Yes, it is true that the vast majority of Linux users don’t run ClamAV or any kind of virus protection. The list of known viruses for Linux is quite small so they feel no need. The reality is, they exist. With more and more companies using Linux for systems that matter, we all need to help them out by running ClamAV. No company wants to be the next T-Mobile with two massive data breaches inside of two years. Even worse would be finding out you are one of their customers who now has three mortgages you didn’t know about on homes you’ve never seen.
Yes, I’ve written about clamav before on this blog. Nothing that connects to the Internet can ever truly be “secure.” I can’t tell you how many times I’ve had some Agile hacker look me in the eye and tell me with a straight face their system was secure because it used SSL. We now have SSL2 because SSL was not secure, gasp! In time we will find SSL2 is also not secure, gasp!
Installing ClamAV on Manjaro
Manjaro is taking over the Linux desktop world. They have made incredible strides in making an Arch based distro user friendly. Yes, there are still some expert-friendly aspects, but they have been whittled down and there are ample instructions on-line for those few remaining dark corners.
sudo pacman -S clamav clamtk
Theoretically you can install ClamAV via the GUI, but you need to use the command line for part of this so just do it all here.
You can’t blame Manjaro for this next part, it is all on the ClamAV project. For some reason, despite requiring this, they don’t put the running of freshclam as a post install step in the installation procedure.
That last part is because I and everyone who installs this skips a critical step that the installation package should handle. We will get to that step. Open ClamTk and do a quickie scan of your home directory without changing any settings.
Fixing the Install
Maybe it is because I do Debian and RPM packaging for clients? Maybe it is because I hate sloppy Agile thinking? Installers that only do half a job really honk me off!
sudo systemctl status clamav-daemon.service
You who created this package know you need the daemon to access system files yet you don’t enable and start it. You know that freshclam has to be run before anyone can use your package yet you don’t run it.
sudo systemctl enable clamav-daemon.service sudo systemctl start clamav-daemon.service
Update Your Settings
Run ClamTk from the gui menu and click on the Settings icon.
By default only the last entry “Check for updates” is checked. You definitely want to scan recursively. Personally I always turn these four on. I mean, if you know the primary virus scanner for the platform doesn’t check files starting with a “.” isn’t that a good place to hide your virus? All you need to do is make certain your virus is in a file larger than 20 MB and it won’t be found either. Such a deal!
Be very careful with the other two. I never did find out if this virus flag was real or not.
Schedule Your Scan
Click on the “Schedule” icon and schedule a scan of your home directory.
The UI hasn’t caught up to the functionality. When I wrote about this years ago the signature update really had its own schedule. Now, according to what I find, the update is the first part of the scheduled scan job. One has to remember there are customers with satellite Internet connections where you have “bonus time” for data with your extremely limited data plans. It’s usually in the wee hours of the morning.
For people in that unfortunate situation, there is a work around.
On the main screen there is an Updates section with Update Assistant icon. Click it.
You can tell the program you want to do the download yourself. The scan will still run every day, but you will only get new virus signatures when you physically download them. Not as horrible as it first sounds. If you are unfortunate enough to have only a 5GB-10GB per month satellite (or 4G) plan, you can’t be doing that much online anyway. True, it only takes one click on a link in an email or opening one attachment, but you probably think just how much data every action costs you. I know I did when I had one of those services. I turned off all forms of automatic updates on my computers. Manually did it the last day of my plan if and only if I had enough data left.
Your Final Action
You children are too impatient. Perhaps you don’t have other computers to use while this runs? Perhaps you can’t leave yourself a yellow sticky so you do it before you stop using the computer at night?
Click the “Scan a directory” icon.
Go to the root of your computer.
Start the scan.
The “scheduled” scan only scans your home directory and any devices you mounted under it. You are not doing a complete system scan with that. You should run a full system scan at least once per year, if not every 6 months.