Where is ClamAV quarantine folder?

Question

I want to restore some files from quarantine after I have executed clamscan some times. But I cannot find the quarantine folder in the configuration.

How should I find the address of the quarantined file?

score 6 · Answer 1 · answered Mar 07 '15 at 14:59

6

By default, just running clamscan only identify viruses in a directory. To quarantine, you have to set --move <directory> on the command line.

I'd look at the script/command you're running.

answered Mar 07 '15 at 14:59

Dan Stark

171
1
5

score 4 · Answer 2 · edited May 18 '17 at 08:18

4

I use clamtk, the graphical front-end for clamav, in Ubuntu.

I found my folder was named "viruses" and located in ~/.clamtk/viruses -- that's a hidden folder, of course.

If you have clamav, perhaps ~/.clamav/viruses or ~/.clam/viruses, etc.
Try searching for a folder named "viruses", but remember to search in your hidden files and directories.

Hope this helps!

edited May 18 '17 at 08:18

theDrake

103
3

answered Apr 20 '13 at 18:35

Subito Piano

41
1

so basically, clamav moved the file from my pendrive to my PC desktop, and... it left (probably) the file recoverable on the pendrive... I wanted to wipe it (as I just did on my PC), now... that filenode will be troubling to be found. So I guess the best thing is just to scan, and instead of quarantine, just wipe it directly. – Aquarius Power Mar 21 '17 at 03:48

score 0 · Answer 3 · answered May 12 '23 at 13:27

You should have log where you see lines like: /some/file: moved to /path/to/quarantine/file

log may be in /var/log/clamav or sent to your email, or console/syslog, depending on syntax you run scan

if you need to restore files to original location - may use a bash script: https://github.com/Shrizt/clamav-quarantine-recover

Where is ClamAV quarantine folder?

3 Answers3