How to Install ClamAV on Arch Linux & Use the ClamTK GUI

Why Bother with an Antivirus on Arch Linux?

Let’s address the elephant in the room: “Do I really need an antivirus on a rolling-release, hardened distro like Arch?” It’s true that Arch Linux, thanks to its design and user base, is inherently more secure than most. The risk of a traditional desktop “virus” is extremely low.

However, “low risk” doesn’t mean “no risk.” More importantly, using an antivirus on Linux isn’t just about protecting your machine. It’s about being a good digital citizen.

You might need an antivirus to:

• Scan Email Attachments: Prevent yourself from passing on a Windows-based threat to friends, family, or colleagues.
• Check Downloads: Ensure that files, scripts, or programs you download aren’t carrying a malicious payload.
• Protect a File Server: If you run a Samba or network share for other computers (especially Windows machines), scanning those files is critical.
• Scan Other Partitions: If you dual-boot with Windows, you can scan your Windows partition from the safety of Linux.

This is where ClamAV shines. It’s the open-source, industry-standard antivirus for Linux. It’s powerful, but it’s a command-line tool. That’s why we’ll also install ClamAV on Arch Linux along with ClamTK, its user-friendly graphical (GUI) counterpart. This guide will walk you through the complete installation, the critical configuration steps, and the basic setup of the ClamTK interface.

Part 1: Installing ClamAV & ClamTK on Arch Linux

First, we need to get the software. On Arch and its derivatives (like Manjaro), we’ll use the pacman package manager. The packages are available in the official “Community” repository.

1. First, make sure your system is fully up-to-date:

   Bash

   sudo pacman -Syu
   

2. Now, install clamav (the engine) and clamtk (the GUI):

   Bash

   sudo pacman -S clamav clamtk
   

Let’s break down what you just installed:

• clamav: On Arch, this single package provides everything for the backend:
  • The core clamscan engine.
  • The clamd scanning daemon.
  • The freshclam updating service.
• clamtk: The graphical front-end that we will use to manage everything.

Part 2: The Critical Configuration (The “Arch Way”)

A Quick Word of Warning:

The following steps involve using sudo, pacman, and editing system configuration files. While the commands are tested and straightforward, a simple typo can cause services to fail. If you are brand new to the terminal or are not comfortable editing configuration files, please proceed with caution. Double-check every command before you press Enter.

This is the “Arch way.” Unlike some other distros, Arch provides sample configuration files that we must copy and edit before the services will work. This section on how to configure ClamAV on Arch/Manjaro is the most important part.

Step 2.1: Configure Freshclam (The Updater)

The freshclam service needs its own configuration file. We must first copy the sample file to a real one.

1. Copy the sample config:

   Bash

   sudo cp /etc/freshclam.conf.sample /etc/freshclam.conf
   

2. Now, open the file with a text editor like nano:

   Bash

   sudo nano /etc/freshclam.conf
   

3. Inside this file, you will see a single line at the top that says Example. You must comment out this line by placing a # symbol in front of it.
   • Change this:Example
   • To this:#Example
4. Save the file and exit (Ctrl+O, Enter, then Ctrl+X in nano).

Step 2.2: Configure ClamD (The Daemon)

Next, we must do the exact same thing for the clamd scanning daemon.

1. Copy the sample config:

   Bash

   sudo cp /etc/clamd.conf.sample /etc/clamd.conf
   

2. Open the new config file in nano:

   Bash

   sudo nano /etc/clamd.conf
   

3. This file is much larger, but we only need to make two changes:
   • First, just like before, comment out the Example line at the top:#Example
   • Second, clamd needs to know how to communicate with other applications (like ClamTK). Scroll down until you find the line LocalSocket. Uncomment it by removing the #. Note: The path may look different from other distros.
   • Change this:#LocalSocket /run/clamd/clamd.sock
   • To this:LocalSocket /run/clamd/clamd.sock
4. Save and exit the file (Ctrl+O, Ctrl+X).

Step 2.3: The Arch/Manjaro Permissions Hurdle

This is the final hurdle, which Arch shares with Debian-based systems. By default, the ClamAV daemon (clamd) runs as a special user named clamav. For security, this user cannot read the files in your personal home directory.

This means if you try to scan your Downloads or Documents folder, ClamTK will just finish instantly, finding nothing, because it had no permission to look.

To fix this, we must grant the clamav user permission to read your files. The simplest, most secure way is to add the clamav user to your personal user group.

1. Run the following command. gpasswd is the correct tool for this, and $(whoami) is a shortcut for your username.

   Bash

   sudo gpasswd -a clamav $(whoami)
   

2. This command adds the user clamav to your personal group (e.g., the linuxuser group). This allows clamd to read your files for scanning without being able to write or delete them.

(Note: If you are running on Fedora, the process is different and requires SELinux commands. SEE OUR FEDORA CLAMAV GUIDE).

You may also read:

• • How to Install ClamAV on Debian/Ubuntu & Use the ClamTK GUI

  • How to Install ClamAV on openSUSE (Leap & Tumbleweed)

Part 3: First Update & Starting the Services

Now that everything is installed and configured, we can bring it all online.

Step 3.1: Run the First Manual Update

Let’s manually run freshclam for the first time to download the entire virus definition database. This can be over 150MB, so it may take a minute.

sudo freshclam

You should see it downloading main.cvd, daily.cvd, and bytecode.cvd.

Step 3.2: Enable and Start the ClamAV Services

We need to enable and start two services: freshclam.service (for auto-updating) and clamd.service (for scanning). Note the service names, which are simpler than on other distros.

1. For the auto-updater:

   Bash

   sudo systemctl enable freshclam.service
   sudo systemctl start freshclam.service
   

2. For the scanning daemon:

   Bash

   sudo systemctl enable clamd.service
   sudo systemctl start clamd.service
   

3. You can verify they are running with the status command:

   Bash

   systemctl status freshclam.service
   systemctl status clamd.service
   

   You should see active (running) in green for both. The freshclam service will now automatically check for updates.

Part 4: Basic Setup: How to Use ClamTK (The Easy Way)

With all the hard command-line work done, we can now switch to the simple graphical interface. Go to your application launcher (like the Whisker Menu or GNOME overview) and open ClamTK.

You’ll be greeted with a very clean interface. Here’s how to get started.

Step 4.1: Configure Basic Settings

1. In the ClamTK window, click the “Settings” icon (or go to File > Preferences).
2. This is where you’ll fine-tune the scanner. I highly recommend checking the following boxes:
   • Scan for PUA (Potentially Unwanted Applications): This expands the search beyond just viruses to include adware, “junkware,” and other annoying software.
   • Scan files larger than 20MB: By default, ClamAV skips large files to save time. It’s safer to scan everything.
   • Scan directories recursively: This is essential. It tells ClamTK to scan not just a folder, but every file and folder inside that folder.

Step 4.2: Set Up Scheduled Scans

The best antivirus is one you don’t have to think about.

1. In the main ClamTK window, click the “Scheduler” icon.
2. Schedule Definitions Updates: Click the “+” button under “Update your virus definitions” to set up a daily update. This is a good backup in case the freshclam service ever fails.
3. Schedule a Scan: Click the “+” button under “Scan your home directory.” Set this to run “Weekly.” This will automatically scan your personal files (/home/username) for any threats every week.

Step 4.3: How to Run a Manual Scan

This is the easiest part and what you’ll do most often.

• To scan a single file: Click “Scan a file” and choose the file (e.g., a .exe you downloaded).
• To scan a directory: Click “Scan a directory”. This is perfect for checking your entire Downloads folder. Thanks to the permission fix in Part 2, this will now work correctly!
• Check History: You can click the “History” icon to see a log of all past scans and their results.

For more information on the project, you can visit the official CLAMAV HOMEPAGE or the CLAMTK PROJECT PAGE.

Conclusion

You now have a fully functional, auto-updating antivirus system running on your Arch or Manjaro machine. You’ve correctly configured the services the “Arch way” and solved the common home-directory permission issue. The ClamAV engine (powered by clamd) provides fast scanning in the background, while ClamTK gives you an easy-to-use graphical interface to manage it.

While you should always remain vigilant online, you’ve added a robust layer of security to your system, helping protect both yourself and others in your digital life.

Disclaimer: This guide provides the tools and steps for installation. Always be cautious when removing files identified as threats. If in doubt, quarantine them first.

What other security tools do you rely on in your Arch or Manjaro setup? Do you use any other security layers like AppArmor? Let us know in the comments below!