How to scan for viruses with ClamAV on Ubuntu


There aren't many viruses made for Linux distributions and as such, most people who use such systems don't even bother using an antivirus software. Those however who do want to be able to scan their system or other Windows-based systems that are connected to a Linux PC through a network, they can use ClamAV. ClamAV is an open source anti-virus engine that is built to detect viruses, trojans, malware and other threats. It supports multiple file formats (documents, executables or archives), utilizes multi-thread scanner features and receives updates for its signature database at least 3-4 times a day.

The first step is to install and get the latest signature updates. To do this on Ubuntu, you can open a terminal and insert “sudo apt-get install clamav” and press enter.

sudo apt-get install clamav

You may also build ClamAV from sources to benefit from better scanning performance. To update the signatures, you type “sudo freshclam” on a terminal session and press enter.

sudo freshclam

Now we are ready to scan our system. To do this, you can use the “clamscan” command. This is a rich command that can work with many different parameters so you'd better insert “clamscan –-help” on the terminal first and see the various things that what you can do with it.

clamscan –-help

So, I will demonstrate a scan on my “Downloads” folder located under the home directory and I will choose to output only infected files and ring a bell when (and if) they are found. This translates to the following command on the terminal: “clamscan -r --bell -i /home/bill/Downloads”.

clamscan -r --bell -i /home/bill/Downloads


To scan the whole system (it may take a while) and remove all infected files in the process, you can use the command in the following form: “clamscan -r --remove /”.

clamscan -r --remove /


Sometimes, simply removing infected files can cause even more problems or breakages. I suggest that you should always check the output first and then take manual action. Alternatively, you may also use the “move” command integrated as a parameter in the form of” “--move=/tmp/clamresult (example directory).


If all this console stuff is simply too much for you, you can also install an additional package called “clamtk” that is basically a gtk-2 GUI for ClamAV.

sudo apt-get install clamtk

From the ClamTK top panel options menu, you can choose any directory or file to scan, specify whitelisted directories and manage quarantined files. You may also elect to perform quick or recursive scans, or even check a device such as a USB stick.

ClamTK's scheduler also allows for the easy setting up of scheduled scans as well as scheduled antivirus signature database updates (you'd better set the latter before the former). Moreover, if you find a file that is falsely marked as a threat, you can submit it for further analysis to the ClamAV team, directly from the ClamTK interface.

While I didn't perform speed comparison tests between the console and GUI scans, I didn't notice any significant difference on the time. ClamTK is definitely simplifying the process, so I suggest that you install it along with ClamAV as well.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Installing Fail2ban

  Installing Fail2ban Installing Fail2ban on Ubuntu Server 16.04 is simple. Run the following...

How to display sockets summary and all open network ports with ss command

How to display sockets summary with ss command # ss -s How to display all open network ports...

How to find a folder in Linux using the command line

  I am a new Linux user. How do I find files and folders in Linux using the bash command line?...

How to setup a UFW firewall on Ubuntu 18.04 LTS server

How do I setup a firewall with UFW (uncomplicated firewall) on an Ubuntu Linux 18.04 LTS server...

How to tar a file in Linux using command line

How to tar a file in Linux using command line I am a new Linux user. How can I create a tar file...