ClamAV and ClamTK Antivirus Scanner Tool for Kali Linux
In Kali Linux, Malware, viruses, and Trojans are uncommon however, they do exist. ClamAV is an excellent alternative if we only need an antivirus once in a while.
ClamAV is a free antivirus that we can use for online scanning, email scanning, and endpoint security. It comprises a multi-threaded daemon that is scalable and versatile, a command-line scanner, and a sophisticated tool for automated database updates, among other features.
ClamAV is a command-line program, but it also has a graphical user interface called ClamAV which we can use to operate it. ClamAV is also cross-platform, supporting Windows and Mac OS X. It has the capacity to scan a wide range of files for security flaws. Tar, RAR, Cabinet, Zip, CHS. BinHex, OLE2, SIS format, and practically any email system is all supported.
Features of ClamAV
ClamAV is not a virus scanner that scans our computer in real-time. That is, it will not scan a file when we open it, however, it possesses a number of other noteworthy features, including:
Installation of ClamAV and ClamTK
ClamAV is also available in Ubuntu apt repository and is rather simple to install. With the help of the following commands, we can install ClamAV.
ClamAV has been installed on our computer. Now, we have to use the command below to see if it's been installed.
ClamAV has been successfully installed if the above command returns the version. ClamTk is a ClamAV frontend. We can install it using Terminal:
Usage of ClamAV and ClamTk
ClamAV Signature Database Updating
We have already downloaded and installed ClamAV; now, we have to update the ClamAV signature database; follow the steps below.
The first step is we have to terminate the ClamAV-freshclam service with the help of the command below in a terminal window:
In the second step, the signature database must be manually updated. There are two options for accomplishing this. The first technique includes entering the following command into the terminal.
This command will install the signature database on our computer. If a directory named "clamav" does not already exist at the specified location, run the following command.
The last step is to start the clamav-freshclam service using the following command:
In the above command, we have used certain parameters. The following are the meanings of these options:
We have more options with this command. Use the following command in the terminal window to see all the options:
ClamAV is mostly a command-line application. ClamTk, on the other hand, is a third-party tool with a very basic GUI that beginners who are not familiar with command-line interfaces can use. When we run ClamTk for the first time, we will see a simple interface with four main components.
The first element is the setup area, which permits us to set up and adjust ClamAv and its behavior. For example, we can scan a folder but not its subfolders. We can exclude files or folders from scans by whitelisting them, and scan large files, hidden files, and password checkers.
Choose "Scan a directory" from the analysis group to find the needed directory, ClamTK will do a directory scan and provide the results as seen in the image below.
ClamAV VS ClamTK in Terms of Performance
There is no difference in performance between ClamAV and ClamTK when we used both of them. We can use any of them, but ClamTK is the best choice because it includes a graphical user interface that makes it easier to use, especially for beginners.
How Effective is using ClamAV?
ClamAV also obtained bad results in an AV-Test, an independent IT-security organization, a test of Linux antivirus (detected just 15.3 percent of Windows malware and rated 16 out of 16). Things were improved in terms of Linhtux malware; although not very great, ClamAV was capable of identifying 66.1 percent of the attackers who targeted it. In terms of Linux malware and viruses, ClamAV came in 13th place, ahead of MCAfee, F-port, and Comodo.