Clam Antivirus is a great, free and open source antivirus for Linux. It is licensed under GNU GPL; which, among other things, allows the use of free software in the non-private domain. It supports detection of malware, trojans, virus and other malicious files. It is widely used in mail servers for scanning of e-mails. Main features are,
- Free Antivirus
- Used in mail servers to stop spreading of trojans and viruses,
- Built-in support for archive and compressed file scanning
- Can be used from command line,
- Provides virus signature updates on regular basis,
- On-access file scanning.
Installation can be done in a variety of ways: through packet managers or sources.
Installation from Binaries
For operating systems that use Synaptic (such as Debian, Ubuntu, and derivatives), you can download the ready-to-use package by using the following command.
apt-cache search clamav
apt-get install clamav
Installation from Sources
For those who prefer to install the program by compiling the sources, it is necessary to check the presence of gcc, zlib and zlib-dev, bzip2 and bzip2-dev, GNU MP3 (not strictly necessary but strongly recommended).
Download the sources, put them in the /tmp folder. Let’s install it with commands, where x represents the version numbers of the antivirus.
tar xvzf clamav-x.xx.x.tar.gz
At this point, you must create a user to associate with the virus:
useradd -g clamav -s /bin/false -c “Clam Antivirus” clamav
Once you’ve created the user, you have to switch to the process that will turn in the background.
We open the /etc/clamd.conf file as root with an editor.
nano /etc/clamd.conf &
Uncomment the “Example” at eighth line by removing # off,
You must now edit the /etc/freshclam.conf file to allow viral signatures to be updated.
Uncomment the line DatabaseMirror db.xy.clamav.net. Replace xy with your country tld for updating of virus signatures from your country’s repository. you can find your country TLD from here.
Now you can save and close the file. Before testing the antivirus, it is good to update the definitions by issuing the command freshclam to activate the daemon that starts at each boot.
However, you can force the definition update to this command:
Once you have updated the software database with the latest available signatures, you can try the antivirus by typing on the command line.
clamscan -r /tmp/clamav-x.xx.x
You will need to find some viruses that are nothing but tests to test the correct functioning of the virus.
With the -r option you will also check the folders that have been typed in the row you typed, and with the -i option, only the infected files will be printed.
clamscan -ir tmp
It will search infected files in the tmp folder and in the sub-directories displaying only the infected files. There are a lot of graphical interfaces available for ClamAV, but in my opinion using the clamscan and freshclam commands, you will not feel the need for anything else.