Clamscan Antivirus
Clamscan is a command line anti-virus scanner that scans files and directories for viruses. Clamscan and ClamTK are part of ClamAV. "ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats." ClamAV is a cross platform antivirus program that works with Linux, Mac, and MS Windows.
If you prefer to use the graphical front-end (GUI) of ClamAV then check out ClamTK Antirus for Linux. I explain how to install the program and use ClamTK.
How to Install ClamAV on your Ubuntu/Ubuntu MATE System:
Option 1. Go to the ClamAV GitHub website at https://github.com/Cisco-Talos/clamav/releases. Select the most current installation file for your system. I downloaded the clamav-1.3.0.linux.x86_64.deb
file.
How to Install ClamAV on your Ubuntu/Ubuntu MATE System:
Option 1. Go to the ClamAV GitHub website at https://github.com/Cisco-Talos/clamav/releases. Select the most current installation file for your system. I downloaded the clamav-1.3.0.linux.x86_64.deb
file.
Locate the installation file that you downloaded.
I double-clicked the .deb file to start the installation process.
Enter your Password and click the Authenticate button.
Don't close the Package Installer until you see Status: Same version is already installed.
I also recommend that you install libclamunrar. This package provides support for RAR packaged files and/or mail attachments. Support will be available once this package is installed and clamd or a local clamscan is restarted. You can find it for your system at pkgs.org or Ubuntu Multiverse.
Option 2. Open your Terminal and enter the following:
sudo apt update
Next, enter the following in your Terminal:
sudo apt install clamav clamav-daemon -y
Next, enter the following in your Terminal:
sudo apt-get install libclamunrar-y
sudo apt install libclamunrar9 -y
Now, I recommend that you install ClamTK on your system. This is the graphical user interface of ClamAV (Clam Antivirus). You can also download and install the program from the ClamvNet website. You can also view the documentation or manual for the program. You can also get additional information from their GitLab website.
sudo apt update
Next, enter the following in your Terminal:
sudo apt install clamav clamav-daemon -y
Next, enter the following in your Terminal:
sudo apt-get install libclamunrar-y
sudo apt install libclamunrar9 -y
Now, I recommend that you install ClamTK on your system. This is the graphical user interface of ClamAV (Clam Antivirus). You can also download and install the program from the ClamvNet website. You can also view the documentation or manual for the program. You can also get additional information from their GitLab website.
I will focus on this section of my webpage on the command line interface.
Update ClamAV Signature Database
After you install ClamAV, you need to ensure your ClamAV virus signatures are up to date.
You must first stop the ClamAV process:
sudo systemctl stop clamav-freshclam
Manually update the ClamAV signature database:
sudo freshclam
(If you get an error message then enter the following in your Terminal: sudo chown -R clamav:clamav /var/log/clamav)
Restart the service to update the database in the background:
sudo systemctl start clamav-freshclam
After you install ClamAV, you need to ensure your ClamAV virus signatures are up to date.
You must first stop the ClamAV process:
sudo systemctl stop clamav-freshclam
Manually update the ClamAV signature database:
sudo freshclam
(If you get an error message then enter the following in your Terminal: sudo chown -R clamav:clamav /var/log/clamav)
Restart the service to update the database in the background:
sudo systemctl start clamav-freshclam
You can check your version by entering the following in your Terminal:
clamscan --version
In my example my ClamAV is using engine version 0.102.4.
clamscan --version
In my example my ClamAV is using engine version 0.102.4.
Clamscan Common Commands
You can use the Linux man page for clamscan descriptions and options.
Below are some common comands for some of the most common scanning options.
To scan your entire system enter the following in your Terminal:
sudo clamscan --infected --recursive --remove /
options: -i, --infected (Only print infected files.)
-r, --recursive (Scan directories recursively. All the subdirectories in the given directory will be scanned.)
--remove[=yes/no(*)] (Remove infected files. This may remove false positives, so be careful.)
This can take several hours or several days depending on how much storage space and installed files. Below is an example of an entire scan of my desktop system. Noctice how it found some infected files associated with flatpak and it automatically removed the infected files because I used the --remove option.
