Scan for viruses with a right click in Linux Mint

[100savage]

Use the Context menu to scan for infected files in directories and sub-directories with a simple right click of the mouse.

1. Software needed for this to work is clamtk and zenity
   sudo apt install clamtk zenity

2. Create a file called clamscan.nemo_action and placed it in .local/share/nemo/actions
   Note: the .local folder is hidden and located in your home directory.

[Nemo Action]
Name=Scan for Viruses
Comment=Scan a file or directory for viruses %F
Exec=<clamtk-scan.sh "%F">
Icon-Name=clamtk
Selection=any
Extensions=any;
Quote=double

3. Then create a file called clamtk-scan.sh in the .local/share/nemo/actions directory with this code. Make sure you make this file executable.

#!/bin/bash

# Save clamscan results to a temporary file
log_file=/home/$USER/scan.txt

# Run Clamscan on the selected file(s) and output the results to the temporary file
clamscan -r -i --log="$log_file" "$@"

# Show the results of the scan in a zenity box.
if [ $? -eq 0 ]
  then
    zenity --info --title="Scan results did not find a Virus" --text="$(cat "$log_file")"
  else
    zenity --warning --title="Scan results show that you may have a Virus" --text="$(cat "$log_file")"
fi

# Remove the temporary file
rm /home/$USER/scan.txt

4. If you would like to use this way to scan for viruses, please note that the scan will run silently and display a pop-up window indicating if you do or do not have a virus.

5. If you would like to have any viruses automatically removed, you will need to modify 2 lines in the clamtk-scan.sh file

Remove these lines

# Run Clamscan on the selected file(s) and output results to temporary file
clamscan -r -i --log="$log_file" "$@"

and replace it with these lines

# Run Clamscan on the selected file(s), output results and remove viruses if found
clamscan -r --remove --log="$log_file" "$@"

6. Restart nemo in a terminal
   nemo -q
7. To run this, just open the nemo file manager. Right click on a file or folder and select "Scan for Viruses"
8. Be patient, the time to scan is dependent on the number of files selected.

[MikeNavy]

Hi,

Just missing something in your tutorial: to install ClamAV !

Faster, simpler, and more secure way:

• Install ClamTk flatpak, it bundles ClamTk GUI and ClamAV executables:
  flatpak install flathub com.gitlab.davem.ClamTk
• Launch it, from its command line flatpak run com.gitlab.davem.ClamTk or from your Menu.
• Update the signatures (this can be done only manually), click on "Update" :
  
  then on "Check for updates":
  
• You can close ClamTk.
• You can now scan a file or directory by selecting it in your file manager, then right click and "Open with another application" and select ClamTk in the list.

Since ClamAV executables are flatpaked, they are isolated from the operating system when they run (they don't use system libraries but flatpak runtimes ones). ClamAV has a large attack surface, since it opens all kinds of files, and, without isolating it from the operating system, it could be the door to an attack.

Regards,

MN

[erwn16]

In principal the proposal is a more secure way but a test of the ClamTk flatpak at Oct, 23th of 2024 revealed that it uses a module that reached the end of life phase.

[MikeNavy]

Hi,

My proposal was done on June 2023. Since then, ClamTk is no longer updated (it is not a big problem: it works, slowly, but it does work). However, the maintainers of ClamTk flatpak have no longer updated ClamAV executables inside the ClamTk flatpak. And that's a problem.

Regards,

MN

[100savage]

Thanks MikeNavy for your information. I wasn't aware of the large attack surface that clam has. I'm relatively new to Linux and wanted to play around with the context menu. I find Linux Mint to be a great OS and I love being able to configure different things with the system like adding menu items.
I have been looking around for ways to modify the general look of Mint. If you have nuggets of wisdom, I'm interested.

[erwn16]

Thanks for the explanation.Kind regards, erwnAm 25.10.24, 08:32 schrieb MikeNavy ***@***.***>: Hi, My proposal was done on June 2023. Since then, ClamTk is no longer updated (it is not a big problem: it works, slowly, but it does work). However, the maintainers of ClamTk flatpak have no longer updated ClamAV executables inside the ClamTk flatpak. And that's a problem. Regards, MN —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>

[Jopp-gh]

First, thanks to @100savage for sharing so kindly, a nice addition and idea.

In my experience, most malware has been developed for windows, so "virus scanning" is more a Windows-OS thing.
Unix systems are less afflicted, because Linux isn't the main OS on most computers.

Sometimes, I'd like to test downloaded files too, so I check them on virus total.
However, only known malware / virus can be detected.

Security updates do their job but that's for sure not enough.

[MikeNavy]

Hi, I mainly use VirusTotal; however, to send confidential files to VirusTotal is not adequate (see their privacy policy). So, the use of ClamTk flatpak, that includes ClamAV executables, is a possibility to scan confidential files (that you may have received by mail, or downloaded from internet, from a private webpage). Unfortunately, ClamTk is no longer maintained (not a big problem, it is just a GUI, and it works), but, as a consequence (?), ClamTk flatpak maintainers stopped to update ClamAV executables found in ClamTk flatpak, and they are now old. Note that ClamAV detection rate is very low; when I use it, I use extra unofficial signatures to have better detection (detail can be found in the chapter "5.1 Malware and viruses detection" of my "Security, Privacy and Anonymity in Linux Mint" Guide, https://nallino.net/stockage/security/Linux_Mint_Security.pdf). Regards, MN Le 26/10/2024 à 14:22, Jopp-gh a écrit :

…

First, thanks to @100savage <https://github.com/100savage> for sharing so kindly, a nice addition and idea. In my experience, most malware has been developed for windows, so "virus scanning" is more a Windows-OS thing. Unix systems are less afflicted, because Linux isn't the main OS on most computers. Sometimes, I'd like to test downloaded files too, so I check them on virus total <https://www.virustotal.com/>. However, only known malware / virus can be detected. Security updates do their job but that's for sure not enough. — Reply to this email directly, view it on GitHub <#45 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AO7MW33E6QJMK7J7EY3PLCTZ5OCRLAVCNFSM6AAAAABQRYMECCVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTCMBWGAYTAMY>. You are receiving this because you commented.Message ID: ***@***.***>