Home Ubuntu How to clean virus by command line scan in Ubuntu and Linux Mint

How to clean virus by command line scan in Ubuntu and Linux Mint

by Kiran Kumar
Published: Updated:
Scan and Remove Virus

Although Linux is less vulnerable to Virus infection, it is generally a good idea to still regularly scan the entire PC, especially in a Windows-Linux dual-boot PC. Let’s look at how to perform a virus scan in an Ubuntu PC using the ClamAV opensource antivirus program.

Using this guide, one can scan Windows partition too to remove the virus. This guide is tested on Ubuntu 17.10 but should work in older versions of Ubuntu, Linux Mint, and elementary OS.

Installing ClamAV

ClamAV is a popular free and open-source software (FOSS) used for cleaning up malware from various situations, including email scanning, web scanning, and endpoint security. It provides a command-line scanner and an advanced tool for automatic database updates. Its Virus database gets updated multiple times per day.

Launch ‘Terminal’ (keyboard shortcut: <alt><control><t>) and enter the following command.

sudo apt-get install clamav

Pay attention to the Terminal and enter the root password and ‘Y’ when you see a prompt to complete the installation.

Installing ClamAV in Ubuntu 17.10

Installing ClamAV in Ubuntu 17.10

Updating ClamAV Virus Signature Database

Next, you should update the ClamAV virus database with the latest so that the scanner can detect the recent malware.

Use the following command in the Terminal.

sudo freshclam

Did you see an error that resembles the following?

ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

The error indicates that ClamAV is currently running in the background. You need to stop the program before installing updates.

Updates ClamAV Virus Signatures

Updates ClamAV Virus Signatures

Enter the following command:

sudo /etc/init.d/clamav-freshclam stop

Time to update the virus database now.

sudo freshclam

Finally, restart ClamAV using the following command:

sudo /etc/init.d/clamav-freshclam start

Scanning File System using ClamAV

ClamAV operates only in the command line. Therefore, it’s important to know what commands are available with it. To know the complete list of commands for ClamAV, enter the following in Terminal.

man clamav

Enter ‘q’ to come out of man window.

You can use various combinations to do whatever you want. For example, if you want ClamAV to scan and list only the infected files in your home directory, the command would look like this:

 clamscan -i -r ~/

You will not see any progress in the terminal, and it may look like it’s not responding, but it is completely normal. ClamAV reports the summary after the scan is finished.

ClamAV Scan Report

ClamAV Scan Report

Use the following command to remove the virus as it finds:

 clamscan --remove=yes -i -r ~/

That’s it!

You may also like

10 comments

Devdas July 3, 2018 - 3:09 AM

Very useful site for newbies like myself. Thanks a lot.

Reply
Duong March 16, 2019 - 7:03 AM

Dear,

Please guide me or give some solutions to scan malware on Centos.
I am use VPS on Vultr and my website have get malware, some malware for SEO from attacker.
How I scan and remove it from VPS.

Thanks,
Duong

Reply
Paul B April 11, 2019 - 9:22 PM

Not a programmer but love using Linux, no more Windows for me. Thanks so much for this extremely useful and important information.

Reply
Robert January 27, 2020 - 2:19 AM

I really hope I don’t appear troublesome, but apparently clam is not updating.

sincerely’
roblinx

Reply
Robert January 27, 2020 - 2:25 AM

Sorry again, but I’m using Linux mint at present.

Robert

Reply
Luis G Velazco March 31, 2021 - 11:01 AM

Thank you, your site and your knowlege is invaluable!

Reply
Bakhtiyar December 21, 2021 - 3:09 AM

Hi, i scanned my files using clamscan and after the scan completes, it shows Known viruses: 8584551.
Do i have to worry about this? is this the number of existing viruses?

Reply
someone January 5, 2022 - 4:48 AM

I THINK THAT IS THE NUMBER OF VIRUSES IT HAS SCANNED FOR OR IT KNOWS ABOUT. LOOK IN THE INFECTED FILES SECTION FOR TRUE INFO

Reply
Jay Parmar July 27, 2023 - 1:03 AM

Does this works on latest version of ubuntu 22.04

Reply
Ken August 3, 2023 - 3:10 AM

Very useful information well presented, great for a non programmer Linux amateur like me Thank You .

Reply

Leave a Comment

fl_logo_v3_footer

ENHANCE YOUR LINUX EXPERIENCE.



FOSS Linux is a leading resource for Linux enthusiasts and professionals alike. With a focus on providing the best Linux tutorials, open-source apps, news, and reviews written by team of expert authors. FOSS Linux is the go-to source for all things Linux.

Whether you’re a beginner or an experienced user, FOSS Linux has something for everyone.

Follow Us

Subscribe

©2016-2023 FOSS LINUX

A PART OF VIBRANT LEAF MEDIA COMPANY.

ALL RIGHTS RESERVED.

“Linux” is the registered trademark by Linus Torvalds in the U.S. and other countries.