How to install ClamAV with Clamtk UI in GNU/Linux
It’s common knowledge among GNU/Linux users that there is a significantly lower chance of being infected with malware when running GNU/Linux than there is when running Microsoft Windows; however, it would be wrong to say that there is a flat zero chance. Malware does exist, although the odds of you stumbling upon it are low.
I would estimate that probably 95% of desktop GNU/Linux users do not use any kind of antivirus software, and generally speaking you would more than likely be safe in doing so...However, if you are the type to err more on the side of caution, you may want to know how to install something to ease your mind in this regard.
ClamAV is an open-source antivirus and malware application for GNU/Linux as well as other systems including BSD, Solaris, and even Microsoft Windows. Most server administrators will tell you they run ClamAV on their production machines; so why not run it on your home machine too?
Installing ClamAV and Clamtk
Depending on your OS flavour of choice, you can go about installing these packages a couple of different ways. In this article I will give examples on how to install them via Debian/Ubuntu based systems, as well as Arch based systems; if you’re running a distro outside of this range of choices, you may need to change the commands we are going to use to your package manager specific commands, or use your GUI package manager if you have one.
If you prefer to build from source, you can download ClamAV from their homepage here. There are also instructions for other distros such as Gentoo, Fedora and OpenSUSE there as well, as well as Solaris, BSD, and MacOSX.
If you are running a Debian/Ubuntu based distro:
- sudo apt install clamav clamtk
If you are running an Arch based distro:
- sudo pacman -S clamav clamtk
Set ClamAV for daily scans, and keep virus definitions updated
The first things we are going to want to do, are make sure that both ClamAV and the updating service freshclam are started, will start automatically.
- sudo systemctl enable --now freshclamd
- sudo systemctl enable --now clamd
Once this is done, we want to open Clamtk which typically is found under the Accessories menu of your applications kicker.
From here, click on Settings, and check all of the boxes except the last one.
Next, we want to go to the Update Assistant, and select “I would like to update signatures myself.â€
Click Apply, and then go back to the main Clamtk screen and select “Scheduler.â€
From here, set the time you wish to automatically scan your PC as well as the time you want to update the definitions each day, and then click the + symbol for each to enable the setting. Your window should say, “A daily scan is scheduled†and “a daily definitions update is scheduled.â€
From here we can go back to the main window again, click “updates†and click the “OK†button to update the database manually once just to start things off.
Finally, go back to the main menu and select “Scan a directory.†At this point I would recommend scanning your entire filesystem, but you could just scan your home directory since the vast majority of anything you have downloaded or saved is likely there. I leave that decision up to you. Once you have scanned, the rest is fairly straight forward, and you are done! Good luck!
Closing Words
A special note: ClamAV is sensitive. REALLY sensitive sometimes...Upon my initial scan, I was told I had over 177 potential threats. When I scrolled through the list, I saw that around 60% of the ‘threats’ were nothing more than Firefox cache files (which I clear often anyway) being falsely labelled as a huge and major Linux virus that DOES exist, but unless Ghacks, google, or the office365 websites handed me it; then it was a false positive (which it was, just to be very clear, false positive).
Many of the other false positives, were simply parts of the LibreOffice software suite, being labelled as an HTML exploit that is YEARS old. Through a really quick search, I found that this was again a false positive.
With this being said; don’t assume that just because you got told you have bugs, means you have bugs. Do your research; and make use of the Analysis tool built into Clamtk which will take your results and look up what OTHER virus scanners have said about them...If they all come back blank / clean, you know you are probably fine. As much as false positives are hassle, at least it’s trying right? I’d rather it be overly sensitive, than not sensitive enough!
Hi,
how come the command to install clamtk under kali linux doesn’t work,
apt install clmtk, getting error like repository not found..
Thanks.
go back to windoz!
I’m not a technical Linux user, but I can see behaviors and draw conclusions. My laptop used to freeze more than once daily, requiring hard shutdowns and restarts with loss of data. Upon installing and running clamtk I found many trojans and exploits, all in .cache. I quarantined these and have repeated the scan with similar results several times daily since. I have been doing this for several months now and do not have freezes, except when I forget to run clamtk after a couple of hours of internet use. This actually generates less hassle than all the restarts, since only .cache needs to be scanned. It would be nice if clamtk could be set to run automatically every 2 or 3 hours. Once daily is not enough.
Clam AV is good. No problems installing from sofware manager. No positives ever, quick scanning time. Happy with it. (Mint).
Or Eset Nod32 AV. https//www.av-test.org/en/news/news-single-view/linux-16-security-packages-against-windows-and-linux-malware-put-to-the-test/
Use Sophos AV for Linux instead.
Thanks,I couldn’t get it installed from lubuntu software center:it works with sudo.
I use clamav to scan my NTFS shared data partitions periodically. The main threats come through browser bugs so keep that up-to-date and never run it from an admin account. The only ‘bugs’ found today are false alarms on a few Windows driver files.
I’ve found clamtk to be slow and buggy. Right now on Mint 18 it just locks up when I select any function on the GUI :(. Not sure if it will complete, time to punt.
Running clamscan from the command line just moves right along, use the appropriate options (clamscan –help) for your situation.
Note to Mike, did you have to install clamav-daemon? The freshclam (signature updater) log complains about a missing clamd.conf:
Tue May 2 14:34:00 2017 -> Database updated (6282242 signatures) from db.local.clamav.net (IP: 194.8.197.22)
Tue May 2 14:34:00 2017 -> ERROR: NotifyClamd: Can’t find or parse configuration file /etc/clamav/clamd.conf
TIA, Mike
Mike,
> The freshclam (signature updater) log complains about a missing clamd.conf:
Don’t worry about this. Many users don’t use or need the clam daemon. This is safe to ignore unless you need it for some reason.
Thanks,I couldn’t get it from the software center:I use Lubuntu.It works using sudo.
I dual boot Microsoft Windows 10 and Linux Mint 18.1 using Bootit Bare metal. If I mount Microsoft Windows 10 with Linux Mint, will ClamAV be able to scan Windows 10 from Linux Mint? Or is ClamAV Linux version only good for Linux?
Very interesting. Reminds me of back when I used ClamWin on Windows. Will give it a try. But if this really produces a huge number of false positives, that would be a big minus, because double-checking false positives can waste a lot of time… But as said, will give it a try anyway.