Open In App
Related Articles

ClamAV and ClamTk Antivirus Scanner Tool for Kali Linux

Improve Article
Save Article
Like Article

Malware, viruses, and Trojans are uncommon in Linux, although they are not unheard of. So, if you just require an antivirus once in a while, ClamAV is a great option.

ClamAV is a free antivirus program that may be used for email scanning, online scanning, and endpoint security. It includes a multi-threaded daemon that is versatile and scalable, a command-line scanner, and a sophisticated tool for automated database updates, among other features.

Yes, ClamAV is simply a command-line program, however, there is a graphical interface called ClamAV that can be used to control ClamAV. ClamAV is also cross-platform, supporting a variety of desktop operating systems, including Windows and macOS. It has the ability to scan a variety of files for vulnerabilities. RAR, Zip, Gzip, Tar, Cabinet, OLE2, CHM, SIS format, BinHex, and practically any email system are all supported.


ClamAV isn’t a virus scanner that scans your computer in real-time. That is, when you open a file, it will not scan it. It does, however, have a number of other important qualities, like:- 

  • Command-line scanner
  • Milter interface for sendmail
  • The virus database is updated many times a day.
  • All typical mail file types are supported natively.
  • Scripted updates and digital signatures are supported in this advanced database updater.
  • Popular document types, such as MS Office and Mac Office files, HTML, Flash, RTF, and PDF, are all supported natively.
  • Zip, RAR, DMG, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS, and more archive formats are all supported natively.
  • ELF executables and Portable Executable files packed using UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack, and obfuscated using SUE, Y0da Cryptor and others have built-in support.

Installation of ClamAV and ClamTk

ClamAV can be available in the Ubuntu apt repository and is fairly easy to install. ClamAV may be installed using the following command: sudo apt-get install clamav If you’re looking for clamd, you should also try:

sudo apt-get update

sudo apt-get install clamav-daemon

ClamAV is now installed on your computer. To see if it’s been installed, use the command below.

 clamscan –version

ClamAV has been successfully installed if the above command returns the version. ClamTk is a ClamAV frontend. You may use Terminal to install it:

sudo apt-get install clamtk

Usage of ClamAV and ClamTk

ClamAV Signature Database Updating: You’ve already installed ClamAV on your computer; now it’s time to update the ClamAV signature database. Follow the instructions below to install the ClamAV signature database.

The first step is to terminate the ClamAV-freshclam service using the following command in a terminal window.

sudo systemctl stop clamav-freshclam

The signature database must now be manually updated in the Second Step. There are two options for accomplishing this. The first method entails using the terminal to enter the following command.

sudo freshclam

The signature database will be installed on your PC using this command. Run the following command to create a directory called “clamav” at a specified location if it does not already exist.

sudo mkdir /var/lib/clamav

The final step is to run the following command to start the clamav-freshclam service.

sudo systemctl start clamav-freshclam

clamscan –infected –remove –recursive /home/kali/Desktop

We used certain parameters in the command above. The meanings of these choices are as follows:

  • –infected: only prints files that are infected
  • –remove: this command deletes infected files.
  • –recursive: the directory’s subdirectories will be examined as well.

With this command, you have more alternatives. To view, all the choices, use the following command in the terminal window.

clamscan –help

ClamAV is mostly a command-line program. However,ClamTK, a third-party program, provides a very basic GUI that allows beginners who are not comfortable with the command-line interface to use it. When you first run ClamTk, you’ll see a simple interface with four primary components.

The first element is the setup area, which allows users to set up and adjust ClamAV and its behavior. For example, You can scan a folder but not its subfolders. You may whitelist files or folders to exclude them from scans, as well as scan huge files, hidden files, and password checkers.

  1. The history area, which provides users with information about prior scans, is the second portion. In addition, there is a quarantine section where you may check for malicious files that have been confined as a result of scans.
  2. Updates are the third segment. This is where ClamAV may import new viral definitions. The first thing you must do after installing ClamAV updates the virus definitions by selecting Updates.
  3. The analysis part is the final portion. This is where your ClamAV scans begin.

Select the required directory by selecting “Scan a directory” from the analysis group. ClamTK will scan the directory and present the results in the image below.

ClamAV VS ClamTK in terms of performance

There are no differences in performance between ClamAV and ClamTK when you used them both. So you may use any of them, but ClamTK is the best option since it has a graphical user interface that makes it easier to use, particularly for novices.

How effective is using ClamAV?

  • ClamAV isn’t the finest antivirus software on the market, but if you’re on a Linux-only desktop, it’ll suffice for the most part. You may also experience false positives, which are often higher than those seen by other top antivirus software. Using ClamAV for a Windows PC or partition is not a good suggestion because of the large number of viruses and malware.
  • ClamAV also received poor marks in a test of Linux antivirus conducted by AV-Test, an independent IT-security institution (detected just 15.3 percent of Windows malware and rated 16 out of 16). In terms of Linux malware, things were better, although not very amazing. ClamAV was able to identify 66.1 percent of the attackers that targeted it. ClamAV came in 13th place for Linux malware and viruses, beating out McAfee, Comodo, and F-port.
  • ClamAV is an antivirus tool that can identify and eliminate trojans, malicious software, and viruses from your computer. We described how to install ClamAV on Kali in this article. Following that, we spoke about how to update the ClamAV signature database and how to scan a directory with ClamAV using the command line interface. After that, we spoke about how to set up ClamTK, which provides a graphical user interface and makes the program easier to use. After that, we compared how well various packages performed.
  • ClamAV is an open-source antivirus written in C++ that can identify viruses, trojans, and a variety of other sorts of malware. Because it is a completely free program, many individuals use it to check their sensitive information, including emails, for dangerous items. It also functions well as a server-side scanner.

Whether you're preparing for your first job interview or aiming to upskill in this ever-evolving tech landscape, GeeksforGeeks Courses are your key to success. We provide top-quality content at affordable prices, all geared towards accelerating your growth in a time-bound manner. Join the millions we've already empowered, and we're here to do the same for you. Don't miss out - check it out now!

Last Updated : 20 Aug, 2021
Like Article
Save Article
Similar Reads