How to Install ClamAV on Ubuntu

ClamAV is a popular open source anti-virus scanner available for Unix, Windows, and macOS. ClamAV can quarantine or delete infected archived files, emails, websites, and more. ClamAV is also available as a cPanel plugin.

Below we cover how to install ClamAV, update the signature database, and run common clamscan commands.

Develop your web applications on Debian, Ubuntu, or CentOS with our scalable Cloud Servers.

Install ClamAV with APT

You may have to use sudo before each command if you’re not already logged in as root (e.g. sudo apt-get update)

Installing ClamAV is easy with the Ubuntu APT package.

  1. Update your package lists:
    apt-get update
  2. Install ClamAV:
    apt-get install clamav clamav-daemon -y

Update ClamAV Signature Database

After you finish installing ClamAV, ensure your ClamAV virus signatures are up to date.

  1. Stop the ClamAV process:
    systemctl stop clamav-freshclam
  2. Manually update the ClamAV signature database:
    freshclam
  3. Restart the service to update the database in the background:
    systemctl start clamav-freshclam

ClamAV clamscan

Below are the most common scanning options.

Scan all files, starting from the current directory:

clamscan -r /

Scan files but only show infected files:

clamscan -r -i /[path-to-folder]

Scan files but don’t show OK files:

clamscan -r -o /[path-to-folder]

Scan files and send results of infected files to a results file:

clamscan -r /[path-to-folder] | grep FOUND >> /[path-folder]/[file].txt

Scan files and move infected files to a different directory:

clamscan -r --move=/[path-to-folder] /[path-to-quarantine-folder]

You can also create a cron job to run ClamAV scans automatically.

To learn more about clamscan options, check the manual:

man clamscan

Those running a GUI on Linux can also install ClamTK.

Looking for other ways to improve your server security posture. See if Sucuri’s web application firewall (WAF) is right for you.

Was this article helpful? Let us know!