knowledge/technology/applications/clamav.md

---
obj: application
arch-wiki: https://wiki.archlinux.org/title/ClamAV
website: https://www.clamav.net
rev: 2024-01-17
---

# ClamAV
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. Because ClamAV's main use is on file/mail servers for [Windows](../windows/Windows.md) desktops, it primarily detects [Windows](../windows/Windows.md) viruses and malware with its built-in signatures.

## Usage
### Updating database
Update the virus definitions with:
```shell
freshclam
```

The database files are saved in:
```
/var/lib/clamav/daily.cvd
/var/lib/clamav/main.cvd
/var/lib/clamav/bytecode.cvd
```

Start/Enable`clamav-freshclam.service` so that the virus definitions are kept recent.

### Starting the daemon

> **Note:**
> -   You will need to run `freshclam` before starting the service for the first time or you will run into trouble/errors which will prevent ClamAV from starting correctly.
> -   The daemon is not needed if you only want to perform stand-alone scans.

The service is called `clamav-daemon.service`.

### Scanning for viruses
`clamscan` can be used to scan certain files, home directories, or an entire system:
```shell
clamscan myfile
clamscan --recursive --infected /home/archie
clamscan --recursive --infected --exclude-dir='^/sys|^/dev' /
```

If you would like `clamscan` to remove the infected file add to the command the `--remove` option, or you can use `--move=/dir` to quarantine them.

You may also want `clamscan` to scan larger files. In this case, append the options `--max-filesize=4000M` and `--max-scansize=4000M` to the command. '4000M' is the largest possible value, and may be lowered as necessary.

Using the `-l /path/to/file` option will print the `clamscan` logs to a text file for locating reported infections.
init 2023-12-04 10:02:23 +00:00			`---`
			`obj: application`
			`arch-wiki: https://wiki.archlinux.org/title/ClamAV`
add revs based on git commits 2024-03-08 21:53:45 +00:00			`website: https://www.clamav.net`
			`rev: 2024-01-17`
init 2023-12-04 10:02:23 +00:00			`---`
refactor 2023-12-05 14:57:53 +00:00
init 2023-12-04 10:02:23 +00:00			`# ClamAV`
			`Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. Because ClamAV's main use is on file/mail servers for [Windows](../windows/Windows.md) desktops, it primarily detects [Windows](../windows/Windows.md) viruses and malware with its built-in signatures.`

			`## Usage`
			`### Updating database`
			`Update the virus definitions with:`
			```shell
			`freshclam`
			```

			`The database files are saved in:`
			```
			`/var/lib/clamav/daily.cvd`
			`/var/lib/clamav/main.cvd`
			`/var/lib/clamav/bytecode.cvd`
			```

remove non ascii whitespaces 2024-01-17 08:44:04 +00:00			Start/Enable`clamav-freshclam.service` so that the virus definitions are kept recent.
init 2023-12-04 10:02:23 +00:00
			`### Starting the daemon`

refactor 2023-12-05 14:57:53 +00:00			`> Note:`
fix 2023-12-05 22:23:33 +00:00			> - You will need to run `freshclam` before starting the service for the first time or you will run into trouble/errors which will prevent ClamAV from starting correctly.
refactor 2023-12-05 14:57:53 +00:00			`> - The daemon is not needed if you only want to perform stand-alone scans.`

fix 2023-12-05 22:23:33 +00:00			The service is called `clamav-daemon.service`.
refactor 2023-12-05 14:57:53 +00:00
			`### Scanning for viruses`
fix 2023-12-05 22:23:33 +00:00			`clamscan` can be used to scan certain files, home directories, or an entire system:
refactor 2023-12-05 14:57:53 +00:00			```shell
			`clamscan myfile`
			`clamscan --recursive --infected /home/archie`
			`clamscan --recursive --infected --exclude-dir='^/sys\|^/dev' /`
			```

fix 2023-12-05 22:23:33 +00:00			If you would like `clamscan` to remove the infected file add to the command the `--remove` option, or you can use `--move=/dir` to quarantine them.
refactor 2023-12-05 14:57:53 +00:00
fix 2023-12-05 22:23:33 +00:00			You may also want `clamscan` to scan larger files. In this case, append the options `--max-filesize=4000M` and `--max-scansize=4000M` to the command. '4000M' is the largest possible value, and may be lowered as necessary.
init 2023-12-04 10:02:23 +00:00
fix 2023-12-05 22:23:33 +00:00			Using the `-l /path/to/file` option will print the `clamscan` logs to a text file for locating reported infections.