Clam AntiVirus (ClamAV) is a

free software Free software or libre software is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, no ...

, cross-platform antimalware toolkit able to detect many types of malware, including

viruses A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsky's 1 ...

. It was developed for

Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...

and has third party versions available for

AIX Aix or AIX may refer to: Computing * AIX, a line of IBM computer operating systems *An Alternate Index, for a Virtual Storage Access Method Key Sequenced Data Set * Athens Internet Exchange, a European Internet exchange point Places Belgi ...

BSD The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berk ...

HP-UX HP-UX (from "Hewlett Packard Unix") is Hewlett Packard Enterprise's proprietary implementation of the Unix operating system, based on Unix System V (initially System III) and first released in 1984. Current versions support HPE Integrity Ser ...

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...

OpenVMS OpenVMS, often referred to as just VMS, is a multi-user, multiprocessing and virtual memory-based operating system. It is designed to support time-sharing, batch processing, transaction processing and workstation applications. Customers using Ope ...

, OSF (Tru64) and

Solaris Solaris may refer to: Arts and entertainment Literature, television and film * ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem ** ''Solaris'' (1968 film), directed by Boris Nirenburg ** ''Solaris'' (1972 film), directed by ...

. As of version 0.97.5, ClamAV builds and runs on

Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...

. Both ClamAV and its updates are made available free of charge. One of its main uses is on mail servers as a server-side

email virus A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a comput ...

scanner.

Sourcefire Sourcefire, Inc was a technology company that developed network security hardware and software. The company's Firepower network security appliances were based on Snort, an open-source intrusion detection system (IDS). Sourcefire was acquired ...

, developer of

intrusion detection An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...

products and the owner of Snort, announced on 17 August 2007 that it had acquired the

trademarks A trademark (also written trade mark or trade-mark) is a type of intellectual property consisting of a recognizable sign, design, or expression that identifies products or services from a particular source and distinguishes them from othe ...

and

copyrights A copyright is a type of intellectual property that gives its owner the exclusive right to copy, distribute, adapt, display, and perform a creative work, usually for a limited time. The creative work may be in a literary, artistic, educatio ...

to ClamAV from five key developers. Upon joining Sourcefire, the ClamAV team joined the Sourcefire Vulnerability Research Team (VRT). In turn,

Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...

acquired Sourcefire in 2013. The Sourcefire VRT became Cisco Talos, and ClamAV development remains there.

Features

ClamAV includes a command-line scanner, automatic database updater, and a scalable multi-threaded

daemon Daimon or Daemon (Ancient Greek: , "god", "godlike", "power", "fate") originally referred to a lesser deity or guiding spirit such as the daimons of ancient Greek religion and Greek mythology, mythology and of later Hellenistic religion and Hell ...

running on an anti-virus engine from a shared library. The application features a

Milter Milter (portmanteau for ''mail filter'') is an extension to the widely used open source mail transfer agents (MTA) Sendmail and Postfix. It allows administrators to add mail filters for filtering spam or viruses in the mail-processing chain. I ...

interface for sent mail and on-demand scanning. It recognizes: * ZIP, RAR,

Tar Tar is a dark brown or black viscous liquid of hydrocarbons and free carbon, obtained from a wide variety of organic materials through destructive distillation. Tar can be produced from coal, wood, petroleum, or peat. "a dark brown or black bit ...

Gzip gzip is a file format and a software application used for file compression and decompression. The program was created by Jean-loup Gailly and Mark Adler as a free software replacement for the compress program used in early Unix systems, and in ...

, Bzip2,

OLE2 Object Linking & Embedding (OLE) is a proprietary technology developed by Microsoft that allows embedding and linking to documents and other objects. For developers, it brought OLE Control Extension (OCX), a way to develop and use custom user i ...

Cabinet Cabinet or The Cabinet may refer to: Furniture * Cabinetry, a box-shaped piece of furniture with doors and/or drawers * Display cabinet, a piece of furniture with one or more transparent glass sheets or transparent polycarbonate sheets * Filing ...

, CHM,

BinHex BinHex, originally short for "binary-to-hexadecimal", is a binary-to-text encoding system that was used on the classic Mac OS for sending binary files through e-mail. Originally a hexadecimal encoding, subsequent versions of BinHex are more simil ...

