ClamAV is a popular open source anti-virus (AV) scanner available for Windows, macOS, and Unix-based systems. ClamAV can quarantine and delete infected files, emails, websites, and more. ClamAV is also available as a cPanel server plugin.
Below we’ll cover how to install ClamAV, update the signature database, and run common command-line interface (CLI) commands.
How to Install and Use ClamAV
You may have to use sudo before each command if you’re not already logged in as root (e.g. sudo apt-get update).
Installing ClamAV is easy with the Ubuntu APT package.
- Update your package lists:
sudo apt-get update
- Install ClamAV:
sudo apt-get install clamav clamav-daemon -y
After you finish the installation, ensure your ClamAV virus signatures are up to date.
- Stop the ClamAV process:
sudo systemctl stop clamav-freshclam
- Manually update the ClamAV signature database:
sudo freshclam
- Restart the service to update the database in the background:
sudo systemctl start clamav-freshclam
Below are the most common options for using ClamAV clamscan in the terminal.
Scan all files, starting from the current directory:
clamscan -r /
Scan files but only show infected files:
clamscan -r -i /path-to-folder
Scan files but don’t show OK files:
clamscan -r -o /path-to-folder
Scan files and send results of infected files to a results file:
clamscan -r /path-to-folder | grep FOUND >> /path-folder/file.txt
Scan files and move infected files to a different directory:
clamscan -r --move=/path-to-folder /path-to-quarantine-folder
You can also create a cron job to run ClamAV scans automatically.
To learn more about clamscan options, check the manual:
man clamscan
Those running Linux on a local machine with a window manager can also install the ClamTK graphical wrapper.
Looking for other ways to improve your server security posture? See if Sucuri’s web application firewall (WAF) is right for you. Let us know if you have any further questions.
With our Cloud Server Hosting, you can deploy a lightning-fast, reliable cloud platform with built-in redundancy – ensuring the availability of your environment!
I have installed ClamAV via WHM 2 years ago (currently version 104.4). I have setup a cron job in one of my cPanel to remove virus automatically, and it was working well until the last WHM/cPanel updates (current
/usr/local/bin/clamscan -ri –remove /home/domain/mail/domain.com/*/{cur,new}
———– SCAN SUMMARY ———–
Known viruses: 8636877
Engine version: 0.104.4
Scanned directories: 231
Scanned files: 303794
Infected files: 6
Not removed: 6
Data scanned: 241309.90 MB
Data read: 70059.54 MB (ratio 3.44:1)
Time: 32767.406 sec (546 m 7 s)
Start Date: 2022:09:25 23:00:02
End Date: 2022:09:26 08:06:09
a) ERROR: Can’t remove file ‘/home/domain/mail/domain.com/username/cur/1651304147.M62567P219923.server.domain.com,S=14304,W=14559:2,S’
b) LibClamAV Warning: PNG: Unexpected early end-of-file.
Looks like there is a permission problem to allow ClamAV to remove clients infected emails, so, how can I solve this problem?
I recommend contacting our live support team so they can check the permissions for your specific account and help you review any errors that may be occurring.
Very nice article. Clean and concise. Thank you.
Glad it helped!
don’t you need to edit clamd.conf and freshclam.conf?
Hello Borysr – You don’t need to edit the files after you first install it. However, if your configuration requires that you modify these files, then you would make changes to them. There are many options for the Clamd.conf file – it configures the Clam antivirus daemon. You can see the man options here: https://manpages.ubuntu.com/manpages/bionic/man5/clamd.conf.5.html. The freshclam.conf is a configuration file for the updater. You can see more info on it here: https://manpages.ubuntu.com/manpages/bionic/en/man5/freshclam.conf.5.html
Brilliant thanks so much
Happy to help!
Great article on using Clam.
Glad to hear you found it helpful CJ!
I have to say that’s it really resource intensive
That’s a good point – ClamAV does tend to be resource intensive. I spoke to some of our team’s Ubuntu experts, and we recommend that you only run ClamAV scans during periods of low traffic on your server to avoid potential resource usage issues. Hope that helps!
Excellent work. I installed ClamAV on Ubuntu 21.04 – Mate, encountering zero problems. Your work is Complete, Clear, Concise, and Correct! Thank you!
doesn’t work on ubuntu 20
I just tried this on our Ubuntu 20 cloud server with no issues. If you share some info on the issues and errors and you encountered, we’ll do our best to assist.
Thank you