Debian 8: Virus scan with ClamAV

Install clamav package.

$ sudo apt install -y clamav

The clamscan command will scan file or directory.

• -r option will scan directory recursively.
• -i option will show detected file only.
• –move option will move detected file to specific directory.

$ mkdir ~/virus
$ clamscan -r -i --move=$HOME/virus .

The freshclam command will update virus database.

$ sudo freshclam

If you have installed clamav-freshclam pakcage, which will be installed with clamav package, the following error will be occured.

ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).

clamav-freshclam package will update virus database automatically. You do not need to run freshclam command.

But first time update by clamav-freshclam may not work.

WARNING: getfile: Unknown response from db.local.clamav.net

For first time update, stop clamav-freshclam, run freshclam command manually and start clamav-freshclam.

$ sudo systemctl stop clamav-freshclam
$ sudo freshclam
$ sudo systemctl start clamav-freshclam

The default update interval is 24 times in a day.

$ grep Checks /etc/clamav/freshclam.conf
Checks 24

clamav-daemon package have clamd daemon and clamdscan command. The clamd daemon load database once and wait as a daemon. And run virus scan by request from clamdscan command without loading database.

clamd daemon always consume memory for database, but clamdscan is faster than clamscan. And clamdscan's behavior depends on clamd while clamscan's behavior depends clamscan's options.

$ sudo apt install -y clamav-daemon
$ clamdscan <dir>

clamtk package provides GUI window, This is useful for desktop user.

$ sudo apt install -y clamtk

clamtk is as the following. My environment needs double click to select item.

Check "scan directories recursively" in Settings.

Home directory can be scanned recursively by "Scan a directory".