How to Install and Use ClamAV Antivirus on Debian 12

ClamAV or Clam Anti-Virus is an open-source anti-virus and anti-malware toolkit for multiple operating systems. It supports a multi-threaded daemon, a command-line scanner, and automatic signature database update. ClamAV is designed to scan files quickly and also provides real-time protection for your Linux box. It also scans compressed and archived files, and it has built-in archive extraction capabilities for multiple formats such as 7Zip, Tar, ISO, IMG, HFS, XZ, Bzip2, and many more.

In this tutorial, you'll learn how to install ClamAV on Debian 12 server. You'll also learn how to use 'freshclam' to update your database signatures, how to use 'clamscan' to scan files and directories on a Linux system, and also learn how to use 'clamav-daemon' for automatic scanning.

Prerequisites

Before moving one, make sure you have the following:

  • A Debian 12 server
  • A non-woot user with administrator privileges

Installing ClamAV

ClamAV is an open-source anti-malware toolkit with cross-platform support. It is available on most Linux distribution repositories. On a Debian system, you can easily install ClamAV via the APT package manager.

First, run the 'apt' command below to update your Debian package index.

sudo apt update

update repo

Now install 'clamav' and other packages using the command below. Enter 'Y' to proceed with the installation.

sudo apt install clamav clamav-daemon clamav-freshclam clamdscan

install clamav

In this example, you'll install the following packages:

  • clamav: ClamAV anti-virus package
  • clamav-daemon: scanner daemon for ClamAV for automatic scanning
  • clamav-freshclam: ClamAV utility for updating virus database signatures and used for mail server integration
  • clamdscan: The command line interface for 'clamav-daemon'

After the installation is finished, check the ClamAV service status with the command below.

sudo systemctl is-enabled clamav-daemon
sudo systemctl status clamav-daemon

Configuring ClamAV

After you've installed ClamAV, you need to configure mirror and update the signature databases, and then start and enable the 'clamav-freshclam' service to enable automatic update of malware/virus signature databases.

Open the configuration '/etc/clamav/freshclam.conf' with the following 'nano' editor:

sudo nano /etc/clamav/freshclam.conf

Adjust the 'DatabaseMirror' configuration with your default country code. Or you can leave the configuration as default.

DatabaseMirror db.<country code>.clamav.net

Save the file and exit the editor.

Now run the 'freshclam' command below to update your anti-virus database.

sudo freshclam

update database

Once the database is updated, run the 'systemctl' command below to start and enable the 'clamav-freshclam' service. Your anti-virus database will be updated automatically by the 'clamav-freshclam' service.

sudo systemctl enable --now clamav-freshclam

Lastly, check the 'clamav-freshclam' service with the command below. You'll see that the service is running and enabled.

sudo systemctl status clamav-freshclam

freshcalam service

Scanning Files and Directories with ClamAV

So far, you've installed ClamAV and configured the database signature via the 'clamav-freshclam' service. In this section, you'll learn how to scan files and directories with the ClamAV 'clamscan' command.

Before scanning files or directories, ensure that the 'clamav-daemon' service is running. Check it with the command below.

sudo systemctl status clamav-daemon

If running, you'll see an output such as 'active(running)'.

clamav daemon status

To scan the file with ClamAV, run the 'clamscan' command followed by the filename like the following.

clamscan file.docx

As for scanning a directory, you can follow the directory name like the following.

clamscan /home/

Now you can run the command below to skip any result with the status 'OK'.

clamscan -o /home/

Or you can just show the infected file with the '-i' option.

clamscan -i /home/

Run the command below to scan the directory recursively and print infected files.

clamscan -i -r /home

Lastly, you can use the '-r' with the '--move' parameter to move infected files to the target directory.

clamscan -i -r --move=/home/$USER/infected /home/

Automatic Scanning with ClamAV Daemon

ClamAV provides automatic scanning via the 'clamav-daemon' service. Now you'll learn how to configure the 'clamav-daemon' to automatically scan your system directories such as '/home', '/etc', and '/var'.

Open the ClamAV daemon configuration '/etc/clamav/clamd.conf' using the 'nano' editor.

sudo nano /etc/clamav/clamd.conf

Insert the configuration below to configure automatic scan for directories such as '/home', '/etc', and '/var'. The 'ScanOnAccess' will enable real-time protection through the 'clamd' to scan files when they're accessed.

ScanOnAccess yes
OnAccessIncludePath /home
OnAccessIncludePath /etc
OnAccessIncludePath /var

Save the file and exit the editor when finished.

Now run the 'systemctl' command below to start and enable the 'clamav-daemon' service.

sudo systemctl restart clamav-daemon

Lastly, check the 'clamav-daemon' service status to ensure it is running.

sudo systemctl status clamav-daemon

You can see below that the 'clamav-daemon' service is running, which means that ClamAV scanning will be run automatically.

clamav daemon status

Debugging ClamAV

The default log file for ClamAV is located in the '/var/log/clamav/clamav.log' file. You can check the log file with the 'tail' command below.

tail -f /var/log/clamav/clamav.log

Now run the 'tail' command below to check the log file for the 'freshclam' service that will automatically update your anti-virus database.

tail -f /var/log/clamav/freshclam.log

You can also monitor the ClamAV service status using the 'clamdtop' command.

clamdtop

Conclusion

Congratulations! You've completed the installation of ClamAV on the Debian 12 server. You've also configured the 'DatabaseMirror' for ClamAV signatures and learned about the 'freshclam' command for updating database signatures from the command line. Next, you've learned how to scan files and directories with ClamAV via 'clamscan' command. Lastly, you've configured an automatic scan for viruses and malware with ClamAV through the 'clamav-daemon' and learned how to check ClamAV logs and processes.

Share this page:

0 Comment(s)