From LinuxReviews
Jump to navigationJump to search
Clam AntiVirus
ClamAV reporting that it failed to find any virus.
ClamAV reporting that it failed to find any virus.
Developer(s)Cisco Systems
Written inC, C++
TypeAntivirus software
LicenseGNU GPL v2

ClamAV is a free GPL-licensed anti-virus solution for GNU/Linux, *BSD, Windows and macOS. It has a command-line utility that lets you scan for viruses, a on-access scanner daemon called clamonacc and a virus-database update daemon called freshclam.

The Database

ClamAV comes with a handy tool for updating virus signatures called freshclam. It can be ran manually or regularly using either a cron job or a systemd service. Distributions using systemd ship ClamAV with a clamav-freshclam.service which can be used to run freshclam regularly.

The actual virus signature databases are stored in /var/lib/clamav/.

Finding The Virus

The clamscan program is used to locate the virus. It can take a single file or a folder, or multiple files and/or folders, as arguments. The -r option is needed to recursively scan directories. You will also likely want -i because clamscan will, by default, print list of every file scanned with a OK or Infected next to it and not print the names of infected files in the report it generates. You will only get something like this if a virus is found:

----------- SCAN SUMMARY -----------
Known viruses: 8519188
Engine version: 0.103.2
Scanned directories: 1
Scanned files: 359
Infected files: 2

You will be able to see what files are infected with the virus if you run clamscan -i so it only prints the files that have the virus when it scans.

ClamAV - 2 virus found.jpg
clamscan -r -i reporting that it found two viruses lurking in a folder full of cheats for old MS-DOS games.

Most of the virus signatures in its database are for Windows viruses. Some are for the now very old MS-DOS viruses. There are only a few signatures for Linux-native viruses in the ClamAV database.

It should be noted that ClamAV relies entirely on signature files for known viruses, it will not find or detect a brand new, to it unknown, virus.

ClamAV should be a basic building block in any production mail setup; it is designed to work well with all the commonly used mail filters.


clamonacc, ClamAV On Access, is a Linux-only system daemon that can be used to scan files in real-time as they are accessed. It can be enabled on distributions using systemd using the clamonacc.service service file.


Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.