When we think of an antivirus quickly comes to mind Windows. Certainly, in Windows, there are a lot of vulnerabilities and it is reckless to have it without some antivirus. In Linux, there are also viruses and therefore antivirus. ClamAV does not work in the same way as a classic Ubuntu antivirus and we will show you how to use it and what to do with it.
It is also a good opportunity to write a couple of lines about the situation of viruses in Linux to help you understand it.
Linux and Viruses
You have probably read many times or something like this “There is no virus in Linux” or “It is impossible for a virus to affect Linux”. I will tell you right off the bat that they are both fakes.
Linux is a very good operating system but it is not totally invulnerable. In the end, it’s made by humans and mistakes are made. However, the main difference with Windows is the architecture of Unix itself. I will give you some examples to help you understand better.
First of all, by default regular users do not have root privileges. This makes many tasks that modify system files impossible for a regular user. Therefore, without being a root user you cannot install or remove applications.
On the other hand, under Linux, the user must explicitly indicate which file is executable and which is not. So if you download a malicious script or possibly an infected file, it will not be executed if you do not indicate that it is.
Besides, the Linux community is great. It happens that the Linux source code is open and everyone can examine it. And it is examined by many security experts. The more eyes that see the code the faster they can fix bugs.
So in Linux there are viruses, but they are few, they do not do much damage and are quickly mitigated. This means that a virus can indeed affect Linux, just not in the way you think.
Using antivirus ClamAV on Ubuntu
This brings us to why I would have ClamAV on my system. The reality is that ClamAV will help you keep these malicious files from spreading over the network. That is, if a malicious file on a computer with Linux, it will not affect it, but it can spread through the network to one with Windows where it will wreak havoc.
So let’s get to work and learn how to use ClamAV on Ubuntu.
Installing Antivirus ClamAV
ClamAV is the antivirus for Linux par excellence. So it is available from the official Ubuntu repositories. To install it, just run the following command:
:~$ sudo apt install clamav
Press enter and after typing your password, the installation will begin.
In the end, ClamAV will be ready for action.
Working with ClamAV on Ubuntu
Like any antivirus, the first thing to do is to update its database. This is quite simple, but the service of ClamAV has to be stopped.
To stop the service, run the following command:
:~$ sudo systemctl stop clamav-freshclam
Once this has happened. You can update the application database.
:~$ sudo freshclam
Then, the process of verifying the database and updating it will begin. This process has to be done repeatedly in case the service is stopped.
Now comes the most important thing and that is to scan a directory with ClamAV.
The basic syntax of ClamAV is the following
:~$ clamscan [options] [folder]
And many options help with making a fairly thorough and correct scan. To find out about all of them, just run the help on the terminal.
:~$ clamscan --help
As you can see, they are quite a lot. Of all that list, I will highlight the most useful and most used.
- –infected or -i shows us only the infected files in the summary. Important.
- –bell : This will alert you whenever a threat is found.
- –recursive or -r: makes a recursive scan on the folder. This option is very important to enable for full results.
- –remove[=yes/no]: Removes the infected files. Be careful when using this option because it can delete some files that we do not want.
- –move=[directory]: Moves the infected files to a specified folder.
- –copy=[directory]: Moves the infected files to a specified folder.
- –exclude=[name]: Excludes files with a specified name.
- –exclude-dir=[directory]: Excludes a specified folder.
- –max-filesize=[n] Files larger than the specified size will be excluded.
- –max-files=[n]: Scans only the specified number of files.
- –max-scansize=[n] Maximum size of data collected
This way, you can get a lot of flexibility and variety in the scans you make.
Scanning a directory with the antivirus ClamAV on Ubuntu
And to start the scan, just execute a command similar to this:
:~$ sudo clamscan -r -i /home/user
Remember that you can add many options to customize your scan. You also have to specify the directory you want to check.
Then, if you find infected files, you can delete them as follows:
:~$ sudo clamscan -r -i --remove /home/user
It is advisable to scan without deleting and when we know which files they are, proceed to delete them. For this, the --copy option is quite useful.
To do this periodically, it is advisable to start ClamAV’s service so that the process can be automated. Above all, the updating of the database.
:~$ sudo systemctl start clamav-freshclam
Finally, check the service status.
:~$ sudo systemctl status clamav-freshclam
Despite being such an important tool it is very easy to use.
Bonus: ClamTK a GUI for the Antivirus ClamAV
If you are using Ubuntu on your desktop computer and not on a server, you can install ClamTK.
Thanks to ClamTK you can have a modern and easy to use graphic interface that will allow you to better manage ClamAV.
The application is quite light and available in the official Ubuntu repositories which makes the installation quite easy to do.
So, to install it run:
:~$ sudo apt install clamtk
Now you have to use it and tell your experience.
Conclusion
Although the topic of viruses and Linux gives a lot to talk about, the truth is that there is an antivirus for Linux. And this helps keep internal networks from spreading viruses to each other. Because although it is true, in Linux few viruses can spread through some network services.
ClamAV emerges as a modern Linux-style antivirus. With an explicit command interface that can be mastered in a short time. Apart from this, there is also the possibility of adding a graphical interface to improve mime management thanks to ClamTK.
Now it is your turn. Have you used ClamAV? do you like it? Share your experience.
