Install and Use ClamAV Antivirus - Zorin OS 17 Core

[WillingToLearn777]

Greetings!
Hope you have a Great New Year 2024!

Please advise how I can Install, Update and Use ClamAV Antivirus in Zorin OS.

Would greatly appreciate a link to the best solution.

Regards

 

[Condobloke]

I am sure someone will have that info on hand.

However....for what it is worth, I have used linux since (approx) 2014.

In that time, I too installed clamav

Approx a week after installing it, I purged it from my system.

Reasoning for that action? It discovered an absolute truckfull of false negatives. It slowed the pc down alarmingly.

After talking to and listening to the rest of the far more experienced folk here and on other Linux sites, I declared it to be a waste of time and resources......and unnecessary.

It is possible that as the number of people using Linux grows and perhaps becomes slightly more attractive to malware nasties, eventually an AV my become necessary.....but.....for the time being I still feel quite safe, and well taken care of by Linux's built in ability to repel malware and the like.

I would usually err on the side of caution....that is my nature.

That time has not arrived, yet.

You can be quite certain and sure that if that time does start to approach, the good people on Linux.org will give you ample warning to "harden the defences"

In the meantime, take a long slow look at your browser ....if anything is going to cause you any sort of grief, it will come to you via your browser.
If you practise safe browsing habits you are over 80% of the way there....probably over 90% in fact

Avoiding scam sites and dodgy links is something that an AV will not protect you from.

Only you can do that

 

[osprey]

One usually only needs anti-virus on linux installations if the machine is downloading and passing on files and/or documents from MS machines so the anti-virus programs can check those. The linux installation itself is usually immune to those viruses and malware. You can check whether the linux installation is protected or has mitigations from some known vulnerabilities with the output of the command: lscpu.

 

[Condobloke]

Mine looks like this...

brian@brian-desktop:~$ lscpu
Architecture:            x86_64
  CPU op-mode(s):        32-bit, 64-bit
  Address sizes:         39 bits physical, 48 bits virtual
  Byte Order:            Little Endian
CPU(s):                  8
  On-line CPU(s) list:   0-7
Vendor ID:               GenuineIntel
  Model name:            Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
    CPU family:          6
    Model:               158
    Thread(s) per core:  2
    Core(s) per socket:  4
    Socket(s):           1
    Stepping:            9
    CPU max MHz:         4200.0000
    CPU min MHz:         800.0000
    BogoMIPS:            7200.00
    Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mc
                         a cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss
                         ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art
                          arch_perfmon pebs bts rep_good nopl xtopology nonstop_
                         tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cp
                         l vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid ss
                         e4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes
                         xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_f
                         ault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_sh
                         adow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adj
                         ust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx sma
                         p clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dt
                         herm ida arat pln pts hwp hwp_notify hwp_act_window hwp
                         _epp md_clear flush_l1d arch_capabilities
Virtualization features:
  Virtualisation:        VT-x
Caches (sum of all):     
  L1d:                   128 KiB (4 instances)
  L1i:                   128 KiB (4 instances)
  L2:                    1 MiB (4 instances)
  L3:                    8 MiB (1 instance)
NUMA:                   
  NUMA node(s):          1
  NUMA node0 CPU(s):     0-7
Vulnerabilities:         
  Gather data sampling:  Mitigation; Microcode
  Itlb multihit:         KVM: Mitigation: VMX disabled
  L1tf:                  Mitigation; PTE Inversion; VMX conditional cache flushe
                         s, SMT vulnerable
  Mds:                   Mitigation; Clear CPU buffers; SMT vulnerable
  Meltdown:              Mitigation; PTI
  Mmio stale data:       Mitigation; Clear CPU buffers; SMT vulnerable
  Retbleed:              Mitigation; IBRS
  Spec rstack overflow:  Not affected
  Spec store bypass:     Mitigation; Speculative Store Bypass disabled via prctl
                          and seccomp
  Spectre v1:            Mitigation; usercopy/swapgs barriers and __user pointer
                          sanitization
  Spectre v2:            Mitigation; IBRS, IBPB conditional, STIBP conditional,
                         RSB filling, PBRSB-eIBRS Not affected
  Srbds:                 Mitigation; Microcode
  Tsx async abort:       Mitigation; TSX disabled
brian@brian-desktop:~$

 

[wildman]

I tried Clam but found even though it said a update was available there was no easy way to obtain it. I also find that with Linux it was not really necessary to have it.
Always,
Wildman

 

[osprey]

The relevant section of the output of the lscpu command on this machine looks like this below.

Code tags make it much clearer to read than without.

Vulnerabilities:        
  Gather data sampling:  Not affected
  Itlb multihit:         Not affected
  L1tf:                  Not affected
  Mds:                   Not affected
  Meltdown:              Not affected
  Mmio stale data:       Not affected
  Retbleed:              Not affected
  Spec rstack overflow:  Not affected
  Spec store bypass:     Mitigation; Speculative Store Bypass disabled via prctl
  Spectre v1:            Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Spectre v2:            Mitigation; Enhanced / Automatic IBRS, IBPB conditional, RSB filling
                         , PBRSB-eIBRS SW sequence
  Srbds:                 Not affected
  Tsx async abort:       Not affected

 

[Condobloke]

Done ^^^^

 

[osprey]

Done ^^^^

Luvya Condo

 

[Condobloke]

Onya, osprey

 

[bob466]

I wish I had a dollar for every time I say...you don't need anti-virus software in Linux. !!!

