Antivirus for linux

ClamTk is No Longer Maintained

Dont know about you, but i dont usually install an antivirus on my linux boxes as never seen a virus in over 20 years installing or supporting.

But if the client insists they have a virus tool or have a problem and want me to scan, this is the one i choose. Again never found anything.

So thoughts on antivirus and linux


I saw that story too. Like you, I don’t run AV on my home Linux machines, so I just skipped reading the article.

1 Like

I use Clam occasionally, mostly on a specific downloaded file.
Like you, never found anything.
There are others but you have to be careful to avoid
nonfree or spyware or both. There have been cases
of malware prevention software being malware themselves.
I would only use something from official repos.

1 Like

I only use software from the official repos except for a period when google browser was not available in mint repositories… finally i moved to chromium as never took to firefox, but no particular reason.

Funny i tried clamav for mac and it was to pay for and not very effective for detection or doing the job so in the end just did a clean install but that was some years back

1 Like

Hi all, :wave:

last time I was using clamtk was years ago. I once tried it with Lubuntu.
To be honest, I couldn´t get much out of it. I rather use clamav (command: clamscan) for occasionally scanning downloaded files, like PDFs.

The good thing is: here it says:

ClamTk was first released in 2004 as a user-friendly Linux frontend to the open-source ClamAV antivirus engine (note: ClamAV is a separate, distinct project whose development is overseen by the Talos Group, at Cisco Systems and is not affected by this decision).

(bold by me).

I scan downloaded files primarily before forwarding them to any third party, i.e. people who may use WIN as their OS.
It´s common sense or (hopefully) some sort of friendliness (:blush: ) which drives me to do this.

For most filetypes (.txt;.webm;.3gp;.jpg;.png;.pdf;.mp4;.md;*.JPG)
I provided a user-defined entry in thunar, which gives me a right-click entry for scanning the files.
It´s convenient enough for me, so I wouldn´t need clamtk for the task.

Many greetings from Rosika :slightly_smiling_face:


Hi Rosika,
That changes everything.
As you say, ClamAV is perfectly adequate on its own.
You should claim a solution.


It was so long ago - I don’t remember the name - but the virus scanning engine was from Computer Associates, for UNIX (Solaris on Sparc)… Last time I used a virus scanner on a NIX - set it up to scan attachments on a Solaris MTA (mail transfer agent)…

My work MacBook (M1) has whatever stuff the corporate SOE enforcement plonks on it - has a bunch of big-brothery shite on it : falcon crowdstrike, InfoBlox, Microsoft Intune (whatever the F that is) and more…

My personal MacBook (M1) has MalwareBytes freebie… touch wood - may not need it…

I remember one virus that infected my NAS, only 'cause one of my daughters had it on Windows XP or Windows 7, was pretty cunning - it would create an exe file with a folder icon, so you’d double click on it thinking it was a folder and spread it further :smiley:

Didn’t even need a virus scanner to get rid of it - just a shell script on the NAS (FreeBSD) to find ANY .exe file that was an exact number of bytes… that was well over 10 years ago…

Some of my customers run various security stuff on top of Linux - my take on that is it can create more trouble than it’s hoping to solve… One customer runs Falcon Crowdstrike on Linux servers. Another one was running Symantec Endpoint, then replaced that with Microsoft Defender (yeah - on Linux!).

I’ve seen nightmare situations where some intrusion detection daemon, or threat detection tool, has caused more havoc than it was designed to prevent!


I assume you mean it deleted things without getting permission?
Or maybe locked up things preventing access?

I remember some intrusion detection piece of crap “prevented” restores from the backup client… It would slow the restore down to a standstill, and render the server inoperative / dead - i.e. things are critical when you have to issue a break on a Sparc running Solaris system console…

I’ve seen issues where some “brightspark” (sarcasm) decided it would be a good idea to patch Red Hat - AND - Symantec Endpoint, in the same update window - which caused some mission critical infrastructure to kernel panic…

Those are specifics, but I’ve seen suchlike cause other issues that I don’t recall…


I dont see the need for anything more than occasional
manually run checks on a home computer.
An important server may need more… I dont know…I remember at work they used to run Tripwire, and look at the logs.


Hi Neville, :wave:

yes, ClamAV is actually all you need. was so kind to mark it as a solution. Thanks, Paul . :heart:

Many greetings from Rosika :slightly_smiling_face:


I always try to congratulate when others offer a solution or service, believe we are here to help each other in life its a shared game when we all participate and work towards a common goal. Far to easy to criticise others when we should take the positive stand and say thank-you.

So thanks :blush: