Especially for Linux (Ubuntu)
Servers running Linux or Unix are less likely to be affected by viruses than Windows servers. However, antivirus tools are necessary to prevent those connecting to the server, likely Windows machines, from being compromised. Linux viruses are also not imaginary. This page lists some free options and how to install them.
- ClamScan offers poor detection rates and high resource usage but is open source and free – 1, 2, 3, 4
sudo apt-get install clamav
sudo freshclam killall freshclam (if necessary)
Scanning (Full System)
sudo clamscan --recursive=yes --infected --exclude-dir='^/sys|^/proc|^/dev|^/lib|^/bin|^/sbin' /
- Sophos offers good detection with reasonable performance and is free with registration.
- Through personal experience, Sophos runs much faster than ClamAV and with fewer errors.
- Download from Sophos
- Save to or FTP to any directory
Install – 1
sudo tar -xzvf ~/sav-linux-free-(VERSION).tgz -C ~/
- Enter, space, space, space… (read EULA and scroll down)
- y (accept license)
- Enter (installs to default location of /opt/sophos-av/ )
- n (disable on-access scanning, which may consume resources — use savscan for on-demand scanning)
- f (free version)
- n (no proxy)
sudo rm -rf sav-linux-free-(VERSION).tgz
sudo rm -rf sophos-av
Sophos runs in the background and will update automatically. Otherwise, run:
Scanning (Full System)
sudo savscan -p=/home/USERNAME/latestAVscan.log -all -bs -mbr -di -f --stay-on-machine --stay-on-filesystem --no-reset-atime -pua -suspicious -archive / -exclude EXCLUDEDDIRECTORY
-psaves a log of the scan to the specified folder/file (default is no log)
-ncno notifications before taking actions (default is notifications)
-fdoes a full file scan (default is quick/partial)
-allscans all files (default uses a specific list of file types to scan)
-bsscans boot sectors (default is off)
-mbrscans the master boot record (default is off)
-puascans for adware and spyware (default is off)
-suspiciousscans for suspicious programs (default is off)
--examine-x-bitexamines files with the x-bit (default is off)
--stay-on-machinescans only the local machine
--stay-on-filesystemscans only the specific filesystem/drive
--no-reset-atimedoes not affect file access time, but will affect file ctime
-archivescans all archives (default is only some archives)
-excludeexcludes certain directories (put at the end, after the directory to scan [/])
-includeincludes certain directories (put before exclude)
--no-skip-special scans all directories, including proc and dev (default is non-special directories)
--quarantinequarantines infected files (default is off)
-removeremoves infected files (default is off)
-didisinfects the boot sector (default is off)
- Check status
- Check configuration
sudo /opt/sophos-av/bin/savconfig query
- Disable sending usage/logs to Sophos
sudo /opt/sophos-av/bin/savconfig set DisableFeedback true
- Change recipient of email reports
sudo /opt/sophos-av/bin/savconfig set Email NEWADDRESS
- Enable or disable on-access scanning
sudo /opt/sophos-av/bin/savdctl enable/disable
- Sophos will notify the default recipient of reports ([email protected]) when a virus is found.
- On headless servers, the option to configure a GUI may not be present. If so, a web GUI will not appear.
- Do not change the PrimaryUpdateUsername or PrimaryUpdatePassword for free versions. There is no way to recover or reset the username or password without reinstalling Sophos.
- BitDefender offers good detection and is free for personal use with registration.