{"id":11892,"date":"2022-03-21T07:51:45","date_gmt":"2022-03-21T04:51:45","guid":{"rendered":"https:\/\/kifarunix.com\/?p=11892"},"modified":"2024-03-09T11:02:20","modified_gmt":"2024-03-09T08:02:20","slug":"install-clamav-on-ubuntu","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-clamav-on-ubuntu\/","title":{"rendered":"Install ClamAV on Ubuntu 24.04\/Ubuntu 22.04"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\\\/\\\/kifarunix.com\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/clamav.png&quot;,&quot;figureClassNames&quot;:&quot;aligncenter size-full&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-11896&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:697,&quot;targetHeight&quot;:526,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: Install ClamAV on Ubuntu 24.04\\\/Ubuntu 22.04&quot;,&quot;alt&quot;:&quot;Install ClamAV on Ubuntu 24.04\\\/Ubuntu 22.04&quot;}\" data-wp-interactive=\"core\/image\" class=\"aligncenter size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"697\" height=\"526\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/03\/clamav.png\" alt=\"Install ClamAV on Ubuntu 24.04\/Ubuntu 22.04\" class=\"wp-image-11896\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/03\/clamav.png 697w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/03\/clamav-150x113.png 150w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/03\/clamav-300x226.png 300w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/03\/clamav-557x420.png 557w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/03\/clamav-80x60.png 80w\" sizes=\"(max-width: 697px) 100vw, 697px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge image: Install ClamAV on Ubuntu 24.04\/Ubuntu 22.04\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on-async--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"context.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"context.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div>\n\n\n<p>In this tutorial, we are going to learn how to install ClamAV on Ubuntu 24.04\/Ubuntu 22.04.&nbsp;<a href=\"https:\/\/www.clamav.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">ClamAV<\/a>&nbsp;is an open source antivirus engine for detecting trojans, viruses, malware, adwares, rootkits and other malicious threats.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#features-of-clam-av\">Features of ClamAV<\/a><\/li><li><a href=\"#install-clam-av-on-ubuntu\">Install ClamAV on Ubuntu<\/a><ul><li><a href=\"#update-the-clam-av-signature-database\">Update the ClamAV Signature Database<\/a><ul><li><a href=\"#update-signature-database-with-clamav-freshclam\">Update Signature Database with\u00a0clamav-freshclam<\/a><\/li><li><a href=\"#offline-database-update\">Offline Database Update<\/a><\/li><\/ul><\/li><li><a href=\"#clamscan-cli-options-and-example-usage\">Clamscan CLI Options and Example Usage<\/a><\/li><li><a href=\"#how-to-test-clam-av\">How to Test ClamAV<\/a><\/li><li><a href=\"#clam-av-return-codes\">ClamAV Return Codes<\/a><\/li><li><a href=\"#limiting-clamscan-cpu-usage\">Limiting Clamscan CPU Usage<\/a><\/li><li><a href=\"#visualize-clam-av-results-on-elk-stack\">Visualize ClamAV Results on ELK Stack<\/a><\/li><li><a href=\"#further-reading\">Further Reading<\/a><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"features-of-clam-av\">Features of ClamAV<\/h2>\n\n\n\n<p>Some of the features of ClamAV include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>built-in support for various archive formats, including Zip, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others.<\/li>\n\n\n\n<li>built-in support for almost all mail file formats<\/li>\n\n\n\n<li>built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others;<\/li>\n\n\n\n<li>built-in support for popular document formats including Microsoft Office and Mac Office files, HTML, RTF and PDF.<\/li>\n\n\n\n<li>support multiple signature languages such as hash-based signature matching, wildcards, boolean logic and any custom rules written in Bytecode language.<\/li>\n<\/ul>\n\n\n\n<p>ClamAV includes a multi-threaded scanner daemon, command line utilities for on demand file scanning and automatic signature updates. One of its main uses is on mail servers as a server-side email virus scanner.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install-clam-av-on-ubuntu\">Install ClamAV on Ubuntu<\/h2>\n\n\n\n<p>The default Ubuntu 24.04\/Ubuntu 22.04 repositories contains the latest stable release version of ClamAV. You can simply install it and its utilities by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo apt update<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo apt install clamav clamav-daemon -y<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"update-the-clam-av-signature-database\">Update the ClamAV Signature Database<\/h3>\n\n\n\n<p>For scanning to work, you need am updated virus database. There are two options for updating ClamAV database:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code><strong>clamav-freshclam<\/strong><\/code>: updates the database from Internet. This is recommended with Internet access.<\/li>\n\n\n\n<li><code><strong>Offline update<\/strong> <strong>(clamav-data)<\/strong><\/code>&nbsp;for systems with no direct internet access.