Antivirus on a Raspberry Pi using ClamAV

In this guide, we will be showing you how to setup antivirus on your Raspberry Pi by using the ClamAV software.

Raspberry Pi Antivirus
ClamAV is a popular free and open-source antivirus engine that is designed to detect a wide variety of threats on Unix based systems like Raspbian.

Using ClamAV on your Raspberry Pi, you will be able to scan your device for trojans, viruses, malware, and other malicious threats.

While Linux systems are typically regarded as not being as vulnerable to viruses, it is still good to keep an eye on your system.

Using an antivirus is especially useful if you are using your Raspberry Pi to host files that can be accessed from other devices.

For example, if you are using your Raspberry Pi as a NAS, or hosting an Owncloud or Nextcloud server.

Equipment List

Below is a list of the equipment that you will need to set up antivirus on your Raspberry Pi using the ClamAV software.

Recommended

Raspberry Pi 1, 2, 3 or 4

Micro SD Card

Power Supply

Ethernet Cord or WiFi dongle (The Pi 3 and 4 has WiFi inbuilt)

Optional

Raspberry Pi Case

Installing ClamAV on the Raspberry Pi

In this section, we will be showing you how to install the ClamAV Antivirus software to your Raspberry Pi.

1. Before we set up the antivirus software on our Raspberry Pi, we first need to update the package list.

You can update the package list by running the following command.

sudo apt update

2. Luckily for us to setup antivirus on our Raspberry Pi, all we need to do is install ClamAV.

ClamAV can be installed from the Raspbian repository by running the command below.

sudo apt install clamav

When ClamAV is installed to your Raspberry Pi, it will automatically set up a service that will update its virus database every hour.

It is possible to increase the number of checks that ClamAV performs for updates if you feel like every hour isn’t enough.

Running an Antivirus Scan on the Raspberry Pi

In this section, you will learn how to make use of the ClamAV software to scan the files on your Raspberry Pi.

Basic Usage of clamscan

Running an Antivirus scan on your Raspberry Pi is a relatively simple process with the ClamAV software.

To run a scan, we will need to make use of the clamscan command as we have shown below.

clamscan

The most basic usage of this command will only scan the top level of the current users home directory.

Recursively Scanning Files and Directories

We can also make the clamscan command scan our home directory recursively.

All we need to do is add the -r argument after the clamscan command.

clamscan -r

Scanning Multiple Directories

You can take this command further by specifying the directory that you want to scan.

You can even specify multiple directories and files.

For example, if we wanted to scan all home directories and our mount directory, we can use the following command.

clamscan -r /home /mount

Automatically Removing Infected Files

If you wanted to make clamscan automatically remove viruses it detects on your Raspberry Pi, you can make use of another option.

This option is --remove. Please note that you should be cautious with this option as the removed file will be unrecoverable.

clamscan -r --remove /home /mount

Automatically Moving Infected Files

Alternatively, if you would like the antivirus software to move detected files rather than removing them, you can make use of an additional option.

To move files, you can make use of the --move=/DIRECTORY/ option where /DIRECTORY/ is the directory you want the files moved to.

This option can move detected files into a locked-down directory where you can ensure the files you are deleting are not false positives.

clamscan -r --move=/quarantine/ /home /mount

Only Log Infected Files

To make things a bit cleaner, you can tell the antivirus engine only to report back infected files.

To do this, all we need to do is add the -i option. This option tells the scanner to only print out infected files.

Below we have an example of combining this option with the recursive option.

clamscan -ri /home/

Scanning for Viruses automatically on your Raspberry Pi

In this section, we will be showing you how you can set up a cronjob to scan for viruses every day automatically.

1. To run the antivirus software on our Raspberry Pi daily, we are going to create a small little script.

We will use this script to handle some basic stuff for us, such as generating a log name for the current day.

Begin writing this bash script by running the following command.

sudo nano /root/scanvirus.sh

2. Within this script, enter the following lines of code.

This script that we will be writing is fairly simple, so it should be easy to extend this further for your use.

#!/bin/bash

The first line is to help tell whatever runs the file that should be used to execute it.

LOGNAME="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log";

The second line creates our variable called LOGNAME. Within this variable we store a path to the clamav directory with a filename we generated for the log.

This generated filename makes use of the date command to include the current year, month, and day.

DIRTOSCAN="/home";

On the third line, we specify the directory that we want ClamAV to scan in our DIRTOSCAN variable. For our purposes, this directory is going to be the /home directory.

clamscan -ri "$DIRTOSCAN" &>"$LOGNAME";

Finally, we run the clamscan command with both the recursive (-r) and infected (-i) options.

We pass through our DIRTOSCAN variable as the folder to scan and use the redirection operator to save the output of the command to our log file.

The file to save the data to is stored in our LOGNAME variable.

3. Once you have entered all the code, it should end up looking a bit like what we have below.

#!/bin/bash
LOGNAME="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log";
DIRTOSCAN="/home";

clamscan -ri "$DIRTOSCAN" &>"$LOGNAME";

Once done, you can save the file by pressing CTRL + X, followed by Y, then the ENTER key.

4. With our script created, we can now modify the crontab to call it once a day.

We will be running this under the root user as we want to ensure we have enough privileges to read all files within the home directory.

sudo crontab -e

If you are asked what editor you want to use, we recommend that you select nano.

5. In the crontab, add the following line to the bottom of the file.

This line will run our bash script at midnight every day.

0 0 * * * bash /root/scanvirus.sh

Once done, save the file by pressing CTRL + X, followed by Y, then the ENTER key.

At this point, you should now have successfully set up the ClamAV antivirus software on the Raspberry Pi.

If you have run into any issues with installing the software, then feel free to drop a comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *