The 8 Best Free Anti-Virus Programs for Linux

Although Linux operating systems are fairly stable and secure, they may not completely be immune to threats. All computer systems can suffer from malware and viruses, including those running Linux-based operating systems. However, the number of critical threats to Linux-based operating systems is still way lower than threats for Windows or OS X.

Therefore, we need to protect our Linux systems from the various forms of threats such as viruses that can be transmitted in many ways including malicious code, email attachments, malicious URLs, rootkits to mention but a few.

In this article, we will talk about 8 best free anti-virus programs for Linux systems.

1. ClamAV

ClamAV is a free and open source, versatile anti-virus toolkit for Linux systems. It’s used for detecting trojans, viruses, malware and other malicious threats. It’s a standard for mail gateway scanning software; it supports almost all mail file formats.

The following are its well-known features:

  • It’s cross platform; works on Linux, Windows and Mac OS X
  • POSIX compliant, portable
  • Easy to install and use
  • Works primarily from the command-line interface
  • Supports on-access scanning (Linux only)
  • Provides a virus database update
  • It can scan within archives and compressed files (also protects against archive bombs), the built-in support includes Zip, Tar, 7Zip, Rar among others.

2. ClamTk

ClamTk is a lightweight graphical front-end for the popular command-line based ClamAV (Clam Antivirus), written using Perl and Gtk libraries for Unix-like systems such as Linux and FreeBSD.

It‘s designed to be an easy-to-use, on-demand anti-virus scanner. It’s a reliable graphical anti-virus software which runs smoothly, it’s excellent for getting things done fast.

3. ChkrootKit

ChkrootKit is a free and open source lightweight toolkit to locally check for signs of a rootkit.

It contains various programs/scripts which include:

  • chkrootkit – a shell script that checks system binaries for rootkit modification.
  • ifpromisc.c – it checks if an interface is in promiscuous mode.
  • chklastlog.c – this checks for lastlog deletions.
  • chkwtmp.c – this checks for wtmp deletions.
  • check_wtmpx.c – checks for wtmpx deletions (Solaris only).
  • chkproc.c – checks for signs of LKM trojans.
  • chkdirs.c – this checks for signs of LKM trojans.
  • strings.c – it performs quick and dirty strings replacement.
  • chkutmp.c – this checks for utmp deletions.

4. RookKit Hunter

Rootkit Hunter is remarkable lightweight, open source security monitoring and analyzing tool for POSIX compliant systems. It’s available for Linux and FreeBSD.

It’s a scanner for every kind of threats to a Linux system from backdoors, rootkits to various local exploits.

It’s other important features include:

  • It’s command-line based
  • It’s simple to use and offers thorough inspection capabilities.
  • It uses SHA-1 hash comparison to detect malicious entries.
  • It’s portable and compatible with most UNIX-based systems.

5. Comodo Anti-virus For Linux (CAVL)

Comodo is a powerful cross-platform anti-virus and email filtering software. Comodo Anti-virus For Linux offers great virus protection with the additional features for fully configurable anti-spam system.

Comodo anti-virus for Linux features include:

  • Simply install and forget, no annoying false alarms, just solid virus protection.
  • Provides proactive anti-virus protection intercepts all known threats.
  • Optional automatic updates for the most up-to-date virus protection.
  • Comes with a scan scheduler, detailed event viewer, and custom scan profiles.
  • Offers a mail filter which is compatible with Postfix, Qmail, Sendmail and Exim MTA’s.

6. Sophos For Linux

Sophos anti-virus for Linux is a stable and reliable anti-virus software for a wide range of Linux distributions.

It detects and eradicates viruses (including worms and Trojans) on your Linux computer. It can as well find and block all non-Linux viruses that might be stored on your Linux computer and transferred to non-Linux computers.

You can run all commands (except savscan, which is used to run on-demand scans) as root from the from the command-line interface.

Below are the notable features of Sophos For Linux:

  • Easy to install and runs quietly.
  • It’s effective and secure.
  • It can detect and block malware with on-access, on-demand, or scheduled scanning.
  • Offers excellent performance, with low impact on the system.
  • Offers extensive platform coverage.

7. BitDefender For Unices (Not Free)

BitDefender For Unices is a powerful and versatile anti-virus software suite for Linux and FreeBSD. It offers protection and on-demand scanning on both Unix-based and Windows-based disk partitions by scanning for viruses and malware.

The following are a few of its remarkable features:

  • Enables scanning of archives.
  • Supports desktop integration.
  • It has an intuitive GUI and powerful command line interface that supports OS scripting tools.
  • It can quarantine infected files into a protected directory.

8. F-PROT For Linux

F-PROT anti-virus for Linux workstations is a free powerful scanning engine for use on home/personal workstations. Developed to effectively get rid of viruses threatening workstations running Linux, it offers full protection against macro viruses and other forms of malicious software including Trojans.

Below are some of its exceptional features:

  • It supports both 32bit and 64bit versions of Linux x86.
  • It scans for over 2119958 known viruses and their variants.
  • It’s able to perform scheduled scans using cron.
  • It scans hard drives, CD-ROMS, diskettes, network drives, directories and specific files.
  • It can also scan for images of boot sector viruses, macro viruses, and Trojan Horses.

That’s all! Don’t believe that Linux-based operating systems are completely secure, get one of these free anti-viruses we have talked about to secure your workstation or server.

Do you have any thoughts to share with us? If yes, then make use of the feedback form below.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide
The Complete Linux System Administrator Bundle
Become an Ethical Hacker Bonus Bundle

You may also like...