, and SIS formats * Most mail file formats *

ELF An elf () is a type of humanoid supernatural being in Germanic mythology and folklore. Elves appear especially in North Germanic mythology. They are subsequently mentioned in Snorri Sturluson's Icelandic Prose Edda. He distinguishes "ligh ...

and

Portable Executable The Portable Executable (PE) format is a file format for executables, object code, DLLs and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary fo ...

(PE) files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, and Upack, or obfuscated with SUE, Y0da Cryptor. *

Office Open XML file formats The Office Open XML file formats are a set of file formats that can be used to represent electronic office documents. There are formats for word processing documents, spreadsheets and presentations as well as specific formats for material ...

HTML The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScri ...

Rich Text Format ) As an example, the following RTF code would be rendered as follows: This is some bold text. Character encoding A standard RTF file can only consist of 7-bit ASCII characters, but can use escape sequences to encode other characters. Th ...

(RTF) and

Portable Document Format Portable Document Format (PDF), standardized as ISO 32000, is a file format developed by Adobe in 1992 to present documents, including text formatting and images, in a manner independent of application software, hardware, and operating systems. ...

(PDF). The ClamAV virus database is updated at least every four hours and as of 10 February 2017 contained over 5,760,000 virus signatures with the daily update Virus DB number at 23040.

Effectiveness

ClamAV was tested against other antivirus products on '' Shadowserver''. In 2011, Shadowserver tested over 25 million samples against ClamAV and numerous other antivirus products. Out of the 25 million samples tested, ClamAV scored 76.60% ranking 12 out of 19, a higher rating than some much more established competitors. In the 2008

AV-TEST AV-TEST is an independent organization which evaluates and rates antivirus and security suite software for Microsoft Windows and Android operating systems, according to a variety of criteria. The organisation is based in Magdeburg, Germany. Ever ...

comparison of antivirus tools, ClamAV scored poorly in on-demand detection, avoiding false positives, and rootkit detection. In a Shadowserver six-month test between June and December 2011, ClamAV detected over 75.45% of all viruses tested, putting it in fifth place behind AhnLab, Avira, BitDefender and Avast. AhnLab, the top antivirus, detected 80.28%. In 2022

Splunk Splunk Inc. is an American software company based in San Francisco, California, that produces software for searching, monitoring, and analyzing machine-generated data via a Web-style interface. Its software helps capture, index and correlate ...

conducted an efficacy study involving ~400,000 malware samples sourced from MalwareBazaar. The study concluded ClamAV is 59.94% effective overall at detecting commodity malware.

Unofficial databases

The ClamAV engine can be reliably used to detect several kinds of files. In particular, some

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...

emails can be detected using antivirus techniques. However, false positive rates are inherently higher than those of traditional malware detection. There are several unofficial databases for ClamAV: * Sanesecurity is an organization that maintains a number of such databases; in addition they distribute and classify a number of similar databases from other parties, such as Porcupine, Julian Field, MalwarePatrol.Sanesecurit
Phishing, Scam and Malware signatures for ClamAV
* SecuriteInfo.com also provides additional signatures for ClamAV.SecuriteInfo.co
Add 4.000.000 signatures to ClamAV Antivirus
/ref> ClamAV Unofficial Signatures are mainly used by system administrators to filter email messages. Detections of these groups should be scored, rather than causing an outright block of the "infected" message.

Platforms

Linux, BSD

ClamAV is available for

and

-based operating systems. In most cases it is available through the distribution's repositories for installation. On Linux servers ClamAV can be run in daemon mode, servicing requests to scan files sent from other processes. These can include mail exchange programs, files on

Samba Samba (), also known as samba urbano carioca (''urban Carioca samba'') or simply samba carioca (''Carioca samba''), is a Brazilian music genre that originated in the Afro-Brazilian communities of Rio de Janeiro in the early 20th century. Havin ...

shares, or packets of data passing through a proxy server. On Linux and BSD desktops ClamAV provides on-demand scanning of individual files, directories or the whole PC.

macOS

macOS Server macOS Server, formerly Mac OS X Server and OS X Server, is a discontinued series of Unix-like server operating systems developed by Apple Inc., based on macOS and later add-on software packages for the latter. macOS Server added serv ...

has included ClamAV since version 10.4. It is used within the operating system's email service. A paid-for graphical user interface is available from Canimaan Software Ltd in the form of ''ClamXav''. Additionally, Fink, Homebrew and

