Body
How to install anti-virus protection on your Ubuntu 18.04/20.04/22.04 computer.
Prerequisites: You must have administrator access to your Ubuntu computer.
Linux like all other operating systems can be vulnerable to viruses and Trojans.
It’s not targeted nearly as much by hackers due to its relatively low use in the desktop environment and most installed software is acquired via trusted repositories.
Regardless, viruses can still propagate, especially if you use Samba shares (Windows file share on Linux) or external USB devices that regularly interact with both Linux and Windows.
You could be inadvertently spreading viruses – not to mention some hackers have recently (though not very frequently) started targeting Linux users directly.
CSM does not provide an officially supported anti-virus solution for Linux, but there are a few open source or free options available.
ClamAV is one highly regarded product that this is available at no cost, has a good reputation, and runs well on our campus-supported Ubuntu Linux systems.
ClamAV is an open-source Antivirus solution that has been around for quite a while and is most commonly used in an integrated fashion with mail servers for email scanning.
In 2007, ClamAV was acquired by a company named Sourcefire, who later in 2013 was acquired by Cisco and is now maintained by a division of Cisco named Cisco Talos.
This document outlines how to acquire, install, and use the ClamAV anti-virus application and the ClamTk graphical user interface for ClamAv.
1. Open up a terminal session. If a terminal icon is not located on your Ubuntu launcher bar at the left-hand edge of the Ubuntu desktop, click on the Activities link at the top left-hand corner of the Ubuntu desktop.
Enter Terminal into the search box.
Click on the Terminal icon to launch it.
NOTE: If you'd like to add the Terminal application to your Ubuntu launcher bar, right-click your mouse on the Terminal icon and select Add to Favorites.
2. Execute the command sudo apt install clamav-daemon
You are prompted to enter your password.
NOTE: Ubuntu does not echo any characters to the terminal when you enter your password.
You are prompted to continue.
Enter Y and press the <ENTER> key.
Installation commences and progress is displayed in the Terminal window.
3. Now you will download the initial virus definition databases.
Execute the following three commands:
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/bytecode.cvdcd
After all three files have completed downloading, move them to their final location.
Execute: sudo mv *.cvd /var/lib/clamav
4. Now to enable, then start the clamav-daemon.
The clamav-daemon is the background service that loads the virus database definitions into memory, and handles scanning of files when instructed to do so.
Execute the command: sudo systemctl enable clamav-daemon to enable it.
Execute the command: sudo systemctl start clamav-daemon to launch it.
There is no feedback given when you launch the clamav-daemon process.
To check that it is running properly, execute: sudo systemctl status clamav-daemon
You should see Active: active (running)
ClamAV is now running as a service and configured to automatically update once every hour (Interval can be modified via the freshclam.conf configuration file).
5. ClamAV is now fully functional. Like all good Linux programs, it can be run from the command line. Installing the GUI interface is discussed later in this article.
To scan a particular file, execute the command clamscan [target_file]
To scan a folder, and all of the files and folders contained within the chosen folder, execute clamscan -r [target_folder]
In the example below, we are scanning the OneDrive folder and all of its contents. The -r parameter tells clamscan to scan recursively.
As the scan runs, it echoes the results for each file in the terminal screen. When it is complete, a summary is presented.
The clamscan online manual is available by executing man clamscan
For a quick listing of all of clamscan's command line options execute: clamscan --help
Installing the ClamAV graphical User Interface - ClamTk
1. Click your mouse on the Activities link located at the upper left-hand corner of the Ubuntu 18.04 desktop display.
The search dialog pops open.
Enter software into the search box.
The Ubuntu Software store is one of the items found.
Click your mouse on the Ubuntu Software store icon.
2. The Ubuntu Software store opens.
Click on the search icon, which looks like a magnifying glass, located at the upper right-hand corner of the window.
The search input field will reveal itself.
Enter ClamTk into the search input field, then click on the displayed search result.
Click on the Install button.
When the install is completed, you can launch the ClamAV GUI immediately from the software store.
It can also be found by accessing the system search box under the Activities link at the upper left-hand corner of the Ubuntu desktop.
3. Using ClamTk
The ClamTk interface is very straight-forward. You may note that An update is available is displayed at the bottom of the ClamTk dialog.
As ClamAV is set up to automatically update the virus database every hour, the ability to manually update it via the Updates button in this dialog is disabled.
To scan a file or a folder and its contents, select the appropriate option on the last line of the CamTk dialog.
Then you can browse to the location that you want to scan.
In this example, I am choosing to scan the OneDrive folder and all of its contents.
Scan progress is displayed.
When the scan is complete, the dialog box shows all of the potential threats that ClamAV has found and allows you to decide what action to take.
In the example below, ClamAV has detected the TeamViewer remote control utility as a potential threat. Notice that the Status column identifies it with PUA at the beginning. PUA means Potenitally Unwanted Application. As a utility that allows someone to remotely access the computer, ClamAV is correct to detect it as a threat, but as this is a utility we know and trust, no action is needed.
One can quarantine, delete, or send a file to ClamAV for analysis.
As we intend to take no action, the choice it simply Close.
ClamAV Anti-virus and the CLamTk graphical user interface are now installed and fully configured.
2022.06.28 - Revised - dkearney
2020.10.29 - dkearney