How To Find Viruses Via The Command-line On Linux [Guide]

Most may not know it, but Linux can get viruses too. Thankfully, there’s a tremendous command-line tool that mny Linux users use, and it’s called ClamAV. With it, users will be able to detect types of viruses via the command-line and look for exploits (for both Windows and Linux).

Install ClamAV

ClamAV is easy to install on Linux thanks to the fact that it’s included in many mainstream distribution software sources. To install this application, open up a terminal and follow along with the instructions below to get it working.

Note: ClamAV has a graphical version of the application if you dislike the Linux command-line. It takes all of the best aspects of the terminal and puts it in an easy to use UI. Check the official website to learn more.


sudo apt install clamav


sudo apt-get install clamav

Arch Linux

sudo pacman -S clamav


sudo dnf install clamav


sudo zypper install clamav

Generic Linux

Building the ClamAV virus scanner from source on the Linux platform requires a few dependencies. Install all of these programs on your computer before continuing.

  • gcc or clang C compiler
  • OpenSSL
  • zlib library
  • wget

With the dependencies taken care of on your Linux computer, it’s time to start the building process. Grab the latest code release of ClamAV with the wget download tool.

Note: as you are building the program from source, automatic updates are not possible. To ensure that your virus scanner is always up to date, re-download ClamAV’s code here and compile the code regularly.

‘); if (navigator.appVersion.indexOf(“Mac”)!=-1) document.write(”);


Don’t have wget? Try cURL instead:

curl > clamav-0.100.2.tar.gz

Now that the code is done downloading through wget extract the TarGZ archive of ClamAV.

tar zxvf clamav-0.100.2.tar.gz

Using the CD command, move your terminal session from the home folder to the newly extracted clamav-0.100.2 folder.

cd clamav-0.100.2

Run the configure script. Configure will allow you to determine all of the dependencies for the build requirements are satisfied.

./configure --with-user

If the Configure script doesn’t show you any warnings, everything is good to go. Start the code compilation process by executing the make command.


Let the code compiler tool build ClamAV. It may take a long time, so be patient. When the building process is complete, install the software on your Linux PC with the make install command.

sudo make install

Find Viruses Via Command-line

Virus scanners find trojans and other issues by checking a “definitions” file. This definitions file is a list that tells the scanner about questionable items. ClamAV has a definition file as well, and users can update it with the freshclam command. In the terminal, run:

sudo freshclam

Be sure to regularly run the freshclam command weekly (or even daily if you are paranoid about viruses showing up on your Linux PC or server).

Once you’ve got the latest virus definitions for ClamAV on Linux, you’ll be able to scan for vulnerabilities. To examine an individual folder for viruses, run the command below:

sudo clamscan /location/of/folder/

It is also possible to use the clamscan to scan for viruses in a directory, along with every sub-directory inside, by using the r switch.

sudo clamscan -r /location/of/folder/

Scan Home Folder

The home directory on Linux is the primary location that users interact with on the computer. Therefore, if you do have a virus, it’ll be in this folder, or it’s many sub-folders. To scan the home folder, point the clamscan command at /home/username/. Alternatively, use ~/, if you don’t want to type out a username.

Note: use the -v switch to print out the scanning process that ClamAV otherwise hides.

sudo clamscan -rv ~/


sudo clamscan -rv /home/username

Want to scan more than one user’s home folder? Try pointing clamscan at /home/, instead of /home/username/.

sudo clamscan -rv /home/

System-wide Scan

You may have dangerous and questionable files on your Linux PC outside of your home folder. If you want to scan for items like this, you’ll need to do a system-wide scan. Use clamscan, and point it directly at your root directory.

sudo clamscan -rv /

Scan Single File

ClamAV is often used to scan Linux file systems for vulnerable files. Another use for ClamAV is to scan individual files for issues. To scan an individual file, run clamscan and point it directly to the location of the file.

Note: be sure to customize the commands below to meet your own needs.

sudo clamscan -v /location/of/file/file.file

Alternatively, use the CD command to move to the file’s exact location, then, run the scan.

cd /location/of/file/file.file sudo clamscan -v file.file
About Alex Miller 12813 Articles
Alex Miller is a bestselling Tech author currently working here. His work has received a lot of appreciation from users and is being made to work hard to meet the user's expectations.

Be the first to comment

Leave a Reply

Your email address will not be published.