How To Install ClamAV On Ubuntu 22.04 LTS Operating System

How To Install ClamAV On Ubuntu 22.04 LTS Operating System

ClamAV (Clam AntiVirus) is an open-source antivirus software toolkit designed especially for Unix-based systems such as Linux, MacOS, and BSD. It provides several features like command-line scanner, automatic database updates, built-in support for various archive formats, and more. In this short tutorial we will learn how to install ClamAV on Ubuntu 22.04 LTS operating system.

Introduction

ClamAV is primarily used to scan files and directories for malware and viruses. It uses signature-based detection and heuristics analysis to identify and remove any known or unknown threats. Additionally, ClamAV can be integrated into various mail servers, web servers, and file servers to provide real-time scanning of incoming and outgoing data.

ClamAV comes with an extensive virus database that is regularly updated to ensure maximum protection against the latest threats. The software also has a quarantine feature, which isolates infected files and prevents them from causing further damage to the system. One of the main advantages of ClamAV is its open-source nature, which allows anyone to contribute to its development and improvement. The software is licensed under the GNU General Public License, which means it can be used, modified, and distributed freely.

ClamAV Installation On Ubuntu 22.04 LTS

Prerequisites

This guidance targets a person who want to try installing ClamAV, anti virus on non Windows environment. However, as a beginner, you should be familiar with some Linux command lines that will be used. Before we proceed to the installation process, there are several prerequisites that must be met, namely:

  • Updated Ubuntu 20.04 Server.
  • Non-root user with sudo access.
  • Sufficient disk space to accommodate files and installation
  • Good network connection to download source files

In this tutorial, we have prepared an VM with the following properties :

ramans@dev01:~$ hostnamectl
Static hostname: dev01.bckinfo.com
Icon name: computer-vm
Chassis: vm
Machine ID: c05bdac4b09048309a26b6024adee484
Boot ID: 4b08ef7999e140ed839eaab355a64baa
Virtualization: vmware
Operating System: Ubuntu 22.04.2 LTS 
Kernel: Linux 6.0.0-060000-generic
Architecture: x86-64
Hardware Vendor: VMware, Inc.
Hardware Model: VMware Virtual Platform

The ClamAV installation will consist of several stages as mentioned below.

  1. Update Ubuntu System
  2. Installing ClamAV
  3. Updating the ClamAV Signature Database
  4. Using ClamAV to scan

The details of installation will be detail discussed below.

1. Update Ubuntu System

The first step of ClamAV installation is to update local packages software. This task will cut down the installation time and it also helps prevent zero-day exploits against outdated software, we will use command line :

$ sudo apt update
$ sudo apt upgrade

Output :

ramans@dev01:~$ sudo apt update
Hit:1 http://id.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB] 
Hit:3 http://id.archive.ubuntu.com/ubuntu jammy-updates InRelease 
Get:4 https://apt.grafana.com stable InRelease [5.984 B] 
Ign:5 http://download.webmin.com/download/repository sarge InRelease 
Hit:6 http://id.archive.ubuntu.com/ubuntu jammy-backports InRelease 
Ign:7 https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 InRelease 
Hit:8 http://download.webmin.com/download/repository sarge Release
ramans@dev01:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
libllvm13 linux-headers-5.15.0-53 linux-headers-5.15.0-53-generic linux-image-5.15.0-53-generic
linux-modules-5.15.0-53-generic linux-modules-extra-5.15.0-53-generic
Use 'sudo apt autoremove' to remove them.
Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
python2.7-minimal libopenexr25 libpython2.7 python2.7 libpython2.7-minimal
libpython2.7-stdlib
Learn more about Ubuntu Pro at https://ubuntu.com/pro
The following packages have been kept back:
gnome-remote-desktop grub-efi-amd64-bin grub-efi-amd64-signed mongodb-mongosh mongodb-org mongodb-org-database
mongodb-org-mongos mongodb-org-server mongodb-org-tools python3-software-properties shim-signed
software-properties-common software-properties-gtk
0 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.

