Linux is not immune to security threats like malware and viruses, however, there is a large debate around whether or not anti-virus software is needed on linux.
This post will explain why I choose to install anti-virus software, how to install, and how to setup a cron job for automatically executing it.
If you quickly browse the articles listed above or do your own google search you find strong advocates on both sides of the fence. The official Ubuntu website says “Anti-virus software does exist for Linux, but you probably don’t need to use it. Viruses that affect Linux are still very rare.” I largely follow this logic but add a little twist - I think if you engage in risky behavior you need to protect yourself. So let’s say, for example, that someone downloads music torrents or cracked ebooks, hypothetically. These come from shady sources and are great opportunities for infecting your system with virus, rootkits, ransomware, or botnets. So while I don’t scan the entire system, every night I scan my ~/Downloads/, ~/Torrents/, and ~/Music/ directories. I think if you host any servers like an email server, FTP server, or a Samba File server you should probably scan those too. If you agree with me, I’ll show you how to easily install and setup ClamAV.
Simply update and install the packages;
sudo apt update sudo apt install clamav clamav-daemon
You can verify installation;
By default, ClamAV will do a check for new virus definitions every hour, if you want to change this parameter you can edit the file
And change the following line:
# Check for new database 24 times a day Checks 24
# Check for new database 1 times a day Checks 1
The virus database is going to most-likely be out of date since it hasn’t had a chance to update. “Freshclam” is the daemon that updates the database. To manually update the virus database, first stop the freshclam service;
systemctl stop clamav-freshclam
Then update the database;
Then restart it and enable to run on system boot/startup;
systemctl start clamav-freshclam systemctl is-enabled clamav-freshclam
Here are some good articles on all the different options you can use:
Here is my command;
clamscan --remove=yes --recursive=yes --verbose /home/joe/Downloads/ /mnt/DataDrive/Music/ | grep FOUND >> /home/joe/VirusScanReports/virus-scan-report-`date +"%Y-%m-%d"`.txt
You can view the options via
clamscan --help, but I’ll decipher my choices.
--remove=yesmeans “Remove any infected files”, this can be slightly dangerous if you are scanning system files as removing a file can bonk-up things. In my case I’m scanning files that I know are “meaningless” so blast them away if they are infected.
--recursive=yesmeans “Scan sub-directories recursively”, this is obvious.
--verbosemeans…well, “Be verbose”. It can take a while to scan large directories, especially if you choose the whole system, and when it’s scanning and not showing anything I get scared that maybe something locked up. So I like to see the output to know that it’s actually working and scanning.
As a side note, my commands are verbose as well. I tend to not use the flags, like
-v instead of
–-verbose because 3 months from now when I look back I have a tendency to forget what the flags stand for. So while I could use
-r I like to completely “spell it out” as
Access the system or root cron tab via
sudo crontab -e or you can specify your favorite text editor with
sudo EDITOR=gedit crontab -e. I have it specified to run every night at 2am, before my backup runs.
0 2 * * * clamscan --remove=yes --recursive=yes --verbose /home/joe/Downloads/ /mnt/DataDrive/Music/ | grep FOUND >> /home/joe/VirusScanReports/virus-scan-report-`date +"%Y-%m-%d"`.txt
I think I can improve on this by only saving a file if a virus is found. Currently, there is a log file saved everyday and if there is no virus then the file is empty. That’s a whole bunch of empty files to be looking at all the time. I could write a script that looks at the results and only if it is not empty then I could push the results to a Zenity message box or email myself. Since these are non-essential media files I think it would be easiest to just initiate a message box.
This is an automated list of software versions used during the writing of this article.
Software Version OS Ubuntu 20.04 LTS ClamAv 0.102.3