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"update-signature-database-with-clamav-freshclam\">Update Signature Database with&nbsp;<code>clamav-freshclam<\/code><\/h4>\n\n\n\n<p>If you have internet access, you can use&nbsp;<strong><code>clamav-freshclam<\/code><\/strong>&nbsp;to update the ClamAV virus signature database.<\/p>\n\n\n\n<p>To use this method, stop the&nbsp;<code>clamav-freshclam<\/code>&nbsp;service (if it is running) and execute&nbsp;<code>freshclam<\/code>, the virus database update tool.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl stop clamav-freshclam<\/code><\/pre>\n\n\n\n<p>Then update the virus database;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo freshclam<\/code><\/pre>\n\n\n\n<p>Sample database update output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>ClamAV update process started at Wed Feb 21 18:35:04 2024\nWed Feb 21 18:35:04 2024 -> daily.cvd database is up-to-date (version: 27192, sigs: 2053940, f-level: 90, builder: raynman)\nWed Feb 21 18:35:04 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)\nWed Feb 21 18:35:04 2024 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)\n<\/code><\/pre>\n\n\n\n<p>Next, start the&nbsp;<code>clamav-freshclam&nbsp;<\/code>service so it keeps updating the signature database in the background whenever.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl start clamav-freshclam<\/code><\/pre>\n\n\n\n<p>Ensure the service is enabled to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable clamav-freshclam<\/code><\/pre>\n\n\n\n<p><code><strong>freshclam<\/strong><\/code>&nbsp;downloads the ClamAV databases, CVDs, and place them on under,&nbsp;<code>\/var\/lib\/clamav\/<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ls -alh1 \/var\/lib\/clamav\/<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>total 223M\ndrwxr-xr-x  2 clamav clamav 4.0K Feb 21 18:35 .\ndrwxr-xr-x 75 root   root   4.0K Feb 21 18:34 ..\n-rw-r--r--  1 clamav clamav 286K Feb 21 18:34 bytecode.cvd\n-rw-r--r--  1 clamav clamav  60M Feb 21 18:34 daily.cvd\n-rw-r--r--  1 clamav clamav   69 Feb 21 18:34 freshclam.dat\n-rw-r--r--  1 clamav clamav 163M Feb 21 18:34 main.cvd\n<\/code><\/pre>\n\n\n\n<p>Also restart the Clam AntiVirus userspace daemon;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart clamav-daemon<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"offline-database-update\">Offline Database Update<\/h4>\n\n\n\n<p>If your system do not have internet access, you can consider setting up a&nbsp;<a href=\"https:\/\/docs.clamav.net\/appendix\/CvdPrivateMirror.html\" target=\"_blank\" rel=\"noreferrer noopener\">private local mirror<\/a>&nbsp;using the cvdupdate tool.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"clamscan-cli-options-and-example-usage\">Clamscan CLI Options and Example Usage<\/h3>\n\n\n\n<p>Clamscan is used to scan files and directories for viruses. From the man pages, the clamscan command syntax is:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan &#91;options] &#91;file\/directory\/-]<\/code><\/pre>\n\n\n\n<p>Some of the clamscan command options and their example usage is illustrated below;<\/p>\n\n\n\n<p>Print help information using&nbsp;<code>-h<\/code>&nbsp;or&nbsp;<code>--help<\/code>&nbsp;option.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan -h<\/code><\/pre>\n\n\n\n<p><strong>Note:<\/strong>&nbsp;Options marked with [=yes\/no(*)] can be optionally followed by&nbsp;<strong>=yes&nbsp;<\/strong>or&nbsp;<strong>=no.&nbsp;<\/strong>If they get called without the boolean argument the scanner will assume \u2018yes\u2019. The asterisk marks the default internal setting for a given option.<\/p>\n\n\n\n<p>Scan specific directory using ClamAV;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan \/home\/<\/code><\/pre>\n\n\n\n<p>Scan specific file using ClamAV;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan \/home\/filename.docx<\/code><\/pre>\n\n\n\n<p>Do not display summary at the end of scanning.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan --no-summary \/home\/<\/code><\/pre>\n\n\n\n<p>Print infected files only (<strong><code>-i<\/code><\/strong>,&nbsp;<code><strong>--infected<\/strong><\/code>);<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan -i \/<\/code><\/pre>\n\n\n\n<p>Skip printing OK files (<strong><code>-o<\/code>,&nbsp;<code>--suppress-ok-results<\/code><\/strong>);<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan <strong>-o<\/strong> \/home\/<\/code><\/pre>\n\n\n\n<p>Sound a bell on virus detection (<strong><code>--bell<\/code><\/strong>);<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan <strong>--bell<\/strong> -i \/home<\/code><\/pre>\n\n\n\n<p>Scan directories recursively&nbsp;<em>(<code>-r<\/code><\/em>,&nbsp;<em><code>--recursive<\/code><\/em>).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan --bell -i <strong>-r<\/strong> \/home<\/code><\/pre>\n\n\n\n<p>Save scan report to FILE (<em><strong><code>-l FILE<\/code>,&nbsp;<code>--log=FILE<\/code><\/strong><\/em>);<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan --bell -i <strong>-r<\/strong> \/home <strong>-l home-scan.txt<\/strong><\/code><\/pre>\n\n\n\n<p>Scan files listed line by line in FILE (<strong><code>-f FILE<\/code>,<code>&nbsp;--file-list=FILE<\/code><\/strong>).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan -i <strong>-f \/tmp\/scan<\/strong><\/code><\/pre>\n\n\n\n<p>Remove infected files (<code><strong>--remove[=yes\/no(*)]<\/strong><\/code>). Be careful as this removes file completely.