How can I perform a virus scan of my Windows install from Linux?


Solution 1

Here's a low-sanity approach that has the advantage of not installing resident protection on Linux in the process:

  1. Install clamav from whatever software packaging solution your distribution uses. For Ubuntu:

    apt-get install clamav
  2. Mount and locate the Windows partition. If you use Ubuntu, open the Home folder and pick the relevant partition from the Devices list. From the Go menu, pick Location. The address bar turns into an editable field. Copy the contents of this field into the clipboard.

  3. Open two windows of the terminal (yes - don't worry).

  4. In one, type cd, paste in the mount point (right click, paste or ctrl-shift-v), hit enter. When that's done, run this:

    clamscan -ir .

    -r instructs clamscan to search subdirectories. -i instructs clamscan not to drown the seven lines about infected files into four hundred thousand lines about OK files (happens).

    However, that gives you no progress information, so let's fix that.

  5. In the latter console window, or in a new tab, or something, paste in the following incantation in order to see what file is currently being scanned:

    watch "lsof -Fn -p `pidof clamscan` | grep ^n\/[^tpdul] | cut -c1 --complement | tail -n1"

    WTF is that? Basically: watch tells the system to run the command in quotes every few seconds. The command in quotes is split by the |s in a few parts. The first gets us the list of files clamscan has opened and a few other things. The second cuts the other things out (including irrelevant files in /tmp, /proc, /dev, /usr, /lib). The third cleans up. The fourth only shows you the file opened the latest. Don't worry about it too much.

  6. Take the results with a grain of salt. ClamAV seems to prefer reporting infections when in doubt. is a thing that exists.

  7. Google the name of the viruses and take action.

Solution 2

ClamAv is the most used linux anti-virus, but there are other, check this list of linux Anti-Virus , or this small review

Other way to do it is to download the HirensCD. It have a windows and linux liveCD and many DOS utils. The windows LiveCD have some AV installed to help cleanup infected machines. You can also install some new AV on there and update the virus definitions.

If you suspect of any file, you can also use the VirusTotal to scan files with almost all AV. they will also submit the virus to all AV that miss to find it, so all people win. I dont know any online only, full disk, virus scanning, now that trend housecall moved to a remote, windows only, web installation.


Related videos on Youtube

Author by


I'm a he/him Senior Developer at I publicly whine on Twitter (@badp) and discord (bp#0001). It should go without saying that the opinions stated by me are my own and not necessarily those of my employers past and future, but apparently it doesn't and, while no one asked me to put this disclaimer here, I'll just put it over here with the rest of the fire.

Updated on September 18, 2022


  • badp
    badp almost 2 years

    Earlier today, I noticed that Windows Defender was acting up. It was disabled and, once re-enabled and tasked with a quick scan, it would error out with some Windows License Expired error code or something.

    Since that's nonsense, I think that the best thing I can do is shut Windows down and run a virus scan from a clean copy of Linux.

    How can I go about to sanely do that?

  • badp
    badp over 11 years
    Some of the insanity could be avoided if clamtk offered any option other than "Scan your home folder" or if clamscan had an actually useful scan overview. :/