Software:Clam AntiVirus
Clam AV 0.95.2, running a definition update, scanning a file and identifying a Trojan from the command-line. | |
Developer(s) | Cisco Systems |
---|---|
Written in | C, C++ |
Operating system | Unix, AIX, BSD, HP-UX, Linux, macOS, OpenVMS, Tru64 UNIX, Windows |
Type | Antivirus software |
License | GPL-2.0-only |
Website | www |
Clam AntiVirus (ClamAV) is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses. It was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF (Tru64) and Solaris. As of version 0.97.5, ClamAV builds and runs on Microsoft Windows.[1][2] Both ClamAV and its updates are made available free of charge. One of its main uses is on mail servers as a server-side email virus scanner.
Sourcefire, developer of intrusion detection products and the owner of Snort, announced on 17 August 2007 that it had acquired the trademarks and copyrights to ClamAV from five key developers.[3] Upon joining Sourcefire, the ClamAV team joined the Sourcefire Vulnerability Research Team (VRT). In turn, Cisco acquired Sourcefire in 2013.[4] The Sourcefire VRT became Cisco Talos,[5] and ClamAV development remains there.
Features
ClamAV includes a command-line scanner, automatic database updater, and a scalable multi-threaded daemon running on an anti-virus engine from a shared library.[1] The application features a Milter interface for sent mail and on-demand scanning. It recognizes:
- ZIP, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, and SIS formats
- Most mail file formats
- ELF and Portable Executable (PE) files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, and Upack, or obfuscated with SUE, Y0da Cryptor.
- Office Open XML file formats, HTML, Rich Text Format (RTF) and Portable Document Format (PDF).[1]
The ClamAV virus database is updated at least every four hours and as of 10 February 2017 contained over 5,760,000 virus signatures[citation needed] with the daily update Virus DB number at 23040.[6][7]
Effectiveness
ClamAV was tested against other antivirus products on Shadowserver. In 2011, Shadowserver tested over 25 million samples against ClamAV and numerous other antivirus products. Out of the 25 million samples tested, ClamAV scored 76.60% ranking 12 out of 19, a higher rating than some much more established competitors.[8]
In the 2008 AV-TEST comparison of antivirus tools, ClamAV scored poorly in on-demand detection, avoiding false positives, and rootkit detection.[9]
In a Shadowserver six-month test between June and December 2011, ClamAV detected over 75.45% of all viruses tested, putting it in fifth place behind AhnLab, Avira, BitDefender and Avast. AhnLab, the top antivirus, detected 80.28%.[10]
In 2022 Splunk conducted an efficacy study involving ~400,000 malware samples sourced from MalwareBazaar. The study concluded ClamAV is 59.94% effective overall at detecting commodity malware.[11]
Unofficial databases
The ClamAV engine can be reliably used to detect several kinds of files. In particular, some phishing emails can be detected using antivirus techniques. However, false positive rates are inherently higher than those of traditional malware detection.[12]
There are several unofficial databases for ClamAV:
- Sanesecurity is an organization that maintains a number of such databases; in addition they distribute and classify a number of similar databases from other parties, such as Porcupine, Julian Field, MalwarePatrol.[13]
- SecuriteInfo.com also provides additional signatures for ClamAV.[14]
ClamAV Unofficial Signatures are mainly used by system administrators to filter email messages.[15] Detections of these groups should be scored, rather than causing an outright block of the "infected" message.[13]
Platforms
Linux, BSD
ClamAV is available for Linux and BSD-based operating systems.[1] In most cases it is available through the distribution's repositories for installation.
On Linux servers ClamAV can be run in daemon mode, servicing requests to scan files sent from other processes. These can include mail exchange programs, files on Samba shares, or packets of data passing through a proxy server.
On Linux and BSD desktops ClamAV provides on-demand scanning of individual files, directories or the whole PC.[1]
macOS
macOS Server has included ClamAV since version 10.4. It is used within the operating system's email service. A paid-for graphical user interface is available from Canimaan Software Ltd[16] in the form of ClamXav.[17] Additionally, Fink, Homebrew and MacPorts have ported ClamAV.
Another program which uses the ClamAV engine on macOS, is Counteragent. Working alongside the Eudora Internet Mail Server program, Counteragent scans emails for viruses using ClamAV and also optionally provides spam filtering through SpamAssassin.
OpenVMS
ClamAV for OpenVMS is available for DEC Alpha and Itanium platforms. The build process is simple and provides basic functionality, including library, the clamscan
utility, the clamd
daemon, and freshclam
for update.[18]
Windows
There are IA-32 and x64 variants of ClamAV available for Windows; additionally, Cisco's Immunet uses ClamAV as its engine.[19]
OS/2
A port of ClamAV is available for OS/2 (including eComStation and ArcaOS) with a native UI written in REXX.[20][21]
Graphical interfaces
Since ClamAV does not include a graphical user interface (GUI) but instead is run from the command line, a number of third-party developers have written GUIs for the application for various platforms and uses.
These include:
- Linux
- macOS
- ClamXav is a port which includes a graphical user interfaces and has a "sentry" service which can watch for changes or new files in many cases. There is also an update and scanning scheduler through a cron job facilitated by the graphical interface. ClamXav can detect malware specific to macOS, Unix, or Windows. The ClamXav application and the ClamAV engine are updated regularly.[26] ClamXav is written and sold by Canimaan Software Ltd.[16]
- Tiger Cache Cleaner is shareware software which installs and presents a graphic interface for using ClamAV to scan for viruses, and provides other unrelated functions.
- Microsoft Windows
- Immunet
- ClamWin
- CS Antivirus[27]
- Graugon AntiVirus[27]
- Clam Sentinel
- OS/2
- ClamAV-GUI[20]
ClamWin
ClamWin is a graphical user interface front-end ClamWin Pty Ltd. developed for ClamAV on Microsoft Windows. Features include on-demand (user-started) scanning, automatic updates, scheduled scanning, and integration with File Explorer and Microsoft Outlook. ClamWin does not provide on-access scanning. A Firefox add-on enables ClamWin to scan downloaded files.[28][29] Several other extensions allow users to process downloaded files with any software and scan the files with ClamWin.[30][31][32][33]
Real-time file scanning
On Linux, ClamAV (versions 0.99 and later) supports real-time protection via the Fanotify add-on for the Linux kernel (version 3.8 and later.)[34] Alternatively, one could use ClamFS (for any Unix-like operating system supporting FUSE).
On Microsoft Windows, a free, open-source app called Clam Sentinel detects file changes and scans modified files using ClamWin.[35] It works with Windows 98 and later. In addition to on-access scanning, it features optional system change messages and proactive heuristic protection.[36]
Patent lawsuit
In 2008, Barracuda Networks was sued by Trend Micro for its distribution of ClamAV as part of a security package.[37] Trend Micro claimed that Barracuda's utilization of ClamAV infringes on a software patent for filtering viruses on an Internet gateway. The free software community responded in part by calling for a boycott against Trend Micro. The boycott was also endorsed by the Free Software Foundation.[38] Barracuda Networks counter-sued with IBM-obtained patents in July 2008.[39] On May 19, 2011, the U.S. Patent and Trademark Office issued a Final Rejection[40] in the reexamination of Trend Micro's U.S. patent 5,623,600.[41]
See also
- List of antivirus software
- List of free and open-source software packages
- Software patents and free software
References
- ↑ 1.0 1.1 1.2 1.3 1.4 ClamAV (2007). "About ClamAV". http://www.clamav.net/about.
- ↑ ClamAV (2007). "ClamAV Packages and Ports". http://www.clamav.net/download/packages/.
- ↑ "Sourcefire acquires ClamAV". ClamAV. 2007-09-17. http://www.clamav.org/2007/08/17/sourcefire-acquires-clamav/.
- ↑ "Cisco Completes Acquisition of Sourcefire". 2013-10-07. http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html.
- ↑ "Cisco Talos". 2018-01-19. https://talosintelligence.com.
- ↑ "About ClamAV". http://www.clamav.net/about/.
- ↑ "Latest Stable Release". http://www.clamav.net/lang/en/about/.
- ↑ "ShadowServer Yearly Stats". shadowserver.org. 2012-01-05. http://www.shadowserver.org/wiki/pmwiki.php/Stats/VirusYearlyStats.
- ↑ "Anti-virus comparison test of current anti-malware products, Q1/2008". AV-Test GmbH. 22 January 2008. http://blogs.pcmag.com/securitywatch/Results-2008q1.htm.
- ↑ "ShadowServer 180 Day Stats". shadowserver.org. 2011-08-16. http://www.shadowserver.org/wiki/pmwiki.php/AV/Virus180-DayStats.
- ↑ "How Good is ClamAV at Detecting Commodity Malware?". https://www.splunk.com/en_us/blog/security/how-good-is-clamav-at-detecting-commodity-malware.html.
- ↑ "High-Performance Content-Based Phishing Attack Detection". 5 August 2011. https://uab.edu/cas/thecenter/images/Documents/High-Performance-Content-Based-Phishing-Attack-Detection.pdf.
