ClamAV (Clam AntiVirus) is an open-source antivirus software toolkit designed especially for Unix-based systems such as Linux, MacOS, and BSD. It provides several features like command-line scanner, automatic database updates, built-in support for various archive formats, and more. In this short tutorial we will learn how to install ClamAV on Ubuntu 22.04 LTS operating system.
Introduction
ClamAV is primarily used to scan files and directories for malware and viruses. It uses signature-based detection and heuristics analysis to identify and remove any known or unknown threats. Additionally, ClamAV can be integrated into various mail servers, web servers, and file servers to provide real-time scanning of incoming and outgoing data.
ClamAV comes with an extensive virus database that is regularly updated to ensure maximum protection against the latest threats. The software also has a quarantine feature, which isolates infected files and prevents them from causing further damage to the system. One of the main advantages of ClamAV is its open-source nature, which allows anyone to contribute to its development and improvement. The software is licensed under the GNU General Public License, which means it can be used, modified, and distributed freely.
ClamAV Installation On Ubuntu 22.04 LTS
Prerequisites
This guidance targets a person who want to try installing ClamAV, anti virus on non Windows environment. However, as a beginner, you should be familiar with some Linux command lines that will be used. Before we proceed to the installation process, there are several prerequisites that must be met, namely:
- Updated Ubuntu 20.04 Server.
- Non-root user with sudo access.
- Sufficient disk space to accommodate files and installation
- Good network connection to download source files
In this tutorial, we have prepared an VM with the following properties :
ramans@dev01:~$ hostnamectl Static hostname: dev01.bckinfo.com Icon name: computer-vm Chassis: vm Machine ID: c05bdac4b09048309a26b6024adee484 Boot ID: 4b08ef7999e140ed839eaab355a64baa Virtualization: vmware Operating System: Ubuntu 22.04.2 LTS Kernel: Linux 6.0.0-060000-generic Architecture: x86-64 Hardware Vendor: VMware, Inc. Hardware Model: VMware Virtual Platform
The ClamAV installation will consist of several stages as mentioned below.
- Update Ubuntu System
- Installing ClamAV
- Updating the ClamAV Signature Database
- Using ClamAV to scan
The details of installation will be detail discussed below.
1. Update Ubuntu System
The first step of ClamAV installation is to update local packages software. This task will cut down the installation time and it also helps prevent zero-day exploits against outdated software, we will use command line :
$ sudo apt update $ sudo apt upgrade
Output :
ramans@dev01:~$ sudo apt update Hit:1 http://id.archive.ubuntu.com/ubuntu jammy InRelease Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB] Hit:3 http://id.archive.ubuntu.com/ubuntu jammy-updates InRelease Get:4 https://apt.grafana.com stable InRelease [5.984 B] Ign:5 http://download.webmin.com/download/repository sarge InRelease Hit:6 http://id.archive.ubuntu.com/ubuntu jammy-backports InRelease Ign:7 https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 InRelease Hit:8 http://download.webmin.com/download/repository sarge Release
ramans@dev01:~$ sudo apt upgrade Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: libllvm13 linux-headers-5.15.0-53 linux-headers-5.15.0-53-generic linux-image-5.15.0-53-generic linux-modules-5.15.0-53-generic linux-modules-extra-5.15.0-53-generic Use 'sudo apt autoremove' to remove them. Get more security updates through Ubuntu Pro with 'esm-apps' enabled: python2.7-minimal libopenexr25 libpython2.7 python2.7 libpython2.7-minimal libpython2.7-stdlib Learn more about Ubuntu Pro at https://ubuntu.com/pro The following packages have been kept back: gnome-remote-desktop grub-efi-amd64-bin grub-efi-amd64-signed mongodb-mongosh mongodb-org mongodb-org-database mongodb-org-mongos mongodb-org-server mongodb-org-tools python3-software-properties shim-signed software-properties-common software-properties-gtk 0 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.
