Virus Scanner and Protection for Ubuntu Linux

Generally, Linux systems are not as susceptible to viruses as Windows systems are. However, it is better to be safe and install virus protection in your Linux system. The software is free and easy to install and setup.

This post discuses ClamTK, which is a graphical front end for the ClamAV command-line virus scanner available online from http://www.clamav.net.

Installing ClamTK

To install ClamTK and ClamAV, select Administration | Synaptic Package Manager from the System menu.

Selecting Synaptic Package Manager

Enter your password when asked. The Synaptic Package Manager dialog box displays. In the Quick search edit box enter clamtk. The search automatically starts as you enter the text and the clamtk package is added to the list. Right-click on the check box next to the package name and select Mark for Installation from the pop-up menu.

Mark ClamTK for installation

A dialog box displays listing additional changes that need to be made to support the installation of ClamTK. Click the Mark button.

Marking additional required changes

Click the Apply button on the Synaptic Package Manager dialog box.

Applying marked changes

A Summary dialog box displays showing you the changes to be made. Click the Apply button.

Summary of changes to be applied

Another dialog box displays showing you the progress of the download of the package files.

Downloading the package files

Once the downloading is finished, a dialog displays telling you that the changes have been applied. Click Close.

Changes applied

Select Quit from the File menu to close the Synaptic Package Manager.

Closing the Synaptic Package Manager

Configuring ClamTK

Before using ClamTK to scan for viruses, you must run it as root so the virus database can be updated.

Open a Terminal window and type the following at the prompt:

$ gksu clamtk

Enter your password when asked. A dialog box displays asking how you will update your antivirus signatures. If this is a personal computer that only you use and you need to be able to update the signatures from your account, click the Single User button. For this example, that is the option we selected.

Antivirus Signatures update options

The Save button activates when you either click Single User or System Wide. Click the Save button to save your selected option. A message telling you your preferences were saved displays at the bottom of the dialog box. Click Quit.

Once the program opens, select Update Signatures from the Help menu.

Selecting the Update Signatures option

The Updates dialog box displays. Click the Check for updates button.

Checking for updates

Once the update is finished, close ClamTK.

NOTE: Future updates of the virus signatures will happen automatically and periodically in the background as a scheduled task.

After installing the version of ClamTK that comes with Ubuntu 9.10, the Virus Scanner option is available under System Tools on the Applications menu. This will change once you update the software.

Updating the ClamTK Graphical User Interface (GUI)

The version of ClamTK, at least as of the writing of the post, was not technically the latest version. Download the latest version as a .deb file from http://clamtk.sourceforge.net/.

To install the updated version, make sure ClamTK is not running. Then, open a Terminal window, become root by typing sudo –i, and type the following command:

$ dpkg –i clamtk_4.25-1_all.deb

NOTE: The filename listed above was for the version as the writing of this post (4.25). It may be different when you download the latest version.

Setting Preferences

Now that you have updated the virus signatures and updated the program, you are almost ready to scan your system. You should make sure the preferences are set the way you want them. Open ClamTK by selecting Accessories | Virus Scanner from the Applications menu.

Opening the ClamTK program

Select Preferences from the Advanced menu.

Selecting the Preferences option

The Preferences dialog box displays. Click through the tabs and select the settings you want. It is recommended that you select the Scan files beginning with a dot (.*) option so that hidden files in your system are scanned. Click Close.

Preferences dialog box

Scanning for Viruses

To start scanning for viruses, select Recursive Scan from the Scan menu.

Selecting Recursive Scan

The Select a Directory dialog box displays. If you want to scan your entire system, click on File System under Places.

Selecting a directory to scan

NOTE: A full-system scan is very intensive and may take a long time. It might even seem like ClamTK has locked up or crashed.

When performing a full-system scan, you may have at least one false positive result, meaning that ClamTK has identified a file as containing a virus when it actually doesn’t. This is because of a limitation in ClamAV, which is the engine running behind ClamTK. ClamAV is primarily designed to be used on servers to scan emails. However, it is also likely because of the large number of files on an average Ubuntu system.

To check a result to see whether it’s a false positive, is to use Google to search for the name of the virus that ClamTK has reported as infecting the file and add clamav and the filename to the search phrase. There are likely others who have encountered the same possible false positive.

Most of the time you probably only need to scan your /home directory, since that is where files are mostly added, deleted, downloaded, etc. To select your /home directory, select Recursive Scan from the Scan menu and select your /home directory from the Places list. This is usually the directory with your username.

Selecting the /home directory

Once you have selected the directory to be scanned, click OK. The scan begins, the progress of which is displayed at the bottom of the ClamTK Virus Scanner dialog box.

Scanning in progress

ClamTK notifies you when the scanning is complete.

Scanning complete

Quarantining Files

ClamTK includes a “quarantine” function that can copy an infected file to a special directory. Use the Quarantine menu to find status and maintain the quarantine directory.

You can then use Nautilus to navigate to the quarantined files and delete them or examine them in more detail.

Adding a Scan-on-Demand Function

ClamTK has the ability to scan files on demand from within Nautilus. However, it must be manually configured to do this.

To add an option to the right-click menu within Nautilus that provides the ability for ClamTK to scan that file or folder, open select Accessories | gedit Text Editor from the Applications menu.

Opening gedit

Save the new file as virus_scan to your /home directory. Enter the lines listed on the image below into the file and save it again. Close gedit.

Creating a bash script

Now you must make the new file executable and copy it to the nautilus-scripts directory so it gets integrated into Nautilus’s right-click menu.

To do this, open a Terminal window and type the following command to add the executable permission to the file (by default you are in the /home directory when a Terminal window opens):

$ chmod +x virus_scan

Then, type the following command to move the file to the nautilus-scripts directory:

$ mv virus_scan .gnome2/nautilus-scripts

Now you can scan any file or folder by right-clicking on it and selecting Scripts and virus_scan from the pop-up menu.

Scanning a file on demand in Nautilus

ClamTK will help keep your Ubuntu system virus-free.

by Lori Kaufman

Comments [5]

  1. A.Y. Siu says:

    However, it is better to be safe and install virus protection in your Linux system.

    It is better to be safe and not enable remote logins. It is better to be safe by using NoScript in Firefox. It is better to be safe by installing software from only trusted repositories. It is better to be safe by configuring and using AppArmor.

    So-called "virus protection," however, really does nothing to make you safe. It's just a placebo.

  2. the_guv says:

    Nice, lkaufman, thanks. Especially the bit about the nautilus script. Top-notch. :P

  3. Mike says:

    I'm learning all this stuff right now w/Linux & Ubuntu and got my mind boggled cramming in all this stuff into my head. I guess I don't fully get some things just yet. I find it ironic, though, how people say you don't need an AV program, but, then, say in the same sentence that Linux is not 100% virus proof. I already know anyway but why in the world would we not need one when there are over 200 of them floating around out there? Is it just a matter of deleting them? I don't get the contradiction.

  4. JesseZylstra says:

    Hello,

    What you described is not something that will protect your Linux system. The idea of virus /protection/ is to have an active scanner that scans items before they enter memory (On-Access scanner). This is an on-demand scanner (scans only when you tell it to) and will only help /after/ an invasion. Thus, it is very wrong to call it protection.

    I am not trying to sound like a jerk here, but you should make the clear distinction between an on-demand and on-access scanner.

    Not only this, but ClamAV is focused on /Windows/ viruses — not Linux viruses (far and few). So, furthermore from my above comments, it is unlikely to help you and more likely to help the unintentional spreading of viruses to Windows computers.

    There are so few viruses in the Linux operating system and there is so little of a defensive market for Linux that if there were a mass-spread virus:

    No one would update the definitions before the virus caused irreversible harm

    No one would run the on-demand scanner before the infection takes place.

    What you can do to protect yourself from the upcoming Linux apocalypse is to back up your data.

  5. shing says:

    hi! i did everything and it worked fine except for the last bit — i click on the pop-up ‘virus_scan’ but it just only opens the program but doesn’t actually scan it :(

Leave a Reply