Adding Virus Scanning to Ubuntu
Nobody knows the true number of viruses affecting Linux, but it is probably less than 1,000, and that’s the total since Linux was created back in the early 1990s! At the time of this writing, there are relatively few Linux viruses in the wild, which is to say, actively infecting computers. However, there can be no room for complacency. It’s probable that virus writers will turn their attention to Linux in the coming years as it becomes a popular desktop solution. It’s also important to be vigilant because your Ubuntu system may be interacting with Windows computers and may act as a carrier of Windows viruses.
This article describes how to use ClamTk, which is a graphical front end for the Clam AntiVirus (ClamAV) program (http://clamtk.sf.net). ClamAV is an open source, industrial-strength antivirus scanner designed to work on all kinds of computers and operating systems. It detects Windows and even Macintosh viruses, as well as Linux and UNIX viruses. This has obvious benefits if you share files with Windows users—you can inform your friends and colleagues if any files they give you are infected (and bask in the warm feeling that arises when you realize the viruses can’t affect your system!). ClamAV’s only drawback is that it is limited to virus scanning. It isn’t able to disinfect files, like the more sophisticated virus scanners available for Windows.
Installing ClamTk
You can install ClamAV and ClamTk through the Ubuntu Software Center, as follows:
1. From the Panel, select Applications and start Ubuntu Software Center.
2. In the Search text box enter clamtk as a search term.
3. In the list of results, locate the program Virus Scanner and click the Install button. Enter your password when prompted.
4. The whole antivirus system involves a 26MB download.
5. Close the Ubuntu Software Center.
Updating the ClamAV Database
Before you scan for viruses, you should update the virus database. You should do this every time you scan, using the ClamTk program.
In order to update the database, ClamTk needs to access system files, so it needs to be run with root powers. To do this, open a terminal window (click Accessories Terminal), type gksu clamtk and press Enter. Enter your password when prompted. (gksu is like sudo, in that it gives the program you specify administrator powers, except it’s used for GUI applications.) Click Help Check for updates. A new window will open, in which you should click “Check for updates” again. It will check for updates to both the virus definition database and the GUI. You might see a warning that your GUI version is out-of-date. This is because the Ubuntu packages are sometimes a version or two behind the main release. However, this isn’t a significant issue, and ClamAV can still scan for viruses, and virus definitions will stay up-to-date. When ClamAV is first installed, it automatically grabs the latest database file, so ClamTk will probably report it’s already up-to-date the first time an update is run.
If you want to update the GUI to the latest version anyway, you could go to ClamTk’s webpage at SourceForge.net (http://clamtk.sf.net) and download the .deb file. For more information on how to install programs directly from .deb packages. In brief, when the file finishes downloading, you will be asked if you want to open it with GDebi package manager. Yes, that’s what you want to do. It will let you know that there is an older, more supported version of the same application in Ubuntu’s own repositories. Click the Install button… at your own risk!
To run ClamTk as a normal user, you can start Virus Scanner from the Applications program (from the Panel, start Applications and in the Search bar, type Virus to show the Virus Scanner button). Scanning for Viruses
With Windows virus scanners, you might be used to performing whole system scans. This isn’t advisable with ClamAV, because it simply isn’t designed for that task. Instead, ClamAV is designed to scan user files, such as documents.
You can try performing a full system scan, but in our tests, several false positives were identified, meaning that ClamAV identified innocent files as containing viruses. Because of this, it’s best to use ClamAV to scan just your personal files for viruses, which is to say, those within your /home directory. Bear in mind that this is where all files you import to your computer will likely be installed, so this is where an infection is most likely to be found.
To scan your personal files, follow these instructions:
1. Start ClamTk by selecting Virus Scanner from the Accessories menu that you’ll find in the Ubuntu menu. On the initial launch, you can define whether antivirus signatures are updated for a single user or for all users. If you have a multiuser system, you should choose the latter.
2. Before starting the scan, it’s useful to ensure that hidden files are scanned. After all, a virus is likely to try to hide, rather than make its presence obvious! This can be done by clicking Advanced Preferences and checking the Scan files beginning with a dot (.*) box.
3. Although there’s a button on the toolbar that lets you scan your /home directory with a single click, it won’t scan recursively. That means it won’t scan any folders (or folders of folders) within your /home directory, so it isn’t of much use. To perform a recursive scan of your /home directory, click Scan Recursive Scan. Then click the OK button in the Select a Directory (Recursive) dialog box. This will select your /home directory. Of course, you can also select any other folders to scan at this stage.
4. The scan will start. Depending on the quantity of files in your /home directory and their sizes, it may take some time. You’ll see a live status report beneath the toolbar, showing which file is currently being scanned. When the status line reads “Scanning Complete,” the scan has finished. Running along the bottom of the window will be a complete status report, showing the number of files scanned and the number of viruses found.
