Dec 19 2020 Using antivirus scanner (clamav) on desktop linux

How to use antivirus scanner clamav on desktop linux

I needed to scan a few files for viruses on a linux box. Of all scanners, clamav seems to be best. However I needed to download the database files manualls (all downloads timeouted and the auto-updater did not get anything).

I mainly followed info from askubuntu.com and this malware tools overview.

Install clamav:

sudo apt install clamav

and update the virus signatures with

sudo freshclam

In case the download of files fails because you have bad internet connection, download main.cvd, daily.cvd and bytecode.cvd manually, move them to appropriate location, fix file ownership and verify things went OK. In case of download trouble, restart wget (using –continue):

sudo service clamav-freshclam stop
wget --continue https://database.clamav.net/main.cvd
wget --continue https://database.clamav.net/daily.cvd
wget --continue https://database.clamav.net/bytecode.cvd
sudo mv *.cvd /var/lib/clamav/
sudo chown clamav:clamav /var/lib/clamav/*.cvd
sudo -u clamav /usr/bin/freshclam --show-progress --foreground=true

Then scan the files. In case you have a bunch of them (like an old disk), and would like to run the scan overnight, maybe you want to enable logging to a file with:

sudo clamscan \
  -l clamav.log \
  -i -r \
  --move=/INFECTED/FILES/GO/HERE \
  /path/to/folder

which scans all files from /path/to/folder recursively (-r), writes the results to a log file (-l clamav.log), moves the infected files to --move=/INFECTED/FILES/GO/HERE.