Install ClamAV on Arch Linux – A Straight‑Forward Guide to Keep Your Files Clean
If you’ve ever had a USB stick that seemed harmless but turned out to be a trojan, you’ll understand why a quick virus scan is worth the hassle. This article walks you through installing ClamAV on Arch, turning it into a running service, keeping its database fresh, and setting up a simple daily scan. No fluff, just the steps that get your machine safe again.
1. Grab the package from pacman
The easiest way to install ClamAV on Arch is with the official package manager. Open a terminal and run:
sudo pacman -S clamav
Pacman pulls the latest stable build, so you don’t have to hunt for .tar.gz files or compile anything yourself.
2. Enable the freshclam daemon
ClamAV’s virus definitions are only useful if they stay up‑to‑date. The `freshclam` service downloads new signatures automatically. Turn it on:
sudo systemctl enable --now clamav-freshclam.service
The `--now` flag starts the service immediately; you’ll see a few lines of output that confirm it’s pulling the latest database.
3. Verify the database update
To make sure freshclam is actually working, force an update:
sudo freshclam --quiet
If you don’t get any error messages and the timestamp changes, your system is ready to detect new malware.
4. Run a manual scan
Let’s try it out on a folder you suspect might be infected. Replace `/path/to/test` with whatever directory you want to check:
clamscan -r /path/to/test --bell
The `-r` flag makes ClamAV walk the tree recursively, and `--bell` rings your terminal’s bell when a virus is found—so you don’t have to stare at the output for hours. If a file turns up as infected, move it out of the way before you run any commands that might execute code.
5. Automate daily scans with systemd‑timer
You don’t want to remember to scan every night. Create a simple timer:
sudo tee /etc/systemd/system/clamav-daily.service > /dev/null <<EOF [Unit] Description=Daily ClamAV scan [Service] Type=simple ExecStart=/usr/bin/clamscan -r /home StandardOutput=append:/var/log/clamav/daily.log EOF
Then create the timer file:
sudo tee /etc/systemd/system/clamav-daily.timer > /dev/null <<EOF [Unit] Description=Run ClamAV scan daily [Timer] OnCalendar=daily Persistent=true [Install] WantedBy=timers.target EOF
Enable and start the timer:
sudo systemctl enable --now clamav-daily.timer
Now your home directory gets a clean‑up sweep once per day, and you can check `/var/log/clamav/daily.log` for any surprises.
6. Why ClamAV isn’t a silver bullet
ClamAV is great for spot checks and catching old malware families that still circulate on USB sticks or shared folders. It’s not built to protect against zero‑day exploits or sophisticated ransomware that encrypts files before you get a chance to scan them. Pair it with good backup habits, keep your system updated, and consider a real‑time antivirus if you’re in a high‑risk environment.
I’ve seen this happen after a bad driver update on a machine I was troubleshooting for a friend: the device failed, Windows rebooted into Safe Mode, and the malware sat quietly in `C:\Windows\System32`. A quick ClamAV scan caught it before the system could propagate the payload to other PCs.
That’s all there is to it. Install, enable, update, scan—repeat. Your Arch machine will thank you when a rogue file shows up on your desk instead of on your inbox.