MacPorts MacPorts, formerly DarwinPorts, is a package manager for macOS and Darwin. It is an open-source software project that aims to simplify the installation of other open source software. It's similar in function to Fink and the BSD ports collection ...

have ported ClamAV. Another program which uses the ClamAV engine on macOS, is Counteragent. Working alongside the

Eudora Internet Mail Server Eudora Internet Mail Server (EIMS) is a POP3, IMAP, and SMTP server for the classic Mac OS and macOS. History In 1993 Glenn Anderson started development on what was then called MailShare, which was available as freeware. In 1995 MailShare was pur ...

program, Counteragent scans emails for viruses using ClamAV and also optionally provides spam filtering through

SpamAssassin Apache SpamAssassin is a computer program used for e-mail spam filtering. It uses a variety of spam-detection techniques, including DNS and fuzzy checksum techniques, Bayesian filtering, external programs, blacklists and online databases. It i ...

OpenVMS

ClamAV for

is available for

DEC Alpha Alpha (original name Alpha AXP) is a 64-bit reduced instruction set computer (RISC) instruction set architecture (ISA) developed by Digital Equipment Corporation (DEC). Alpha was designed to replace 32-bit VAX complex instruction set compute ...

and

Itanium Itanium ( ) is a discontinued family of 64-bit Intel microprocessors that implement the Intel Itanium architecture (formerly called IA-64). Launched in June 2001, Intel marketed the processors for enterprise servers and high-performance computin ...

platforms. The build process is simple and provides basic functionality, including library, the clamscan utility, the clamd

, and freshclam for update.

Windows

There are

IA-32 IA-32 (short for "Intel Architecture, 32-bit", commonly called i386) is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the 80386 microprocessor in 1985. IA-32 is the first incarnation of ...

and

x64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mo ...

variants of ClamAV available for Windows; additionally,

Immunet Immunet is a free, cloud-based, community-driven antivirus application, using the ClamAV and its own engine. The software is complementary with existing antivirus software. In January 2011 Immunet was acquired by Sourcefire. The application is f ...

uses ClamAV as its engine.

OS/2

A port of ClamAV is available for

OS/2 OS/2 (Operating System/2) is a series of computer operating systems, initially created by Microsoft and IBM under the leadership of IBM software designer Ed Iacobucci. As a result of a feud between the two companies over how to position OS/2 ...

(including

eComStation eComStation or eCS is an operating system based on OS/2 Warp for the 32-bit x86 architecture. It was originally developed by Serenity Systems and Mensys BV under license from IBM. It includes additional applications, and support for new hard ...

and

ArcaOS ArcaOS is an operating system based on OS/2, developed and marketed by Arca Noae, LLC under license from IBM. It was codenamed Blue Lion during its development. It builds on OS/2 Warp 4.52 by adding support for new hardware, fixing defects and l ...

) with a native UI written in

REXX Rexx (Restructured Extended Executor) is a programming language that can be interpreted or compiled. It was developed at IBM by Mike Cowlishaw. It is a structured, high-level programming language designed for ease of learning and reading. ...

Graphical interfaces

Since ClamAV does not include a

graphical user interface The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...

(GUI) but instead is run from the command line, a number of third-party developers have written GUIs for the application for various platforms and uses. These include: ClamTk 5

ClamTk ClamTk is a free software graphical interface for the ClamAV command line antivirus software program, for Linux desktop users. It provides both on-demand and scheduled scanning. The project was started by Dave Mauroni in February 2004 and rema ...

using gtk2-perl; project is named for the Tk libraries that were used when it began **KlamAV for TDE (development of the original

KDE KDE is an international free software community that develops free and open-source software. As a central development hub, it provides tools and resources that allow collaborative work on this kind of software. Well-known products include the ...

version was discontinued in 2009). **wbmclamav is a webmin module to manage Clam AntiVirus *

**ClamXav is a port which includes a graphical user interfaces and has a "sentry" service which can watch for changes or new files in many cases. There is also an update and scanning scheduler through a cron job facilitated by the graphical interface. ClamXav can detect malware specific to macOS, Unix, or Windows. The ClamXav application and the ClamAV engine are updated regularly. ClamXav is written and sold by Canimaan Software Ltd. **Tiger Cache Cleaner is

shareware Shareware is a type of proprietary software that is initially shared by the owner for trial use at little or no cost. Often the software has limited functionality or incomplete documentation until the user sends payment to the software developer ...

software which installs and presents a graphic interface for using ClamAV to scan for viruses, and provides other unrelated functions. *

ClamWin ClamWin Free Antivirus is a free and open-source antivirus tool for Windows. It provides a graphical user interface to the Clam AntiVirus engine. Features * Scanning scheduler (only effective with user logged in). * Automatic virus database ...

