How ToLinuxSecurityUbuntuUbuntu 20.04

Ubuntu How To: Install ClamAV (Desktops and Servers)

ClamAV Install + Configuration Walkthrough (July 2020 - Ubuntu 20.04)

ClamAV is a FOSS anti-virus product, and while it doesn’t offer features we’re all used to now such as real-time scanning we’ll walk you through the process of configuring a cronjob to scan on a regular basis. Premium AV is still our recommendation if you want advanced security, but ClamAV is sufficient for most use cases as base-line protection. In this guide we’ll be using a desktop install of Ubuntu, but headless server installs can use it too – just skip the step about the GUI.

Install Updates

First and foremost, run an update check on Ubuntu to see if there’s any updates and install them with:

sudo apt update && sudo apt upgrade -y

Install ClamAV

Once you’ve installed updates, run the command below to install ClamAV:

sudo apt install clamav clamav-daemon clamdscan

We’re installing the 3 things below and running a definition update:

  1. ClamAV
  2. ClamAV’s daemon
  3. clamdscan, the daemon version of clamscan uses virus definitions heled in-memory by the ClamAV daemon resulting in much quicker scans.

Install ClamAV Definition Updates + run your first scan

Run a definition update with:

sudo freshclam

You’ll likely be given a warning about ClamAV being a version or two out of date, this is OK to ignore. When the ClamAV project releases updates, it takes time for the maintainers for your repo of choice to push the changes out. 

[email protected]:~$ sudo freshclam
Sun Jul 26 13:58:55 2020 -> ClamAV update process started at Sun Jul 26 13:58:55 2020
Sun Jul 26 13:58:55 2020 -> ^Your ClamAV installation is OUTDATED!
Sun Jul 26 13:58:55 2020 -> ^Local version: 0.102.3 Recommended version: 0.102.4
Sun Jul 26 13:58:55 2020 -> DON'T PANIC! Read
Sun Jul 26 13:58:55 2020 -> daily.cvd database is up to date (version: 25884, sigs: 3663341, f-level: 63, builder: raynman)
Sun Jul 26 13:58:55 2020 -> main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Sun Jul 26 13:58:55 2020 -> bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
[email protected]:~$

Run your first scan with the command below.

sudo clamdscan --fdpass --multiscan /

A breakdown of this command:
sudo: run as administrator
clamdscan: the scanning utility
–fdpass: passes the file descriptor permissions to clamd
–multiscan: uses multiple threads
/: sets the scan directory to / (root of the drive)

Configure Auto-Scans and Auto-Definition Updates

Once it’s all installed, we can edit the crontab file to schedule cronjobs for auto-scanning and auto-updates for ClamAV’s definition files. We’re going to use the root user’s crontab. Note: if you are using a desktop and want to use a GUI to schedule updates and scans, skip this step.

Open crontab with:

sudo crontab -e

Note: on first run of crontab, you may be asked which text editor to use. We use /bin/nano.

Add the following to your crontab file to run a definition update at 00:00 every day, and a scan at 00:05 every day:

0 0 * * * /usr/bin/sudo /usr/bin/freshclam
0 5 * * * /usr/bin/sudo /usr/bin/clamdscan --fdpass --multiscan /

Save changes and exit.

Install the ClamTk GUI (Optional)

To install the GUI, run the command below:

sudo apt install clamtk

You can use the ClamTk GUI to schedule updates and scans with the Schedule option:

Related Articles

Back to top button