KaliLinux 2018.2: Virus scan with ClamAV

This article will describe virus scan with ClamAV.

1 Virus scan with clamav package

Install clamav package.

$ sudo apt install -y clamav

The clamscan command will scan file or directory.

  • -r option will scan directory recursively.
  • -i option will show detected file only.
  • –move option will move detected file to specific directory.
$ mkdir ~/virus
$ clamscan -r -i --move=$HOME/virus .

2 Update virus database with freshclam manually

The freshclam command will update virus database.

$ sudo apt install -y clamav-freshclam
$ sudo freshclam

If clamav-freshclam.service is starting, the following error will be occured.

ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).

3 Update virus database with clamav-freshclam.service automatically

clamav-freshclam.service will update virus database automatically. You do not need to run freshclam command.

$ sudo apt install -y clamav-freshclam
$ sudo systemctl enable clamav-freshclam

But first time update by clamav-freshclam may not work.

WARNING: getfile: Unknown response from db.local.clamav.net

For first time update, stop clamav-freshclam, run freshclam command manually and start clamav-freshclam.

$ sudo systemctl stop clamav-freshclam
$ sudo freshclam
$ sudo systemctl start clamav-freshclam

The default update interval is 24 times in a day.

$ grep Checks /etc/clamav/freshclam.conf
Checks 24

4 Virus scan with clamav-daemon package

clamav-daemon package have clamd daemon and clamdscan command. The clamd daemon load database once and wait as a daemon. And run virus scan by request from clamdscan command without loading database.

clamd daemon always consume memory for database, but clamdscan is faster than clamscan. And clamdscan's behavior depends on clamd while clamscan's behavior depends clamscan's options.

$ sudo apt install -y clamav-daemon
$ sudo systemctl enable clamav-daemon
$ sudo systemctl start clamav-daemon
$ clamdscan <dir>

5 Virus scan with clamtk package

clamtk package provides GUI window, This is useful for desktop user.

$ sudo apt install -y clamtk

There is a issue with dialog message after scanning. If LC_TIME=C is not set, dialog message after scanning will not be displayed. This will prevent removing detected file after scannning.

So this article will set LC_TIME=C in desktop file. You need to set LC_TIME=C for running clamtk without desktop file.

$ sudo sed -e 's/Exec=clamtk %F/Exec=env LC_TIME=C clamtk %F/g' \
-i /usr/share/applications/clamtk.desktop

clamtk is as the following. My environment needs double click to select item.

0001_ClamTk.png

Check "scan directories recursively" in Settings.

0002_ScanDirectoriesRecursively.png

Home directory can be scanned recursively by "Scan a directory".

0003_ScanADirectory.png