- ↑ 13.0 13.1 Sanesecurity Phishing, Scam and Malware signatures for ClamAV
- ↑ SecuriteInfo.com Add 4.000.000 signatures to ClamAV Antivirus
- ↑ "ClamAV Unofficial Signatures Updater". 24 May 2009. http://sourceforge.net/projects/unofficial-sigs/.
- ↑ 16.0 16.1 "About us" (in en). ClamXAV. https://www.clamxav.com/about-us/.
- ↑ ClamXav.com (n.d.). "ClamXAV.com". http://www.clamxav.com/.
- ↑ Chupahin, Alexey (December 2008). "Clam AntiVirus OpenVMS Project News". http://clamav.dyndns.org/clamav/.
- ↑ "Alternate Versions of ClamAV". Cisco Systems. https://www.clamav.net/downloads#otherversions. "Immunet, powered by ClamAV, is a [...] Windows desktop anti-virus (AV) solution"
- ↑ 20.0 20.1 "My graphical user interface for "ClamAV"". http://remydodin.levillage.org/en/realisations.php?item=5900&id=realisations.
- ↑ "Clamav, ClamAV-GUI (Rexx & QT4) & eCSClamav". https://ecsoft2.org/clamav-clamav-gui-rexx-qt4-ecsclamav.
- ↑ Mauroni, Dave (December 2008). "ClamTk Virus Scanner". http://clamtk.sourceforge.net/.
- ↑ Mauroni, Dave (October 2008). "ClamTk README". http://clamtk.sourceforge.net/README.
- ↑ KlamAV F. (May 2006). "KlamAV - Main Page". http://sourceforge.net/projects/klamav/.
- ↑ Saracco, Emmanuel. "wbmclamav - The Webmin ClamAV Antivirus manager". https://wbmclamav.esaracco.fr/.
- ↑ ClamXav.com (November 2008). "ClamXav.com". http://www.clamxav.com/.
- ↑ 27.0 27.1 "CS Anti-Virus description". Softpedia.com. 2009-03-23. http://www.softpedia.com/get/Antivirus/CS-Anti-Virus.shtml.
- ↑ "FireClam: Use ClamAV to scan Firefox downloads for viruses". Firefox Addons. https://addons.mozilla.org/en-US/firefox/addon/fireclam/.
- ↑ "ClamWin Antivirus Glue for Firefox". Firefox Addons. https://addons.mozilla.org/en-US/firefox/addon/clamwin-antivirus-glue-for-fir/.
- ↑ "Download Scan". Downloadstatusbar.mozdev.org. 2005-08-19. http://downloadstatusbar.mozdev.org/downscan/.
- ↑ "Download Statusbar". https://addons.mozilla.org/en-US/firefox/addon/download-statusbar/.
- ↑ "Safe Download". Extensions.geckozone.org. http://extensions.geckozone.org/SafeDownload.
- ↑ ClamWin Pty Ltd (2009). "About ClamWin Free Antivirus". http://www.clamwin.com/content/view/71/1/.
- ↑ Sola, Mickey. "Configuring On-Access Scanning in ClamAV". https://blog.clamav.net/2016/03/configuring-on-access-scanning-in-clamav.html.
- ↑ Cyber Pillar. "Clam Sentinel - Making ClamWin Be Used In Real-Time". http://cyberpillar.com/dirsver/1/mainsite/techns/bhndscen/protsoft/antimalw/antivir/avmswin/clamwin/mkclmwrt/mkclmwrt.htm.
- ↑ "Clam Sentinel". http://sourceforge.net/projects/clamsentinel/.
- ↑ "Trend Micro patent claim provokes FOSS community, leads to boycott". Linux.com. 2008-02-11. http://www.linux.com/feature/126851.
- ↑ "Boycott Trend Micro". Free Software Foundation. 2008-02-11. http://www.fsf.org/blogs/community/boycottTrendMicro.html.
- ↑ Paul, Ryan (2008-07-02). "Barracuda bites back at Trend Micro in ClamAV patent lawsuit". Arstechnica.com. https://arstechnica.com/open-source/news/2008/07/barracuda-bites-back-at-trend-micro-in-clamav-patent-lawsuit.ars.
- ↑ "Ex Parte Reexamination". U.S. Patent and Trademark Office. 2011-05-19. http://www.groklaw.net/pdf3/90011022-18.pdf.
- ↑ "Anatomy of a Dying Patent - The Reexamination of Trend Micro's '600 Patent". Groklaw.net. 2011-06-13. http://www.groklaw.net/article.php?story=20110613091958268.
Further reading
- An interview with ClamAV founder Tomasz Kojm archived version
External links