ClamAV is a FOSS anti-virus product, and while it doesn’t offer features we’re all used to now such as real-time scanning we’ll walk you through the process of configuring a cronjob to scan on a regular basis. Premium AV is still our recommendation if you want advanced security, but ClamAV is sufficient for most use cases as base-line protection. In this guide we’ll be using a desktop install of Ubuntu, but headless server installs can use it too – just skip the step about the GUI.
Install Updates
First and foremost, run an update check on Ubuntu to see if there’s any updates and install them with:
sudo apt update && sudo apt upgrade -y
Install ClamAV
Once you’ve installed updates, run the command below to install ClamAV:
sudo apt install clamav clamav-daemon clamdscan
We’re installing the 3 things below and running a definition update:
- ClamAV
- ClamAV’s daemon
- clamdscan, the daemon version of clamscan uses virus definitions heled in-memory by the ClamAV daemon resulting in much quicker scans.
Install ClamAV Definition Updates + run your first scan
Run a definition update with:
sudo freshclam
You’ll likely be given a warning about ClamAV being a version or two out of date, this is OK to ignore. When the ClamAV project releases updates, it takes time for the maintainers for your repo of choice to push the changes out.
linuxupdate@ubuntu:~$ sudo freshclam Sun Jul 26 13:58:55 2020 -> ClamAV update process started at Sun Jul 26 13:58:55 2020 Sun Jul 26 13:58:55 2020 -> ^Your ClamAV installation is OUTDATED! Sun Jul 26 13:58:55 2020 -> ^Local version: 0.102.3 Recommended version: 0.102.4 Sun Jul 26 13:58:55 2020 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Sun Jul 26 13:58:55 2020 -> daily.cvd database is up to date (version: 25884, sigs: 3663341, f-level: 63, builder: raynman) Sun Jul 26 13:58:55 2020 -> main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr) Sun Jul 26 13:58:55 2020 -> bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg) linuxupdate@ubuntu:~$
Run your first scan with the command below.
sudo clamdscan --fdpass --multiscan /
A breakdown of this command:
sudo: run as administrator
clamdscan: the scanning utility
–fdpass: passes the file descriptor permissions to clamd
–multiscan: uses multiple threads
/: sets the scan directory to / (root of the drive)
Configure Auto-Scans and Auto-Definition Updates
Once it’s all installed, we can edit the crontab file to schedule cronjobs for auto-scanning and auto-updates for ClamAV’s definition files. We’re going to use the root user’s crontab. Note: if you are using a desktop and want to use a GUI to schedule updates and scans, skip this step.
Open crontab with:
sudo crontab -e
Note: on first run of crontab, you may be asked which text editor to use. We use /bin/nano.
Add the following to your crontab file to run a definition update at 00:00 every day, and a scan at 00:05 every day:
0 0 * * * /usr/bin/sudo /usr/bin/freshclam 0 5 * * * /usr/bin/sudo /usr/bin/clamdscan --fdpass --multiscan /
Save changes and exit.
Install the ClamTk GUI (Optional)
To install the GUI, run the command below:
sudo apt install clamtk
You can use the ClamTk GUI to schedule updates and scans with the Schedule option: