How to Install, Update, and Use ClamAV on Linux for Effective Virus Scanning
This guide explains how to install ClamAV on Linux via EPEL, update its virus definitions, perform recursive scans with clamscan, interpret scan results, and automate deployment using Ansible, while also comparing alternative scanners such as Comodo, Armadito, and ClamTK.
Introduction
ClamAV is a leading open‑source antivirus for Linux desktops and servers. It runs from the command line, can detect many types of malware, email server exploits, viruses, and even Windows exploit code.
Key points
Command‑line centric, low memory and CPU usage.
Detects various viruses, malware, email server exploits, Windows exploits.
Suitable for servers and Linux desktops.
Email scanning supports many file types (archives, executables, Office docs, HTML, PDF, etc.).
Signature database updates every 4 hours.
1. Installation
Enable the EPEL repository and install ClamAV with yum:
yum -y install epel-release
yum -y install clamav clamav-update2. Updating the virus database
Run freshclam regularly to fetch the latest signatures.
[root@localhost ~]# freshclam
ClamAV update process started at Tue Mar 10 11:49:11 2020
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.102.2
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
...
Database updated (6777838 signatures) from database.clamav.net (IP: 104.16.218.84)3. Scanning files
Example recursive scan of the root filesystem, logging results and removing infected files:
[root@localhost ~]# clamscan –ri / -l clamscan.log --remove
...
----------- SCAN SUMMARY -----------
Known viruses: 6767433
Engine version: 0.101.5
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Time: 17.038 secThe log file clamscan.log contains the detailed scan output.
Additional help
Command‑line options: -r – recursive scan. -i – show only infected files. -l <file> – write log to <file>. --remove – delete infected files. --move <dir> – move infected files to <dir>.
Batch deployment with Ansible
ansible server -m copy -a "src=/home/ansible/test.tar.gz dest=/home/ansible/test.tar.gz mode=664" -i testhost
ansible server -m shell -a "cd /home/ansible && tar -zxvf test.tar.gz && chmod +x test.sh && ./test.sh" -i testhost
ansible server -m shell -a "sudo nohup clamscan -r / -l /home/ansible/scan.log &" -i testhost
ansible server -m shell -a "sudo tail -n 10 /home/ansible/scan.log" -i testhost
[server]
192.168.0.172
192.168.0.173
192.168.0.174
192.168.0.175
192.168.0.176
192.168.0.177
192.168.0.178
192.168.0.179
192.168.0.180
[server:vars]
ansible_ssh_user=ansible
ansible_ssh_port=22Other Linux antivirus options
Brief notes on alternatives:
Comodo Antivirus – free, cross‑platform scanner with a GUI similar to Windows products.
Armadito – scans for malware, trojans, and other attacks; includes a web console for remote management.
ClamTK – graphical front‑end for ClamAV, providing the same engine with a user‑friendly interface.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Liangxu Linux
Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.