This article will describe virus scan with ClamAV.
Table of Contents
1 Virus scan with clamav package
Install clamav package.
$ sudo apt install -y clamav
The clamscan command will scan file or directory.
- -r option will scan directory recursively.
- -i option will show detected file only.
- –move option will move detected file to specific directory.
$ mkdir ~/virus $ clamscan -r -i --move=$HOME/virus .
2 Update virus database with freshclam manually
The freshclam command will update virus database.
$ sudo freshclam
If you have installed clamav-freshclam pakcage, which will be installed with clamav package, the following error will be occured.
ERROR: /var/log/clamav/freshclam.log is locked by another process ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
3 Update virus database with clamav-freshclam package automatically
clamav-freshclam package will update virus database automatically. You do not need to run freshclam command.
But first time update by clamav-freshclam may not work.
WARNING: getfile: Unknown response from db.local.clamav.net
For first time update, stop clamav-freshclam, run freshclam command manually and start clamav-freshclam.
$ sudo systemctl stop clamav-freshclam $ sudo freshclam $ sudo systemctl start clamav-freshclam
The default update interval is 24 times in a day.
$ grep Checks /etc/clamav/freshclam.conf Checks 24
4 Virus scan with clamav-daemon package
clamav-daemon package have clamd daemon and clamdscan command. The clamd daemon load database once and wait as a daemon. And run virus scan by request from clamdscan command without loading database.
clamd daemon always consume memory for database, but clamdscan is faster than clamscan. And clamdscan's behavior depends on clamd while clamscan's behavior depends clamscan's options.
$ sudo apt install -y clamav-daemon $ clamdscan <dir>
5 Virus scan with clamtk package
clamtk package provides GUI window, This is useful for desktop user.
$ sudo apt install -y clamavtk
There is a issue with dialog message after scanning. If LC_TIME=C is not set, dialog message after scanning will not be displayed. This will prevent removing detected file after scannning.
So this article will set LC_TIME=C in desktop file. You need to set LC_TIME=C for running clamtk without desktop file.
$ sudo sed -e 's/Exec=clamtk %F/Exec=env LC_TIME=C clamtk %F/g' \ -i /usr/share/applications/clamtk.desktop
clamtk is as the following. My environment needs double click to select item.
Check "scan directories recursively" in Settings.
Home directory can be scanned recursively by "Scan a directory".