If you want to force quit “kill” a running command, you can use “Ctrl + C.” Most of the applications running from the terminal will be forced to quit.
You can use the Linux man page for clamscan descriptions and options.
Below are some common comands for some of the most common scanning options.
To scan your entire system enter the following in your Terminal:
sudo clamscan --infected --recursive --remove /
options: -i, --infected (Only print infected files.)
-r, --recursive (Scan directories recursively. All the subdirectories in the given directory will be scanned.)
--remove[=yes/no(*)] (Remove infected files. This may remove false positives, so be careful.)
This can take several hours or several days depending on how much storage space and installed files. Below is an example of an entire scan of my desktop system. Noctice how it found some infected files associated with flatpak and it automatically removed the infected files because I used the --remove option.
If you want to force quit “kill” a running command, you can use “Ctrl + C.” Most of the applications running from the terminal will be forced to quit.
You can see that it found and removed infected extensions for multiple browsers.
Here's an example of my Scan Summary. You can see the number of scanned directories and files that it scanned on my desktop. You can see that my computer had 123 infected files. It showed a large number of errors, but most of them were because I had a lot of files that were too large to scan with my current settings. You can see that it took 2459 minutes and 16 seconds to scan my computer or around 41 hours to scan all the files on my desktop computer.
Here's some images from my laptop that I scanned. You can see that it had some infected flatpak files.
The next few images shows that I had several infected browser extensions from multiple browsers.
Here's one more image that shows infected extensions and how clamscan removed them.
Here's an example of my Scan Summary from my laptop. You can see the number of scanned directories and files that it scanned on my laptop. You can see that my computer had 76 infected files. It showed a large number of errors, but most of them were because I had a lot of files that were too large to scan with my current settings. You can see that it took 573 minutes and 12 seconds to scan my computer or almost 10 hours to scan all the files on my laptop computer.
To scan a single file:
sudo clamscan file
To scan all your files from your current directory:
sudo clamscan -r /
To scan a current working directory:
sudo clamscan
To scan all files (and subdirectories) in /home:
sudo clamscan -r /home
To scan files and only show infected files:
sudo clamscan -r -i /(path to your folder)
Scan files but don’t show the OK options.
sudo clamscan -r -o /(path-to-folder)
Scan files and send the results of infected files to a file:
clamscan -r /(path-to-folder) | grep FOUND >> /(path-folder)/(file name).txt
Scan files and move infected files to a different directory:
clamscan -r --move=/(path-to-folder) /(path-to-quarantine-folder)
To scan a mail spool directory:
sudo clamscan -r /var/spool/mail
You can view the options of clamscan by using the man pages.
man clamscan
sudo clamscan file
To scan all your files from your current directory:
sudo clamscan -r /
To scan a current working directory:
sudo clamscan
To scan all files (and subdirectories) in /home:
sudo clamscan -r /home
To scan files and only show infected files:
sudo clamscan -r -i /(path to your folder)
Scan files but don’t show the OK options.
sudo clamscan -r -o /(path-to-folder)
Scan files and send the results of infected files to a file:
clamscan -r /(path-to-folder) | grep FOUND >> /(path-folder)/(file name).txt
Scan files and move infected files to a different directory:
clamscan -r --move=/(path-to-folder) /(path-to-quarantine-folder)
To scan a mail spool directory:
sudo clamscan -r /var/spool/mail
You can view the options of clamscan by using the man pages.
man clamscan
One thing to note about clamscam is it has two default limitations. The first limit is relative to the size of a file on your system. If a file is considered too large, ClamAV or clamscan will exclude it. You can prevent some of your large files from being excluded from the system scan by adding the option --max-filesize=#n. For example, if I use this option --max-filesize=100M it will allow me to scan files up to 100M. The second limit is pertains to the amount of data to scan per single file. If a particular file is too large, ClamAV or clamscan will read it but will not scan it. You can prevent this from happening by using the option --max-scansize=#n. For example, if I use this option --max-scansize=200M it will allow me to scan all the contents within a file up to 200M. You can also add the option --scan-archive to ensure that you scan the files that make up your compressed files.
I recommend that you do not scan a Windows drive or the Windows system files if you also boot your computer into Windows. ClamAV for linux users will display a lot of infected files from those Windows files. If you use the option --remove when you scan your entire system, it may remove some needed system files that Windows requires and prevent your Windows operating system from booting up. Instead, I recommend that you install ClamWin on your Windows system and boot into your Windows operating system and scan your Windows drive with a antivirus scanner desinged for Windows users. This will help protect your Windows operating system.
I recommend that you do not scan a Windows drive or the Windows system files if you also boot your computer into Windows. ClamAV for linux users will display a lot of infected files from those Windows files. If you use the option --remove when you scan your entire system, it may remove some needed system files that Windows requires and prevent your Windows operating system from booting up. Instead, I recommend that you install ClamWin on your Windows system and boot into your Windows operating system and scan your Windows drive with a antivirus scanner desinged for Windows users. This will help protect your Windows operating system.
Return Codes
0 : No virus found.
1 : Virus(es) found.
2 : Some error(s) occurred.
0 : No virus found.
1 : Virus(es) found.
2 : Some error(s) occurred.
I was a recent victim of identity theft from Walmart.com. Walmart was recently hacked and its customers personal data was stolen and sold on the dark web. You can read more about it from the article called, Walmart Hit With CCPA Lawsuit Over Alleged Data Breach or Class Action: Millions of Walmart Accounts Offered for Sale on Dark Web Due to Website Vulnerabilities.
How to Keep Safe on the Internet
Keep in mind as your surf the Internet that websites can track the pages you visit, determine your browser and its version and operating system. Some websites can even compromise your passwords. They can even collect certain amount of information when you connect to their website, such as your IP address and domain name. Here's a list of things you can do to help you stay safe on the Internet.
Keep in mind as your surf the Internet that websites can track the pages you visit, determine your browser and its version and operating system. Some websites can even compromise your passwords. They can even collect certain amount of information when you connect to their website, such as your IP address and domain name. Here's a list of things you can do to help you stay safe on the Internet.
- Keep your operating system updated and patched.
- Use anti-virus/anti-spyware software and keep them updated.
- Do not visit untrusted websites or follow links provided by unknown or untrusted sources.
- Keep your browsers updated and only install trusted extensions or add-ons.
- Install a reputable AdBlocker and Popup blocker to help prevent malicious software from being downloaded and installed to your computer.
- Use secure websites that start with https:// and have a padlock on the web browser. This uses encryption when sending and receiving information and helps protect your information from prying eyes.
- Check your online accounts regulary for unknown acivity or transactions. Report any suspicious charges or activity right away.
- If you do online banking then I recommend that you set up account alerts so you'll be notified of online purchases, ATM withdrawals, when your username is retrieved, and more.
- If you think any of your online accounts were compromised then I highly recommend that you reset your passwords immediately.
- Delete any saved payment information from online stores.
You can go to https://www.whatismybrowser.com/ to find out what you can determine about you and your browser while surfing online. You can make your current browser more secure by following the ten tips from Top 10 tips for safer, more secure web browsing.
Basic Glossary
(Most of the terms below come from McAfee Glossary of Terms)
Adware - is software that automatically displays or downloads advertising material (often unwanted) when a user is online.
Backdoors - An intended or unintended opening in software, hardware, networks or system security.
Botnet - A network of remotely controlled systems used to coordinate attacks and distribute malware, spam, and phishing scams. Bots (short for robots) are programs that are covertly installed on a targeted system allowing an unauthorized user to remotely control the compromised computer for a variety of malicious purposes.
Crimeware - is any computer program or set of programs designed expressly to facilitate illegal activity online. Crimeware programs and documentation enable non-technical people to set up their own spam, virus or phishing attacks.
Cryptojacking - is a type of malware that uses a victim's computing power to mine cryptocurrency.
