ClamAV is a popular open source anti-virus (AV) scanner available for Windows, macOS, and Unix-based systems. ClamAV can quarantine and delete infected files, emails, websites, and more. ClamAV is also available as a cPanel server plugin.
Below we’ll cover how to install ClamAV, update the signature database, and run common command-line interface (CLI) commands.
How to Install and Use ClamAV
You may have to use
sudo before each command if you’re not already logged in as root (e.g.
sudo apt-get update).
Installing ClamAV is easy with the Ubuntu APT package.
- Update your package lists:
sudo apt-get update
- Install ClamAV:
sudo apt-get install clamav clamav-daemon -y
After you finish the installation, ensure your ClamAV virus signatures are up to date.
- Stop the ClamAV process:
sudo systemctl stop clamav-freshclam
- Manually update the ClamAV signature database:
- Restart the service to update the database in the background:
sudo systemctl start clamav-freshclam
Below are the most common options for using ClamAV clamscan in the terminal.
Scan all files, starting from the current directory:
clamscan -r /
Scan files but only show infected files:
clamscan -r -i /path-to-folder
Scan files but don’t show
clamscan -r -o /path-to-folder
Scan files and send results of infected files to a results file:
clamscan -r /path-to-folder | grep FOUND >> /path-folder/file.txt
Scan files and move infected files to a different directory:
clamscan -r --move=/path-to-folder /path-to-quarantine-folder
You can also create a cron job to run ClamAV scans automatically.
To learn more about clamscan options, check the manual:
Those running Linux on a local machine with a window manager can also install the ClamTK graphical wrapper.
Looking for other ways to improve your server security posture? See if Sucuri’s web application firewall (WAF) is right for you. Let us know if you have any further questions.