Generally, Linux systems are not as susceptible to viruses as Windows systems are. However, it is better to be safe and install virus protection in your Linux system. The software is free and easy to install and setup.
This post discuses ClamTK, which is a graphical front end for the ClamAV command-line virus scanner available online from http://www.clamav.net.
To install ClamTK and ClamAV, select Administration | Synaptic Package Manager from the System menu.
Enter your password when asked. The Synaptic Package Manager dialog box displays. In the Quick search edit box enter clamtk. The search automatically starts as you enter the text and the clamtk package is added to the list. Right-click on the check box next to the package name and select Mark for Installation from the pop-up menu.
A dialog box displays listing additional changes that need to be made to support the installation of ClamTK. Click the Mark button.
Click the Apply button on the Synaptic Package Manager dialog box.
A Summary dialog box displays showing you the changes to be made. Click the Apply button.
Another dialog box displays showing you the progress of the download of the package files.
Once the downloading is finished, a dialog displays telling you that the changes have been applied. Click Close.
Select Quit from the File menu to close the Synaptic Package Manager.
Before using ClamTK to scan for viruses, you must run it as root so the virus database can be updated.
Open a Terminal window and type the following at the prompt:
$ gksu clamtk
Enter your password when asked. A dialog box displays asking how you will update your antivirus signatures. If this is a personal computer that only you use and you need to be able to update the signatures from your account, click the Single User button. For this example, that is the option we selected.
The Save button activates when you either click Single User or System Wide. Click the Save button to save your selected option. A message telling you your preferences were saved displays at the bottom of the dialog box. Click Quit.
Once the program opens, select Update Signatures from the Help menu.
The Updates dialog box displays. Click the Check for updates button.
Once the update is finished, close ClamTK.
NOTE: Future updates of the virus signatures will happen automatically and periodically in the background as a scheduled task.
After installing the version of ClamTK that comes with Ubuntu 9.10, the Virus Scanner option is available under System Tools on the Applications menu. This will change once you update the software.
Updating the ClamTK Graphical User Interface (GUI)
The version of ClamTK, at least as of the writing of the post, was not technically the latest version. Download the latest version as a .deb file from http://clamtk.sourceforge.net/.
To install the updated version, make sure ClamTK is not running. Then, open a Terminal window, become root by typing sudo –i, and type the following command:
$ dpkg –i clamtk_4.25-1_all.deb
NOTE: The filename listed above was for the version as the writing of this post (4.25). It may be different when you download the latest version.
Now that you have updated the virus signatures and updated the program, you are almost ready to scan your system. You should make sure the preferences are set the way you want them. Open ClamTK by selecting Accessories | Virus Scanner from the Applications menu.
Select Preferences from the Advanced menu.
The Preferences dialog box displays. Click through the tabs and select the settings you want. It is recommended that you select the Scan files beginning with a dot (.*) option so that hidden files in your system are scanned. Click Close.
Scanning for Viruses
To start scanning for viruses, select Recursive Scan from the Scan menu.
The Select a Directory dialog box displays. If you want to scan your entire system, click on File System under Places.
NOTE: A full-system scan is very intensive and may take a long time. It might even seem like ClamTK has locked up or crashed.
When performing a full-system scan, you may have at least one false positive result, meaning that ClamTK has identified a file as containing a virus when it actually doesn’t. This is because of a limitation in ClamAV, which is the engine running behind ClamTK. ClamAV is primarily designed to be used on servers to scan emails. However, it is also likely because of the large number of files on an average Ubuntu system.
To check a result to see whether it’s a false positive, is to use Google to search for the name of the virus that ClamTK has reported as infecting the file and add clamav and the filename to the search phrase. There are likely others who have encountered the same possible false positive.
Most of the time you probably only need to scan your /home directory, since that is where files are mostly added, deleted, downloaded, etc. To select your /home directory, select Recursive Scan from the Scan menu and select your /home directory from the Places list. This is usually the directory with your username.
Once you have selected the directory to be scanned, click OK. The scan begins, the progress of which is displayed at the bottom of the ClamTK Virus Scanner dialog box.
ClamTK notifies you when the scanning is complete.
ClamTK includes a “quarantine” function that can copy an infected file to a special directory. Use the Quarantine menu to find status and maintain the quarantine directory.
You can then use Nautilus to navigate to the quarantined files and delete them or examine them in more detail.
Adding a Scan-on-Demand Function
ClamTK has the ability to scan files on demand from within Nautilus. However, it must be manually configured to do this.
To add an option to the right-click menu within Nautilus that provides the ability for ClamTK to scan that file or folder, open select Accessories | gedit Text Editor from the Applications menu.
Save the new file as virus_scan to your /home directory. Enter the lines listed on the image below into the file and save it again. Close gedit.
Now you must make the new file executable and copy it to the nautilus-scripts directory so it gets integrated into Nautilus’s right-click menu.
To do this, open a Terminal window and type the following command to add the executable permission to the file (by default you are in the /home directory when a Terminal window opens):
$ chmod +x virus_scan
Then, type the following command to move the file to the nautilus-scripts directory:
$ mv virus_scan .gnome2/nautilus-scripts
Now you can scan any file or folder by right-clicking on it and selecting Scripts and virus_scan from the pop-up menu.
ClamTK will help keep your Ubuntu system virus-free.
by Lori Kaufman