2. Installing ClamAV

The ClamAV packages are available in the default repositories. To install ClamAV we will use the following command line :

$ sudo apt install clamav clamav-daemon

Output :

ramans@dev01:~$ sudo apt install clamav clamav-daemon
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
libllvm13 linux-headers-5.15.0-53 linux-headers-5.15.0-53-generic linux-image-5.15.0-53-generic
linux-modules-5.15.0-53-generic linux-modules-extra-5.15.0-53-generic
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
clamav-base clamav-freshclam clamdscan libclamav9 libtfm1
Suggested packages:
libclamunrar clamav-docs daemon libclamunrar9
The following NEW packages will be installed:
clamav clamav-base clamav-daemon clamav-freshclam clamdscan libclamav9 libtfm1
0 upgraded, 7 newly installed, 0 to remove and 13 not upgraded.
Need to get 1.497 kB of archives.
After this operation, 5.135 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 clamav-base all 0.103.6+dfsg-0ubuntu0.22.04.1 [78,8 kB]
Get:2 http://id.archive.ubuntu.com/ubuntu jammy/main amd64 libtfm1 amd64 0.13-4build2 [65,9 kB]
Get:3 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libclamav9 amd64 0.103.6+dfsg-0ubuntu0.22.04.1 [879 kB]
Get:4 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 clamav-freshclam amd64 0.103.6+dfsg-0ubuntu0.22.04.1 [70,6 kB]
Get:5 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 clamav amd64 0.103.6+dfsg-0ubuntu0.22.04.1 [134 kB]
Get:6 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 clamav-daemon amd64 0.103.6+dfsg-0ubuntu0.22.04.1 [217 kB]
Get:7 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 clamdscan amd64 0.103.6+dfsg-0ubuntu0.22.04.1 [51,2 kB]
Fetched 1.497 kB in 1s (1.712 kB/s)
Preconfiguring packages ...
Selecting previously unselected package clamav-base.
(Reading database ... 346264 files and directories currently installed.)
Preparing to unpack .../0-clamav-base_0.103.6+dfsg-0ubuntu0.22.04.1_all.deb ...
Unpacking clamav-base (0.103.6+dfsg-0ubuntu0.22.04.1) ...
Selecting previously unselected package libtfm1:amd64.
Preparing to unpack .../1-libtfm1_0.13-4build2_amd64.deb ...
Unpacking libtfm1:amd64 (0.13-4build2) ...
Selecting previously unselected package libclamav9:amd64.
Preparing to unpack .../2-libclamav9_0.103.6+dfsg-0ubuntu0.22.04.1_amd64.deb ...
Unpacking libclamav9:amd64 (0.103.6+dfsg-0ubuntu0.22.04.1) ...
Selecting previously unselected package clamav-freshclam.
Preparing to unpack .../3-clamav-freshclam_0.103.6+dfsg-0ubuntu0.22.04.1_amd64.deb ...
Unpacking clamav-freshclam (0.103.6+dfsg-0ubuntu0.22.04.1) ...
Selecting previously unselected package clamav.
Preparing to unpack .../4-clamav_0.103.6+dfsg-0ubuntu0.22.04.1_amd64.deb ...
Unpacking clamav (0.103.6+dfsg-0ubuntu0.22.04.1) ...
Selecting previously unselected package clamav-daemon.
Preparing to unpack .../5-clamav-daemon_0.103.6+dfsg-0ubuntu0.22.04.1_amd64.deb ...
Unpacking clamav-daemon (0.103.6+dfsg-0ubuntu0.22.04.1) ...
Selecting previously unselected package clamdscan.
Preparing to unpack .../6-clamdscan_0.103.6+dfsg-0ubuntu0.22.04.1_amd64.deb ...
Unpacking clamdscan (0.103.6+dfsg-0ubuntu0.22.04.1) ...#######.............................................................] 
Setting up libtfm1:amd64 (0.13-4build2) ...
Setting up libclamav9:amd64 (0.103.6+dfsg-0ubuntu0.22.04.1) ...############................................................] 
Setting up clamav-base (0.103.6+dfsg-0ubuntu0.22.04.1) ...
id: ‘clamav’: no such user
Setting up clamav-freshclam (0.103.6+dfsg-0ubuntu0.22.04.1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service → /lib/systemd/system/clamav-freshclam.service.
Setting up clamdscan (0.103.6+dfsg-0ubuntu0.22.04.1) ...
Setting up clamav-daemon (0.103.6+dfsg-0ubuntu0.22.04.1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/clamav-daemon.service → /lib/systemd/system/clamav-daemon.service.
Setting up clamav (0.103.6+dfsg-0ubuntu0.22.04.1) ...
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...

