ClamTk Virus Scanner

Skip to Content

Frequently Asked Questions (FAQ)

  Last updated 9 Apr 2013

What is ClamTk?

ClamTk is a graphical user interface (GUI) for using the Clam AntiVirus program. It uses gtk2-perl for its graphics. Everything else is Perl.

I thought Linux doesn't NEED antivirus protection!

It is true that you may not need it - at least, not in the sense of a Windows computer and running all the time. This program is more geared for users interested in scanning files prior to sending them to other users.

Note that programs like rkhunter, chkrootkit, and unhide are more Linux-specific programs.

Is it easy to install?

Yes. There are plenty of binary packages, made either by myself or others. Most Linux distributions come with an easy to use installer, and will automatically download all the necessary dependencies.

Is it easy to use?

It is intended to be easy to use. However, one of the main goals is to keep it lightweight as well. This means leaving out lots of bells and whistles, and not expanding until it can read your email.

Where can I get it?

First, start with your distribution's repositories. Even if I have made a package for your distribution, start there first. The people who put them together are much more familiar with your distribution's inner workings than I am. Having said that, if one is already available, ensure that it is up to date by checking this website!

I put together rpm packages for Fedora and CentOS, and build Debian and Ubuntu packages based off the Debian maintainer's scripts. So, follow the download link and see if there is a suitable package there. But start with your distribution's packages first!

If you use SUSE, here is the link to the official packages. For other distributions, try and

There are other builds for Gentoo and FreeBSD. You can easily find them by asking on the respective distribution's website or just search for it.

Why is the GUI telling me the engine is outdated?

ClamTk is only a GUI for ClamAV antivirus. To update the engine, your distribution needs to release an updated version of ClamAV itself. A polite reminder to whoever maintains ClamAV for your distribution may prompt them to do so.

Why is the GUI telling me the GUI is outdated?

This means the GUI itself has updates available. Most repos do not stay current, so feel free to grab an updated ClamTk rpm or deb from The benefits are increased functionality and/or bug fixes, including newer language files when available.

Why is the GUI warning me about running as root?

ClamTk does not need to be run as root. As a matter of fact, MOST programs on Linux do not need to be run as root. If it is easier for you to update the system signatures this way, that is fine. But as much as you can, please run ClamTk as a regular user. A smart option is to follow the advice here.

How do I update my signatures?

ClamTk will now typically work right out of the box. This means it will look for signatures on the system and try to use those. By updating, you probably mean you want to update them yourself. In that case, go under "Advanced" and re-run the AV wizard.

I used to be able to update my signatures, but not anymore

That's because you're probably using Ubuntu and used the sudo command, which probably changed ownership of your personal .clamtk directory. Try running (without quotes) "sudo chown -R username.username ~/.clamtk" and then re-run ClamTk (where username is your login name). See below for more.

I use Fedora and I cannot update the signatures

To update signatures, the file /etc/freshclam.conf needs to be tweaked a bit. Debian and Ubuntu do this automatically, but Fedora does not. So, open up the file *as root* by typing this: "gedit /etc/freshclam.conf" (no quotes, of course).

Change the following line

to this:
# Example

You may also want to change the mirror used to download the signatures. For example, I'm in the US, so US is my two-letter country code. Several lines below the "Example" line you just edited, look for this line:

# DatabaseMirror

and change it to:

Of course, if you're not in the US, change it to your two-letter country-code.

Should I use sudo?

Please don't. Not with ClamTk, that is. Here's the problem: If you like to update your antivirus signatures as an end user, but initially start up ClamTk with sudo, you just set your entire personal .clamtk directory with "root" permissions. That means you won't be able to update signatures again as an end user or save your preferences. See above for more.

What is automatic and manual for updates?

Some distributions use freshclam as a daemon to automatically update signatures. This is convenient for end users, especially if there is more than one user on the system - they share the antivirus signatures rather than storing separate copies. Manual updates means the user can update the signatures by clicking on Help, then Check for Updates.

What? I have to be "root" to update the signatures?

Not anymore! At least, not as of version 4.00. In 4.00, the user is able to update their own signatures. This is done by letting the user store virus signatures in his/her home directory. You may want to try the following:

sudo freshclam -d -c 2
Or on Fedora, "su" to root, and type it without the "sudo".
This asks the freshclam updater to run as a daemon, and check for updates twice per day. You can also add this to "/etc/rc.local", so that it will be run upon reboot as well:
echo 'freshclam -d -c 2' >> /etc/rc.local

Why won't ClamTk quarantine or delete messages in my inbox?

That's simple - because it isn't simple! :) *NIX inboxes are flat files which must be parsed. Frankly, I'm not comfortable doing this yet - not across different distros with different email clients with different versions of blah blah blah. When there's a safe way of doing so, it will be done. If you know of a good way, please let me know. Remember, if it's done incorrectly, your (or someone else's) inbox could be damaged or deleted.

Why isn't there on-access virus scanning?

Several reasons:

First, it would rely on the Dazuko program, and there are no widely available binary packages for it.

Second, if there were packages available, such a functionality is probably not needed in Linux and would serve mostly as a memory hog if you were watching the entire system. A workaround would be to only watch each user's home directory while they were logged in, I suppose.

Third, from what I understand you would have to run clamd as root in this kind of situation, and that is a security risk.

The good news is that there is a Perl interface for Dazuko, so if things did change and this became a desirable functionality, it could probably be implemented.

There is a problem or bug with ...

The simplist thing to do is to shoot me an email at dave.nerd @ You can (but don't have to) get my GPG key here. I'll reply as quickly as I can. Don't like email? Try posting here:

Please remember to include the distro you are running (Fedora, CentOS, Ubuntu, Mandriva, etc), along with the versions of ClamAV and ClamTk. The more detailed you are, the better I will understand and be able to fix it.

No matter how you decide to report problem, the important thing is that you do report it. It will not get fixed otherwise!

Why do I get the warning "LibClamAV Warning: RAR code not compiled-in"?

ClamAV includes support for RAR v3 which apparently is not GPL-compatible, so Fedora (and possibly other distros) removed the capability. This is a warning that you are not actually scanning through those files (I believe).

Why is it telling me I have 0 virus signatures?

You have probably just installed it. Use the update signatures feature, and try again. If you still have this problem, please send me an email so we can track down the problem.

This program is safe to use, right?

It is probably mostly safe to use. However, if you delete a file, it is GONE. I removed the ability to automatically delete any file found not clean in case of false positives, so that should help. When in doubt, either select the quarantine function, or manually move or remove the "bad" file.

Note that ClamTk no longer has the "Follow Symbolic Links" option. ClamTk was using a Perl module called File::Find, which contains the following warning:

"Be aware that the option to follow symbolic links can be dangerous ... Furthermore, deleting or changing files in a symbolically linked directory might cause very unpleasant surprises, since you delete or change files in an unknown directory."

How do I do a full system scan?

For this, select Recursive scan or hit Ctrl-R. Then, in the directory-select dialogue, choose "File System" on the left hand side.

I inserted a floppy or CD or USB device but ClamTk said no devices were detected. How do I mount it?

You probaby have an icon on your desktop - try double-clicking it or right-click it and select the "mount" option.

How do I get ClamTk in my language?

Please see the Launchpad ClamTk website. You will probably need to join a translation group, but that's easy.

You can also see how others have translated it by checking out the language files in CVS.

I'd like to see a certain feature added or removed.

Great! Email your suggestion(s) to me. Otherwise, I have to add my own useless bloat and unnecessary features.

Your program doesn't detect this virus!

To clarify, my program doesn't do ANY detection - it just reports what ClamAV finds. I WISH I was smart enough to write for them, but I just write a GUI (one of several available, by the way). If you feel there is some malware ClamAV is not detecting and are so inclined, you can submit malware samples to the following (these are just two of many):

Additionally, as of 4.30, you can submit files for analysis directly from within ClamTk. You have the choice of submitting a file which is not currently detected, or submitting a file which is incorrectly detected.

What OSes do you test ClamTk on?

Typically, everything is developed on Fedora (latest release). Then, it's tested on Debian (stable), the latest Ubuntu, and CentOS. One of these days I'll install *BSD and test there too, but it hasn't happened yet. I build the .deb on Debian (stable) and the CentOS rpm on CentOS (latest release). Let me know if you have suggestions on other distros.
As of November 2013, I'm using Debian 6 ("squeeze"), Fedora 19, and CentOS 6.0 to build packages. I also test - but do not build - packages on the latest Ubuntu (13.04, 13.10).

What do I have to do to have the automated scan results (cronjob) emailed to a specific address?

Try adding "" to the cronjob, where "" is the desired address.

Why are you still writing this using Perl 5.8.8? This isn't Modern Perl! Besides, 5.14.0 is a bigger number than 5.8.8.

Because ClamTk is ported to variants of the big distros, we have to write for the most conservative one. CentOS still uses 5.8.8, so we're stuck with that. Now, sometime between 2015 and 2025, CentOS should move on up to 5.10.1. (Please don't sue - I'm kidding.)