# How to use clamscan to scan ArchLinux

March 1, 2024 - Reading time: 3 minutes

clamAV is a free and open-source antivirus program, currently maintained and developed by "Cisco-Talos" company. It is widely used in servers, and can be a great tool for scanning your system for malware.

the command that "clamav" program uses to run scans is "clamscan", as will now be shown below.

Step 1

install the program:

sudo pacman -S clamav

Step 2

update clamav's virus signature database:

sudo freshclam

Step 3

scan you desired area in the system and save results into a log file:

clamscan -i -r --bell --log=<scan_output_filename>.txt <target_scan_area>

change the <scan_output_filename> and <target_scan_area> according to your scan.

explanation of command options:

-i : makes command output only infected files during scan (otherwise it would output "OK" line for every file scanned and spam the terminal screen).

-r : recursive, ie, makes the command go through files inside directories instead of skipping them.

--bell : the command will produce a sound if it detects an infected file (or a false positive)

--log=<scan_output_filename>.txt : produces a file in current location, that will contain the results of the scan. you can later go through this file and study the results.

Step 4

if the program has detected infected files, go to each one and verify they are not false-positives. if indeed files are malicious, you can run the command again, but tell it to delete the infected files from the system using the --remove option:

clamscan -i -r --bell --log=<scan_output_filename>.txt --remove <target_scan_area>

the --remove option tells clamscan to delete whatever infected files it has found.

ABOUT

Welcome, I am GalacticKreplach. This is my documentation blog for guides, fixes, bugs and updates. Enjoy the content, comment and share your insights.

Hit Counter

25