Clam Antivirus (ClamAV) - Installation and usage


In Debian Jessie 8.3 and 10 I wanted to scan a Windows partition before booting it, to reduce the risks of getting an infected system.

It turned out there was at least one antivirus program supplied in the repositories - Clam Antivirus.

It installs like this:
sudo bash
apt install clamav

If you want a graphical interface:
apt install clamtk

If you want a daemon (clamd) to monitor the system:
apt install clamav-daemon

Updating signatures

Signatures must be updated, and it does it by itself silently directly after install using the freshclam command which also can be run on it's own.

To follow the update process:
tail /var/log/clamav/freshclam.log

However, on Debian 10 it fails to download, because of a too large signature file and too restricted timeout settings.

In /etc/clamav/freshclam.conf set the following parameters to higher than 30 seconds, like the following:
ConnectTimeout 30000
ReceiveTimeout 30000

When the update is done you can scan files.

Scanning files and directories

There are some parameters that are important. You need to specify recursive mode and you need to supply a log file. If not it will only walk the current directory and only tell you a summary at the end of the file list. So:

clamscan -i -l /path/to/desired/logfile.txt -r /what/to/scan/for/viruses/

Explanation of parameters:
--infected            -i             Only print infected files
--log=FILE            -l FILE        Save scan report to FILE
--recursive[=yes/no(*)]  -r          Scan subdirectories recursively

This is a personal note. Last updated: 2021-01-07 16:14:54.


Don't forget to pay my friend a visit too. Joakim