How to Install ClamAV on Ubuntu 24.04

Choose a different version or distribution

Introduction

Before we begin talking about how to install ClamAV on Ubuntu 24.04, let's briefly understand – What is ClamAV?

ClamAV is an open-source antivirus software designed to protect computers against various malware threats. It is an efficient tool to scan files, emails, and servers for potential viruses and malware, ensuring the security of your system.

ClamAV's real-time scanning capability and regular updates make it a reliable choice for safeguarding your computer from malicious software.

In this tutorial, you will install ClamAV on Ubuntu 24.04. We will also address a few FAQs on how to install ClamAV on Ubuntu 24.04.

Advantages of ClamAV

  1. Open Source: ClamAV is freely available and open-source software, making it accessible to all users.
  2. Effective Detection: It efficiently detects and removes various types of malware, including viruses, trojans, and other threats.
  3. Regular Updates: ClamAV receives frequent virus definitions updates, enhancing its ability to detect new threats.
  4. Customizable Scanning: Users can customize scan settings, allowing them to scan specific files, directories, or entire systems as needed.
  5. Low Resource Usage: It is lightweight and consumes minimal system resources, ensuring optimal performance even during scans.

ClamAV Antivirus

First, install and update the latest signatures. On Ubuntu, open a terminal and run the following command:

sudo apt install clamav

You can also build ClamAV from source for improved scanning performance. To update the signatures, enter the following command in a terminal session and press Enter.

sudo freshclam

We’re now ready to scan our system. Use the clamscan command for this task. Since clamscan supports various parameters, let's explore its options,

clamscan –-help

Scan Files for Viruses with ClamAV

The demonstration involves scanning the "Downloads" folder located in the home directory, with the output set to show only infected files and alert with a bell sound if any are found.

clamscan -r --bell -i /home/bill/Downloads

To scan the entire system (which may take some time) and remove all infected files,

clamscan -r --remove /

Removing infected files can sometimes lead to additional problems or system issues. It is advisable to review the output first and take manual action as needed. Alternatively, you can use the --move=/home/bill/my_virus_collection parameter to move infected files to a specified directory (e.g., /home/bill/my_virus_collection).

ClamTK - a GUI for ClamAV

If managing the console seems overwhelming, you can install an additional package called clamtk, which provides a GTK-2 GUI for ClamAV.

sudo apt install clamtk

In the ClamTK top panel options menu, you can select directories or files to scan, specify whitelisted directories, and manage quarantined files. You can also choose to perform quick or recursive scans and check devices like USB sticks.

ClamTK’s scheduler enables easy setup of scheduled scans and antivirus signature database updates (it’s advisable to set up the latter before the former). Additionally, if you encounter a file falsely flagged as a threat, you can submit it for further analysis to the ClamAV team directly from the ClamTK interface.

FAQs to Install ClamAV on Ubuntu 24.04

What is the difference between clamav and clamav-daemon?

clamav is the command-line scanner, while clamav-daemon runs in the background for continuous updates and scanning.

What is the command to scan and move infected files?

Use: clamscan --move=/path/to/quarantine /path/to/directory.

How do I remove infected files? 

Use: clamscan --remove /path/to/directory.

Where are the ClamAV configuration files located?

The main ClamAV configuration files are located in /etc/clamav/:

  • clamd.conf - configuration for the clamd daemon
  • freshclam.conf - configuration for the freshclam signature updater

How do I view ClamAV logs?

To view ClamAV logs:

  • For clamd logs, check /var/log/clamav/clamav.log
  • For freshclam logs, check /var/log/clamav/freshclam.log

You can use commands like tail or less to view the logs.

Why does ClamAV report false positives?

ClamAV may sometimes report false positives due to:

  • Limitations in the virus signature database
  • Heuristic scanning detecting benign files as suspicious
  • Outdated virus definitions

To reduce false positives, keep ClamAV updated and consider whitelisting known-safe files.

What file formats does ClamAV support? 

ClamAV supports a wide range of file formats including executables, archives, and documents.

Conclusion

We hope this detailed guide helped you to install ClamAV on Ubuntu 24.04.

If you have any queries, please leave a comment below, and we’ll be happy to respond to them for sure.