How can I tell if ClamAv is running?
Mia Lopez 
How do I know if ClamAv is actively running?
I installed it with
sudo aptitude install clamavBut I don't see it anywhere and am not sure if it's actually doing anything.
24 Answers
ClamAV is designed to be an on-demand scanner, and will only run when you invoke it to run (which mean you probably won't see any of its processes if you did not manually invoke it). Also, when you installed the clamav package, you only installed the command-line scanner and scanning engine.
If you want to install the full package of ClamAV, I suggest you use this
sudo aptitude install clamav clamav-daemon clamav-freshclam clamtk
A breakdown of what package does what :
- clamav - the command-line based ClamAV virus scanner and engine
- clamav-daemon - enables ClamAV to be an on-access scanner, which means it runs automatically without your intervention
- clamav-freshclam - enables automatic updates for ClamAV
- clamtk - the GUI frontend for ClamAV
With all these packages installed, ClamAV should perform like most other AV packages. Like alex said, once you installed these packages, running ps should allow you to see the ClamAV daemon running.
2And to test any virus or malware scanner, there's the harmless Eicar Test File.
Try searching for the process associated with ClamAv. You can use top or ps to find it. There's a bit more information about the processes that ClamAV uses in this article; it's a bit old, but maybe it can guide you in the right direction.
This thread is rather old, but seems relevant since clamav is still a little awkward to understand configure.
The on-access aspect of clamav is clamonacc
You will need to run it & then keep an eye on it's logfile.
It requires that clam-daemon is running, since it monitors file accesses via the faninotify kernel api and AIUI then passes the request to the daemon for scanning.
clamonacc uses clam.conf but does not seem to respect settings configured via clamTK (eg, not to scan dotfiles).
clamonacc is not automatically started & I have not spotted a service launcher for it yet (will probably need to create one).
I have had difficulty finding the correct relationship between the clam-daemon process owner, the clamonacc process & the desktop user account, as I would like all files created by the user to be checked, not just those that happen to be in the same group as the clam-daemon.
Possibly this is due to primary design of clamav for server scanning, but I am trying to configure this as an end-user & it seems much more rough edged than I was expecting (even after a further ten years from the OPs question)
