following command to refresh the package list and install the latest updates:

sudo apt update && sudo apt upgrade

• sudo grants administrative privileges required for the operation. Enter your password when prompted.
• apt update retrieves the latest package information from Ubuntu’s repositories.
• apt upgrade installs the newest versions of the installed packages.

Step 3: Check for a Restart Requirement

If the updates include a new kernel version or other critical system updates, a system restart may be required. To check if a restart is necessary, you can run:

[ -f /var/run/reboot-required ] && echo "Restart required"

If prompted to restart, it is recommended to reboot your system before proceeding with ClamAV installation. You can restart your system using the following command:

sudo reboot

How to Install ClamAV Antivirus on Ubuntu Using APT

Once your Ubuntu system is fully updated, you can proceed to install ClamAV. The process is straightforward, as ClamAV is included in the default Ubuntu repository.

Step 1: Install ClamAV and the ClamAV Daemon

Run the following command in the terminal to install ClamAV and its background daemon:

sudo apt install clamav clamav-daemon

This command installs:

• ClamAV: The antivirus scanner to detect and eliminate malware.
• ClamAV Daemon: A service that enables automatic updates and scheduled scans for proactive protection.

Step 2: Verify the Installation

After installation, confirm that ClamAV is installed and functioning correctly by checking the version:

clamscan --version

The output will display the installed version of ClamAV, indicating the antivirus is ready to use.

Optional: Install ClamTK – A GUI for ClamAV

For users who prefer a graphical interface, ClamTK simplifies managing ClamAV. It’s particularly helpful for those less familiar with the command line.

Step 1: Install ClamTK

To install the graphical user interface for ClamAV, run the following command:

sudo apt install clamtk

Step 2: Launch ClamTK

After installation, you can open ClamTK in two ways:

• From the Terminal: Run the following command:
• From the Applications Menu: Search for “ClamTK” and select it.

clamtk

Benefits of ClamTK

ClamTK provides a user-friendly way to:

• Access essential antivirus functionality without relying on command-line tools.
• Perform on-demand virus scans with a few clicks.
• Configure automatic updates and schedule regular scans.

How to Update the ClamAV Virus Database on Ubuntu

After installing ClamAV, updating the virus database is essential to ensure your system is protected against the latest threats. ClamAV relies on its virus definitions to detect and mitigate malware effectively. Follow these steps to update the ClamAV virus database.

Step 1: Stop the ClamAV Freshclam Service

Before manually updating the virus definitions, you need to stop the clamav-freshclam service, which runs in the background. This prevents any conflicts during the update process. Open the terminal and run:

sudo systemctl stop clamav-freshclam

This command halts the automatic updates temporarily, allowing you to proceed with the manual update.

Step 2: Update the Virus Database with Freshclam

Use the freshclam command to download the latest virus definitions. Execute the following command:

sudo freshclam

This command updates the virus definitions in the /var/lib/clamav directory, ensuring your ClamAV scanner is equipped to handle the latest security threats.

Step 3: Restart and Enable the ClamAV Freshclam Service

Once the database update is complete, restart the clamav-freshclam service and enable it to run automatically on system boot. Use the following command:

sudo systemctl enable clamav-freshclam --now

Once the database is updated, you can start the “clamav-freshclam” service by running the following command:

Verify the ClamAV Virus Definition Update

To confirm the updated definitions, you can view the files in the /var/lib/clamav/ directory. Run the following command:

ls -l /var/lib/clamav/

This will list the contents of the directory, displaying details like file permissions, ownership, and the last modification dates. Verify that the dates correspond to the most recent updates.

Optional: Disable the ClamAV Freshclam Service

If you need to disable the automatic updates provided by clamav-freshclam in the future, run the following command:

sudo systemctl disable clamav-freshclam --now

This stops the service and prevents it from starting automatically on boot. Use this option only if you prefer manual updates or have specific system requirements.

Basic ClamAV Terminal Commands for Scanning Files and Directories

ClamAV’s primary purpose is to scan files and directories for viruses and malware. By using ClamAV’s command-line interface, you can efficiently secure your system. Below are some essential ClamAV commands and their use cases.

Scan a Specific File for Viruses

To scan an individual file, use the following command:

clamscan /path/to/file

This command checks the specified file for viruses and malware. Replace /path/to/file with the file’s actual path.

Scan a specific directory

clamscan -r /path/to/directory

This command scans a specific directory and all its subdirectories for viruses and malware.

Scan a Directory and Subdirectories

To scan an entire directory, including all subdirectories, run:

clamscan /path/to/file -l /path/to/logfile

The -r option enables recursive scanning, ensuring that all files within the directory and its subdirectories are checked for threats.

Save Scan Results to a Log File with ClamAV

To document scan results for later review or troubleshooting, ClamAV allows you to output the results into a log file. This is particularly useful for long scans or when managing multiple systems.

Save Results of a File Scan

To save the scan results of a specific file to a log file, use the following command:

clamscan /path/to/file --log=/path/to/logfile

• Replace /path/to/file with the full path to the file you want to scan.
• Replace /path/to/logfile with the full path where you want the log file to be saved.

Example:

clamscan /home/user/documents/sample.txt --log=/home/user/logs/clamav.log

This will scan sample.txt and save the results to clamav.log in the /home/user/logs/ directory.

