How to Install ClamAV on Ubuntu

How to Install ClamAV on Ubuntu

ClamAV is a popular open source anti-virus (AV) scanner available for Windows, macOS, and Unix-based systems. ClamAV can quarantine and delete infected files, emails, websites, and more. ClamAV is also available as a cPanel server plugin.

Below we’ll cover how to install ClamAV, update the signature database, and run common command-line interface (CLI) commands.

How to Install and Use ClamAV

You may have to use sudo before each command if you’re not already logged in as root (e.g. sudo apt-get update).

Installing ClamAV is easy with the Ubuntu APT package.

  1. Update your package lists:
    sudo apt-get update
  2. Install ClamAV:
    sudo apt-get install clamav clamav-daemon -y

After you finish the installation, ensure your ClamAV virus signatures are up to date.

  1. Stop the ClamAV process:
    sudo systemctl stop clamav-freshclam
  2. Manually update the ClamAV signature database:
    sudo freshclam
  3. Restart the service to update the database in the background:
    sudo systemctl start clamav-freshclam

Below are the most common options for using ClamAV clamscan in the terminal.

Scan all files, starting from the current directory:

clamscan -r /

Scan files but only show infected files:

clamscan -r -i /path-to-folder

Scan files but don’t show OK files:

clamscan -r -o /path-to-folder

Scan files and send results of infected files to a results file:

clamscan -r /path-to-folder | grep FOUND >> /path-folder/file.txt

Scan files and move infected files to a different directory:

clamscan -r --move=/path-to-folder /path-to-quarantine-folder

You can also create a cron job to run ClamAV scans automatically.

To learn more about clamscan options, check the manual:

man clamscan

Those running Linux on a local machine with a window manager can also install the ClamTK graphical wrapper.

Looking for other ways to improve your server security posture? See if Sucuri’s web application firewall (WAF) is right for you. Let us know if you have any further questions.

With our Cloud Server Hosting, you can deploy a lightning-fast, reliable cloud platform with built-in redundancy – ensuring the availability of your environment!

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

16 thoughts on “How to Install ClamAV on Ubuntu

  1. I have installed ClamAV via WHM 2 years ago (currently version 104.4). I have setup a cron job in one of my cPanel to remove virus automatically, and it was working well until the last WHM/cPanel updates (current

    /usr/local/bin/clamscan -ri –remove /home/domain/mail/domain.com/*/{cur,new}

    ———– SCAN SUMMARY ———–
    Known viruses: 8636877
    Engine version: 0.104.4
    Scanned directories: 231
    Scanned files: 303794
    Infected files: 6
    Not removed: 6
    Data scanned: 241309.90 MB
    Data read: 70059.54 MB (ratio 3.44:1)
    Time: 32767.406 sec (546 m 7 s)
    Start Date: 2022:09:25 23:00:02
    End Date: 2022:09:26 08:06:09

    a) ERROR: Can’t remove file ‘/home/domain/mail/domain.com/username/cur/1651304147.M62567P219923.server.domain.com,S=14304,W=14559:2,S’
    b) LibClamAV Warning: PNG: Unexpected early end-of-file.

    Looks like there is a permission problem to allow ClamAV to remove clients infected emails, so, how can I solve this problem?

    1. Hello Borysr – You don’t need to edit the files after you first install it. However, if your configuration requires that you modify these files, then you would make changes to them. There are many options for the Clamd.conf file – it configures the Clam antivirus daemon. You can see the man options here: https://manpages.ubuntu.com/manpages/bionic/man5/clamd.conf.5.html. The freshclam.conf is a configuration file for the updater. You can see more info on it here: https://manpages.ubuntu.com/manpages/bionic/en/man5/freshclam.conf.5.html

    1. That’s a good point – ClamAV does tend to be resource intensive. I spoke to some of our team’s Ubuntu experts, and we recommend that you only run ClamAV scans during periods of low traffic on your server to avoid potential resource usage issues. Hope that helps!

  2. Excellent work. I installed ClamAV on Ubuntu 21.04 – Mate, encountering zero problems. Your work is Complete, Clear, Concise, and Correct! Thank you!

    1. I just tried this on our Ubuntu 20 cloud server with no issues. If you share some info on the issues and errors and you encountered, we’ll do our best to assist.

Was this article helpful? Join the conversation!