ClamAV - The free Anti Virus solution for Windows on Linux

October 31, 2005
ClamAV is an open source antivirus engine designed to detect Trojans, viruses, malaware and other malicious threats. It is multi-platform and works on Linux, Windows, and Mac OS X.

ClamAV leaverages the power of the command line by providing tools which you can execute using scripts and, from within terminals. It is popularly used to scan emails passing through mail gateways.

Tools in ClamAV

ClamAV antivirus software comprises of the following command line tools.

clamscan - A tool to scan files and directories for viruses.

freshclam - A virus database update tool.

sigtool - A signature and database management tool.

clambc - A byte code testing tool.

Usage of these command line tools is explained further below.

Installing ClamAV in Linux

You can install ClamAV antivirus software in most main stream Linux distributions using their respective package management tool.

For example, here is how you install ClamAV antivirus software in Fedora Linux.

$ sudo yum install clamav

If you are using Ubuntu or another Debian based Linux, you can install ClamAV as follows.

$ sudo apt-get install clamav

Optionally, you can also install clamav-docs (ClamAV documentation) and clamtk (A GUI front-end for ClamAV).

ClamAV package is available for Fedora, Red Hat, Gentoo, Debian, Ubuntu, openSUSE, Mandriva,and Pardus Linux.

You can also compile from source which is available for download at ClamAV website.

Update the Virus database

An antivirus tool is as good as its virus database. So it is very important that you update the virus database on a regular basis.

freshclam is used to update ClamAV's virus database.

In its simplest form, you can use this tool to manually download the virus database to the default directory as follows.

$ freshclam

Or you can use cron job scheduler to update the virus database on a daily basis by entering the following line in your crontab file.

0 3 * * * `/usr/bin/freshclam`

It indicates the command should be executed daily at 3:00 AM. See crontab usage for the syntax.

Alternately, you can run freshclam as a daemon -d and check -c 2 times a day for new database.

$ freshclam -d -c 2

ClamAV Usage

The following examples show how to execute the most common tasks using ClamAV.

Scan a single file

$ clamscan filename

Scan a current working directory

$ clamscan

Recursively scan -r all files in your HOME directory

$ clamscan -r /home/ravi

clamscan will recurse through a maximum depth of 15 levels if the -r option is used.

Optionally, you can decide how deep clamscan should go by using --max-dir-recursion.

$ clamscan -r --max-dir-recursion=4 /home/ravi

Print only infected files -i to the output.

$ clamscan -i -r /home/ravi

Move infected files to a directory.

$ clamscan -i --move /tmp/quarantine -r /home/ravi

The directory /tmp/quarantine must be writable for a user running clamscan.

Remove infected files

$ clamscan -i --remove=yes -r /home/ravi

By default clamscan doesn't remove any infected files.

Save the scan report -l to a file named logfile.

$ clamscan -l logfile -r /home/ravi

Ring a bell --bell each time a virus is found.

$ clamscan --bell -r /home/ravi

Scan a mail spool directory

$ clamscan -r /var/spool/mail

Scan a tape archive (tar) file.

$ clamscan --tar=/bin/tar myfile.tgz

ClamAV can scan a wide variety of files such as - archives (rar, zip, tar, deb, jar, arj ), your mails, html files ... In fact just about any file on your system.

Scan all MS Word files in your HOME directory.

$ find /home/ravi -iname \*.doc -exec clamscan -i -r {} \;

Main Features of ClamAV

  • Free for personal and commercial use. Released under GPL.
  • Multi architecture, and multi OS support. ClamAV is available for Mac OS X, Windows, Linux and other Unix variants.
  • Simple command line usage.
  • Create powerful filters by linking with other commands in Linux.
  • Simple to install and remove.
  • Lots of third party software with in-built support for ClamAV.