How to install ClamAV on Ubuntu 17.04

To install ClamAV on Ubuntu 17.04

Having your system and server affected by malicious elements is perhaps the last thing you would want. Installing a powerful anti-virus software could keep your system immune to those malicious elements like virus, malware, spyware, etc. Once such Anti-Virus known to have these properties is ClamAV.

ClamAV is free, open source, cross platform and command-line based antivirus software. One of the most notable features of ClamAV is its ability to function as a server side email virus scanner. We have already covered the installation of ClamAV on the previous versions of Ubuntu, now we' ll guide you through the installation of ClamAV on Ubuntu 17.04

Installing ClamAV

Begin the installation of ClamAV by running the following command. 

root@linuxhelp1:~# apt install clamav -y
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  clamav-base clamav-freshclam libclamav7 libllvm3.9 libmspack0 libtfm1
Suggested packages:
  clamav-docs libclamunrar7
The following NEW packages will be installed:
  clamav clamav-base clamav-freshclam libclamav7 libllvm3.9 libmspack0 libtfm1
0 upgraded, 7 newly installed, 0 to remove and 56 not upgraded.
1 not fully installed or removed.
Need to get 12.3 MB of archives.
After this operation, 50.1 MB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu zesty/main amd64 libmspack0 amd64 0.5-1 [38.2 kB]
Get:2 http://in.archive.ubuntu.com/ubuntu zesty/main amd64 clamav-base all 0.99.2+dfsg-6 [57.8 kB]
.
.
.
Processing triggers for libc-bin (2.24-9ubuntu2.2) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (232-21ubuntu2) ...


Once the installation is done, invoke the following command to edit freshclam config.

root@linuxhelp1:~# sed -i -e " s/^NotifyClamd/#NotifyClamd/g"  /etc/clamav/freshclam.conf

After that, stop the clam server and update the machine by running the following command.

root@linuxhelp1:~# /etc/init.d/clamav-freshclam stop
[ ok ] Stopping clamav-freshclam (via systemctl): clamav-freshclam.service.
root@linuxhelp1:~# freshclam
ClamAV update process started at Mon Jun 19 23:41:10 2017
Downloading main.cvd [100%]
main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
WARNING: getfile: Unknown response from db.local.clamav.net (IP: 219.94.128.99)
WARNING: Can' t download daily.cvd from db.local.clamav.net
.
.
.
Downloading daily.cvd [100%]
daily.cvd updated (version: 23488, sigs: 1736840, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 303, sigs: 59, f-level: 63, builder: anvilleg)
Database updated (6303148 signatures) from db.local.clamav.net (IP: 27.96.54.66)

Now, you can start the ClamAV service as follows.

root@linuxhelp1:~# /etc/init.d/clamav-freshclam start
[ ok ] Starting clamav-freshclam (via systemctl): clamav-freshclam.service.

ClamAV is fully functional now. Start the scan by triggering the following command. 

root@linuxhelp1:~# clamscan --infected --remove --recursive /home
----------- SCAN SUMMARY -----------
Known viruses: 6297599
Engine version: 0.99.2
Scanned directories: 82
Scanned files: 82
Infected files: 0
Data scanned: 3.77 MB
Data read: 2.86 MB (ratio 1.32:1)
Time: 15.577 sec (0 m 15 s)

Here in the scan, there isn' t any infected file. You can also download an infected virus file as shown below for testing

root@linuxhelp1:~# wget http://www.eicar.org/download/eicar.com
--2017-06-20 00:10:38--  http://www.eicar.org/download/eicar.com
Resolving www.eicar.org (www.eicar.org)... 213.211.198.62
Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/octet-stream]
Saving to: ‘ eicar.com’ 
eicar.com                                   100%[=========================================================================================> ]      68  --.-KB/s    in 0s      
2017-06-20 00:10:42 (10.7 MB/s) - ‘ eicar.com’  saved [68/68]

This file contains virus and it is for testing with ClamAV

Once the infected file is downloaded, run ClamAV scan again. 

root@linuxhelp1:~# clamscan --infected --remove --recursive ./
./eicar.com: Eicar-Test-Signature FOUND
./eicar.com: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 6297599
Engine version: 0.99.2
Scanned directories: 81
Scanned files: 83
Infected files: 1
Data scanned: 3.77 MB
Data read: 2.86 MB (ratio 1.32:1)
Time: 13.544 sec (0 m 13 s)

At the end of the scan, ClamAV finds the infected file and have removed it.

These are the steps involved in the installation of ClamAV on Ubuntu 17.04. ClamAV is a useful anti-virus application and comes with a command-line scanner, automatic database updater and a scalable multi-threaded daemon, running on an anti-virus engine.

Tag : Ubuntu ClamAV
Comment
GOO
Oct 14 2017
hello i seem to have a problem. any idea ho to solve this issue so that i can install clamAV. this is what i get in the terminal. paladium@operativo-U80A:~$ apt install clamav -y E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied) E: Unable to lock the administration directory (/var/lib/dpkg/), are you root? no idea how i got this :(
Add a comment
FAQ
Q
What is Calmav in Ubuntu?
A
ClamAV is free, open source, cross-platform and command-line based antivirus software. One of the most notable features of ClamAV is its ability to function as a server-side email virus scanner.
Q
What is the mirrors.dat file?
A
mirrors.dat is used by freshclam to keep track of broken mirrors. It avoids the unnecessary delays caused by trying to download a CVD update from a mirror which failed multiple times during the last 24 hours.
Q
How to install ClamAV on Ubuntu 17.04?
A
Run the following command:
# apt install clamav
Q
Can I resolve current.cvd.clamav.net! Is there a problem with your/my DNS servers?
A
current.cvd.clamav.net has got only a TXT record, not a type A record! Try this command: $ host -t txt current.cvd.clamav.net. Please note that some not RFC compliant DNS servers (namely the one shipped with the Alcatel (now Thomson) SpeedTouch 510 modem) can’t resolve TXT record. If that’s the case, please recompile ClamAV with the flag --enable-DNS-fix.
Q
Can I download the virusdb manually?
A
Yes, the virusdb can be downloaded from the Latest releases section on our home page.