How do I scan for viruses with ClamAV?

security malware antivirus clamav

1,253

Solution 1

Terminal

At first you have to update the virus definitions with:

sudo freshclam

Then you can scan for viruses.

clamscan OPTIONS File/Folder

If necessary start with root permissions: sudo clamscan.

Examples:

To check all files on the computer, displaying the name of each file:
```
clamscan -r /
```
To check all files on the computer, but only display infected files and ring a bell when found:
```
clamscan -r --bell -i /
```
To scan all files on the computer but only display infected files when found and have this run in the background:
```
clamscan -r -i / &
```
Note - Display background process's status by running the jobs command.
To check files in the all users home directories:
```
clamscan -r /home
```
To check files in the USER home directory and move infected files to another folder:
```
clamscan -r --move=/home/USER/VIRUS /home/USER
```
To check files in the USER home directory and remove infected files (WARNING: Files are gone.):
```
clamscan -r --remove /home/USER
```
To see more options:
```
clamscan --help
```

See:

Latest documentation: PDF | HTML
ClamAV official Wiki
Ubuntu Wiki

Graphical User Interface: ClamTK

ClamTk is a frontend for ClamAV. You can install it via Terminal with:

sudo apt-get install clamtk

You can get the latest version from Bitbucket as Debian package.

There is also a PPA (Outdated):

sudo apt-add-repository ppa:landronimirc/clamtk
sudo apt-get update && sudo apt-get install clamtk

clamtk screenshot

Scan Menu: Here you can choose a file, folder or a device for scanning

clamtk scan menu screenshot

View Menu:

clamtk view menu screenshot

Quarantine Menu:

clamtk quarantine menu screenshot

Advanced Menu:

clamtk advanced menu screenshot

Help Menu: Here you can check for updates.

clamtk help menu screenshot

See:

ClamTk@Sourceforge
ClamTk Help
ClamTk FAQ

Solution 2

The accepted answer is a great answer, but every time I reach this page, it's a pain to find the command I want from the clutter of information. So just providing a concise answer to the question:

sudo apt-get install -y clamav; sudo freshclam

To scan all folders in your computer (except /sys):

clamscan -r -i --exclude-dir="^/sys" --bell /

To scan specific folders or files, you have to create a file in which you list out which files/folders you want to scan, and tell clamav where to find that file:

clamscan -r -i --bell --file-list=/home/nav/ClamScanTheseFolders.txt

My ClamScanTheseFolders.txt contained:

/media/nav/someFolder1
/media/nav/someFolder2
/opt/someFolder/somefile

1,253

rrwick

Updated on September 18, 2022

Comments

rrwick over 1 year

I'm writing a Qt/C++ program that does long-running simulations, and to guard against data loss, I wrote some simple autosave behaviour. The program periodically saves to the user's temp directory (using QDir::temp()), and if the program closes gracefully, this file is deleted. If the program starts up and sees the file in that directory, it assumes a previous instance crashed or was forcibly ended, and it prompts the user about loading it.

Now here is the complication - I'd like this functionality to work properly even if multiple instances of the program are used at once. So when the program loads, it can't just look for the presence of an autosave file. If it finds one, it needs to determine if that file was created by a running instance (in which case, there's nothing wrong and nothing to be done) or if it has been left over by a instance that crashed or was forcibly ended (in which case it should prompt the user about loading it).

My program is for Windows/Mac/Linux, so what would be the best way to implement this using Qt or otherwise in a cross-platform fashion?

Edit: The comments suggested the use of the process identifier, which I can get using QCoreApplication::applicationPid(). I like this idea, but when the program loads and sees a file with a certain PID in the name, how can it look at the other running instances (if any) to see if there is a match?
- polarysekt almost 10 years
  
  Write filenames integrated with pid, and on load, parse through and ensure each is still running?
- Yuushi almost 10 years
  
  @polarysekt That was my initial idea. However, if the system crashes and has to be shutdown, there is always the (remote) possibility of having clashing pids. I agree that it is most of the way to a solution, however.
- Theolodis almost 10 years
  
  Or compare the last modification time with your update cycle. now - last modification > update cycle, then it is probably from a crashed program. Best would be to combine that with @polarysekt s idea..
- polarysekt almost 10 years
  
  @Yuushi. Good point. I'm commenting instead of answering as I'm only brainstorming. As I suppose a system may crash only partially, the system uptime wouldn't be reliable either... Obviously if the new running pid matched a tempfile, it would indicate a crash, but I'm thinking some kind of DDE with the pid's in question, or some kind of socket, as only your program would respond a certain way to certain inquiries. But that may incur more overhead than necessary... hrm
- Boris Dalstein over 9 years
  
  @rrwick: have you found any cross-platform solution to your problem? I'm in the same situation.
- rrwick over 9 years
  
  @Boris No, I haven't found an ideal solution. I use the process ID to create autosave files with unique names and then I delete them when the program closes correctly. What I haven't done is made the program look for orphaned autosaves. It can show the user to the temp directory, but it's up to the user to find any files they need.
rrwick almost 10 years

That looks like a nice class for saving files, and I actually might try using it, but it doesn't look like it specifically addresses the autosave needs I have.
TheDarkKnight almost 10 years

Note that there is also a QTemporaryFile class: qt-project.org/doc/qt-4.8/qtemporaryfile.html
m3nda almost 9 years

I think it's a mistake to not create at leat man page for clamav, wich is the name of the package.
Adam over 7 years

If you want to check all files of the system, then you should use clamscan -r --bell -i --exclude-dir="^/sys" / because in /sys/ are no real files and not excluing it would cause reading errors. askubuntu.com/questions/591964/clamav-cant-read-file-error
Brent Faust over 6 years

Nice. But that should be two dashes before exclude: --exclude
Dmitriy about 6 years

sudo freshclam ERROR: /var/log/clamav/freshclam.log is locked by another process ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
BuZZ-dEE about 6 years

@Dmitriy What has it to do with the answer? It's a specific problem. Maybe you should ask a new question with your detailed problem.
Dmitriy about 6 years

I commented because this answer seems to not work anymore. At least on Ubuntu 16.04 LTS x64. Or do you say this issue happens only on my installation?
dotnetCarpenter almost 6 years

@Dmitriy You are probably getting this error because freshclam is already running. See this answer: askubuntu.com/a/909276/338982
Sebastian Widz over 5 years

There is still an issue with double dashes before exclude. It does not work after copying and pasting into terminal window
Sumit Kumar over 2 years

Does this require a running instance of the clamav-daemon ?