How to install ClamAV with Clamtk UI in GNU/Linux

Mike Turcotte-McCusker
May 2, 2017
Updated • May 2, 2017

It’s common knowledge among GNU/Linux users that there is a significantly lower chance of being infected with malware when running GNU/Linux than there is when running Microsoft Windows; however, it would be wrong to say that there is a flat zero chance. Malware does exist, although the odds of you stumbling upon it are low.

I would estimate that probably 95% of desktop GNU/Linux users do not use any kind of antivirus software, and generally speaking you would more than likely be safe in doing so...However, if you are the type to err more on the side of caution, you may want to know how to install something to ease your mind in this regard.

ClamAV is an open-source antivirus and malware application for GNU/Linux as well as other systems including BSD, Solaris, and even Microsoft Windows. Most server administrators will tell you they run ClamAV on their production machines; so why not run it on your home machine too?

Installing ClamAV and Clamtk

Depending on your OS flavour of choice, you can go about installing these packages a couple of different ways. In this article I will give examples on how to install them via Debian/Ubuntu based systems, as well as Arch based systems; if you’re running a distro outside of this range of choices, you may need to change the commands we are going to use to your package manager specific commands, or use your GUI package manager if you have one.

If you prefer to build from source, you can download ClamAV from their homepage here. There are also instructions for other distros such as Gentoo, Fedora and OpenSUSE there as well, as well as Solaris, BSD, and MacOSX.

If you are running a Debian/Ubuntu based distro:

  • sudo apt install clamav clamtk

If you are running an Arch based distro:

  • sudo pacman -S clamav clamtk

Set ClamAV for daily scans, and keep virus definitions updated

The first things we are going to want to do, are make sure that both ClamAV and the updating service freshclam are started, will start automatically.

  • sudo systemctl enable --now freshclamd
  • sudo systemctl enable --now clamd

Once this is done, we want to open Clamtk which typically is found under the Accessories menu of your applications kicker.

From here, click on Settings, and check all of the boxes except the last one.

Next, we want to go to the Update Assistant, and select “I would like to update signatures myself.”

Click Apply, and then go back to the main Clamtk screen and select “Scheduler.”

From here, set the time you wish to automatically scan your PC as well as the time you want to update the definitions each day, and then click the + symbol for each to enable the setting. Your window should say, “A daily scan is scheduled” and “a daily definitions update is scheduled.”

From here we can go back to the main window again, click “updates” and click the “OK” button to update the database manually once just to start things off.

Finally, go back to the main menu and select “Scan a directory.” At this point I would recommend scanning your entire filesystem, but you could just scan your home directory since the vast majority of anything you have downloaded or saved is likely there. I leave that decision up to you. Once you have scanned, the rest is fairly straight forward, and you are done! Good luck!

Closing Words

A special note: ClamAV is sensitive. REALLY sensitive sometimes...Upon my initial scan, I was told I had over 177 potential threats. When I scrolled through the list, I saw that around 60% of the ‘threats’ were nothing more than Firefox cache files (which I clear often anyway) being falsely labelled as a huge and major Linux virus that DOES exist, but unless Ghacks, google, or the office365 websites handed me it; then it was a false positive (which it was, just to be very clear, false positive).

Many of the other false positives, were simply parts of the LibreOffice software suite, being labelled as an HTML exploit that is YEARS old. Through a really quick search, I found that this was again a false positive.

With this being said; don’t assume that just because you got told you have bugs, means you have bugs. Do your research; and make use of the Analysis tool built into Clamtk which will take your results and look up what OTHER virus scanners have said about them...If they all come back blank / clean, you know you are probably fine. As much as false positives are hassle, at least it’s trying right? I’d rather it be overly sensitive, than not sensitive enough!

How to install ClamAV with Clamtk UI in GNU/Linux
Article Name
How to install ClamAV with Clamtk UI in GNU/Linux
Mike walks you through the steps of installing the antivirus solution ClamAV with Clamtk UI on machines running a GNU/Linux flavor.
Ghacks Technlogy News

Previous Post: «
Next Post: «


  1. gambeta said on September 2, 2019 at 3:06 pm

    how come the command to install clamtk under kali linux doesn’t work,
    apt install clmtk, getting error like repository not found..


    1. hello said on January 25, 2020 at 4:23 pm

      go back to windoz!

  2. Jeff Krause said on September 20, 2018 at 9:22 pm

    I’m not a technical Linux user, but I can see behaviors and draw conclusions. My laptop used to freeze more than once daily, requiring hard shutdowns and restarts with loss of data. Upon installing and running clamtk I found many trojans and exploits, all in .cache. I quarantined these and have repeated the scan with similar results several times daily since. I have been doing this for several months now and do not have freezes, except when I forget to run clamtk after a couple of hours of internet use. This actually generates less hassle than all the restarts, since only .cache needs to be scanned. It would be nice if clamtk could be set to run automatically every 2 or 3 hours. Once daily is not enough.

  3. Owl said on May 3, 2017 at 11:19 am

    Clam AV is good. No problems installing from sofware manager. No positives ever, quick scanning time. Happy with it. (Mint).

  4. dark said on May 3, 2017 at 5:41 am

    Or Eset Nod32 AV. https//

  5. dark said on May 3, 2017 at 5:25 am

    Use Sophos AV for Linux instead.

  6. Name said on May 3, 2017 at 2:08 am

    Thanks,I couldn’t get it installed from lubuntu software center:it works with sudo.

  7. mikef90000 said on May 3, 2017 at 1:26 am

    I use clamav to scan my NTFS shared data partitions periodically. The main threats come through browser bugs so keep that up-to-date and never run it from an admin account. The only ‘bugs’ found today are false alarms on a few Windows driver files.

    I’ve found clamtk to be slow and buggy. Right now on Mint 18 it just locks up when I select any function on the GUI :(. Not sure if it will complete, time to punt.

    Running clamscan from the command line just moves right along, use the appropriate options (clamscan –help) for your situation.

    Note to Mike, did you have to install clamav-daemon? The freshclam (signature updater) log complains about a missing clamd.conf:
    Tue May 2 14:34:00 2017 -> Database updated (6282242 signatures) from (IP:
    Tue May 2 14:34:00 2017 -> ERROR: NotifyClamd: Can’t find or parse configuration file /etc/clamav/clamd.conf

    TIA, Mike

    1. dave said on May 4, 2017 at 6:34 am


      > The freshclam (signature updater) log complains about a missing clamd.conf:

      Don’t worry about this. Many users don’t use or need the clam daemon. This is safe to ignore unless you need it for some reason.

  8. Name said on May 3, 2017 at 12:19 am

    Thanks,I couldn’t get it from the software center:I use Lubuntu.It works using sudo.

  9. Robert said on May 2, 2017 at 10:30 pm

    I dual boot Microsoft Windows 10 and Linux Mint 18.1 using Bootit Bare metal. If I mount Microsoft Windows 10 with Linux Mint, will ClamAV be able to scan Windows 10 from Linux Mint? Or is ClamAV Linux version only good for Linux?

  10. Henk van Setten said on May 2, 2017 at 8:56 pm

    Very interesting. Reminds me of back when I used ClamWin on Windows. Will give it a try. But if this really produces a huge number of false positives, that would be a big minus, because double-checking false positives can waste a lot of time… But as said, will give it a try anyway.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.