Server Antivirus

Especially for Linux (Ubuntu)

Servers running Linux or Unix are less likely to be affected by viruses than Windows servers. However, antivirus tools are necessary to prevent those connecting to the server, likely Windows machines, from being compromised. Linux viruses are also not imaginary. This page lists some free options and how to install them.


  • ClamScan offers poor detection rates and high resource usage but is open source and free – 1, 2, 3, 4


sudo apt-get install clamav


sudo freshclam
killall freshclam (if necessary)

Scanning (Full System)

sudo clamscan --recursive=yes --infected --exclude-dir='^/sys|^/proc|^/dev|^/lib|^/bin|^/sbin' /

Read more: 1, 2



  • Sophos offers good detection with reasonable performance and is free with registration.
  • Through personal experience, Sophos runs much faster than ClamAV and with fewer errors.



  1. Download from Sophos
  2. Save to or FTP to any directory

Install – 1

sudo tar -xzvf ~/sav-linux-free-(VERSION).tgz -C ~/
sudo ~/sophos-av/


  1. Enter, space, space, space…     (read EULA and scroll down)
  2. y     (accept license)
  3. Enter     (installs to default location of /opt/sophos-av/ )
  4. n     (disable on-access scanning, which may consume resources — use savscan for on-demand scanning)
  5. f     (free version)
  6. n    (no proxy)


sudo rm -rf sav-linux-free-(VERSION).tgz
sudo rm -rf sophos-av


Sophos runs in the background and will update automatically. Otherwise, run:

sudo /opt/sophos-av/bin/savupdate

Scanning (Full System)

sudo savscan -p=/home/USERNAME/latestAVscan.log -all -bs -mbr -di -f --stay-on-machine --stay-on-filesystem --no-reset-atime -pua -suspicious -archive / -exclude EXCLUDEDDIRECTORY

Sophos runs a number of default options which can also be called through extra parameters – 1, 2. The scan command above will override these defaults for these options:

  • -p     saves a log of the scan to the specified folder/file (default is no log)
  • -nc     no notifications before taking actions (default is notifications)
  • -f     does a full file scan (default is quick/partial)
  • -all     scans all files (default uses a specific list of file types to scan)
  • -bs     scans boot sectors (default is off)
  • -mbr     scans the master boot record (default is off)
  • -pua     scans for adware and spyware (default is off)
  • -suspicious     scans for suspicious programs (default is off)
  • --examine-x-bit     examines files with the x-bit (default is off)
  • --stay-on-machine     scans only the local machine
  • --stay-on-filesystem     scans only the specific filesystem/drive
  • --no-reset-atime     does not affect file access time, but will affect file ctime
  • -archive     scans all archives (default is only some archives)
  • -exclude     excludes certain directories (put at the end, after the directory to scan [/])
  • -include     includes certain directories (put before exclude)
  • --no-skip-special     scans all directories, including proc and dev (default is non-special directories)
  • --quarantine     quarantines infected files (default is off)
  • -remove     removes infected files (default is off)
  • -di     disinfects the boot sector (default is off)

Other Commands

  • Check status sudo /opt/sophos-av/bin/savdstatus
  • Check configuration sudo /opt/sophos-av/bin/savconfig query
  • Disable sending usage/logs to Sophos sudo /opt/sophos-av/bin/savconfig set DisableFeedback true
  • Change recipient of email reports sudo /opt/sophos-av/bin/savconfig set Email NEWADDRESS
  • Enable or disable on-access scanning sudo /opt/sophos-av/bin/savdctl enable/disable


  • Sophos will notify the default recipient of reports (root@localhost) when a virus is found.
  • On headless servers, the option to configure a GUI may not be present. If so, a web GUI will not appear.
  • Do not change the PrimaryUpdateUsername or PrimaryUpdatePassword for free versions. There is no way to recover or reset the username or password without reinstalling Sophos.

Read more: 1, 2, 3, 4, 5, 6, 7, Installation, Guide


  • BitDefender offers good detection and is free for personal use with registration.