ClamAV: a Solid Alternative to Malwarebytes for Linux

Malwarebytes is a popular choice for tackling malware on Windows and macOS. However, it’s not available for Linux. This absence creates a need for Linux users to find an alternative solution that is effective and fits well within the Linux environment. ClamAV is a compelling option.

Why ClamAV?

Platform compatibility: ClamAV is specifically designed for Linux and other Unix-like systems, ensuring compatibility and optimization for these platforms.

Open source nature: ClamAV’s open-source nature is a considerable benefit. It aligns with the Linux community’s preference for transparent, community-driven software. Users are free to examine, modify, and share the code, promoting a sense of trust and security.

Customizability and control: Linux users often value having control over their software. ClamAV’s command-line interface offers a level of customization and control that is appreciated in the Linux environment.

Resource efficiency: ClamAV is lightweight and doesn’t put a strain on system resources, which is important for users who use Linux on various hardware, including older machines and servers.

Functionality: Although real-time scanning isn’t available out of the box like Malwarebytes’ premium version, ClamAV effectively covers the essentials of malware detection and removal. For real-time protection, more advanced users can configure ClamAV’s daemon, clamd, though it requires extra configuration.

Linux users don’t have to miss Malwarebytes, thanks to ClamAV. It’s not just an alternative, but a solution tailored for the Linux environment. Its combination of efficiency, customizability, and open-source design makes it a reliable choice for Linux users.

Before we proceed with the installation steps, it’s important to understand what ClamAV is. ClamAV is an open-source antivirus engine designed to detect Trojans, viruses, malware, and other malicious threats. It’s popular in the Linux community because it is non-intrusive and compatible with various distributions.

Pre-installation Checklist

Before starting, make sure your Linux system is up-to-date for security and compatibility. Open your terminal and enter:

sudo apt-get update
sudo apt-get upgrade

This updates your system’s package list and upgrades the packages.

Installing ClamAV

Scheduling Regular Scans with cron

Regular scans are essential for maintaining system security. The most effective method is to automate these scans using cron.

Step 1: Edit the crontab file:

crontab -e

Step 2: Add a line for scheduled scans, for example, every day at 3 am:

0 3 * * * sudo clamscan -r --bell -i / > /path/to/logfile.log

Daemon Mode for Continuous Scanning

ClamAV Daemon (clamd) offers real-time scanning, making it a very effective method. Ensure the clamd service is running:

Step 1: Enable and start the clamd service:

sudo systemctl enable --now clamd

Common Commands for All Distros

Here are some useful commands if you prefer manual scans:

  • Scan a Directory:

    clamscan -r /path/to/directory
    
  • Scan with Detailed Logs:

    clamscan -r --bell -i /path/to/directory
    

Ubuntu/Debian

Step 1: Update Package List:

sudo apt update

Step 2: Install ClamAV:

sudo apt install clamav clamav-daemon -y

Step 3: Update Virus Definitions:

sudo freshclam

Step 4: Start the ClamAV Service:

sudo systemctl enable --now clamav-freshclam

RHEL/CentOS/Fedora

Step 1: Install EPEL Repository (if needed, for RHEL/CentOS):

sudo yum install epel-release -y  # CentOS/RHEL 7 and below
sudo dnf install epel-release -y # RHEL/CentOS 8 and above

Step 2: Install ClamAV:

sudo yum install clamav clamav-update -y  # CentOS/RHEL 7
sudo dnf install clamav clamav-update -y # RHEL/CentOS 8/Fedora

Step 3: Update Virus Definitions:

sudo freshclam

Step 4: Start the ClamAV Service:

sudo systemctl enable --now clamav-freshclam

Arch Linux

Step 1: Install ClamAV:

sudo pacman -S clamav

Step 2: Update Virus Definitions:

sudo freshclam

Step 3: Start the ClamAV Service:

sudo systemctl enable --now clamav-freshclam

openSUSE

Step 1: Install ClamAV:

sudo zypper install clamav

Step 2: Update Virus Definitions:

sudo freshclam

Step 3: Start the ClamAV Service:

sudo systemctl enable --now freshclam

Sample Output of clamscan

$ clamscan -r /home/user

/home/user/file1.txt: OK
/home/user/file2.txt: OK
/home/user/malicious_file.exe: Win.Trojan.Generic-123456 FOUND
/home/user/images/image1.jpg: OK
/home/user/archive.zip: OK

----------- SCAN SUMMARY -----------
Known viruses: 8725463
Engine version: 1.0.1
Scanned directories: 5
Scanned files: 45
Infected files: 1
Data scanned: 12.36 MB
Time: 00:02:34

ClamAV is a reliable and straightforward antivirus solution for Linux users. Regular updates and scans are key to keeping your system secure.