Clam AntiVirus
Encyclopedia
Clam AntiVirus is a free
, cross-platform
antivirus software
tool-kit able to detect many types of malicious software, including viruses
. One of its main uses is on mail servers
as a server-side email virus scanner. The application was developed for Unix
and has third party versions available for AIX, BSD
, HP-UX
, Linux
, Mac OS X
, OpenVMS
, OSF
(Tru64) and Solaris. As of version 0.96 ClamAV builds and runs on Microsoft Windows
. Both ClamAV and its updates are made available free of charge.
Sourcefire
, a maker of intrusion detection
products and the owner of Snort
, announced on 17 August 2007 that it had acquired the trademarks and copyrights to ClamAV from five key developers.
, running on an anti-virus engine from a shared library.
The application also features a Milter
interface for sendmail and on-demand scanning. It has support for Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS formats, most mail file formats, ELF
executables and Portable Executable
(PE) files compressed with UPX
, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor. It also supports many document formats, including Microsoft Office
, HTML
, Rich Text Format
(RTF) and Portable Document Format
(PDF).
The ClamAV virus database is updated several times each day and as of 30 October 2011 contained 1,063,024 virus signatures with the the daily update Virus DB number at 13867.
. In 2010 Shadowserver tested over 22 million samples against ClamAV and numerous other antivirus products. Out of the 22 million samples tested ClamAV scored 76.64% ranking 9 out of 19, a higher rating than some much more established competitors.
ClamAV was included in comparative tests against other antivirus products. In the 2008 AV-Test it rated: on-demand: very poor, false positives: poor, on-access: poor, response time: very good, rootkits: very poor.
and BSD
-based operating systems. In most cases it is available through the distribution's repositories for installation.
On Linux servers ClamAV can be run in daemon mode, servicing requests to scan files sent from other processes. These can include mail exchange programs, files on Samba
shares, or packets of data passing through a proxy server (IPCop
, for example, has an add-on called Copfilter which scans incoming packets for malicious data).
On Linux and BSD desktops ClamAV provides on-demand scanning of individual files, directories or the whole PC.
has included ClamAV since version 10.4. It is used within the operating system's email service. A graphical user interface is available in the form of ClamXav. Additionally, Fink
and MacPorts
have ported ClamAV to the platform too.
Another program which uses the ClamAV engine, on Mac OS X, is Counteragent. Working alongside the Eudora Internet Mail Server
program, Counteragent scans emails for viruses using ClamAV and also optionally provides spam filtering through SpamAssassin
.
is available for DEC Alpha
and Itanium
platforms. The build process is simple and provides basic functionality, including: library, clamscan utility, clamd daemon and freshclam for update.
it includes on-access scanning accomplished through cloud computing
, which reduces the use of local PC memory.
(GUI) but instead is run from the command line, a number of third-party developers have written GUIs for the application for various platforms and uses.
These include:
ClamWin
is a graphical user interface front end for ClamAV for Microsoft Windows
built by ClamWin Pty Ltd. Features include on-demand (user started) scanning, automatic updates, scan scheduling, context menu integration to Explorer, and an add-in for Microsoft Outlook
. To provide on-access scanning
(scan when a file is read or written), additional software must be used. Examples are Clam Sentinel and the free software
called Winpooch.
Plugins for Mozilla Firefox
which use ClamWin to scan downloaded files are also available. Several other extensions allow users to process downloaded files with any software and scan the files with ClamWin.
is being sued by Trend Micro
as of 2008 for its distribution of ClamAV as part of a security package. Trend Micro claims that Barracuda's utilization of ClamAV infringes on a software patent
for filtering viruses on an Internet gateway. The free software community
has responded in part by calling for a boycott
against Trend Micro. The boycott has been endorsed by the Free Software Foundation
. Barracuda Networks counter-sued with IBM obtained patents in July of 2008.
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
, cross-platform
Cross-platform
In computing, cross-platform, or multi-platform, is an attribute conferred to computer software or computing methods and concepts that are implemented and inter-operate on multiple computer platforms...
antivirus software
Antivirus software
Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
tool-kit able to detect many types of malicious software, including viruses
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
. One of its main uses is on mail servers
Mail transfer agent
Within Internet message handling services , a message transfer agent or mail transfer agent or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture...
as a server-side email virus scanner. The application was developed for Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
and has third party versions available for AIX, BSD
Berkeley Software Distribution
Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995...
, HP-UX
HP-UX
HP-UX is Hewlett-Packard's proprietary implementation of the Unix operating system, based on UNIX System V and first released in 1984...
, Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
, Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
, OpenVMS
OpenVMS
OpenVMS , previously known as VAX-11/VMS, VAX/VMS or VMS, is a computer server operating system that runs on VAX, Alpha and Itanium-based families of computers. Contrary to what its name suggests, OpenVMS is not open source software; however, the source listings are available for purchase...
, OSF
Tru64 UNIX
Tru64 UNIX is a 64-bit UNIX operating system for the Alpha instruction set architecture , currently owned by Hewlett-Packard . Previously, Tru64 UNIX was a product of Compaq, and before that, Digital Equipment Corporation , where it was known as Digital UNIX .As its original name suggests, Tru64...
(Tru64) and Solaris. As of version 0.96 ClamAV builds and runs on Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
. Both ClamAV and its updates are made available free of charge.
Sourcefire
Sourcefire
Sourcefire, Inc develops network security hardware and software. The Sourcefire 3D System is based on Snort, an open-source intrusion detection engine.-Background:...
, a maker of intrusion detection
Intrusion detection
In Information Security, intrusion detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. When Intrusion detection takes a preventive measure without direct human intervention, then it becomes an Intrusion-prevention...
products and the owner of Snort
Snort (software)
Snort is a free and open source network intrusion prevention system and network intrusion detection system , created by Martin Roesch in 1998...
, announced on 17 August 2007 that it had acquired the trademarks and copyrights to ClamAV from five key developers.
Features
ClamAV includes a number of utilities: a command-line scanner, automatic database updater and a scalable multi-threaded daemonDaemon (computer software)
In Unix and other multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user...
, running on an anti-virus engine from a shared library.
The application also features a Milter
Milter
Milter is an extension to the widely used open source mail transfer agents Sendmail and Postfix. It allows administrators to add mail filters for filtering spam or viruses very efficiently in the mail-processing chain...
interface for sendmail and on-demand scanning. It has support for Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS formats, most mail file formats, ELF
Executable and Linkable Format
In computing, the Executable and Linkable Format is a common standard file format for executables, object code, shared libraries, and core dumps. First published in the System V Application Binary Interface specification, and later in the Tool Interface Standard, it was quickly accepted among...
executables and Portable Executable
Portable Executable
The Portable Executable format is a file format for executables, object code and DLLs, used in 32-bit and 64-bit versions of Windows operating systems. The term "portable" refers to the format's versatility in numerous environments of operating system software architecture...
(PE) files compressed with UPX
UPX
UPX, the Ultimate Packer for eXecutables, is a free and open source executable packer supporting a number of file formats from different operating systems.- Compression :...
, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor. It also supports many document formats, including Microsoft Office
Microsoft Office
Microsoft Office is a non-free commercial office suite of inter-related desktop applications, servers and services for the Microsoft Windows and Mac OS X operating systems, introduced by Microsoft in August 1, 1989. Initially a marketing term for a bundled set of applications, the first version of...
, HTML
HTML
HyperText Markup Language is the predominant markup language for web pages. HTML elements are the basic building-blocks of webpages....
, Rich Text Format
Rich Text Format
The Rich Text Format is a proprietary document file format with published specification developed by Microsoft Corporation since 1987 for Microsoft products and for cross-platform document interchange....
(RTF) and Portable Document Format
Portable Document Format
Portable Document Format is an open standard for document exchange. This file format, created by Adobe Systems in 1993, is used for representing documents in a manner independent of application software, hardware, and operating systems....
(PDF).
The ClamAV virus database is updated several times each day and as of 30 October 2011 contained 1,063,024 virus signatures with the the daily update Virus DB number at 13867.
Effectiveness
ClamAV is currently tested daily in comparative tests against other antivirus products on ShadowserverShadowserver
The Shadowserver Foundation is a volunteer group of professional Internet security workers that gathers, tracks and reports on malware, botnet activity and electronic fraud. It aims to improve the security of the Internet by raising awareness of the presence of compromised servers, malicious...
. In 2010 Shadowserver tested over 22 million samples against ClamAV and numerous other antivirus products. Out of the 22 million samples tested ClamAV scored 76.64% ranking 9 out of 19, a higher rating than some much more established competitors.
ClamAV was included in comparative tests against other antivirus products. In the 2008 AV-Test it rated: on-demand: very poor, false positives: poor, on-access: poor, response time: very good, rootkits: very poor.
Linux, BSD
ClamAV is available for LinuxLinux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
and BSD
Berkeley Software Distribution
Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995...
-based operating systems. In most cases it is available through the distribution's repositories for installation.
On Linux servers ClamAV can be run in daemon mode, servicing requests to scan files sent from other processes. These can include mail exchange programs, files on Samba
Samba (software)
Samba is a free software re-implementation, originally developed by Andrew Tridgell, of the SMB/CIFS networking protocol. As of version 3, Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain, either as a Primary Domain...
shares, or packets of data passing through a proxy server (IPCop
IPCop
IPCop is a Linux distribution which aims to provide a simple-to-manage firewall appliance based on PC hardware. IPCop is a stateful firewall built on the Linux netfilter framework....
, for example, has an add-on called Copfilter which scans incoming packets for malicious data).
On Linux and BSD desktops ClamAV provides on-demand scanning of individual files, directories or the whole PC.
Mac OS X
Apple Mac OS X ServerMac OS X Server
Mac OS X Server is a Unix server operating system from Apple Inc. The server edition of Mac OS X is architecturally identical to its desktop counterpart, except that it includes work group management and administration software tools...
has included ClamAV since version 10.4. It is used within the operating system's email service. A graphical user interface is available in the form of ClamXav. Additionally, Fink
Fink
The Fink project is an effort to port and package open-source Unix programs to Mac OS X. Fink uses dpkg and APT , as well as its own frontend program, fink ....
and MacPorts
MacPorts
MacPorts, formerly called DarwinPorts, is a package management system that simplifies the installation of software on the Mac OS X and Darwin operating systems. It is a free/open source software project to simplify installation of other free/open source software...
have ported ClamAV to the platform too.
Another program which uses the ClamAV engine, on Mac OS X, is Counteragent. Working alongside the Eudora Internet Mail Server
Eudora Internet Mail Server
Eudora Internet Mail Server is a POP3, IMAP, and SMTP server for Mac OS.-History:In 1993 Glenn Anderson started development on what was then called MailShare, which was available as freeware. In 1995 MailShare was purchased by Apple Computer and renamed to Apple Internet Mail Server. Version 1.0...
program, Counteragent scans emails for viruses using ClamAV and also optionally provides spam filtering through SpamAssassin
SpamAssassin
SpamAssassin is a computer program released under the Apache License 2.0 used for e-mail spam filtering based on content-matching rules. It is now part of the Apache Foundation....
.
OpenVMS
ClamAV for OpenVMSOpenVMS
OpenVMS , previously known as VAX-11/VMS, VAX/VMS or VMS, is a computer server operating system that runs on VAX, Alpha and Itanium-based families of computers. Contrary to what its name suggests, OpenVMS is not open source software; however, the source listings are available for purchase...
is available for DEC Alpha
DEC Alpha
Alpha, originally known as Alpha AXP, is a 64-bit reduced instruction set computer instruction set architecture developed by Digital Equipment Corporation , designed to replace the 32-bit VAX complex instruction set computer ISA and its implementations. Alpha was implemented in microprocessors...
and Itanium
Itanium
Itanium is a family of 64-bit Intel microprocessors that implement the Intel Itanium architecture . Intel markets the processors for enterprise servers and high-performance computing systems...
platforms. The build process is simple and provides basic functionality, including: library, clamscan utility, clamd daemon and freshclam for update.
Windows
ClamAV for Windows is a joint project of ClamAV and Immunet which provides support for Windows XP, Vista, and 7. Unlike ClamWinClamWin
ClamWin is free, open source antivirus software for Microsoft Windows. It provides a graphical user interface to the ClamAV engine.- Features :* Scanning scheduler ....
it includes on-access scanning accomplished through cloud computing
Cloud computing
Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a utility over a network ....
, which reduces the use of local PC memory.
Graphical interfaces
Since ClamAV does not include a graphical user interfaceGraphical user interface
In computing, a graphical user interface is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and...
(GUI) but instead is run from the command line, a number of third-party developers have written GUIs for the application for various platforms and uses.
These include:
- LinuxLinuxLinux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
- ClamTk using gtk2-perl; project is named for the TkTk (framework)Tk is an open source, cross-platform widget toolkit that provides a library of basic elements for building a graphical user interface in many different programming languages....
libraries that were used when it began - KlamAV for KDEKDEKDE is an international free software community producing an integrated set of cross-platform applications designed to run on Linux, FreeBSD, Microsoft Windows, Solaris and Mac OS X systems...
- wbmclamav is a webmin module to manage Clam AntiVirus
- ClamTk using gtk2-perl; project is named for the Tk
- Mac OS XMac OS XMac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
- ClamXav is a freeware port which includes a graphical user interfaces and has a "sentry" service which can watch for changes or new files in many cases. There is also an update and scanning scheduler through a cronCronCron is a time-based job scheduler in Unix-like computer operating systems. Cron enables users to schedule jobs to run periodically at certain times or dates...
job facilitated by the graphical interface. ClamXav can detect malware specific to Mac OS X, Unix, or Windows, but malware definitions for Mac OS X are updated less often, with sometimes up to a year between updates. However, the ClamXav application and the ClamAV engine, are updated regularly. - Tiger Cache Cleaner is sharewareSharewareThe term shareware is a proprietary software that is provided to users without payment on a trial basis and is often limited by any combination of functionality, availability, or convenience. Shareware is often offered as a download from an Internet website or as a compact disc included with a...
software which installs and presents a graphic interface for using ClamAV to scan for viruses, and provides other unrelated functions.
- ClamXav is a freeware port which includes a graphical user interfaces and has a "sentry" service which can watch for changes or new files in many cases. There is also an update and scanning scheduler through a cron
- Microsoft WindowsMicrosoft WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
- ClamWinClamWinClamWin is free, open source antivirus software for Microsoft Windows. It provides a graphical user interface to the ClamAV engine.- Features :* Scanning scheduler ....
- CS Antivirus
- Graugon AntiVirusGraugon AntiVirusGraugon AntiVirus is antivirus software based on Clam Antivirus developed and maintained by the Graugon Software Group. The software has undergone several name changes and was relaunched in mid 2008.- History :...
- ClamWin
ClamWin
ClamWin
ClamWin is free, open source antivirus software for Microsoft Windows. It provides a graphical user interface to the ClamAV engine.- Features :* Scanning scheduler ....
is a graphical user interface front end for ClamAV for Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
built by ClamWin Pty Ltd. Features include on-demand (user started) scanning, automatic updates, scan scheduling, context menu integration to Explorer, and an add-in for Microsoft Outlook
Microsoft Outlook
Microsoft Outlook is a personal information manager from Microsoft, available both as a separate application as well as a part of the Microsoft Office suite...
. To provide on-access scanning
Real-time protection
Real-time protection, on-access scanning, background guard, resident shield, autoprotect, and other synonyms refer to the automatic protection provided by most antivirus, antispyware, and other antimalware programs, which is arguably their most important feature...
(scan when a file is read or written), additional software must be used. Examples are Clam Sentinel and the free software
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
called Winpooch.
Plugins for Mozilla Firefox
Mozilla Firefox
Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. , Firefox is the second most widely used browser, with approximately 25% of worldwide usage share of web browsers...
which use ClamWin to scan downloaded files are also available. Several other extensions allow users to process downloaded files with any software and scan the files with ClamWin.
Patent lawsuit
Barracuda NetworksBarracuda Networks
Barracuda Networks, Inc. is a privately held company providing security, networking and storage solutions based on appliances and cloud services. The company’s security products include solutions for protection against email, web surfing, web hackers and instant messaging threats such as spam,...
is being sued by Trend Micro
Trend Micro
Trend Micro Inc. is a computer security company. It is headquartered in Tokyo, Japan and markets Trend Micro Internet Security, Trend Micro Worry-Free Business Security, OfficeScan, and other related security products and services...
as of 2008 for its distribution of ClamAV as part of a security package. Trend Micro claims that Barracuda's utilization of ClamAV infringes on a software patent
Software patent
Software patent does not have a universally accepted definition. One definition suggested by the Foundation for a Free Information Infrastructure is that a software patent is a "patent on any performance of a computer realised by means of a computer program".In 2005, the European Patent Office...
for filtering viruses on an Internet gateway. The free software community
Free software community
The free-software community is an informal term that refers to the users and developers of free software as well as supporters of the free-software movement. The movement is sometimes referred to as the open-source software community or a subset thereof...
has responded in part by calling for a boycott
Boycott
A boycott is an act of voluntarily abstaining from using, buying, or dealing with a person, organization, or country as an expression of protest, usually for political reasons...
against Trend Micro. The boycott has been endorsed by the Free Software Foundation
Free Software Foundation
The Free Software Foundation is a non-profit corporation founded by Richard Stallman on 4 October 1985 to support the free software movement, a copyleft-based movement which aims to promote the universal freedom to create, distribute and modify computer software...
. Barracuda Networks counter-sued with IBM obtained patents in July of 2008.
See also
- List of antivirus software
- Software patents and free softwareSoftware patents and free softwareOpposition to software patents is widespread in the free software community. In response, various mechanisms have been tried to defuse the perceived problem.-Positions from the community:...