Whne the installation was completed done, then we will verify it by checking its version, by submitting command line :

$ clamscan --version

Output :

ramans@dev01:~$ clamscan --version
ClamAV 0.103.6/26823/Sat Feb 25 15:25:11 2023

The clamAV service will automatically startup after the installation is complete. We can check it with the command line:

$ sudo systemctl status clamav-freshclam

Output :

● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2023-02-26 07:52:42 WIB; 3min 31s ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://docs.clamav.net/
Main PID: 6612 (freshclam)
Tasks: 1 (limit: 9408)
Memory: 231.3M
CPU: 32.547s
CGroup: /system.slice/clamav-freshclam.service
└─6612 /usr/bin/freshclam -d --foreground=true

Feb 26 07:53:27 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:53:27 2023 -> daily.cvd updated (version: 2682>
Feb 26 07:53:27 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:53:27 2023 -> main database available for down>
Feb 26 07:54:43 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:43 2023 -> Testing database: '/var/lib/clam>
Feb 26 07:54:52 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:52 2023 -> Database test passed.
Feb 26 07:54:52 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:52 2023 -> main.cvd updated (version: 62, s>
Feb 26 07:54:52 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:52 2023 -> bytecode database available for >
Feb 26 07:54:52 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:52 2023 -> Testing database: '/var/lib/clam>
Feb 26 07:54:53 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:53 2023 -> Database test passed.
Feb 26 07:54:53 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:53 2023 -> bytecode.cvd updated (version: 3>

3. Updating the ClamAV Signature Database

ClamAV is using a siganture database to update their internal information which is updated in daily basis. In this step, we will update our ClamAV as first time installation. To update ClamAV signature database, there will be consist of several steps as mentioned below :

  • Stop freshclam service
  • Update the signature database
  •  Start freshclam service

A complete explanation for updating the signature database will be discussed below.

1. Stop freshclam Service

To update ClamAV signature database, we have to stop freshcalm service, by submitting command line :

$ sudo systemctl stop clamav-freshclam

2. Update the signature database

Then, we will update the signature database by submitting command line :

$ sudo freshclam

3. Start freshclam service

After updating signature database, then we will start up the freshclam service agian, by submitting command line :

$ sudo systemctl start clamav-freshclam

Output :
ramans@dev01:~$ sudo freshclam
Mon Feb 27 20:36:22 2023 -> ClamAV update process started at Mon Feb 27 20:36:22 2023
Mon Feb 27 20:36:22 2023 -> ^Your ClamAV installation is OUTDATED!
Mon Feb 27 20:36:22 2023 -> ^Local version: 0.103.6 Recommended version: 0.103.8
Mon Feb 27 20:36:22 2023 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
Mon Feb 27 20:36:22 2023 -> daily.cld database is up-to-date (version: 26825, sigs: 2021909, f-level: 90, builder: raynman)
Mon Feb 27 20:36:22 2023 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Mon Feb 27 20:36:22 2023 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

we can also update the ClamAV signature database manually. By downloading signature database file by using command line :

$ curl -LO https://database.clamav.net/daily.cvd

Output :

ramans@dev01:~$ curl -LO https://database.clamav.net/daily.cvd
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 16 100 16 0 0 23 0 --:--:-- --:--:-- --:--:-- 23

then move the file to the ClamAV base directory and start the ClamAV service again.

3. Using ClamAV

At this section, we will try to use ClamAV to scan the system. In this scenario we will scan the /home/ramans directory, to examine if the directory was safe or not. We will do the following command line :

$ clamscan --infected --remove /home/ramans

Output :

ramans@dev01:~$ clamscan --infected --remove /home/ramans

----------- SCAN SUMMARY -----------
Known viruses: 8653737
Engine version: 0.103.6
Scanned directories: 1
Scanned files: 19
Infected files: 0
Data scanned: 40.06 MB
Data read: 189.13 MB (ratio 0.21:1)
Time: 28.621 sec (0 m 28 s)
Start Date: 2023:02:26 08:22:00
End Date: 2023:02:26pera 08:22:28

using ClamAV on Ubuntu 22.04

Conclusion

In this tutorial we have learned how to install ClamAV on Ubuntu 22.04 LTS operating system. Also we have tried to update ClamAV signature database.  Then we have tried to scan the /home/ramans directory. I hope this short tutorial will be helpfu.

(Visited 115 times, 1 visits today)

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *