How do I scan for viruses with ClamAV?

  • I installed ClamAV via Terminal (Ctrl+Alt+T) with:

    sudo apt-get install clamav
    

    but how can I scan for viruses?

  • BuZZ-dEE

    BuZZ-dEE Correct answer

    6 years ago

    Terminal

    At first you have to update the virus definitions with:

    sudo freshclam
    

    Then you can scan for viruses.

    clamscan OPTIONS File/Folder 
    

    If necessary start with root permissions: sudo clamscan.

    Examples:

    • To check all files on the computer, displaying the name of each file:

      clamscan -r /
      
    • To check all files on the computer, but only display infected files and ring a bell when found:

      clamscan -r --bell -i /
      
    • To scan all files on the computer but only display infected files when found and have this run in the background:

      clamscan -r -i / &
      

      Note - Display background process's status by running the jobs command.

    • To check files in the all users home directories:

      clamscan -r /home
      
    • To check files in the USER home directory and move infected files to another folder:

      clamscan -r --move=/home/USER/VIRUS /home/USER
      
    • To check files in the USER home directory and remove infected files (WARNING: Files are gone.):

      clamscan -r --remove /home/USER
      
    • To see more options:

      clamscan --help
      

    See:

    Graphical User Interface: ClamTK Install clamtk

    ClamTk is a frontend for ClamAV. You can install it via Terminal with:

    sudo apt-get install clamtk
    

    You can get the latest version from Bitbucket as Debian package.

    There is also a PPA (Outdated):

    sudo apt-add-repository ppa:landronimirc/clamtk
    sudo apt-get update && sudo apt-get install clamtk
    

    clamtk screenshot

    Scan Menu: Here you can choose a file, folder or a device for scanning

    clamtk scan menu screenshot

    View Menu:

    clamtk view menu screenshot

    Quarantine Menu:

    clamtk quarantine menu screenshot

    Advanced Menu:

    clamtk advanced menu screenshot

    Help Menu: Here you can check for updates.

    clamtk help menu screenshot

    See:

    I think it's a mistake to not create at leat man page for clamav, wich is the name of the package.

    If you want to check all files of the system, then you should use `clamscan -r --bell -i --exclude-dir="^/sys" /` because in `/sys/` are no real files and not excluing it would cause reading errors. http://askubuntu.com/questions/591964/clamav-cant-read-file-error

    `sudo freshclam ERROR: /var/log/clamav/freshclam.log is locked by another process ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).`

    @Dmitriy What has it to do with the answer? It's a specific problem. Maybe you should ask a new question with your detailed problem.

    I commented because this answer seems to not work anymore. At least on Ubuntu 16.04 LTS x64. Or do you say this issue happens only on my installation?

    @Dmitriy You are probably getting this error because `freshclam` is already running. See this answer: https://askubuntu.com/a/909276/338982

  • The accepted answer is a great answer, but every time I reach this page, it's a pain to find the command I want from the clutter of information. So just providing a concise answer to the question:

    To scan all folders in your computer (except /sys):

    clamscan -r -i --exclude-dir="^/sys" --bell / 
    

    To scan specific folders or files, you have to create a file in which you list out which files/folders you want to scan, and tell clamav where to find that file:

    clamscan -r -i --bell --file-list=/home/nav/ClamScanTheseFolders.txt
    

    My ClamScanTheseFolders.txt contained:

    /media/nav/someFolder1
    /media/nav/someFolder2
    /opt/someFolder/somefile
    

    Nice. But that should be two dashes before exclude: `--exclude`

    There is still an issue with double dashes before exclude. It does not work after copying and pasting into terminal window

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM