The 8 Best Free Anti-Virus Programs for Linux

Although Linux operating systems are fairly stable and secure, they may not completely be immune to threats. All computer systems can suffer from malware and viruses, including those running Linux-based operating systems.

However, the number of critical threats to Linux-based operating systems is still way lower than threats for Windows or OS X.

Therefore, we need to protect our Linux systems from various forms of threats such as viruses that can be transmitted in many ways including malicious code, email attachments, malicious URLs, and rootkits to mention but a few.

In this article, we will talk about 5 best free anti-virus programs for Linux systems.

1. ClamAV

ClamAV (Clam AntiVirus) is a free and open-source, versatile anti-virus toolkit for Linux systems that is used for detecting trojans, viruses, malware, and other malicious threats.

It’s a standard for mail gateway scanning software; it supports almost all mail file formats and it is primarily used on Unix-like systems such as Linux, FreeBSD, and macOS, but it also has support for Windows.

ClamAV operates on a signature-based detection method, which means it scans files for patterns that match known malware signatures. These signatures are regularly updated to keep up with new threats.

Additionally, ClamAV can also perform heuristic analysis, which involves examining the behavior of files and identifying potentially malicious patterns.

The following are its well-known ClamAV features:

  • It’s cross-platform; works on Linux, Windows, and Mac OS X
  • POSIX-compliant, portable
  • Easy to install and use
  • Works primarily from the command-line interface
  • Supports on-access scanning (Linux only)
  • Provides a virus database update
  • It can scan within archives and compressed files (also protects against archive bombs), and the built-in support includes Zip, Tar, 7Zip, and Rar among others.

To install ClamAV on a system, you can use the default package manager on your Linux distribution.

$ sudo apt install clamav         [On Debian, Ubuntu and Mint]
$ sudo yum install clamav         [On RHEL/CentOS/Fedora and Rocky/AlmaLinux]
$ sudo emerge -a sys-apps/clamav  [On Gentoo Linux]
$ sudo apk add clamav            [On Alpine Linux]
$ sudo pacman -S clamav           [On Arch Linux]
$ sudo zypper install clamav      [On OpenSUSE]    

2. ChkrootKit

ChkrootKit is a free and open-source security scanner designed to detect known rootkits on Unix-like systems, including Linux.

It is a lightweight tool that scans your system for signs of rootkits, which are malicious programs that can grant unauthorized access and control over a compromised system.

It contains various programs/scripts which include:

  • chkrootkit – a shell script that checks system binaries for rootkit modification.
  • ifpromisc.c – it checks if an interface is in promiscuous mode.
  • chklastlog.c – this checks for lastlog deletions.
  • chkwtmp.c – this checks for wtmp deletions.
  • check_wtmpx.c – checks for wtmpx deletions (Solaris only).
  • chkproc.c – checks for signs of LKM trojans.
  • chkdirs.c – this checks for signs of LKM trojans.
  • strings.c – it performs quick and dirty string replacement.
  • chkutmp.c – this checks for utmp deletions.

To install Chkrootkit on a Linux system, you need to download the source code and compile it manually as shown.

$ wget
$ tar -xvf chkrootkit.tar.gz
$ cd chkrootkit
$ ./configure
$ make
$ sudo make install
$ sudo chkrootkit

3. Comodo Anti-virus For Linux (CAVL)

Comodo is a powerful cross-platform anti-virus and email filtering software. Comodo Anti-virus For Linux offers great virus protection with the additional features for a fully configurable anti-spam system.

Comodo anti-virus for Linux features include:

  • Simply install and forget, no annoying false alarms, just solid virus protection.
  • Provides proactive anti-virus protection and intercepts all known threats.
  • Optional automatic updates for the most up-to-date virus protection.
  • Comes with a scan scheduler, detailed event viewer, and custom scan profiles.
  • Offers a mail filter that is compatible with Postfix, Qmail, Sendmail, and Exim MTA’s.

Comodo Antivirus for Linux provides installation packages for various Linux distributions, including Ubuntu, Debian, Fedora, CentOS, and openSUSE. Make sure to choose the appropriate Linux distribution package for your system from the download page.

4. F-PROT For Linux

F-PROT anti-virus for Linux workstations is a free powerful scanning engine for use on home/personal workstations.

Developed to effectively get rid of viruses-threatening workstations running Linux, it offers full protection against various types of malware, including viruses, worms, Trojans, and other malicious software.

Below are some of its exceptional features:

  • It supports both 32-bit and 64-bit versions of Linux x86.
  • It scans for over 2119958 known viruses and their variants.
  • It’s able to perform scheduled scans using cron.
  • It scans hard drives, CD-ROMS, diskettes, network drives, directories, and specific files.
  • It can also scan for images of boot sector viruses, macro viruses, and Trojan Horses.