CS Antivirus CS, C-S, C.S., Cs, cs, or cs. may refer to: Job titles * Chief Secretary (Hong Kong) * Chief superintendent, a rank in the British and several other police forces * Company secretary, a senior position in a private sector company or public sec ...

** Graugon AntiVirus ** Clam Sentinel *

** ClamAV-GUI

ClamWin

ClamWin is a graphical user interface front-end ClamWin Pty Ltd. developed for ClamAV on

. Features include on-demand (user-started) scanning, automatic updates, scheduled scanning, and integration with

File Explorer File Explorer, previously known as Windows Explorer, is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file ...

and

Microsoft Outlook Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft Office and Microsoft 365 software suites. Though primarily an email client, Outlook also includes such functions as Calen ...

. ClamWin does not provide on-access scanning. A Firefox add-on enables ClamWin to scan downloaded files. Several other extensions allow users to process downloaded files with any software and scan the files with ClamWin.

Real-time file scanning

, ClamAV (versions 0.99 and later) supports

real-time protection Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...

via the

Fanotify inotify (inode notify) is a Linux kernel subsystem created by John McCutchan, which monitors changes to the filesystem, and reports those changes to applications. It can be used to automatically update directory views, reload configuration files, ...

add-on for the Linux kernel (version 3.8 and later.) Alternatively, one could use ClamFS (for any

Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

supporting

FUSE Fuse or FUSE may refer to: Devices * Fuse (electrical), a device used in electrical systems to protect against excessive current ** Fuse (automotive), a class of fuses for vehicles * Fuse (hydraulic), a device used in hydraulic systems to protect ...

). On

, a free, open-source app called Clam Sentinel detects file changes and scans modified files using ClamWin. It works with Windows 98 and later. In addition to on-access scanning, it features optional system change messages and proactive heuristic protection.

Patent lawsuit

In 2008,

Barracuda Networks Barracuda Networks, Inc. is a company providing security, networking and storage products based on network appliances and cloud services. The company's security products include products for protection against email, web surfing, web hackers ...

was sued by

Trend Micro is an American-Japanese multinational cyber security software company with global headquarters in Tokyo, Japan and Irving, Texas, United State.Other regional headquarters and R&D centers are located around East Asia, Southeast Asia, Europe, and ...

for its distribution of ClamAV as part of a security package. Trend Micro claimed that Barracuda's utilization of ClamAV infringes on a

software patent A software patent is a patent on a piece of software, such as a computer program, libraries, user interface, or algorithm. Background A patent is a set of exclusionary rights granted by a state to a patent holder for a limited period of time, u ...

for filtering viruses on an

Internet gateway A gateway is a piece of networking hardware or software used in telecommunications networks that allows data to flow from one discrete network to another. Gateways are distinct from routers or switches in that they communicate using more than on ...

. The

free software community The free software movement is a social movement with the goal of obtaining and guaranteeing certain freedoms for software users, namely the freedoms to run the software, to study the software, to modify the software, and to share copies of the ...

responded in part by calling for a

boycott A boycott is an act of nonviolent, voluntary abstention from a product, person, organization, or country as an expression of protest. It is usually for moral, social, political, or environmental reasons. The purpose of a boycott is to inflict som ...

against Trend Micro. The boycott was also endorsed by the

Free Software Foundation The Free Software Foundation (FSF) is a 501(c)#501(c)(3), 501(c)(3) non-profit organization founded by Richard Stallman on October 4, 1985, to support the free software movement, with the organization's preference for software being distributed ...

. Barracuda Networks counter-sued with IBM-obtained patents in July 2008. On May 19, 2011, the U.S. Patent and Trademark Office issued a Final Rejection in the reexamination of Trend Micro's U.S. patent 5,623,600.

References

External links

* {{DEFAULTSORT:Clam Antivirus Antivirus software Antivirus software for Linux Cloud applications Cross-platform free software Free antivirus software Free software programmed in C Free security software