ClamAV and ClamTK Antivirus Scanner Tool for Kali Linux
In Kali Linux, Malware, viruses, and Trojans are uncommon however, they do exist. ClamAV is an excellent alternative if we only need an antivirus once in a while.
ClamAV is a free antivirus that we can use for online scanning, email scanning, and endpoint security. It comprises a multi-threaded daemon that is scalable and versatile, a command-line scanner, and a sophisticated tool for automated database updates, among other features.
ClamAV is a command-line program, but it also has a graphical user interface called ClamAV which we can use to operate it. ClamAV is also cross-platform, supporting Windows and Mac OS X. It has the capacity to scan a wide range of files for security flaws. Tar, RAR, Cabinet, Zip, CHS. BinHex, OLE2, SIS format, and practically any email system is all supported.
Features of ClamAV
ClamAV is not a virus scanner that scans our computer in real-time. That is, it will not scan a file when we open it, however, it possesses a number of other noteworthy features, including:
- ClamAV is a command-line scanner.
- The virus database is updated frequently throughout the day.
- It is a milter interface for
- All common email file types are supported natively.
- ClamAV supported various document types like MS Office and Mac Office files, Flash, PDF, HTML, etc.
- The archive formats such as RAR, DMG, Gzip, Zip, OLE2, CHM, Cabinet, SIS, Tar, and Bzip2 are all natively supported.
- This powerful database updater supports scripted updates and digital signatures.
- ELF executable and Portable Executable files packed using FSG, NsPack, wwpack32, MEW, Upack, and obfuscated using SUE, Y0da Cryptor, and others have built-in support.
Installation of ClamAV and ClamTK
ClamAV is also available in Ubuntu apt repository and is rather simple to install. With the help of the following commands, we can install ClamAV.
ClamAV has been installed on our computer. Now, we have to use the command below to see if it’s been installed.
ClamAV has been successfully installed if the above command returns the version. ClamTk is a ClamAV frontend. We can install it using Terminal:
Usage of ClamAV and ClamTk
ClamAV Signature Database Updating
We have already downloaded and installed ClamAV; now, we have to update the ClamAV signature database; follow the steps below.
The first step is we have to terminate the ClamAV-freshclam service with the help of the command below in a terminal window:
In the second step, the signature database must be manually updated. There are two options for accomplishing this. The first technique includes entering the following command into the terminal.
This command will install the signature database on our computer. If a directory named “clamav” does not already exist at the specified location, run the following command.
The last step is to start the clamav-freshclam service using the following command:
In the above command, we have used certain parameters. The following are the meanings of these options:
- -injected: – Only prints those files which are injected.
- -remove: – This command deletes infected files.
- -recursive: – The subdirectories of the directory will also be examined.
We have more options with this command. Use the following command in the terminal window to see all the options:
ClamAV is mostly a command-line application. ClamTk, on the other hand, is a third-party tool with a very basic GUI that beginners who are not familiar with command-line interfaces can use. When we run ClamTk for the first time, we will see a simple interface with four main components.
The first element is the setup area, which permits us to set up and adjust ClamAv and its behavior. For example, we can scan a folder but not its subfolders. We can exclude files or folders from scans by whitelisting them, and scan large files, hidden files, and password checkers.
- The history area, provides us the information related to the prior scans. A quarantine section is also available, where we can check for harmful files which have been confined as a result of scanning.
- The third section is updated, ClamAV can use this to import new virus definitions; the first thing we should do after installing ClamAV is click updates to update the virus definitions.
- The final portion is the analysis. Our ClamAV scans will begin here.
Choose “Scan a directory” from the analysis group to find the needed directory, ClamTK will do a directory scan and provide the results as seen in the image below.
ClamAV VS ClamTK in Terms of Performance
There is no difference in performance between ClamAV and ClamTK when we used both of them. We can use any of them, but ClamTK is the best choice because it includes a graphical user interface that makes it easier to use, especially for beginners.
How Effective is using ClamAV?
- ClamAV is the best antivirus software on the market, but it’ll suffice for the most part if we are on a Linux-only desktop. We may also notice a higher rate of false positives than with other top antivirus software. ClamAV is not recommended for usage on a Windows PC or disc because to the enormous number of viruses and malware.
- ClamAV is a C++ based open-source antivirus that can detect viruses, trojans, and a range of other threats. Many people use it to examine their sensitive information, such as emails, for dangerous stuff because it is a fully free tool. It can also be used as a server-side scanner.
- ClamAV is an antivirus tool which can detect and remove trojans, viruses, and malicious software from our computers. In this tutorial, we have shown you how to install ClamAV on Kali. Following that, we discussed how to update the ClamAV signature database and how to use the command-line interface to scan a directory using ClamAV. After that, we discuss how to set up ClamTK, a graphical user interface that makes the software easier to use. After that, we compared the performance of several packages.
ClamAV also obtained bad results in an AV-Test, an independent IT-security organization, a test of Linux antivirus (detected just 15.3 percent of Windows malware and rated 16 out of 16). Things were improved in terms of Linhtux malware; although not very great, ClamAV was capable of identifying 66.1 percent of the attackers who targeted it. In terms of Linux malware and viruses, ClamAV came in 13th place, ahead of MCAfee, F-port, and Comodo.