It’s common knowledge among GNU/Linux users that there is a significantly lower chance of being infected with malware when running GNU/Linux than there is when running Microsoft Windows; however, it would be wrong to say that there is a flat zero chance. Malware does exist, although the odds of you stumbling upon it are low.
I would estimate that probably 95% of desktop GNU/Linux users do not use any kind of antivirus software, and generally speaking you would more than likely be safe in doing so…However, if you are the type to err more on the side of caution, you may want to know how to install something to ease your mind in this regard.
ClamAV is an open-source antivirus and malware application for GNU/Linux as well as other systems including BSD, Solaris, and even Microsoft Windows. Most server administrators will tell you they run ClamAV on their production machines; so why not run it on your home machine too?
Installing ClamAV and Clamtk
Depending on your OS flavour of choice, you can go about installing these packages a couple of different ways. In this article I will give examples on how to install them via Debian/Ubuntu based systems, as well as Arch based systems; if you’re running a distro outside of this range of choices, you may need to change the commands we are going to use to your package manager specific commands, or use your GUI package manager if you have one.
If you prefer to build from source, you can download ClamAV from their homepage here. There are also instructions for other distros such as Gentoo, Fedora and OpenSUSE there as well, as well as Solaris, BSD, and MacOSX.
If you are running a Debian/Ubuntu based distro:
- sudo apt install clamav clamtk
If you are running an Arch based distro:
- sudo pacman -S clamav clamtk
Set ClamAV for daily scans, and keep virus definitions updated
The first things we are going to want to do, are make sure that both ClamAV and the updating service freshclam are started, will start automatically.
- sudo systemctl enable –now freshclamd
- sudo systemctl enable –now clamd
Once this is done, we want to open Clamtk which typically is found under the Accessories menu of your applications kicker.
From here, click on Settings, and check all of the boxes except the last one.
Next, we want to go to the Update Assistant, and select “I would like to update signatures myself.”
Click Apply, and then go back to the main Clamtk screen and select “Scheduler.”
From here, set the time you wish to automatically scan your PC as well as the time you want to update the definitions each day, and then click the + symbol for each to enable the setting. Your window should say, “A daily scan is scheduled” and “a daily definitions update is scheduled.”
From here we can go back to the main window again, click “updates” and click the “OK” button to update the database manually once just to start things off.
Finally, go back to the main menu and select “Scan a directory.” At this point I would recommend scanning your entire filesystem, but you could just scan your home directory since the vast majority of anything you have downloaded or saved is likely there. I leave that decision up to you. Once you have scanned, the rest is fairly straight forward, and you are done! Good luck!
A special note: ClamAV is sensitive. REALLY sensitive sometimes…Upon my initial scan, I was told I had over 177 potential threats. When I scrolled through the list, I saw that around 60% of the ‘threats’ were nothing more than Firefox cache files (which I clear often anyway) being falsely labelled as a huge and major Linux virus that DOES exist, but unless Ghacks, google, or the office365 websites handed me it; then it was a false positive (which it was, just to be very clear, false positive).
Many of the other false positives, were simply parts of the LibreOffice software suite, being labelled as an HTML exploit that is YEARS old. Through a really quick search, I found that this was again a false positive.
With this being said; don’t assume that just because you got told you have bugs, means you have bugs. Do your research; and make use of the Analysis tool built into Clamtk which will take your results and look up what OTHER virus scanners have said about them…If they all come back blank / clean, you know you are probably fine. As much as false positives are hassle, at least it’s trying right? I’d rather it be overly sensitive, than not sensitive enough!