 

[wizardfromoz]

@osprey and @Condobloke ... get a room, guys.

@WillingToLearn777 , you can run this from your Terminal

apt policy clamav clamtk

and establish if they are available from Zorin.

clamtk is the GUI-based (graphical, point and click) frontend to clamav.

Then it is just a matter of

sudo apt install <name_of_av_product>

I don't use AV and I have been using Linux since 2010.

Wizard

 

[Brickwizard]

and mine looks like this
Vulnerabilities:
Gather data sampling: Not affected
Itlb multihit: KVM: Mitigation: VMX unsupported
L1tf: Mitigation; PTE Inversion
Mds: Mitigation; Clear CPU buffers; SMT disabled
Meltdown: Mitigation; PTI
Mmio stale data: Unknown: No mitigations
Retbleed: Not affected
Spec rstack overflow: Not affected
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer
sanitization
Spectre v2: Mitigation; Retpolines, IBPB conditional, IBRS_FW, STIBP
disabled, RSB filling, PBRSB-eIBRS Not affected
Srbds: Mitigation; Microcode
Tsx async abort: Not affected

you will note they are all slightly different, this is due to different hardware and distributions in use.

I am another long time user who doesn't have an AV at the current time

 

[MikeWalsh]

Whilst I agree that, in general, Linux doesn't require AV, some of our guys in the FatDog64 section of the Puppy Forums have put together, and keep maintained/updated a 'portable', self-contained build of ClamAV.......more for those that feel the "need" to run the occasional, one-off, standalone scan than anything else.

Just for their own peace of mind, I guess..!

(shrug...)


Mike.

 

[WillingToLearn777]

@osprey and @Condobloke ... get a room, guys.

@WillingToLearn777 , you can run this from your Terminal

apt policy clamav clamtk

and establish if they are available from Zorin.

clamtk is the GUI-based (graphical, point and click) frontend to clamav.

Then it is just a matter of

sudo apt install <name_of_av_product>

I don't use AV and I have been using Linux since 2010.

Wizard

Thank you for your response. I ran the Policy commands in the Terminal this what appeared:
clamav:
Installed: 1.2.1-1
Candidate: 1.2.1-1
Version table:
*** 1.2.1-1 100
100 /var/lib/dpkg/status
0.103.11+dfsg-0ubuntu0.22.04.1 500
500 http://za.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
0.103.5+dfsg-1 500
500 http://za.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
clamtk:
Installed: 6.07-1
Candidate: 6.07-1
Version table:
*** 6.07-1 500
500 http://za.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
500 http://za.archive.ubuntu.com/ubuntu jammy/universe i386 Packages
500 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
500 http://archive.ubuntu.com/ubuntu jammy/universe i386 Packages
100 /var/lib/dpkg/status

When I click on the ClamTK Update tab I get this message:
"Your antivirus signatures are outdated"
There are two settings 1) auto-update mode 2) manual update mode
My selected setting is auto-update mode.
What command do I use to update the signatures manually?

 

[GatorsFan]

The only time I use an Anti-virus on Linux is if there is an Windowz machine in the same network where you can transfer files from one to another - most viruses do not run on Linux since most are designed for Windowz, but that won't stop the transfer from a virus on Linux and transfer it to Windowz

to update Clam Antivrus -

sudo freshclam

 

[BigBadBeef]

sudo freshclam

LOL!!!

Sorry to interject, but somebody should really make a compilation of such hilarious gems of terminal commands!

 

[WillingToLearn777]

The only time I use an Anti-virus on Linux is if there is an Windowz machine in the same network where you can transfer files from one to another - most viruses do not run on Linux since most are designed for Windowz, but that won't stop the transfer from a virus on Linux and transfer it to Windowz

to update Clam Antivrus -

Thank you for your response. In the terminal I inserted "sudo freshclam".
Did not recognize the command. Please advise.

 

[GatorsFan]

Thank you for your response. In the terminal I inserted "sudo freshclam".
Did not recognize the command. Please advise.

In some cases, ClamAV does not create symbolic links as standard during its initial installation.
If we need to use the command-line interface to run ClamAV, the below binaries should reside in the /usr/local/cpanel/3rdparty/bin/ directory.

/usr/local/cpanel/3rdparty/bin/clamscan
/usr/local/cpanel/3rdparty/bin/clamdscan
/usr/local/cpanel/3rdparty/bin/freshclam

And, these binaries should have a symlink with the /usr/local/bin directory. So, the absence of this symlink can cause the error.
Therefore, to resolve it, need to set the symlinks as follows.

ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscan
ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/local/bin/freshcl
reboot and try updating again

Currently it is Version 1.2.1 - https://www.clamav.net/downloads

 

[Condobloke]

oh the joys of using/trying to set up clam av

Best of luck

 

[The Duck]

This may explain about security in Linux.

Security in Linux Mint and Ubuntu: an Explanation and Some Tips

Easy tips, tweaks and tricks for Linux Mint and Ubuntu, both for beginners and for advanced users. Complete starter's guide with simple how-to's.

easylinuxtipsproject.blogspot.com