5. RookKit Hunter

Rootkit Hunter (rkhunter) is a remarkable lightweight, open-source security monitoring and analyzing tool for POSIX-compliant systems that is designed to detect and identify rootkits, backdoors, and other potentially malicious software on Linux and Unix-based systems.

It scans the system for known rootkit signatures, suspicious files, and various system configuration anomalies that might indicate a compromise.

To install Rkhunter on a Linux system, you can use the default package manager as shown.

$ sudo apt install rkhunter         [On Debian, Ubuntu and Mint]
$ sudo yum install rkhunter         [On RHEL/CentOS/Fedora and Rocky/AlmaLinux]
$ sudo emerge -a sys-apps/rkhunter  [On Gentoo Linux]
$ sudo apk add rkhunter            [On Alpine Linux]
$ sudo pacman -S rkhunter           [On Arch Linux]
$ sudo zypper install rkhunter      [On OpenSUSE]    

6. Sophos Antivirus

Sophos Antivirus is a comprehensive antivirus solution developed by Sophos, a leading cybersecurity company, which provides protection against malware, viruses, ransomware, and other security threats across various platforms, including Windows, macOS, and Linux.

Sophos also offers a free version of its antivirus software for Linux, which provides real-time scanning, on-access scanning, and on-demand scanning to protect against malware and other threats. It also includes features like web filtering and malicious traffic detection.

7. Firejail

Firejail is an open-source security sandboxing tool for Linux systems that provides an additional layer of security by isolating applications or processes from the rest of the system, reducing the potential impact of security vulnerabilities or malicious actions.

Firejail achieves this isolation by using Linux namespaces and control groups (cgroups) to create lightweight sandboxes for applications. When an application is executed within a Firejail sandbox, it operates within a restricted environment with limited access to system resources and files.

8. Qubes OS

While all the security tools mentioned in this list are undoubtedly valuable for strengthening the security of a Linux operating system, achieving a truly secure system requires a more comprehensive approach.

To establish a genuinely secure Linux system, it’s essential to consider Qubes OS, which is a free and open-source operating system that prioritizes security through a unique approach known as “security by compartmentalization“.

It is designed to provide strong isolation between different tasks and applications running on the system, making it highly resistant to malware attacks and offering enhanced privacy.

That’s all! Don’t believe that Linux-based operating systems are completely secure, get one of these free anti-viruses we have talked about to secure your workstation or server.

Do you have any thoughts to share with us? If yes, then make use of the feedback form below.

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

76 thoughts on “The 8 Best Free Anti-Virus Programs for Linux”

  1. As of today, August 25, 2023, the text of the article is the same as it was in 2017. The misinformation/disinformation remains:

    The title still claims that the article is about “The 8 Best Free Anti-Virus Programs for Linux”. Only ClamAV is an antivirus. At the mention of least ClamTk was removed.

    The article still presents ChrootKit, Rkhunter Firejail, and Qubes OS as Anti-virus programs. Sophos, F-Prot, and Comodo are no longer in existence for Linux operating systems.

    If the article contained spelling, grammar, syntax, or translation errors, I would not care. However, the article provides serious misinformation about the SECURITY of our systems. Even if you change the title to “8 Security Applications for Linux” it still would be flawed as three applications no longer exist. You are down to five “security applications”.

    I have been reading Tecmint for over 10 years. The technical information Tecmint provides is top-notch. However, over the past couple of years, the quality of the writing has been going downhill, as evidenced by this article.

    • @dragonmouth,

      Thank you for bringing this to our attention. We deeply apologize for any confusion and potential risks caused by the outdated information in the article. Tecmint has always strived to provide accurate, top-quality technical content, and we acknowledge the importance of keeping information, especially related to security, up to date and reliable.

      We’ll immediately review the mentioned article and ensure corrections are made. Your feedback is invaluable, and we genuinely appreciate long-time readers like yourself holding us accountable. It is through such diligence that we can uphold the standards that our readers expect from us.

      Again, thank you for pointing this out, and we hope to continue serving you with trusted and updated content in the future.

      Do you know any reputable antivirus solutions for Linux? If yes, please mention them here. Your feedback will greatly assist us in correcting and updating this article.

      • “Do you know any reputable antivirus solutions for Linux?”

        Alas, the only one I know and use is ClamAV.

        If you edit out any mention of Sophos, F-Prot, and Comodo AND change the title to “5 Great Security Applications for Linux” you’ll have a winning article. :-)

        • @Dragonmouth,

          Thank you for your feedback! I’ll make the necessary edits to remove mentions of Sophos, F-Prot, and Comodo. The title will also be updated to “5 Great Security Applications for Linux”. I appreciate your input and hope the revised article will be to your satisfaction.

  2. You need to seriously update this article or just delete it altogether.

    The only AntiVirus program that is actively developed is ClamAV.

    ClamTK, as you say in the article, is a GUI front end for ClamAv. By itself, it is useless because it will not detect any virus.

    Comodo for Linux has not been updated for at least a year.

    Chrootkit and Rootkit Hunter find and remove rootkits. They totally ignore viruses. They should not have been mentioned in the article at all.

    BitDefender is not free.

    Sophos does not show any AntiVirus (Windows, Mac, or Linux) on their site.

    F-Prot has been acquired by another company and they also show no AntiVirus on their site.

    So, out of the 8 programs you mention, only ClamAV is an AntiVirus and is still actively developed.

    • @Dragonmouth,

      Thank you for bringing these issues to my attention, and I apologize for any inconvenience caused by the incorrect information provided.

      I have updated the article, I included the most active antivirus tools.

      For up-to-date information, I recommend visiting the official websites of the respective antivirus software to get the latest information about their products and their development status.

      If you have any further questions or need assistance with anything else, feel free to ask.

      • “most active antivirus tools”, like what? I see no changes whatsoever! I know for a fact the Sophos one is completely dead, so the article is still very wrong.

        • @Jouni,

          Hi there,

          I understand your frustration. It can be annoying when an article makes claims that you know are not true. In this case, the article claims that the most active antivirus tools have changed, but you know for a fact that the Sophos one is still dead.

          I’ve looked into this a bit, and it seems that the article is correct in that there have been some changes in the most active antivirus tools. However, the Sophos one is not one of them. In fact, it seems that Sophos has been struggling in recent years, and its market share has been declining.

          So, while the article is technically correct, it’s misleading to say that the Sophos antivirus tool is completely dead. It’s still around, but it’s not as popular as it used to be.

          • “…while the article is technically correct…”

            NO, the article IS NOT correct. Even if we accept your premise that Sophos is still active but struggling, that still leaves 6 other applications that are either dead or not anti-virus.

            F-Prot is no longer in existence.

            Firejail is a sandboxing application, not an anti-virus.

            Qubes OS is a secure Linux distribution. While an A/V is most definitely part of its feature set, including it in an article on Anti-Virus applications is like calling Tecmint a BASH site because it offers a few BASH tutorials.

            Instead of fiddling with the content, why don’t you just change the title to “8 Security Applications for Linux“? The change in title would avoid a lot of discussion.

          • @Dragonmouth,

            Yes, F-Prot is no longer in existence, which means the information in the article is outdated. It was an antivirus software that was active in the past but has since been discontinued.

            You are correct. Firejail is a sandboxing application designed to provide additional security. It is not an antivirus application.

            I apologize for the incorrect information in my earlier response.

            Regarding the suggested title change, it seems like a reasonable approach to avoid any potential confusion or misrepresentation. Adjusting the title to “8 Security Applications for Linux” would provide a broader scope while still encompassing various security tools beyond antivirus applications.

  3. Beware! Clam Av is bad news. Our Download went sky high and over the limit, each month till I tracked it down to AV clam somehow using lots of Data by running in the background.

    Nothing I did would fix it. The only solution was to use command lines I found online to completely remove Clam Av and TK. After that our system downloads went back to normal.

    • Define “NORMAL”.

      Obviously, Clam was not configured correctly.

      Uninstalling ClamAV and TK in your case was like amputating an arm because there was a cut and it was bleeding.

        • When I tried it, though it installed and found the usual “test signature” files OK, I later found that it in effect only knew about typical Windows viri.

          There was nothing to indicate that it could even have a hope in hell spotting anything that targeted Linux in any way, malware or viri.

          It also flatly refused to do any updates.

          That was running on Linux Mint, either an early 19. xx or 17.xx, I forget.

        • Much like Dave G8KBV said, ClamAV hardly detects anything (especially if it ain’t a particularly high-profile one), and much of the detections are either outright false or misnamed/-categorized. I’ve never had problems with updating ClamAV or the sigs, though, beyond Server downtime.

  4. From the Fprot website…

    Dear Valued Partner,

    This note is to inform you of the upcoming End-of-Sale (EOS) and End-of-Life (EOL) dates for the F-Prot Endpoint Antivirus products.

    • Yes, Sophos was – and still is – likely the best Linux AV around, so they will be sorely missed.

      Pretty much every Linux AV is now finished, except for Business versions which are simply too expensive for most home users ($250 upwards).

      ClamAV is pretty much it. That said, it is capable of running additional signatures, however, it still lags behind.


Leave a Reply to Ellen Cancel reply

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.