ClamAV is a stable anti virus software for Linux and it is available since two decades. Viruses could be an issue on Linux systems but it is more likely to get a rootkit infection on a Linux system. Basically it is not a failure to have an anti virus software on a Linux computer, for example to check downloaded files.
It could also make sense to install ClamAV to scan a Samba file share for Windows clients which is provided on a Linux server.
ClamAV is easy to install and it is available in the repositories of the most distributions.
First of all we need to install ClamAV (here on Ubuntu) with this command:
apt-get install clamav
As a next step we need to update the virus definitions. But this could lead us to an error:
The Problem and the Fix
The update of the anti virus definitions can be done with this command:
But on several systems I got this message here:
ERROR: /var/log/clamav/freshclam.log is locked by another process ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). ERROR: initialize: libfreshclam init failed. ERROR: Initialization error!
The problem is that “freshclam” locks a file (/var/log/clamav/freshclam.log) and does automatically updates in the background. This is just fine, but if we want to get debugging information of the anti virus definition update procedure we need to run these commands:
We need to find the PID of “freshclam” with the “ps -ef” command and then we need to stop it with the “kill” command. (Here is the PID of the “freshclam -d” process 1281)
The command “kill -p PID” stops the lock of the file “/var/log/clamav/freshclam.log” and then “freshclam” can be executed.
We see several times the message “up-to-date” in the last lines on the picture.
ClamAV is a kind of dinosaur in the Linux world. Its is uncomplicated and works well on Linux. The update procedure of the anti virus definitions can cause an error and the automatic update feature needs to be stopped. After stopping the automatic updates a manual update can be done.
Feel free to comment my blog post.