Most may not know it, but Linux can get viruses too. Thankfully, there’s a tremendous command-line tool that mny Linux users use, and it’s called ClamAV. With it, users will be able to detect types of viruses via the command-line and look for exploits (for both Windows and Linux).
ClamAV is easy to install on Linux thanks to the fact that it’s included in many mainstream distribution software sources. To install this application, open up a terminal and follow along with the instructions below to get it working.
Note: ClamAV has a graphical version of the application if you dislike the Linux command-line. It takes all of the best aspects of the terminal and puts it in an easy to use UI. Check the official website to learn more.
sudo apt install clamav
sudo apt-get install clamav
sudo pacman -S clamav
sudo dnf install clamav
sudo zypper install clamav
Building the ClamAV virus scanner from source on the Linux platform requires a few dependencies. Install all of these programs on your computer before continuing.
- gcc or clang C compiler
- zlib library
With the dependencies taken care of on your Linux computer, it’s time to start the building process. Grab the latest code release of ClamAV with the wget download tool.
Note: as you are building the program from source, automatic updates are not possible. To ensure that your virus scanner is always up to date, re-download ClamAV’s code here and compile the code regularly.
Don’t have wget? Try cURL instead:
curl https://www.clamav.net/downloads/production/clamav-0.100.2.tar.gz > clamav-0.100.2.tar.gz
Now that the code is done downloading through wget extract the TarGZ archive of ClamAV.
tar zxvf clamav-0.100.2.tar.gz
Using the CD command, move your terminal session from the home folder to the newly extracted clamav-0.100.2 folder.
Run the configure script. Configure will allow you to determine all of the dependencies for the build requirements are satisfied.
If the Configure script doesn’t show you any warnings, everything is good to go. Start the code compilation process by executing the make command.
Let the code compiler tool build ClamAV. It may take a long time, so be patient. When the building process is complete, install the software on your Linux PC with the make install command.
sudo make install
Find Viruses Via Command-line
Virus scanners find trojans and other issues by checking a “definitions” file. This definitions file is a list that tells the scanner about questionable items. ClamAV has a definition file as well, and users can update it with the freshclam command. In the terminal, run:
Be sure to regularly run the freshclam command weekly (or even daily if you are paranoid about viruses showing up on your Linux PC or server).
Once you’ve got the latest virus definitions for ClamAV on Linux, you’ll be able to scan for vulnerabilities. To examine an individual folder for viruses, run the command below:
sudo clamscan /location/of/folder/
It is also possible to use the clamscan to scan for viruses in a directory, along with every sub-directory inside, by using the r switch.
sudo clamscan -r /location/of/folder/
Scan Home Folder
The home directory on Linux is the primary location that users interact with on the computer. Therefore, if you do have a virus, it’ll be in this folder, or it’s many sub-folders. To scan the home folder, point the clamscan command at /home/username/. Alternatively, use ~/, if you don’t want to type out a username.
Note: use the -v switch to print out the scanning process that ClamAV otherwise hides.
sudo clamscan -rv ~/
sudo clamscan -rv /home/username
Want to scan more than one user’s home folder? Try pointing clamscan at /home/, instead of /home/username/.
sudo clamscan -rv /home/
You may have dangerous and questionable files on your Linux PC outside of your home folder. If you want to scan for items like this, you’ll need to do a system-wide scan. Use clamscan, and point it directly at your root directory.
sudo clamscan -rv /
Scan Single File
ClamAV is often used to scan Linux file systems for vulnerable files. Another use for ClamAV is to scan individual files for issues. To scan an individual file, run clamscan and point it directly to the location of the file.
Note: be sure to customize the commands below to meet your own needs.
sudo clamscan -v /location/of/file/file.file
Alternatively, use the CD command to move to the file’s exact location, then, run the scan.
cd /location/of/file/file.file sudo clamscan -v file.file