Scan your Linux machine for viruses with ClamTk
What do you mean - "scan your Linux machine for viruses"? Linux is immune to viruses right? Well...mostly. Even though a proof of concept virus has been discussed, and nothing has actually made it into the wild...you still have email on your system. Some of that email could easily make its way (by way of forward for example) to another, non-Linux, machine. Because of that alone you should employ a virus scanner on ALL of your machines (Linux, Mac, Windows...)
For Linux, ClamAV is one of the best virus scanners. And not only is ClamAV one of the best, it also has a great front-end for users who prefer to not have to deal with command line tools. That front-end? ClamTk. In this article you will learn how to install and use ClamTk to keep your Linux box virus free. Your friends and co-workers might thank you in the end.
Installation
First and foremost, ClamAV is required (You can read more about ClamAV in my article "Add antivirus to Postfix with ClamAV") so you will need to have that installed and updated (might even be wise to make sure ClamAV is the latest version and run the freshclam command to update your virus signatures before you begin the installation of ClamTk).
If you're unsure how to update ClamAV you can do so fairly easily. Let me show you how to update ClamAV in Debian. Follow these steps:
- Open up a terminal window.
- Gain super-user access (either with the su command or using sudo - depending upon how you use/administer your system).
- Open up the /etc/apt/sources.list file in your favorite editor.
- Add the line deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free to the bottom of the file.
- Save and close the sources.list file.
- Issue the command apt-get update.
- Issue the command apt-get install clamav clamav-base clam-freshclam.
Your ClamAV should be up to date. Now let's install ClamTk.
From the same terminal window, issue the command apt-get install clamtk which will install the latest version of ClamTk. You are ready to scan.
Using ClamTk
To open the ClamTk window (see Figure 1) you can either click Applications > System Tools > Virus Scanner or from either the run dialog (<Alt>F2) or a terminal window issue the command clamtk. One of the first things you should do is click Help > Update Signatures which effectively runs the freshclam command.
You can take care of scanning a few different ways:
- Click Home button (the Home icon) to do a quick scan of your ~/ directory.
- Click the Binoculars icon to scan a single file.
- Click the magnifying glass to scan a directory.
- Click Scan > Recursive Scan to scan a parent directory and it's children.
- Click Scan > Home (thorough) to do a more thorough scan of your home directory.
Since I use Claws Mail, I would want to do a recursive scan on the ~/Mail directory. I will warn you, a thorough, recursive scan can be somewhat resource intensive. So if you need to do this type of scan, you might want to do it when you're not busy, otherwise your machine might become a bit less responsive.
Final thoughts
I am happy to say that I have yet to come across an infected file on any of my Linux machines. Does that mean I will stop scanning? No. I get a ton of email, and I prefer to do my part to ensure that no email that might leave my inbox (especially forwards) contains a virus. You should do this as well, even when Linux is your main operating system.
Infecting their friends computers is something that not alot of ‘average’ PC users think about. We’re all so worried about protecting our own, that we never even consider the people we send emails and files too.
Martin,
What is the best virus scanner for windows xp and windows 7?
Does this ClamAV or its developers have any connections with ClamWin?
Hi,
Maybe it is true that Linux is immuned against viruses but much more true is that no linux user could afford hosting viruses, no matter whether or not it is a server, a working desktop or home computer.
Hosting and letting viruses to be distributed on your computer is non-professional and non-ethical from any point of view.
I have two flavours of Ubuntu on my laptop and use one to scan the other with ClamTK. I haven’t found any viruses after three years, but it’s still prudent to assume that it will happen someday.
HI, I tried calmTK and got this message after scanning some folders “Found 105 possible threats (122510 files scanned)”. Any advise? thanks
Windows files–clam isn’t very good with them: It’s intended for Linux–although a windows version is available. Your windows file partition(s) were unencrypted before the scan–thus, clam dutifully attempted to process them, too. It certainly takes far longer too. Common prob. I suppose that one may tediously check every file which was flagged–as you know, clam may then submit them to the AV security company community for their “opinions” on your “PUAs.”
Well, windows is a much bigger target: So, hackers write for that. I read something not long ago which indicated that Linux is used by about 2% of users. Windows malware can’t likely read Linux file systems–it’s too much trouble, so far.
Once clamtk/av caught something which was considered by one AV security company as a unix virus. That certainly caught my attention, given that Linux is based upon that. I wouldn’t panic, yet I’d keep an eye on your files by checking occasionally.