You are on page 1of 3

Using ClamAV in the Terminal

Update Virus Definitions


Use freshclam.
You will see an output like this:
user@ubuntu:/etc/clamav # sudo freshclam
ClamAV update process started at Wed Apr 27 00:06:47 2005
main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm)
daily.cvd is up to date (version: 855, sigs: 714, f-level: 4, builder: ccordes)

Proxy
If you are using a http proxy to connect to the internet you will have to edit the file
/etc/clamav/freshclam.conf adding:
HTTPProxyServer serveraddress
HTTPProxyPort portnumber

Scan Files
Use clamscan.
Examples:
To check files in the all users home directories: clamscan -r /home
To check all files on the computer, displaying the name of each file: clamscan -r /
To check all files on the computer, but only display infected files and ring a bell when found:
clamscan -r --bell -i /
When ClamAV has scanned all the files you asked it to, it will report a summary:
----------- SCAN SUMMARY ----------Known viruses: 33840
Scanned directories: 145
Scanned files: 226
Infected files: 1
Data scanned: 54.22 MB
I/O buffer size: 131072 bytes
Time: 20.831 sec (0 m 20 s)

ClamAV can only read files that the user running it can read. If you want to check all files on the
system, use the sudo command (see UsingSudo for more information).

Infected files reporting


In case you are recursively scanning the whole /home folder (or even the whole system) from a
terminal emulator on your GUI, possibly there will be lots of files. In that case, as the output you
will get is not infinite, it probably will help to generate a report containing the paths to all infected
files. In that case you can do the following:

sudo clamscan -r /folder/to/scan/ | grep FOUND >> /path/to/save/r


eport/file.txt
Be patient if you run that command and it doesn't seem to be working because even if you don't see
the complete output it is really scanning the files. When you see the prompt again, that will mean
the scan is finished and that you can open the file it has created to check any infected file detected
in your system.
As Clamav doesn't disinfect the files, sometimes will be better to just know what are the infected
files before putting it on quarantine or removing it. For example, you could be using Wine and by
deleting an infected file you could break a program without having saved some data.

Run ClamAV as a Daemon


Install clamav-daemon. You can then use clamdscan where you would previously have used
clamscan. Lots of programs, especially e-mail servers, can connect to a ClamAV daemon. This
speeds up virus scanning as the program is always in memory.
The clamav-daemon package creates a 'clamav' user; in order to allow ClamAV to scan system
files, such as your mail spool, you can add clamav to the group that owns the files.

Check to find if Clamscan is running


Look for it in the processt list, or use this handy shortcut: ps ax | grep [c]lamd

Remove Infected Files


You can add --remove to the clamscan or clamdscan command-line.
Note: No virus scanner is 100% accurate. It is always best to manually check the files you delete,
if you are not totally sure that this is what you want to do.

Find ClamAV Version Number


Use clamdscan -V:
user@ubuntu:/etc/clamav # clamdscan -V
ClamAV 0.83/855/Tue Apr 26 06:40:32 2005

Learn About ClamAv's Other Options


Try man clamscan.

Schedule ClamAV
You can use the at command to schedule clamscan or freshclam. For example:
at 3:30 tomorrow
at>clamscan -i /home/user | mail user@example.com
at> <CTRL-D>
job 3 at 2005-04-28 03:30

You have now scheduled a ClamAV scan to happen on your home directory at 3:30 AM tomorrow.
The output (showing only infected files) will be sent to you by e-mail.

You might also like