Decryption - is the process of transforming data that has been rendered unreadable through encryption back to its unencrypted form.
Drive-by downloads - Unintended download of software with or without knowledge of the end user.
Encryption - is the method by which information is converted into secret code that hides the information's true meaning.
Exploit - This can be a technique or a program that takes advantage of a vulnerability or security hole in a certain communication protocol, operating system, or other IT utility or application.
False negative - A result that appears negative when it should not or an email that is marked as legitimate, even though it is spam.
False positive - A result that indicates that a given condition is present when it is not or an email that is marked as spam, even though it is legitimate.
Grayware - is any unwanted application that can cause moderate to severe annoyance to users, including unwanted behaviors. (For more information about grayware, check out the Comodo Cybersecurity website.)
Hijackware - is a type of malicious software that infects an Internet browser in order to display advertising and/or redirect the user to malicious or spammy websites.
IP spoofing - A technique where an intruder attempts to gain access by altering a packet's IP address to make it appear as though the packet originated in a part of the network with higher access privileges.
Keyloggers - are activity-monitoring software programs that give hackers access to your personal data. The passwords and credit card numbers you type, the webpages you visit – all by logging your keyboard strokes.
Malicious apps or extensions - can steal user information, attempt to extort users, gain access to corporate networks, force users to view unwanted ads or install a backdoor on the device.
Malware - Malicious software designed to carry out annoying or harmful actions. Malware often masquerades as useful programs or is embedded into useful programs so that users are induced into activating them. Malware can include viruses, worms, and spyware.
Phishing - A high-tech scamming technique that uses spam or pop-up messages to deceive people into disclosing credit card numbers, bank account information, Social Security numbers, passwords, or other sensitive information. Internet scammers use email bait to “phish” for passwords and financial data from Internet users. The most typical example of phishing is the sending of emails that appear to come from an online bank in order to get users to enter their details in a spoof web page.
RAM scraper - is a type of malware that harvests the data temporarily stored in-memory or RAM. This type of malware often targets point-of-sale (POS) systems like cash registers because they can store unencrypted credit card numbers for a brief period of time before encrypting them then passing them to the back-end.
Rogue security software - tricks user into thinking their system has a security problem such as a virus and entices them to pay to have it removed. In reality, the fake security software is the malware that needs to be removed.
Rootkit - Designed to take full control of a machine’s operating system and it commonly encrypts files and demands payment to decrypt.
Spam - Unsolicited commercial emails, sent using an automated email program, that advertise products, services, and websites. Spam can also be used as a delivery mechanism for malware and other cyber threats.
Spammer - A person who sends spam.
Spyware - Malware installed without the user's knowledge to track and/or transmit data to an unauthorized third party.
Trackware - All programs that monitor the actions of users on the Internet (pages visited, banners clicked on, etc.) and create a profile that can be used by advertisers.
Trojan or Trojan Horse - A malicious program that poses as a benign application. A Trojan horse program purposefully does something the user does not expect. Trojans are not viruses because they do not replicate, but Trojan horse programs can be just as destructive.
Virus - A program (usually an executable program) that infects a computer file by inserting a copy of itself into the file. These copies are usually executed when the infected file is loaded into memory, allowing the virus to infect other files. A virus requires human involvement (usually unwittingly) to propagate. When a virus is active in a host computer, the infection can spread rapidly throughout a network to other systems.
Some viruses may be benign and result only in amusement or slight annoyance. Others can be malicious and destroy or alter data.
Vulnerabilities - A security defect in software allows malware to exploit it to gain unauthorized access to the computer, hardware or network.
Worm - An independent computer program that reproduces by copying itself from one system to another across a network. Unlike computer viruses, worms do not require human involvement to propagate. Worms are constructed to infiltrate legitimate data processing programs and alter or destroy the data. What is often seen as a virus infection is actually a worm.
For a more extensive glossary please check out McAfee Glossary of Terms or Panda Security Info Glossary.
Updated: Oct 30, 2023
Created: Nov 6, 2020