43 Responses

  1. prashantcruise says:

    may be its comodo ! spell error .
    Any suggestion for installing antivirus on one server and scanning all server on same network.

    • Aaron Kili says:


      I suppose we have used Comodo in the article. And “installing antivirus on one server and scanning all server on same network” calls for client-server configurations, if that setting is supported by the antivirus software you intend to use.

      However, we have not yet used such a setup. But you need to find more information about this, from various web resources.

  2. Davi says:

    Great article! You could add Trend Micro Deep Security – a great tool for servers, including antimawlare for Linux servers

  3. Davi says:

    Great article! Trend Micro’s Deep Security – a great tool for servers, including antimawlare for Linux servers

  4. Edmund Laugasson says:

    Problem persists already a quite long time ago – cannot install Ubuntu 16.04, Linux Mint 18.

    When installing:
    Preparing to unpack …/antivirus/cav-linux_x64.deb …
    Unpacking cav-linux (1.1.268025-1) …
    dpkg: dependency problems prevent configuration of cav-linux:
    cav-linux depends on libssl0.9.8 (>= 0.9.8m-1); however:
    The libssl0.9.8 is not installed.

    When to search then there is already newer version available:
    sudo apt search libssl
    p libssl-dev – Secure Sockets Layer toolkit – development
    p libssl-dev:i386 – Secure Sockets Layer toolkit – development
    p libssl-doc – Secure Sockets Layer toolkit – development
    p libssl-ocaml – OCaml bindings for OpenSSL (runtime)
    p libssl-ocaml:i386 – OCaml bindings for OpenSSL (runtime)
    v libssl-ocaml-4e458 –
    v libssl-ocaml-d7j01:i386 –
    p libssl-ocaml-dev – OCaml bindings for OpenSSL
    p libssl-ocaml-dev:i386 – OCaml bindings for OpenSSL
    v libssl-ocaml-dev-4e458 –
    v libssl-ocaml-dev-d7j01:i386 –
    i libssl1.0.0 – Secure Sockets Layer toolkit – shared libr
    i libssl1.0.0:i386 – Secure Sockets Layer toolkit – shared libr
    p libssl1.0.0-dbg – Secure Sockets Layer toolkit – debug infor
    p libssl1.0.0-dbg:i386 – Secure Sockets Layer toolkit – debug infor
    v libssl1.0.0:i386 –
    p libsslcommon2 – enterprise messaging system – common SSL l
    p libsslcommon2:i386 – enterprise messaging system – common SSL l
    p libsslcommon2-dev – enterprise messaging system – common SSL d
    p libsslcommon2-dev:i386 – enterprise messaging system – common SSL d

  5. Lolix says:

    BitDefender For Unices is end of life

  6. Jouni "rautamiekka" Järvinen says:

    A joke of a list, lemme say. And if I hadn’t read the comments I’d be wasting my breath pointing out faults.

  7. phd21 says:

    What about Linux Malware Detect (LMD) in conjunction with ClamAV or by itself?

  8. Iulian Murgulet says:

    Hello to all,

    Aaron, this tutorial is good with the pertinent observations made by @Dwobry, but nobody is perfect, and in each day we could learn something if we want to.

    In this context (antivirus/antimalware), maybe for some guys, it is useful to mention about havp. It is a proxy who will scan http traffic with several antivirus engine (clamav included).

    Another useful tip is how you install your system (more partitions is better) For example in my case I have /boot, /home and /tmp mounted with: noexec, nodev. Any malware needs to be downloaded and then will be executed. But the most powerful antivirus engine is our knowledge and the good sense.

    A smart guy (shame on me because I do not remember his name), has said a very smart thing (in my opinion ) – security is not a product (like clamav or what-ever), it is a process. I think that in the last years … we run after the various products, and we forgot the PROCCESS ;)

    Forgive me if I said fullish things ;)

  9. Dwobry says:

    If I may, I’m wondering why arent you guys doublechecking and creating a well-informed post about this subject matter instead of just posting something which has no structured basis or factual relevance?

    1. Clamtk is not an av, it`s graphical interface as you mentioned, but then why is it on the second place in a top of av`s?
    2. ClamAv is not a great av, just idealists whom belive in similar ideas to FSF are holding up as the only good av.
    3. Bitdefender for Unices, announced if I’m not mistaking around more than a year ago the end of life on this project, meanwhile offering a business alternative to it.
    4. Meanwhile F-Prot didn`t received any updates since 2013.

    Hence from your 8 place list, we`ve eliminated 2 ( Fprot & Bitdefender because EOL ), which gives us a 6 place list: which I would recommend to be taught of differently. If you have idealistic FOSS belives, the first two places should be Chkroot and Lyons ( Rk Hunter which i honestly don’t think exists anymore, but from what i gathered their official site now redirects to Lynis ). And if you dont have strong belives in the direction of FOSS, you could try Sophos.

    • Aaron Kili says:


      The list is not in order of the AV that works best, how each user will rate an AV in the list depends on their usage experience. However, we highly respect your views here. Many thanks for sharing your concerns with us.

    • 01101001b says:

      “Meanwhile F-Prot didn’t received any updates since 2013″. I think you are confusing program version with database date. Whatever the case, Windows’ hysteria about dates and versions does not apply to Linux, not even in antivirus matters You should know that.

  10. Robert Kraus says:

    ESET offers also a AntiVirus-Engine for Linux (commercial).

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.