Installing and Using ClamAV Antivirus

ClamAV is a free, open-source antivirus engine for Linux. While Linux malware is less common than on Windows, scanning is good practice — especially for servers that handle user-uploaded files.

Install ClamAV

apt update
apt install clamav clamav-daemon -y

Update Virus Definitions

# Stop the daemon first:
systemctl stop clamav-freshclam
# Update manually:
freshclam
# Restart:
systemctl start clamav-freshclam

Run a Manual Scan

# Scan a directory:
clamscan -r /var/www/html

# Scan and only show infected files:
clamscan -r --infected /home

# Scan and move infected files to quarantine:
clamscan -r --infected --move=/quarantine /uploads

Schedule Regular Scans

crontab -e
# Scan uploads directory every day at 2 AM:
0 2 * * * clamscan -r --infected /var/www/uploads >> /var/log/clamav_scan.log 2>&1

Enable the ClamAV Daemon for On-Access Scanning

systemctl enable clamav-daemon
systemctl start clamav-daemon

The daemon (clamd) loads virus definitions into memory for faster scanning and can be used by web applications to scan file uploads in real time.

Interpreting Results

• OK — file is clean
• FOUND — infection detected — quarantine or delete the file immediately
• ERROR — file could not be read (usually a permissions issue)