ZDNET key takeaways
- Linux doesn’t usually require antivirus.
- If you share files, you should consider using one.
- For scanning files and directories, ClamAV is your best bet.
I’ve said many times over the years that Linux does not need antivirus software. That, of course, assumes you compute in a bubble. If you happen to share files with others, that’s another story altogether. Sharing files with Windows users without vetting them could land those other users in trouble — of a malicious kind.
Imagine that you’ve unwittingly downloaded a file from some dark spot on the web. You don’t check it for malicious code, but you send it on to 50 users anyway. Some of those 50 users then send the same file on to others, which could wind up a vast web of trouble. Had you scanned that file before sending it, you might have known it contained malicious code and would have deleted it immediately.
Also: Thinking about switching to Linux? 10 things you need to know
If your operating system is Linux, what would you use for scanning that file? Your best option is ClamAV.
What is ClamAV
ClamAV is an open-source antivirus tool for detecting Trojans, viruses, and other types of malware. ClamAV is a toolkit for email scanning, web scanning, and endpoint security. You’ll find versions of ClamAV for Linux, MacOS, and Windows, as well as both command-line and GUI options.
While ClamAV is very versatile and useful, the one caveat for this security tool is that it does not feature real-time scanning. Instead, ClamAV is all about on-demand scanning, which means you use it manually (whether from the command line or the GUI). That’s not to say ClamAV doesn’t do real-time scanning, because it does.
With the help of clamonacc, ClamAV enjoys “on-access” antivirus scanning, which is handled by intercepting file access events and then submitting those events to the clamd daemon for analysis. The clamonacc component works as part of the ClamAV suite to provide real-time malware protection for Linux systems by scanning files as they are created, accessed, or modified. Like with any antivirus tool on Windows, using the real-time feature does consume system resources, so keep that in mind.
As far as features are concerned, ClamAV includes:
- Threat detection: ClamAV detects viruses, worms, Trojans, and other malware.
- Real-time protection: ClamAV provides on-access scanning through a daemon client.
- Multi-threaded daemon: ClamAV includes a scalable and flexible daemon for running scans.
- Command-line scanner: ClamAV has a command-line interface for on-demand scanning, as well as a GUI.
- Automated database updates: ClamAV includes an advanced and automated tool to keep virus definitions current using freshclam.
How to install ClamAV
Let’s install ClamAV on an Ubuntu-based distribution. It’s really easy.
Also: Want to save your old computer? Try these 5 Linux distributions
The first step is to open the terminal app on your Linux distribution.
Show more
Next, issue the following command to install ClamAV:
Show more
sudo apt-get install clamav clamav-daemon -y
If you want to install a GUI for ClamAV, issue the command:
sudo apt-get install clamtk -y
Updating signatures and running the daemon
The next step is to update the ClamAV signatures. Before you do, stop the freshclam service with:
sudo systemctl stop clamav-freshclam
You can now update the signatures by issuing the following command:
sudo freshclam
Once the signatures are updated, restart the freshclam service with:
sudo systemctl start clamav-freshclam
Start the daemon
You can now start the daemon with the command:
sudo systemctl start clamav-daemon
You can also tweak the daemon configuration file to better suit your needs. That file is clamd.conf and is found in the /etc/clamav directory.
Also: 5 reasons why MacOS and Linux go together like a knife and fork
Finally, make sure the daemon starts at boot with:
sudo systemctl enable clamav-daemon
<!–>
How to use ClamAV
I’ll demonstrate how to scan a file from the ClamAV command line. Let’s say you downloaded the file testing.txt and you want to scan it for malicious code. For that, you could run the command:
clamscan testing.txt
ClamAV will run the scan and report its findings to you. If ClamAV does find malicious code in a file, you can either delete it by clicking Delete or quarantine it by clicking Quarantine.
Also: Want to ditch Windows? This Linux distro makes that transition easy
If you’d prefer to go the GUI route, open the ClamAV GUI from your desktop window. With the GUI open, you can run a scan on a file or a directory, and even set up a scheduler. To run a simple scan on a file, click “Scan a file,” locate the file in question with your system’s file picker, and the scan will immediately run and then report its results.
The ClamTK GUI is very easy to use.
Jack Wallen/ZDNET
If you want to schedule a regularly recurring scan of your home directory, click Scheduler and then, in the resulting window, set the time for the scan as well as the signature updates. After setting your time, make sure to click the + button to schedule the daily scan.
You can schedule the scan time, but that same time will apply to every day.
Jack Wallen/ZDNET
At this point, ClamAV will automatically scan your home directory daily at the scheduled time.
And that is the basics of using ClamAV. You can do much more with this tool, but if you simply want basic scans, you now know how to make them happen.
Also: My 10 favorite Linux distributions of all time, ranked
Get the morning’s top stories in your inbox each day with our Tech Today newsletter.
–>
Source: Robotics - zdnet.com
