Keep Windows Malware off Your System

Keep Windows Malware off Your System

Linux users can help protect their Windows-using brethren from the myriad virus infestations out in the wild with some free anti-virus tools.

It's well known among Linux users that ours is an operating system that doesn't have to worry about viruses, unlike that other OS made in Washington state that appears to be completely overrun by them. Even so, there are still very good open source anti-virus tools available to run on Linux, principally among them ClamAV. But why do people running Ubuntu need anti-virus software?

If you receive infected materials that may be sent along to Windows users, it sure would be good to prevent the transfer of virus-laden files. If you share files via Samba with people on Windows, you probably want to know if some of those are infected, just as a point of pride if nothing else. And, finally, a huge plague of Linux viruses could be unleashed upon the world sometime in the future, so it's good to be prepared (sure, it's about as likely as the dead rising from their graves to eat the brains of the living, but you never know).

And besides, it doesn't really hurt to run ClamAV on your system. The resources it takes up are miniscule, and the vast majority of the time, you'll never even know it's there. So why not?

To install ClamAV, run the following command (you'll need the universe repository enabled [Hack #60]):

$ sudo apt-get install clamav

This will prompt apt to download some dependencies required by clamav, including clamav-base and clamav-freshclam. Go ahead and accept them, and let apt download and install the software. You may find that configuration problems occur due to one of the packages needing to be configured before another can be configured, so you may have to run the following command to straighten things out:

$ sudo apt-get -f install

You should see the various clamav packages successfully set up, and then apt will start freshclam for you automatically.

You've installed the base packages, but you haven't installed a GUI yet. ClamAV doesn't need a GUIthe whole thing can be run from the command line, and, in fact, that's best for scriptingbut if you want a GUI, you have a choice. If you use Kubuntu, you can install klamav, a KDE-based frontend for ClamAV; if you use Ubuntu, avscan, a GTK-based frontend is what you want. Or you can install both, as it really doesn't hurt anything. I'll install both, even though I'm basically a Kubuntu user:

$ sudo apt-get install avscan klamav

A lot of dependencies are required for these two packages, so go ahead and accept them. I'm going to focus the rest of this hack on the command line, but here's a quick glimpse of the frontends. Ubuntu's GUI, AntiVirus Scanner, is shown in Figure.

Ubuntu's virus scanner

Kubuntu's virus scanner

By the way, even if you're using Ubuntu, you can still run KlamAV if you have the KDE libraries installed. I recommend using KlamAV over AntiVirus Scanner if at all possible, since it's a much nicer program.

Now, back to the command line. To check for regular virus-definition updatesone of the key features of an anti-virus programClamAV uses freshclam. The config file that handles update checking is /etc/clamav/freshclam.conf, but you really don't need to do anything to it, since it automatically checks for new virus definitions once an hour, every day. Now that's timeliness!

To actually scan your system for nasties, ClamAV uses clamscan. If you look at man clamscan, you'll see the full list of options available to you. Two that you'll want to use most of the time are -r, which orders ClamAV to scan recursively through the directory you specify as well as all its subdirectories, and -i, which has ClamAV print only the names of infected files, as opposed to every single file that ClamAV scans.

In addition, you probably want to quarantine infected files. To do so, you'll want to use an option like --move=/tmp/virus, but /tmp/virus must exist before clamscan runs.

Putting everything together, run the following command if you want to scan your home directory on demand:

$ mkdir /tmp/virus
$ clamscan -ri --move=/tmp/virus 

It's a better idea to set up a cron job that automatically scans your entire hard drive in the middle of the night. To do so, add the following line to /etc/crontab as root:

11 3 * * * root mkdir /tmp/virus ; clamscan -ri --log=/var/log/clamscan.log 
--move=/tmp/virus /

At 3:11 A.M. every morning, a directory in /tmp/virus will be created, and then clamscan will run. Any infected objects will be quarantined, and a log of activity will be created as well.

ClamAV probably integrates with your email program as well. KMail and Sylpheed Claws (, for instance, allow you to select ClamAV directly as your anti-virus program of choice. Evolution and many others adopt a much less user-friendly method by forcing users to manually create a filter that pipes mail through ClamAV. That's pretty bad, and I hope that Evolution and other apps like it come to their senses and allow users to specify ClamAVor other anti-virus programsdirectly. It's the only reasonable thing to do.

Who says you have to pay $50 for expensive, bloated anti-virus software? ClamAV does the job, efficiently and easily...and for free!

For further information about ClamAV, see the Clam AV web site at, and especially the Clam AntiVirus User Manual at

Scott Granneman

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows