Frequently Asked Questions (FAQ)Last updated 9 Apr 2013
- What is ClamTk?
- I thought Linux doesn't NEED antivirus protection!
- Is it easy to install?
- Is it easy to use?
- Where can I get it?
- Should I use sudo?
- What is automatic and manual for updates?
- Why is the GUI telling me the engine is outdated?
- Why is the GUI telling me the GUI is outdated?
- Why is the GUI warning me about running as root?
- How do I update my signatures?
- I used to be able to update my signatures, but not anymore
- I use Fedora and I cannot update the signatures
- What? I have to be "root" to update the signatures?
- Why won't ClamTk quarantine or delete messages in my inbox?
- Why isn't there on-access virus scanning?
- There is a problem or bug with ...
- Why do I get the warning "LibClamAV Warning: RAR code not compiled-in"?
- Why is it telling me I have 0 virus signatures?
- How do I do a full system scan?
- I inserted a floppy or CD or USB device but ClamTk said no devices were detected. How do I mount it?
- This program is safe to use, right?
- How do I get ClamTk in my language?
- I'd like to see a certain feature added or removed.
- Your program doesn't detect this virus!
- What OSes do you test ClamTk on?
- What do I have to do to have the automated scan results (cronjob) emailed to a specific address?
- Why are you still writing this using Perl 5.8.8? This isn't Modern Perl! Besides, 5.14.0 is a bigger number than 5.8.8.
It is true that you may not need it - at least, not in the sense of a Windows computer and running all the time. This program is more geared for users interested in scanning files prior to sending them to other users.
Note that programs like rkhunter, chkrootkit, and unhide are more Linux-specific programs.
Yes. There are plenty of binary packages, made either by myself or others. Most Linux distributions come with an easy to use installer, and will automatically download all the necessary dependencies.
It is intended to be easy to use. However, one of the main goals is to keep it lightweight as well. This means leaving out lots of bells and whistles, and not expanding until it can read your email.
First, start with your distribution's repositories. Even if I have made a package for your distribution, start there first. The people who put them together are much more familiar with your distribution's inner workings than I am. Having said that, if one is already available, ensure that it is up to date by checking this website!
I put together rpm packages for Fedora and CentOS, and build Debian and Ubuntu packages based off the Debian maintainer's scripts. So, follow the download link and see if there is a suitable package there. But start with your distribution's packages first!
ClamTk is only a GUI for ClamAV antivirus. To update the engine, your distribution needs to release an updated version of ClamAV itself. A polite reminder to whoever maintains ClamAV for your distribution may prompt them to do so.
This means the GUI itself has updates available. Most repos do not stay current, so feel free to grab an updated ClamTk rpm or deb from http://clamtk.sf.net. The benefits are increased functionality and/or bug fixes, including newer language files when available.
ClamTk does not need to be run as root. As a matter of fact, MOST programs on Linux do not need to be run as root. If it is easier for you to update the system signatures this way, that is fine. But as much as you can, please run ClamTk as a regular user. A smart option is to follow the advice here.
ClamTk will now typically work right out of the box. This means it will look for signatures on the system and try to use those. By updating, you probably mean you want to update them yourself. In that case, go under "Advanced" and re-run the AV wizard.
That's because you're probably using Ubuntu and used the sudo command, which probably changed ownership of your personal .clamtk directory. Try running (without quotes) "sudo chown -R username.username ~/.clamtk" and then re-run ClamTk (where username is your login name). See below for more.
To update signatures, the file /etc/freshclam.conf needs to be tweaked a bit. Debian and Ubuntu do this automatically, but Fedora does not. So, open up the file *as root* by typing this: "gedit /etc/freshclam.conf" (no quotes, of course).
Change the following line
You may also want to change the mirror used to download the signatures. For example, I'm in the US, so US is my two-letter country code. Several lines below the "Example" line you just edited, look for this line:
# DatabaseMirror db.XY.clamav.net
and change it to:
Of course, if you're not in the US, change it to your two-letter country-code.
Please don't. Not with ClamTk, that is. Here's the problem: If you like to update your antivirus signatures as an end user, but initially start up ClamTk with sudo, you just set your entire personal .clamtk directory with "root" permissions. That means you won't be able to update signatures again as an end user or save your preferences. See above for more.
Some distributions use freshclam as a daemon to automatically update signatures. This is convenient for end users, especially if there is more than one user on the system - they share the antivirus signatures rather than storing separate copies. Manual updates means the user can update the signatures by clicking on Help, then Check for Updates.
Not anymore! At least, not as of version 4.00. In 4.00, the user is able to update their own signatures. This is done by letting the user store virus signatures in his/her home directory. You may want to try the following:
sudo freshclam -d -c 2
Or on Fedora, "su" to root, and type it without the "sudo".
This asks the freshclam updater to run as a daemon, and check for updates twice per day. You can also add this to "/etc/rc.local", so that it will be run upon reboot as well:
echo 'freshclam -d -c 2' >> /etc/rc.local
That's simple - because it isn't simple! :) *NIX inboxes are flat files which must be parsed. Frankly, I'm not comfortable doing this yet - not across different distros with different email clients with different versions of blah blah blah. When there's a safe way of doing so, it will be done. If you know of a good way, please let me know. Remember, if it's done incorrectly, your (or someone else's) inbox could be damaged or deleted.
First, it would rely on the Dazuko program, and there are no widely available binary packages for it.
Second, if there were packages available, such a functionality is probably not needed in Linux and would serve mostly as a memory hog if you were watching the entire system. A workaround would be to only watch each user's home directory while they were logged in, I suppose.
Third, from what I understand you would have to run clamd as root in this kind of situation, and that is a security risk.
The good news is that there is a Perl interface for Dazuko, so if things did change and this became a desirable functionality, it could probably be implemented.
The simplist thing to do is to shoot me an email at dave.nerd @ gmail.com. You can (but don't have to) get my GPG key here. I'll reply as quickly as I can. Don't like email? Try posting here:
Please remember to include the distro you are running (Fedora, CentOS, Ubuntu, Mandriva, etc), along with the versions of ClamAV and ClamTk. The more detailed you are, the better I will understand and be able to fix it.
No matter how you decide to report problem, the important thing is that you do report it. It will not get fixed otherwise!
ClamAV includes support for RAR v3 which apparently is not GPL-compatible, so Fedora (and possibly other distros) removed the capability. This is a warning that you are not actually scanning through those files (I believe).
You have probably just installed it. Use the update signatures feature, and try again. If you still have this problem, please send me an email so we can track down the problem.
It is probably mostly safe to use. However, if you delete a file, it is GONE. I removed the ability to automatically delete any file found not clean in case of false positives, so that should help. When in doubt, either select the quarantine function, or manually move or remove the "bad" file.
Note that ClamTk no longer has the "Follow Symbolic Links" option. ClamTk was using a Perl module called File::Find, which contains the following warning:
"Be aware that the option to follow symbolic links can be dangerous ... Furthermore, deleting or changing files in a symbolically linked directory might cause very unpleasant surprises, since you delete or change files in an unknown directory."
For this, select Recursive scan or hit Ctrl-R. Then, in the directory-select dialogue, choose "File System" on the left hand side.
I inserted a floppy or CD or USB device but ClamTk said no devices were detected. How do I mount it?
You probaby have an icon on your desktop - try double-clicking it or right-click it and select the "mount" option.
Please see the Launchpad ClamTk website. You will probably need to join a translation group, but that's easy.
You can also see how others have translated it by checking out the language files in CVS.
Great! Email your suggestion(s) to me. Otherwise, I have to add my own useless bloat and unnecessary features.
To clarify, my program doesn't do ANY detection - it just reports what ClamAV finds. I WISH I was smart enough to write for them, but I just write a GUI (one of several available, by the way). If you feel there is some malware ClamAV is not detecting and are so inclined, you can submit malware samples to the following (these are just two of many):
Additionally, as of 4.30, you can submit files for analysis directly from within ClamTk. You have the choice of submitting a file which is not currently detected, or submitting a file which is incorrectly detected.
Typically, everything is developed on Fedora (latest release). Then, it's tested on Debian (stable), the latest Ubuntu, and CentOS. One of these days I'll install *BSD and test there too, but it hasn't happened yet. I build the .deb on Debian (stable) and the CentOS rpm on CentOS (latest release). Let me know if you have suggestions on other distros.
As of November 2013, I'm using Debian 6 ("squeeze"), Fedora 19, and CentOS 6.0 to build packages. I also test - but do not build - packages on the latest Ubuntu (13.04, 13.10).
Try adding "MAILTO:email@example.com" to the cronjob, where "firstname.lastname@example.org" is the desired address.
Why are you still writing this using Perl 5.8.8? This isn't Modern Perl! Besides, 5.14.0 is a bigger number than 5.8.8.
Because ClamTk is ported to variants of the big distros, we have to write for the most conservative one. CentOS still uses 5.8.8, so we're stuck with that. Now, sometime between 2015 and 2025, CentOS should move on up to 5.10.1. (Please don't sue - I'm kidding.)