How do I scan for viruses with ClamAV?
Solution 1
Terminal
At first you have to update the virus definitions with:
sudo freshclam
Then you can scan for viruses.
clamscan OPTIONS File/Folder
If necessary start with root permissions: sudo clamscan
.
Examples:
-
To check all files on the computer, displaying the name of each file:
clamscan -r /
-
To check all files on the computer, but only display infected files and ring a bell when found:
clamscan -r --bell -i /
-
To scan all files on the computer but only display infected files when found and have this run in the background:
clamscan -r -i / &
Note - Display background process's status by running the
jobs
command. -
To check files in the all users home directories:
clamscan -r /home
-
To check files in the
USER
home directory and move infected files to another folder:clamscan -r --move=/home/USER/VIRUS /home/USER
-
To check files in the
USER
home directory and remove infected files (WARNING: Files are gone.):clamscan -r --remove /home/USER
-
To see more options:
clamscan --help
See:
Graphical User Interface: ClamTK
ClamTk is a frontend for ClamAV. You can install it via Terminal with:
sudo apt-get install clamtk
You can get the latest version from Bitbucket as Debian package.
There is also a PPA (Outdated):
sudo apt-add-repository ppa:landronimirc/clamtk
sudo apt-get update && sudo apt-get install clamtk
Scan Menu: Here you can choose a file, folder or a device for scanning
View Menu:
Quarantine Menu:
Advanced Menu:
Help Menu: Here you can check for updates.
See:
- ClamTk@Sourceforge
- ClamTk Help
- ClamTk FAQ
Solution 2
The accepted answer is a great answer, but every time I reach this page, it's a pain to find the command I want from the clutter of information. So just providing a concise answer to the question:
sudo apt-get install -y clamav; sudo freshclam
To scan all folders in your computer (except /sys
):
clamscan -r -i --exclude-dir="^/sys" --bell /
To scan specific folders or files, you have to create a file in which you list out which files/folders you want to scan, and tell clamav where to find that file:
clamscan -r -i --bell --file-list=/home/nav/ClamScanTheseFolders.txt
My ClamScanTheseFolders.txt
contained:
/media/nav/someFolder1
/media/nav/someFolder2
/opt/someFolder/somefile
Related videos on Youtube
rrwick
Updated on September 18, 2022Comments
-
rrwick over 1 year
I'm writing a Qt/C++ program that does long-running simulations, and to guard against data loss, I wrote some simple autosave behaviour. The program periodically saves to the user's temp directory (using QDir::temp()), and if the program closes gracefully, this file is deleted. If the program starts up and sees the file in that directory, it assumes a previous instance crashed or was forcibly ended, and it prompts the user about loading it.
Now here is the complication - I'd like this functionality to work properly even if multiple instances of the program are used at once. So when the program loads, it can't just look for the presence of an autosave file. If it finds one, it needs to determine if that file was created by a running instance (in which case, there's nothing wrong and nothing to be done) or if it has been left over by a instance that crashed or was forcibly ended (in which case it should prompt the user about loading it).
My program is for Windows/Mac/Linux, so what would be the best way to implement this using Qt or otherwise in a cross-platform fashion?
Edit: The comments suggested the use of the process identifier, which I can get using QCoreApplication::applicationPid(). I like this idea, but when the program loads and sees a file with a certain PID in the name, how can it look at the other running instances (if any) to see if there is a match?
-
polarysekt almost 10 yearsWrite filenames integrated with pid, and on load, parse through and ensure each is still running?
-
Yuushi almost 10 years@polarysekt That was my initial idea. However, if the system crashes and has to be shutdown, there is always the (remote) possibility of having clashing pids. I agree that it is most of the way to a solution, however.
-
Theolodis almost 10 yearsOr compare the last modification time with your update cycle. now - last modification > update cycle, then it is probably from a crashed program. Best would be to combine that with @polarysekt s idea..
-
polarysekt almost 10 years@Yuushi. Good point. I'm commenting instead of answering as I'm only brainstorming. As I suppose a system may crash only partially, the system uptime wouldn't be reliable either... Obviously if the new running pid matched a tempfile, it would indicate a crash, but I'm thinking some kind of DDE with the pid's in question, or some kind of socket, as only your program would respond a certain way to certain inquiries. But that may incur more overhead than necessary... hrm
-
Boris Dalstein over 9 years@rrwick: have you found any cross-platform solution to your problem? I'm in the same situation.
-
rrwick over 9 years@Boris No, I haven't found an ideal solution. I use the process ID to create autosave files with unique names and then I delete them when the program closes correctly. What I haven't done is made the program look for orphaned autosaves. It can show the user to the temp directory, but it's up to the user to find any files they need.
-
-
rrwick almost 10 yearsThat looks like a nice class for saving files, and I actually might try using it, but it doesn't look like it specifically addresses the autosave needs I have.
-
TheDarkKnight almost 10 yearsNote that there is also a QTemporaryFile class: qt-project.org/doc/qt-4.8/qtemporaryfile.html
-
m3nda almost 9 yearsI think it's a mistake to not create at leat man page for clamav, wich is the name of the package.
-
Adam over 7 yearsIf you want to check all files of the system, then you should use
clamscan -r --bell -i --exclude-dir="^/sys" /
because in/sys/
are no real files and not excluing it would cause reading errors. askubuntu.com/questions/591964/clamav-cant-read-file-error -
Brent Faust over 6 yearsNice. But that should be two dashes before exclude:
--exclude
-
Dmitriy about 6 years
sudo freshclam ERROR: /var/log/clamav/freshclam.log is locked by another process ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
-
BuZZ-dEE about 6 years@Dmitriy What has it to do with the answer? It's a specific problem. Maybe you should ask a new question with your detailed problem.
-
Dmitriy about 6 yearsI commented because this answer seems to not work anymore. At least on Ubuntu 16.04 LTS x64. Or do you say this issue happens only on my installation?
-
dotnetCarpenter almost 6 years@Dmitriy You are probably getting this error because
freshclam
is already running. See this answer: askubuntu.com/a/909276/338982 -
Sebastian Widz over 5 yearsThere is still an issue with double dashes before exclude. It does not work after copying and pasting into terminal window
-
Sumit Kumar over 2 yearsDoes this require a running instance of the clamav-daemon ?