Using grml 2009.10 to scan for viruses

This is a list of antivirus software that has been tested to work or not work on GRML 2009.10 (Hello-Wien). Fortunately, all software I tested worked on GRML 2009.10 (which was quite different when I did this test a year ago). But of course that was not GRML's fault.


Clamav has the advantage it is included in grml. Unfortunately, as of writing this, the scan engine is not the latest one available. You can scan anyway, a few of the newest signatures will not work, though.

  • Update command: freshclam
  • scan command: clamscan /mnt/somewhere


Avira is free for non-commercial use and a free 30-day trial is available for commercial use.

To install:

tar xfvz antivir_*.tar.gz
cd antivir-*

When prompted (except for the license) just accept the default. Dazuko will not work because grml's kernel does not support it, but you can continue anyway. You have to say Y (which is default) for installing dazukofs, though (even if you don't have the kernel module), since otherwise even the on-demand scanner will not start.

  • Before updating/scanning, start the avguard daemon: avguard start
  • Update command: avupdate –product=Guard
  • Scan command: avscan /mnt/somewhere


F-Prot Antivirus for Workstations is available free for non-commercial use as well and as trial for commercial use.

Website: Direct link:

To install:

tar xfvz fp-Linux-i686-ws.tar.gz
cd f-prot

(just accept the defaults, it will update signatures automatically when installation is finished)

  • Scan command: fpscan /mnt/somewhere



AVG provides a Debian package (that works on GRML) as well:


(tested successfully on grml-small 2011.05)

Avast4workstation can be downloaded from this page:

You need to do a free registration with Avast! and receive a license key by email, as instructed in their download page. Do not forget to save that key to a place accessible from GRML.

To install and perform initial set-up of avast4workstation on GRML, run:

cd /usr
tar -xzf avast4workstation-1.3.0.tar.gz --strip=1
avast -V

Avast! will then ask for the license key, and save that information.

You must then update the virus definition file, because the one shipped in the installer is inevitably outdated. Just run:


This command is actually a pretty straightforward shell script. If the machine you want to scan does not have network access, you can also download the virus signatures manually from another machine:

fromdos 400vps.md5
md5sum --check 400vps.md5
mv 400.vps ~/.avast

Recent virus signature files have become too big for the “maximum size of a shared memory segment” in Linux, which is 32 MiB by default. So before you run avast! with its latest 400.vps file, you must run the following command, which increases the maximum to 64 MiB:

echo 67108864 > /proc/sys/kernel/shmmax

After that, you are finally ready to run Avast! as much as you want. :-)

Basic usage (scan current directory):


Paranoïd usage (if you are using GRML to check a suspicious computer, you might as well use that):

avast -a -c -r ~/report-foobar.txt -t A /mnt/foobar

Of course, replace foobar with appropriate values. And don't forget to save the report file to persistent storage before turning off the computer.


Panda provide download for trial versions for their Linux products only by e-mail. So, if you really want to try it, fill in their web form and receive link and license file by e-mail.

Panda for some reason did not send me a download link at all. Perhaps you have more luck? ;-)

antivirus.txt · Last modified: 2011/10/13 21:55 (external edit)
Recent changes RSS feed Creative Commons License Valid XHTML 1.0 Valid CSS Grml homepage Driven by DokuWiki