2. Installing ClamAV
The ClamAV packages are available in the default repositories. To install ClamAV we will use the following command line :
$ sudo apt install clamav clamav-daemon
Output :
ramans@dev01:~$ sudo apt install clamav clamav-daemon Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: libllvm13 linux-headers-5.15.0-53 linux-headers-5.15.0-53-generic linux-image-5.15.0-53-generic linux-modules-5.15.0-53-generic linux-modules-extra-5.15.0-53-generic Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: clamav-base clamav-freshclam clamdscan libclamav9 libtfm1 Suggested packages: libclamunrar clamav-docs daemon libclamunrar9 The following NEW packages will be installed: clamav clamav-base clamav-daemon clamav-freshclam clamdscan libclamav9 libtfm1 0 upgraded, 7 newly installed, 0 to remove and 13 not upgraded. Need to get 1.497 kB of archives. After this operation, 5.135 kB of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 clamav-base all 0.103.6+dfsg-0ubuntu0.22.04.1 [78,8 kB] Get:2 http://id.archive.ubuntu.com/ubuntu jammy/main amd64 libtfm1 amd64 0.13-4build2 [65,9 kB] Get:3 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libclamav9 amd64 0.103.6+dfsg-0ubuntu0.22.04.1 [879 kB] Get:4 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 clamav-freshclam amd64 0.103.6+dfsg-0ubuntu0.22.04.1 [70,6 kB] Get:5 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 clamav amd64 0.103.6+dfsg-0ubuntu0.22.04.1 [134 kB] Get:6 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 clamav-daemon amd64 0.103.6+dfsg-0ubuntu0.22.04.1 [217 kB] Get:7 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 clamdscan amd64 0.103.6+dfsg-0ubuntu0.22.04.1 [51,2 kB] Fetched 1.497 kB in 1s (1.712 kB/s) Preconfiguring packages ... Selecting previously unselected package clamav-base. (Reading database ... 346264 files and directories currently installed.) Preparing to unpack .../0-clamav-base_0.103.6+dfsg-0ubuntu0.22.04.1_all.deb ... Unpacking clamav-base (0.103.6+dfsg-0ubuntu0.22.04.1) ... Selecting previously unselected package libtfm1:amd64. Preparing to unpack .../1-libtfm1_0.13-4build2_amd64.deb ... Unpacking libtfm1:amd64 (0.13-4build2) ... Selecting previously unselected package libclamav9:amd64. Preparing to unpack .../2-libclamav9_0.103.6+dfsg-0ubuntu0.22.04.1_amd64.deb ... Unpacking libclamav9:amd64 (0.103.6+dfsg-0ubuntu0.22.04.1) ... Selecting previously unselected package clamav-freshclam. Preparing to unpack .../3-clamav-freshclam_0.103.6+dfsg-0ubuntu0.22.04.1_amd64.deb ... Unpacking clamav-freshclam (0.103.6+dfsg-0ubuntu0.22.04.1) ... Selecting previously unselected package clamav. Preparing to unpack .../4-clamav_0.103.6+dfsg-0ubuntu0.22.04.1_amd64.deb ... Unpacking clamav (0.103.6+dfsg-0ubuntu0.22.04.1) ... Selecting previously unselected package clamav-daemon. Preparing to unpack .../5-clamav-daemon_0.103.6+dfsg-0ubuntu0.22.04.1_amd64.deb ... Unpacking clamav-daemon (0.103.6+dfsg-0ubuntu0.22.04.1) ... Selecting previously unselected package clamdscan. Preparing to unpack .../6-clamdscan_0.103.6+dfsg-0ubuntu0.22.04.1_amd64.deb ... Unpacking clamdscan (0.103.6+dfsg-0ubuntu0.22.04.1) ...#######.............................................................] Setting up libtfm1:amd64 (0.13-4build2) ... Setting up libclamav9:amd64 (0.103.6+dfsg-0ubuntu0.22.04.1) ...############................................................] Setting up clamav-base (0.103.6+dfsg-0ubuntu0.22.04.1) ... id: ‘clamav’: no such user Setting up clamav-freshclam (0.103.6+dfsg-0ubuntu0.22.04.1) ... Created symlink /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service → /lib/systemd/system/clamav-freshclam.service. Setting up clamdscan (0.103.6+dfsg-0ubuntu0.22.04.1) ... Setting up clamav-daemon (0.103.6+dfsg-0ubuntu0.22.04.1) ... Created symlink /etc/systemd/system/multi-user.target.wants/clamav-daemon.service → /lib/systemd/system/clamav-daemon.service. Setting up clamav (0.103.6+dfsg-0ubuntu0.22.04.1) ... Processing triggers for man-db (2.10.2-1) ... Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
Whne the installation was completed done, then we will verify it by checking its version, by submitting command line :
$ clamscan --version
Output :
ramans@dev01:~$ clamscan --version ClamAV 0.103.6/26823/Sat Feb 25 15:25:11 2023
The clamAV service will automatically startup after the installation is complete. We can check it with the command line:
