Command-Line Interface Versus Graphic User Interface
ClamAV is a command-line virus scanner. (You can find the user manual here.) There are two GUIs that I know of. I can’t get either clamtk or klamav to work as I would expect them to. ClamTK appears, then updates, but it won’t scan an entire directory recursively when the option is selected—either it crashes or doesn’t scan recursively. I do have KDE as a primary window manager and Gnome installed so I can run gnome applications. ClamAV may be one of those applications that simply doesn’t run properly in this environment.
If you want to try clamtk anyway, use the following:
# aptitude install clamtk
To make it possible to run ClamAV from the desktop without starting it from a terminal, I’m going to give you some icon setups below.
To start a command-line scan of the whole filesystem:
# cd / # clamscan -r -i -–no-mail –exclude=.vmdk -l /home/username/virusscan.log
The command line switches used are:
- -r: Recursive.
- -i: Print only infected files.
- –-no-mail: Skip mail directories.
- -exclude=.vmdk: Skip VM virtual disk with .vmdk filename, if used. If your virtualization server’s virtual disk has a different extension, substitute that after --exclude above. The reason for skipping virtual disks is that they should be scanned with a scanner internal to the OS. Mailboxes are skipped because "phishing" files don’t affect system execution unless there’s a user error.
- -l: Log to the named file in your home directory.
To create a ClamAV full-filesystem scan icon:
- Download the ClamAV image file to anywhere convenient (source: openclipart.org).
- Right-click anywhere on the Desktop other than an icon or the dashboard, and select Create New > Link to Application. A properties window will appear.
- In the General tab (see Figure 1), click the gear in a square to the left
and select an image file for the icon by then clicking Other Icons. Browse and
change the directory to wherever you downloaded the ClamAV image file, select
Gerald_G_Clam_Security_Guard.svg, and click Open. You now have an icon.
Figure 1 New ClamAV desktop icon properties.
- In the Application tab (see Figure 2), put the command with switches in
the command text box:
clamscan -r -i -–no-mail –exclude=.vmdk -l /home/username/virusscan.log
Figure 2 ClamAV icon Properties – Applications tab.
Click the Advanced Options button.
- To run as root, click the Run as a Different User checkbox (see Figure
3), and when the username is accessible, type root. To run as
root, when you select this icon, a root password prompt will appear.
Figure 3 ClamAV icon properties – Advanced Options.
You can choose whether or not to run your program in a terminal window via a checkbox. If you enable this, you can also enable Do Not Close When Command Exits. For virus scanning, select both. Do this in all the icon setups below.
Also, make sure the semicolons are present in the command lines where indicated. This means there are at least two commands; the semicolon is a separator between each command given on a single command line.
In regards to the work path, from my observation with clamscan, you’re better off changing to the directory you want to scan first as an explicit command from the command line. Otherwise, recursive scanning doesn’t always work. I recommend creating three icons:
- Full filesystem icon:
Command: cd / ; clamscan -r -i -l /home/username/virusscan.log
Work path: /
Advanced: enable root
- There’s no point in telling a virus scanner to a complete filesystem scanning files it has no access to when run from your user account, so this runs from root.
- Home directory icon:
Command: cd home/username ; clamscan -r -i -l /home/username/virusscan.log
- Mail icon:
Command: clamscan -i PATH/mailfileattachment -l /home/username/virusscan-attach.log ;clamscan -i PATH/embedded -l /home/username/virusscan-embedded.log
mailfileattachment is whatever directory your mail client’s file attachments go into, embedded is whatever directory embedded images go into, and PATH is the path from / to wherever those directories are.
What to scan with respect to mail is a judgment call. On a mail server, it might make sense to block content with "phishing" signatures. On a workstation, it probably makes more sense to not scan for them to avoid losing mail to "false positives." What you do want to scan for is malware content in attached and embedded files.