How to Install ClamAV on Ubuntu 24.04, 22.04 or 20.04

ClamAV is an open-source antivirus engine designed for detecting trojans, viruses, malware, and other malicious threats. It is widely used on Linux systems for server protection and scanning emails. ClamAV includes a command-line scanner, an automatic database updater, and a scalable multi-threaded daemon for better performance. On Ubuntu, ClamAV can be easily installed via the default repository, making it accessible for users who need to secure their systems against various threats.

To install ClamAV on Ubuntu 24.04, 22.04, or 20.04 using the command-line, you can utilize the Ubuntu default repository. This guide will also provide some basic configuration tips to ensure that ClamAV is set up optimally on your system, including enabling automatic updates and configuring scheduled scans.

Update Ubuntu before ClamAV Installation

To avoid any potential conflicts during the installation of ClamAV, it is essential to ensure that all packages on your Ubuntu system are up-to-date. Before proceeding with the ClamAV installation, run a quick update by executing the following command in a terminal window:

sudo apt update && sudo apt upgrade

This command will update the package lists on your system and ensure that all packages are up-to-date before installing ClamAV.

Proceed with Installing ClamAV via APT Command

The simplest way to install ClamAV on Ubuntu is to use the default APT repository. To install ClamAV, execute the following command in a terminal window:

sudo apt install clamav clamav-daemon

This command will install ClamAV and its daemon from the default Ubuntu repository, making it easy to install and use.

To verify that ClamAV is installed correctly, you can check the version installed by running the following command:

clamscan --version

Optional: Install ClamAV TK

Installing the ClamAV GUI (clamtk) is optional for Ubuntu users who prefer a graphical interface for managing the ClamAV virus scanner. To install the ClamAV GUI (clamtk) from the Ubuntu repository, run the following command:

sudo apt install clamtk

After installing ClamTK, you can launch it from the Applications menu or by running the following command in the terminal:

clamtk

Using ClamTK, you can easily configure the ClamAV virus scanner and perform scans with a graphical interface. The ClamAV GUI can be useful for novice or intermediate Linux users uncomfortable using the command line.

Update the ClamAV Virus Database

After installing ClamAV, it is crucial to update the virus database before using the virus scanner (clamscan). This ensures that your system is up-to-date and protected against the latest threats. Here’s how you can update the ClamAV virus database:

First, you must stop the “clamav-freshclam” service to update the virus definition database. To do this, type in the following command in a terminal window:

sudo systemctl stop clamav-freshclam

Update your virus definition database by executing the following command in a terminal window:

sudo freshclam

This command will download the latest ClamAV virus databases and definitions in the directory “/var/lib/clamav.”

Once the database is updated, you can start the “clamav-freshclam” service by running the following command:

sudo systemctl enable clamav-freshclam --now

This command will activate the service and automatically enable it on system boot, which is highly recommended.

To view the directory of ClamAV and the files’ dates, use the “ls -l” command. For example, to list the contents of the “/var/lib/clamav/” directory, run the following command:

ls -l /var/lib/clamav/

This command will display the contents of the “/var/lib/clamav/” directory, along with their file permissions, owners, and modification dates.

In case you need to disable “clamav-freshclam” in the future, you can run the following command:

sudo systemctl disable clamav-freshclam --now

ClamAV Terminal Commands (Basics)

The primary function of ClamAV is to scan files and directories for viruses and malware. Here are some commands that can help you perform scans:

Scan a specific file

clamscan /path/to/file

This command scans a specific file for viruses and malware.

Scan a specific directory

clamscan -r /path/to/directory

This command scans a specific directory and all its subdirectories for viruses and malware.

Scan a specific file and write the results to a file

clamscan /path/to/file -l /path/to/logfile

This command scans a specific file for viruses and malware and writes the results to a file.

Scan a specific directory and write the results to a file

clamscan -r /path/to/directory -l /path/to/logfile

This command scans a specific directory and all its subdirectories for viruses and malware and writes the results to a file.

Scan a specific file and remove infected files

clamscan /path/to/file --remove

This command scans a specific file for viruses and malware and removes any infected files.

These are just some commands; run the following command to print help into your terminal to get a complete list of commands.

clamscan --help

Additional Tips for ClamAV

Limit ClamAV CPU Usage

ClamAV scanning can be CPU-intensive, and older or limited hardware may struggle to keep up. To mitigate this issue, you can use the “nice” command to limit ClamAV CPU usage. This can be especially helpful when performing system scans or running other resource-intensive applications.

The “nice” command adjusts the priority level of a process, allowing you to allocate more or fewer system resources to specific tasks. By default, ClamAV has a priority level of zero, but using the “nice” command can reduce this level, freeing up more system resources for other tasks.

Here’s an example of how to use the “nice” command to limit ClamAV CPU usage during a scan:

sudo nice -n 15 clamscan && sudo clamscan --bell -i -r /home

In this command, the “nice” command sets the priority level of the “clamscan” command to 15. ClamAV will use fewer system resources during the scan, allowing other processes to take priority. The “&&” operator is then used to run a second “clamscan” command with the options “–bell -i -r /home” after the first scan completes.

While the “nice” command is the best option for limiting ClamAV CPU usage, other options are also available. For example, you could adjust ClamAV’s configuration file to reduce the number of threads used during a scan. However, using the “nice” command is a simple and effective way to balance system resources between ClamAV and other processes.

Creating a Cron Job for ClamAV

Cron is a built-in utility in Ubuntu that allows users to automate tasks on a schedule. This can be especially helpful when running regular virus scans with ClamAV. This section will demonstrate creating a cron job for ClamAV on Ubuntu.

Create a shell script that will run the ClamAV scan. To do this, enter the following command in the terminal:

nano clamscan.sh

This will open a new file in the nano text editor, where you can enter the ClamAV command you want to run. For example, if you want to scan the entire “/home” directory, you can enter the following command:

#!/bin/bash
clamscan -r /home

Once you have entered the command, press “Ctrl + X” to exit nano, and then press “Y” to save the file.

Before you can run the shell script, you must make it executable. To do this, enter the following command in the terminal:

chmod +x clamscan.sh

This will give the shell script execute permissions.

Now that the shell script is ready, you can create a cron job that will run the script regularly. To do this, enter the following command in the terminal:

crontab -e

This will open the cron table in the nano text editor. In this file, you can enter the schedule for the ClamAV scan. For example, if you want to run the scan every day at 3:00 a.m., you can enter the following line:

0 3 * * * /path/to/clamscan.sh

Replace “/path/to/clamscan.sh” with the actual path to your shell script. Once you have entered the line, press “Ctrl + X” to exit nano, and press “Y” to save the changes.

To confirm that the cron job is set up correctly, you can use the following command in the terminal:

crontab -l

This will display the list of cron jobs on your system.

Remove ClamAV

If you no longer need ClamAV on your system, you may want to remove it to free up space and reduce clutter. Fortunately, removing ClamAV is straightforward and can be completed using just a few terminal commands.

To begin, you’ll want to disable the ClamAV service to ensure it isn’t running during uninstallation. To do this, enter the following command in the terminal:

sudo systemctl disable clamav --now

This command turns off the ClamAV service, preventing it from running in the background and interfering with the uninstallation process.

Next, you’ll want to remove all traces of ClamAV from your system. This includes the ClamAV software and any dependencies or associated files that may have been installed alongside it. To do this, enter the following command in the terminal:

sudo apt remove clamav clamav-daemon

Also, ClamAV TK installations can remove the graphical interface by themselves by running the command:

sudo apt remove clamavtk

Conclusion

With ClamAV installed and configured on your Ubuntu system, you have a robust tool for protecting against malware and other security threats. Using the Ubuntu default repository ensures a straightforward installation process, while the configuration tips provided help you keep ClamAV up-to-date and effective in scanning for potential threats. Regularly updating your virus definitions and scheduling scans will enhance your system’s security, ensuring continuous protection on Ubuntu.