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&nbsp;clamscan -r --remove \/home\/USER<\/code><\/pre>\n\n\n\n<p>Move infected files into DIRECTORY&nbsp;<code>(--move=DIRECTORY<\/code>). Directory must be writable for the user or unprivileged user running clamscan.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan -r -i --move=\/home\/USER\/infected \/home\/<\/code><\/pre>\n\n\n\n<p>Copy infected files into DIRECTORY (\u2013copy=DIRECTORY). Directory must be writable for the user or unprivileged user running clamscan.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan -r -i --copy=\/home\/USER\/infected \/home\/<\/code><\/pre>\n\n\n\n<p>There is quite long list of options for various usage of clamscan. Consult&nbsp;<code>man clamscan<\/code>&nbsp;for more details.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"how-to-test-clam-av\">How to Test ClamAV<\/h3>\n\n\n\n<p>You can test the efficiency of ClamAV to detect malicious threats by <a href=\"https:\/\/www.eicar.org\/?page_id=3950\" target=\"_blank\" rel=\"noreferrer noopener\">downloading anti-malware EICAR test file<\/a> to your specific system directory.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -P \/tmp https:\/\/secure.eicar.org\/eicar_com.zip<\/code><\/pre>\n\n\n\n<p>Next, scan the \/tmp directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>clamscan -ir \/tmp\/<\/code><\/pre>\n\n\n\n<p>Sample scan output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\/tmp\/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND\n\n----------- SCAN SUMMARY -----------\nKnown viruses: 8685808\nEngine version: 1.0.5\nScanned directories: 7\nScanned files: 2\nInfected files: 1\nTotal errors: 12\nData scanned: 0.00 MB\nData read: 0.00 MB (ratio 0.00:1)\nTime: 13.121 sec (0 m 13 s)\nStart Date: 2024:02:21 18:37:20\nEnd Date:   2024:02:21 18:37:33\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"clam-av-return-codes\">ClamAV Return Codes<\/h3>\n\n\n\n<p>The following are the exit return codes for ClamAV.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>0 : No virus found.<\/li>\n\n\n\n<li>1 : Virus(es) found.<\/li>\n\n\n\n<li>2 : Some error(s) occurred.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"limiting-clamscan-cpu-usage\">Limiting Clamscan CPU Usage<\/h3>\n\n\n\n<p><code>clamscan<\/code>&nbsp;can be CPU intensive especially if it scanning a large directory.<\/p>\n\n\n\n<p>To limit the clamscan CPU time to certain levels, you can use two tools;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><code>nice<\/code><\/strong>: lowers the priority of clamscan (limits relative cpu time).<\/li>\n\n\n\n<li><strong><code>cpulimit<\/code><\/strong>: limits absolute cpu time.<\/li>\n<\/ul>\n\n\n\n<p>To use nice command,<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>nice -n 15 clamscan &amp;&amp; clamscan -ir \/<\/code><\/pre>\n\n\n\n<p>As long as no other process requires cputime, clamscan will maximize it. But as soon as another process with a higher priority needs cputime, clamscan will lost it.<\/p>\n\n\n\n<p>Using cpulimit;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cpulimit -z -e clamscan -l 15 &amp; clamscan -ir \/<\/code><\/pre>\n\n\n\n<p>Limits clamscan cpu time to 15% when scanning the entire root directory.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"visualize-clam-av-results-on-elk-stack\">Visualize ClamAV Results on ELK Stack<\/h3>\n\n\n\n<p>Follow the guide below to learn how to visualize ClamAV results on ELK Stack.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/visualize-clamav-scan-logs-on-elk-stack-kibana\/\" target=\"_blank\" rel=\"noreferrer noopener\">Visualize ClamAV Scan Logs on ELK Stack Kibana<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"further-reading\">Further Reading<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.clamav.net\/documents\/clam-antivirus-user-manual\" target=\"_blank\" rel=\"noreferrer noopener\">ClamAV User Manual<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-nikto-web-scanner-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Nikto Web Scanner on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-setup-nessus-scanner-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Setup Nessus Scanner on Ubuntu 20.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, we are going to learn how to install ClamAV on Ubuntu 24.04\/Ubuntu 22.04.&nbsp;ClamAV&nbsp;is an open source antivirus engine for detecting trojans, viruses,<\/p>\n","protected":false},"author":1,"featured_media":11896,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,34],"tags":[4720,4718,4716,4717,4719],"class_list":["post-11892","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-security","tag-clamav-ubuntu-22-04","tag-detect-threats-using-clamav-on-ubuntu","tag-install-clamav-ubuntu","tag-scan-directories-for-malware-using-clamav","tag-ubuntu-22-04-install-clamav","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11892"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=11892"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11892\/revisions"}],"predecessor-version":[{"id":20437,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11892\/revisions\/20437"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/11896"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=11892"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=11892"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=11892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}