$ sudo systemctl status clamav-freshclam
Output :
● clamav-freshclam.service - ClamAV virus database updater Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2023-02-26 07:52:42 WIB; 3min 31s ago Docs: man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/ Main PID: 6612 (freshclam) Tasks: 1 (limit: 9408) Memory: 231.3M CPU: 32.547s CGroup: /system.slice/clamav-freshclam.service └─6612 /usr/bin/freshclam -d --foreground=true Feb 26 07:53:27 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:53:27 2023 -> daily.cvd updated (version: 2682> Feb 26 07:53:27 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:53:27 2023 -> main database available for down> Feb 26 07:54:43 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:43 2023 -> Testing database: '/var/lib/clam> Feb 26 07:54:52 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:52 2023 -> Database test passed. Feb 26 07:54:52 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:52 2023 -> main.cvd updated (version: 62, s> Feb 26 07:54:52 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:52 2023 -> bytecode database available for > Feb 26 07:54:52 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:52 2023 -> Testing database: '/var/lib/clam> Feb 26 07:54:53 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:53 2023 -> Database test passed. Feb 26 07:54:53 dev01.bckinfo.com freshclam[6612]: Sun Feb 26 07:54:53 2023 -> bytecode.cvd updated (version: 3>
3. Updating the ClamAV Signature Database
ClamAV is using a siganture database to update their internal information which is updated in daily basis. In this step, we will update our ClamAV as first time installation. To update ClamAV signature database, there will be consist of several steps as mentioned below :
- Stop freshclam service
- Update the signature database
- Start freshclam service
A complete explanation for updating the signature database will be discussed below.
1. Stop freshclam Service
To update ClamAV signature database, we have to stop freshcalm service, by submitting command line :
$ sudo systemctl stop clamav-freshclam
2. Update the signature database
Then, we will update the signature database by submitting command line :
$ sudo freshclam
3. Start freshclam service
After updating signature database, then we will start up the freshclam service agian, by submitting command line :
$ sudo systemctl start clamav-freshclam Output : ramans@dev01:~$ sudo freshclam Mon Feb 27 20:36:22 2023 -> ClamAV update process started at Mon Feb 27 20:36:22 2023 Mon Feb 27 20:36:22 2023 -> ^Your ClamAV installation is OUTDATED! Mon Feb 27 20:36:22 2023 -> ^Local version: 0.103.6 Recommended version: 0.103.8 Mon Feb 27 20:36:22 2023 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html Mon Feb 27 20:36:22 2023 -> daily.cld database is up-to-date (version: 26825, sigs: 2021909, f-level: 90, builder: raynman) Mon Feb 27 20:36:22 2023 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Mon Feb 27 20:36:22 2023 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
we can also update the ClamAV signature database manually. By downloading signature database file by using command line :
$ curl -LO https://database.clamav.net/daily.cvd
Output :
ramans@dev01:~$ curl -LO https://database.clamav.net/daily.cvd % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 16 100 16 0 0 23 0 --:--:-- --:--:-- --:--:-- 23
then move the file to the ClamAV base directory and start the ClamAV service again.
3. Using ClamAV
At this section, we will try to use ClamAV to scan the system. In this scenario we will scan the /home/ramans directory, to examine if the directory was safe or not. We will do the following command line :
$ clamscan --infected --remove /home/ramans
Output :
ramans@dev01:~$ clamscan --infected --remove /home/ramans ----------- SCAN SUMMARY ----------- Known viruses: 8653737 Engine version: 0.103.6 Scanned directories: 1 Scanned files: 19 Infected files: 0 Data scanned: 40.06 MB Data read: 189.13 MB (ratio 0.21:1) Time: 28.621 sec (0 m 28 s) Start Date: 2023:02:26 08:22:00 End Date: 2023:02:26pera 08:22:28
Conclusion
In this tutorial we have learned how to install ClamAV on Ubuntu 22.04 LTS operating system. Also we have tried to update ClamAV signature database. Then we have tried to scan the /home/ramans directory. I hope this short tutorial will be helpfu.