Save Results of a Directory Scan

To save the results of scanning a directory (including subdirectories) to a log file, run:

clamscan -r /path/to/directory --log=/path/to/logfile

• The -r option enables recursive scanning, ensuring all files in the directory and its subdirectories are scanned.
• The --log option specifies the log file path.

Example:

clamscan -r /home/user/downloads --log=/home/user/logs/downloads_scan.log

This command will scan the /home/user/downloads directory recursively and save the results to downloads_scan.log.

Verifying the Log File

After running the scan, you can verify the contents of the log file by opening it with a text editor or using the cat command in the terminal. For example:

cat /home/user/logs/clamav.log

This will display the scan results, including details about scanned files, infected files (if any), and actions taken.

Scan and Remove Infected Files

To automatically remove any infected files during the scan, use the --remove option:

clamscan /path/to/file --remove

Use this option carefully, as it will permanently delete any files identified as infected.

Additional ClamAV Commands and Help

For a comprehensive list of all available commands and options in ClamAV, run the following command in your terminal:

clamscan --help

This will display a detailed help guide, providing insights into additional options and advanced configurations for ClamAV.

Limit ClamAV CPU Usage

Why Limit ClamAV CPU Usage?

ClamAV scans can be resource-intensive, especially on systems with limited hardware capabilities. Limiting ClamAV’s CPU usage ensures better system performance while running scans alongside other tasks.

Use the nice Command to Adjust CPU Priority

The nice command allows you to lower the priority of ClamAV processes, ensuring they consume fewer system resources. By default, ClamAV runs with a priority level of zero, but you can reduce it with the following command:

sudo nice -n 15 clamscan && sudo clamscan --bell -i -r /home

• -n 15 sets the priority to 15, reducing resource usage.
• clamscan -r /home performs a recursive scan of the /home directory.

This setup ensures that ClamAV runs with lower priority, freeing up CPU cycles for other tasks.

Create a Cron Job for ClamAV

Why Automate Scans with a Cron Job?

Scheduling ClamAV scans ensures consistent security checks without manual effort. Automating the process with cron allows you to define when and how often scans occur, improving system security.

Create a Shell Script for the Scan

Start by creating a shell script to define the scan task:

nano clamscan.sh

In the nano editor, add the following script to scan the /home directory:

#!/bin/bash
clamscan -r /home

Save and exit by pressing Ctrl + X, then Y, and finally Enter.

Make the script executable:

chmod +x clamscan.sh

Schedule the Cron Job

Open the crontab editor to create a schedule for the script:

crontab -e

Add the following line to run the scan daily at 3:00 a.m.:

0 3 * * * /path/to/clamscan.sh

Replace /path/to/clamscan.sh with the full path to your shell script. Save and exit.

Verify the Cron Job

To confirm the cron job is correctly set up, list all active cron jobs with:

crontab -l

This will display the list of cron jobs on your system.

How to Remove ClamAV from Ubuntu

Step 1: Disable the ClamAV Service

Before removing ClamAV, stop and disable its service to avoid interference during uninstallation:

sudo systemctl disable clamav --now

This ensures ClamAV is no longer running or starting automatically on boot.

Step 2: Uninstall ClamAV and Its Daemon

Remove ClamAV and its associated daemon with the following command:

sudo apt remove clamav clamav-daemon

Step 3: Remove ClamTK (if Installed)

If you installed the ClamTK graphical interface, you can remove it separately:

sudo apt remove clamavtk

Wrapping Up: Protect Your Ubuntu System with ClamAV

By setting up ClamAV on your Ubuntu system, you now have a reliable tool to protect against malware, viruses, and other security risks. The installation process is straightforward thanks to the Ubuntu default repository, and with a few simple steps, you can keep ClamAV running effectively.

To keep your system secure:

• Update the ClamAV virus definitions regularly to ensure you’re protected from new threats.
• Schedule scans to catch and remove potential malware before it becomes an issue.
• Adjust ClamAV’s CPU usage if needed to keep your system running smoothly during scans.

ClamAV works well for all types of users, and if you prefer a graphical interface, ClamTK is available to make virus scanning easier. By following these steps, you’ll have a solid defense against security threats on your Ubuntu system.

Frequently Asked Questions (FAQs)

Useful Links for ClamAV Users

Here are some helpful resources to complement this guide and enhance your understanding and use of ClamAV:

• Official ClamAV Website: Explore the official ClamAV site for downloads, news, and updates on the antivirus software.
• ClamAV Documentation: Dive deeper into ClamAV’s features, configuration options, and advanced usage with detailed documentation.
• ClamAV GitHub Repository: Access the source code, report issues, or contribute to the development of ClamAV.
• ClamAV Development Mailing List: Join the developer community to discuss ClamAV’s development and share insights with other contributors.
• ClamAV Virus Database Updates Mailing List: Stay updated on the latest virus definition updates for ClamAV by subscribing to this mailing list.

These resources are directly related to installing, configuring, and maintaining ClamAV, providing additional support and information for both beginners and advanced users.

Share Your Experience

Got questions or feedback about ClamAV on Ubuntu? Drop a comment below! Whether you’re new to it or a long-time user, your input could help others.