Secure Debian with ClamAV Antivirus

Although Linux is popular for being mostly virus-free, there might still exist some-especially if you usually download stuff from unreliable sources. Since viruses are not a major issue in Linux, there is not a huge pool of antivirus available for this operating system. One of the best among these is the ClamAV antivirus which does its job pretty well.

In this article, we will explain how you can install and use the following programs to scan your Debian system for viruses:

  • ClamAV-A command-line utility: It is a free, open-source, and cross-platform antivirus toolkit for detecting many types of malicious software and viruses.
  • ClamTK-A Graphical utility: ClamTk is a graphical front-end for the Clam Antivirus. It is designed to be an easy-to-use, lightweight, on-demand antivirus scanner for Linux systems.

We have run the command and procedures mentioned in this article on a Debian 10 Buster system.

Working with ClamAV

If you prefer a command-line utility for busting viruses on your Debian, you can use the ClamAV software through your Terminal application.

Install ClamAV on Debian 10

Follow these steps in order to install ClamAV on your Debian.

First, open the Terminal application through the application launcher search as follows:

Debian terminal

In order to install the latest available version of the software from the Internet repositories, your local repository index needs to be in line with them. Run the following command as sudo in order to update your local repository index:

$ sudo apt-get update

Update packages

Please note that only an authorized user can add/remove and configure software on Debian.

Then, run the following command as sudo in order to install the ClamAV daemon from the APT repositories:

$ sudo apt-get install clamav clamav-daemon

Install ClamAV Antivirus

The system might ask you the password for sudo and also provide you with a Y/n option to continue the installation. Enter Y and then hit enter; ClamAV will then be installed on your system. The process may, however, take some time depending on your Internet speed.

You can verify your ClamAV installation and also check the version number by running the following command in your Terminal:

$ clamscan --version

Check ClamAV version

Scan Debian Linux for Viruses

The ClamAV utility provides you with many options on the basis of which you can scan files and folders on your system for viruses. You can get detail about these options by viewing the ClamAV help as follows:

$ clamscan --help

Example:

In this example, I will be scanning the current user’s Pictures folder.

$ sudo clamscan --infected --remove --recursive /home/sana/Pictures

It is usually good to run the command as sudo so that all the confidential folders can also be scanned without permission issues.

The command is supposed to scan and remove all the files and folders recursively inside the /home/user/Pictures folder.

The output shows the Scan Summary in the following format:

Debian Virus scan

You can use the following command in order to scan your entire Debian system:

$ sudo clamscan --infected --remove --recursive /

Uninstall

If you ever feel like removing the ClamAV utility from your Debian, you can do so through the following command:

$ sudo apt-get remove clamav clamav-daemon

Uninstall ClamAV

Enter y when the system prompts you with a y/n option. The software will then be removed from your system.

Working With ClamTK ClamAV GUI

If you prefer using the Debian GUI for busting viruses on your Debian, you can use the ClamTK software that is easily available in the Debian Software Center.

Install ClamTK

Please follow these steps in order to install ClamTK using the Debian Software Manager:

On your Debian desktop Activities toolbar/dock (hit the Super/Windows key to access it), click the Debian Software icon.

Debian Desktop

Click the search icon and enter ClamTK in the search bar. The search results will list the relevant entries as follows:

ClamTK Debian Package

The ClamTK entry listed here at the top is the one maintained by the Debian Stable Main repository. Click on this search entry to open the following view:

Install ClamTK

Click the Install button to begin the installation process. The following authentication dialog will appear for you to provide your authentication details.

Authenticate as Admin

Please note that only an authorized user can add/remove and configure software on Debian. Enter your password and click the Authenticate button. After that, the installation process will begin, displaying a progress bar as follows:

Installation Progress

ClamTK will then be installed on your system and you will get the following message after a successful installation:

Launch ClamAV GUI

Through the above dialog, you can choose to directly launch ClamTK and even Remove it immediately for whatever reason.

How to Scan for Viruses

You can launch ClamTK through the command line by running the following command:

$ clamtk

Or, use the Application Launcher search bar to launch the application as follows:

ClamTK Icon

This is how the ClamTK utility looks like:

ClamTK

Through this UI you can make the following configurations:

  • View and set your preferences through the Settings icon
  • View and update scanning whitelist through the Whitelist icon
  • Edit proxy settings through the Network icon
  • Schedule scan or signature update through the Scheduler icon

You can manage History, such as:

  • View previous scans using the History icon
  • Manage quarantined files through the Quarantine icon

Manage Updates such as:

  • Updating antivirus signatures through the Update icon
  • Configure signature update preferences through the Update Assistant icon

Most importantly, you can perform scanning functions such as:

  • Scan a File
  • Scan a directory
  • View a file’s reputation through the Analysis icon

Uninstall

If you want to remove ClamTK that was installed using the above method, you can remove it from your system as follows:

Open the Debian Software Manager and search for ClamTK. You will see the “Installed” status in the search entry. Click this entry and then click Remove from the following view:

Uninstall ClamTK

The system will prompt you with an Authentication dialog. The software will be removed when you provide the password for sudo user and click Authenticate on the dialog.

So these were two ways to use the Clam Antivirus; through the command line and through the UI. You can install and use one, or even both, depending on your preference and make sure that your Debian files are free of any malicious content.