1. Home
  2. Linux
  3. Find viruses via the command line linux

How To Find Viruses Via The Command-line On Linux

Most may not know it, but Linux can get viruses too. Thankfully, there’s a tremendous command-line tool that mny Linux users use, and it’s called ClamAV. With it, users will be able to detect types of viruses via the command-line and look for exploits (for both Windows and Linux).

Install ClamAV

ClamAV is easy to install on Linux thanks to the fact that it’s included in many mainstream distribution software sources. To install this application, open up a terminal and follow along with the instructions below to get it working.

Note: ClamAV has a graphical version of the application if you dislike the Linux command-line. It takes all of the best aspects of the terminal and puts it in an easy to use UI. Check the official website to learn more.

Ubuntu

sudo apt install clamav

Debian

sudo apt-get install clamav

Arch Linux

sudo pacman -S clamav

Fedora

sudo dnf install clamav

OpenSUSE

sudo zypper install clamav

Generic Linux

Building the ClamAV virus scanner from source on the Linux platform requires a few dependencies. Install all of these programs on your computer before continuing.

  • gcc or clang C compiler
  • OpenSSL
  • zlib library
  • wget

With the dependencies taken care of on your Linux computer, it’s time to start the building process. Grab the latest code release of ClamAV with the wget download tool.

Note: as you are building the program from source, automatic updates are not possible. To ensure that your virus scanner is always up to date, re-download ClamAV’s code here and compile the code regularly.

wget https://www.clamav.net/downloads/production/clamav-0.100.2.tar.gz

Don’t have wget? Try cURL instead:

curl https://www.clamav.net/downloads/production/clamav-0.100.2.tar.gz > clamav-0.100.2.tar.gz

Now that the code is done downloading through wget extract the TarGZ archive of ClamAV.

tar zxvf clamav-0.100.2.tar.gz

Using the CD command, move your terminal session from the home folder to the newly extracted clamav-0.100.2 folder.

cd clamav-0.100.2

Run the configure script. Configure will allow you to determine all of the dependencies for the build requirements are satisfied.

./configure --with-user

If the Configure script doesn’t show you any warnings, everything is good to go. Start the code compilation process by executing the make command.

make

Let the code compiler tool build ClamAV. It may take a long time, so be patient. When the building process is complete, install the software on your Linux PC with the make install command.

sudo make install

Find Viruses Via Command-line

Virus scanners find trojans and other issues by checking a “definitions” file. This definitions file is a list that tells the scanner about questionable items. ClamAV has a definition file as well, and users can update it with the freshclam command. In the terminal, run:

sudo freshclam

Be sure to regularly run the freshclam command weekly (or even daily if you are paranoid about viruses showing up on your Linux PC or server).

Once you’ve got the latest virus definitions for ClamAV on Linux, you’ll be able to scan for vulnerabilities. To examine an individual folder for viruses, run the command below:

sudo clamscan /location/of/folder/

It is also possible to use the clamscan to scan for viruses in a directory, along with every sub-directory inside, by using the r switch.

sudo clamscan -r /location/of/folder/

Scan Home Folder

The home directory on Linux is the primary location that users interact with on the computer. Therefore, if you do have a virus, it’ll be in this folder, or it’s many sub-folders. To scan the home folder, point the clamscan command at /home/username/. Alternatively, use ~/, if you don’t want to type out a username.

Note: use the -v switch to print out the scanning process that ClamAV otherwise hides.

sudo clamscan -rv ~/

or

sudo clamscan -rv /home/username

Want to scan more than one user’s home folder? Try pointing clamscan at /home/, instead of /home/username/.

sudo clamscan -rv /home/

System-wide Scan

You may have dangerous and questionable files on your Linux PC outside of your home folder. If you want to scan for items like this, you’ll need to do a system-wide scan. Use clamscan, and point it directly at your root directory.

sudo clamscan -rv /

Scan Single File

ClamAV is often used to scan Linux file systems for vulnerable files. Another use for ClamAV is to scan individual files for issues. To scan an individual file, run clamscan and point it directly to the location of the file.

Note: be sure to customize the commands below to meet your own needs.

sudo clamscan -v /location/of/file/file.file

Alternatively, use the CD command to move to the file’s exact location, then, run the scan.

cd /location/of/file/file.file
sudo clamscan -v file.file

default avatar image
Read Full Bio
AddictiveTips Team
Latest from Author
Deploy SeaFile in Docker on Ubuntu Server How to install TeamSpeak5 on Chromebook

2 Comments

  1. In Gentoo you are already building ClamAV directly from the command line:

    emerge clamav -v

    It compiles it already. Please add Gentoo also 🙂

Searching for something else?

Chances are, we can find what you're looking for: