How to Install ClamAV on openSUSE (Leap & Tumbleweed)

Why Bother with an Antivirus on openSUSE?

Let’s address the elephant in the room: “Do I really need an antivirus on a rock-solid, secure-by-default system like openSUSE?” It’s true that openSUSE (both the stable Leap and rolling Tumbleweed) is one of the most secure Linux distributions available. The risk of a traditional desktop “virus” is extremely low.

However, “low risk” doesn’t mean “no risk.” More importantly, using an antivirus on Linux isn’t just about protecting your machine. It’s about being a good digital citizen.

You might need an antivirus to:

• Scan Email Attachments: Prevent yourself from passing on a Windows-based threat to friends, family, or colleagues.
• Check Downloads: Ensure that files, scripts, or programs you download aren’t carrying a malicious payload.
• Protect a File Server: If you run a Samba or network share for other computers (especially Windows machines), scanning those files is critical.
• Scan Other Partitions: If you dual-boot with Windows, you can scan your Windows partition from the safety of Linux.

This is where ClamAV shines. It’s the open-source, industry-standard antivirus for Linux. It’s powerful, but it’s a command-line tool. That’s why we’ll also install ClamAV on openSUSE along with ClamTK, its user-friendly graphical (GUI) counterpart. This guide will walk you through the complete installation using zypper, the critical configuration steps, and how to manage it all.

Part 1: Installing ClamAV & ClamTK on openSUSE

First, we need to get the software. On openSUSE, we use the excellent zypper package manager. All the required packages are in the main repositories.

Open your terminal and run the following command to install both the backend engine and the graphical frontend:

sudo zypper install clamav clamtk

Let’s break down what you just installed:

• clamav: On openSUSE, this single package provides everything for the backend:
  • The core clamscan engine.
  • The clamd scanning daemon.
  • The freshclam updating service.
• clamtk: The graphical front-end that we will use to manage everything.

Part 2: The Critical Configuration (Don’t Skip This!)

A Quick Word of Warning:

The following steps involve using sudo, editing system configuration files, and managing user permissions. While the commands are tested and straightforward, a simple typo can cause services to fail. If you are brand new to the Linux terminal or are not comfortable editing configuration files, please proceed with caution. Double-check every command before you press Enter.

This is the “openSUSE way.” Similar to Arch and Fedora, openSUSE provides sample configuration files that we must copy and edit before the services will work. This section on how to configure ClamAV on openSUSE is the most important part.

Step 2.1: Configure Freshclam (The Updater)

The freshclam service needs its own configuration file. We must first copy the sample file to a real one.

1. Copy the sample config:
   Bash

   sudo cp /etc/freshclam.conf.sample /etc/freshclam.conf
   

2. Now, open the file with a text editor like nano:
   Bash

   sudo nano /etc/freshclam.conf
   

3. Inside this file, you will see a single line at the top that says Example. You must comment out this line by placing a # symbol in front of it.
   • Change this:

     Example

   • To this:

     #Example

4. Save the file and exit (Ctrl+O, Enter, then Ctrl+X in nano).

Step 2.2: Configure ClamD (The Daemon)

Next, we must do the exact same thing for the clamd scanning daemon.

1. Copy the sample config:
   Bash

   sudo cp /etc/clamd.conf.sample /etc/clamd.conf
   

2. Open the new config file in nano:
   Bash

   sudo nano /etc/clamd.conf
   

3. This file is much larger, but we only need to make two changes:
   • First, just like before, comment out the Example line at the top:

     #Example

   • Second, clamd needs to know how to communicate with other applications (like ClamTK). Scroll down until you find the line LocalSocket. Uncomment it by removing the #.
   • Change this:

     #LocalSocket /var/run/clamd/clamd.sock

   • To this:

     LocalSocket /var/run/clamd/clamd.sock

4. Save and exit the file (Ctrl+O, Ctrl+X).

Step 2.3: The openSUSE AppArmor Hurdle (The vscan User)

This is the final, critical step. By default, the ClamAV daemon (clamd) on openSUSE runs as a special, non-privileged user named vscan (not clamav as on other distros).

For security, openSUSE’s AppArmor system (and standard file permissions) will prevent the vscan user from reading the files in your personal home directory. This means if you try to scan your Downloads folder, ClamTK will just finish instantly, finding nothing, because it had no permission to look.

To fix this, we must add the vscan user to your personal user group.

1. Run the following command. gpasswd is the correct tool for this, and $(whoami) is a shortcut for your username.
   Bash

   sudo gpasswd -a vscan $(whoami)
   

2. This command adds the user vscan to your personal group (e.g., the users group). This allows clamd to read your files for scanning without being able to write or delete them.
3. For this new group permission to take effect, you must either log out and log back in, or simply restart your computer. This step is not optional!

(Note: If you are running on Fedora, the process is different and requires SELinux commands. SEE OUR FEDORA CLAMAV GUIDE).

You may also read:

• How to Install ClamAV on Arch Linux & Use the ClamTK GUI

• How to Install ClamAV on Debian/Ubuntu & Use the ClamTK GUI

Part 3: First Update & Starting the Services

Now that everything is installed and configured, we can bring it all online.

Step 3.1: Run the First Manual Update

Let’s manually run freshclam for the first time to download the entire virus definition database. This can be over 150MB, so it may take a minute.

sudo freshclam

You should see it downloading main.cvd, daily.cvd, and bytecode.cvd.

Step 3.2: Enable and Start Services (The systemd way)

This is another key openSUSE difference. We need to enable the clamd service (which runs 24/7) and the freshclam timer (which runs on a schedule).

1. For the auto-updater (Timer):
   Bash

   sudo systemctl enable freshclam.timer
   sudo systemctl start freshclam.timer
   

2. For the scanning daemon (Service):
   Bash

   sudo systemctl enable clamd.service
   sudo systemctl start clamd.service
   

3. You can verify they are running with the status command:
   Bash

   systemctl status freshclam.timer
   systemctl status clamd.service
   

   You should see active (waiting) for the timer and active (running) for the service.

(Optional) Step 3.3: The YaST Way (Graphical Check)

If you’re not a fan of the terminal for services, openSUSE has you covered with its legendary YaST control center.

1. Open your application menu and launch YaST (you will need to enter your sudo password).
2. In YaST, go to “Services Manager”.
3. In the list of services, you can find clamd and freshclam.timer.
4. Here you can graphically Start, Stop, Enable, or Disable them, and confirm that they are set to start “On Boot.” This is a great way to double-check that your systemctl commands worked. You can get more info from the OFFICIAL OPENSUSE YAST PAGE.

Part 4: Basic Setup: How to Use ClamTK (The Easy Way)

With all the hard command-line work done, we can now switch to the simple graphical interface. Go to your application launcher (like the KDE Kickoff or GNOME overview) and open ClamTK.

You’ll be greeted with a very clean interface. Here’s how to get started.

Step 4.1: Configure Basic Settings

1. In the ClamTK window, click the “Settings” icon (or go to File > Preferences).
2. This is where you’ll fine-tune the scanner. I highly recommend checking the following boxes:
   • Scan for PUA (Potentially Unwanted Applications): This expands the search beyond just viruses to include adware, “junkware,” and other annoying software.
   • Scan files larger than 20MB: By default, ClamAV skips large files to save time. It’s safer to scan everything.
   • Scan directories recursively: This is essential. It tells ClamTK to scan not just a folder, but every file and folder inside that folder.

Step 4.2: Set Up Scheduled Scans

The best antivirus is one you don’t have to think about.

1. In the main ClamTK window, click the “Scheduler” icon.
2. Schedule Definitions Updates: Click the “+” button under “Update your virus definitions” to set up a daily update. This is a good backup in case the freshclam.timer service ever fails.
3. Schedule a Scan: Click the “+” button under “Scan your home directory.” Set this to run “Weekly.” This will automatically scan your personal files (/home/username) for any threats every week.

Step 4.3: How to Run a Manual Scan

This is the easiest part and what you’ll do most often.

• To scan a single file: Click “Scan a file” and choose the file (e.g., a .exe you downloaded).
• To scan a directory: Click “Scan a directory”. This is perfect for checking your entire Downloads folder. Thanks to the permission fix in Part 2, this will now work correctly!
• Check History: You can click the “History” icon to see a log of all past scans and their results.

For more information on the project, you can visit the official CLAMAV HOMEPAGE.

Conclusion

You now have a fully functional, auto-updating antivirus system running on your openSUSE Leap or Tumbleweed machine. You’ve correctly configured the services the “openSUSE way,” fixed the critical AppArmor/permission issue with the vscan user, and know how to check your services using both systemctl and YaST.

The ClamAV engine (powered by clamd) provides fast scanning in the background, while ClamTK gives you an easy-to-use graphical interface to manage it.

Disclaimer: This guide provides the tools and steps for installation. Always be cautious when removing files identified as threats. If in doubt, quarantine them first.

What other security tools do you rely on in your openSUSE setup? Do you prefer managing services with YaST or the command line? Let us know in the comments below!