Best Virus Scanners for Linux

If you’re using a Linux distribution such as Ubuntu, there’s a very high likelihood that you’ve been deceived into believing that you don’t need antivirus protection because “Linux is more secure.”

Although Linux certainly has more restrictive security features around administrative positions and remains a relatively unattractive target for hackers due to its 5% share of the market running it without protection leaves you wide open to rootkits, trojans, and worms targeting Linux—all of which exist in abundance.  If you’re a Linux user, you may pride yourself on the system that you’ve customized for yourself. Unless you want to see it destroyed, consider an antivirus an essential component.

CLI vs GUI Based Options

Linux users tend to know their way around a terminal better than Windows users know the Powershell. Choosing between a command line interface (CLI) and graphical user interface (GUI) is often the first choice when selecting an antivirus option.

If you’re comfortable with inputting commands and automating scripting processes using cron jobs, then you may need to look no further than ClamAV, which is a completely free solution.

Although GUI frontends exist that make running scans easier, many Linux users are comfortable running programs entirely over the command line. ClamAV may be an open-source engine, but it’s developed and maintained by Cisco Talo. It can identify and delete most commonly-encountered viruses. This option requires knowledge of basic scripting but is a completely viable way to protect a Linux machine.

What “Distro” Are You Using?

Unlike Windows and MacOS, Linux comes in many different “distributions,” or “distros.”. Many non-Linux users may have heard of the most popular one, Ubuntu, but there are several other options, including Arch Linux, Fedora, Gentoo, Mint, and CentOS.

While using Debian or Ubuntu will guarantee you the widest selection of choices for a Linux antivirus, you’re not out of options if you use a more exotic distro.

Here are some choices if you’re running something other than Debian or Ubuntu:

  • Avast Security for Linux, a paid software, supports RedHat and SUSE systems, including derivatives such as Fedora.
  • Rootkit Hunter and Hostsblock (an anti-malware tool) both run on Arch, a highly configurable distribution favored by advanced Linux users.
  • With the assistance of the WINE Windows emulator, Sophos can be run on Majaro, a slightly more user-friendly Arch offshoot that is growing in popularity.

The Best GUI Options

If you’d like to use a GUI scanner for a common distribution like Ubuntu, there are some great options:

  • Bitdefender’s endpoint security tool is suitable for large install-bases running Linux. The tool can run seamlessly in the background on a wide selection of distributions (including Oracle Linux).
See Bitdefender Deals >>>
  • Comodo offers a free antivirus and mail gateway scanner for Linux that includes an easy to use, lightweight frontend for running scans and downloading updates.  It also includes a scan scheduler and email scanner which integrates with a variety of mail gateways, including Postfix, Sendmail, and Qmail.
See Comodo Deals >>>
  • ESET NOD 32 is a very reliable paid option for Linux antivirus and anti-malware protection. It offers both antivirus and anti-spyware detection, a light system resources footprint, and is very easy to configure and use.
See ESET Deals >>>

Running Your First Scan

How you go about running your first scan will depend on what program you’ve downloaded. However, the following steps are common to most programs:

  1. Make sure that your program has downloaded updated definitions

There should be a window in the GUI that tells when your antivirus last downloaded definitions. If this is more than a few days ago, consider initiating a manual download. ClamAV users should run “sudo freshclam” to update the definitions database.

  1. Look for a ‘start scan’ button or create a scheduled scan

Look for your program’s “start scan” button. Alternately, check to see if your software supports scheduled scans, and if it does, configure one to take place at a regular interval, such as once every other day.  If you’re using ClamAV, you’ll want to type “clamscan -r” followed by the directories you wish the scanner to recurse into within a terminal. For a full list of possible operators, type “man clamscan” into a terminal.

  1. Wait for the scan to finish, and take action when required

The scan should begin running and display a dialog indicating its progress. Wait for the scan to conclude and pay careful attention to any dialog windows that it creates. These may ask you whether to move detected files to quarantine or manually mark them as safe.

Linux Antiviruses Work

Running a Linux antivirus may seem like an unnecessary task but nothing could be farther from the truth. Many cybersecurity threats now target Linux, but there are also plenty of worthwhile programs on the market to keep your system safe.

About the Author

Eric C.
Eric C.
Expert on Cyber Security, Fintech, and Cryptocurrency

About the Author

Eric is a professional cyber tech expert with almost a decade of experience writing about security and tech. In recent years, he has been focused heavily on the rapidly developing fintech and cryptocurrency industries and how they relate to online security.
Transparency and Trust – We pride ourselves on being the only site where users can freely contribute and share their reviews on any antivirus with other community members. When you visit an antivirus site we link to, we sometimes get affiliate commissions that support our work. Read more about how we operate.