Clam AntiVirus

From Wikipedia, the free encyclopedia

  (Redirected from ClamAV)
Jump to: navigation, search
Clam AntiVirus
Logo
Developer(s) Tomasz Kojm[1]
Stable release 0.95.2 / 2009-06-10; 31 days ago
Operating system Cross-platform
Type Antivirus software
License GNU General Public License
Website www.clamav.net

Clam AntiVirus (ClamAV) is a free, cross-platform antivirus software tool-kit capable of detecting many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. The application was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, Mac OS X, OpenVMS, OSF and Solaris. At one time it had a native version available for Windows, but that project has been ended.[2][3][4]

Both ClamAV and its updates are made available free of charge.

Sourcefire, a maker of intrusion detection products and the owner of Snort, announced on 17 August 2007 that it had acquired the trademarks and copyrights to ClamAV from five key developers.[5]

Contents

[edit] Features

Command Line scan and report showing ClamAV scan of a single directory

ClamAV includes a number of utilities: a command line scanner, automatic database updater and a scalable multi-threaded daemon, running on an anti-virus engine from a shared library.[2]

The application also features a Milter interface for sendmail and on-demand scanning. It has support for Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS formats, most mail file formats, ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor. It also supports many document formats, including Microsoft Office, HTML, Rich Text Format and Portable Document Format.[2]

The ClamAV virus database is updated several times each day and as of 11 May 2009 contained 549,826 virus signatures.[2][6]

[edit] Platforms

[edit] Linux & BSD

ClamAV is available for Linux and BSD-based operating systems.[2] In most cases it is available through the distribution's repositories for installation.

On Linux servers ClamAV can be run in daemon mode, servicing requests to scan files sent from other processes. These can include mail exchange programs, files on Samba shares, or packets of data passing through a proxy server (IPCop, for example, has an add-on called Copfilter which scans incoming packets for malicious data).

On Linux and BSD desktops ClamAV provides on-demand scanning of individual files, directories or the whole PC.[2]

[edit] Mac OS X

Apple Mac OS X Server has included ClamAV since version 10.4. It is used within the operating system's email service. A graphical user interface is available in the form of ClamXav.[7] Additionally, Fink and MacPorts have ported ClamAV to the platform too.

Another program which uses the ClamAV engine, on Mac OS X, is Counteragent. Working alongside the Eudora Internet Mail Server program, Counteragent scans emails for viruses using ClamAV and also optionally provides spam filtering through SpamAssassin.

[edit] OpenVMS

ClamAV for OpenVMS is available for Alpha and Itanium platforms. The build process is simple and provides basic functionality, including: library, clamscan utility, clamd daemon and freshclam for update.[8]

[edit] Microsoft Windows

ClamWin running on Windows XP
Main article: ClamWin

ClamWin is a graphical user interface front end for ClamAV for Microsoft Windows built by ClamWin Pty Ltd. Features include on-demand (user started) scanning, automatic updates, scan scheduling, context menu integration to Explorer, and an add-in for Microsoft Outlook. To provide on-access scanning (scan when a file is read or written), the free software Winpooch must be used. A plug-in for Mozilla Firefox which uses ClamWin to scan downloaded files is also available.[9]. Several other extensions allow the users to process downloaded files with any software and scan the files with ClamWin.[10][11][12][13]

ClamAV is also integrated into Moon Secure AV[14] and optionally into Spyware Terminator [15], which are able to use ClamAV for real-time protection and on-demand scans.

[edit] Graphical interfaces

Since ClamAV does not include a graphical user interface but instead is run from the command line, a number of third-party developers have written GUIs for the application for various platforms and uses.

These include:

ClamTk 4.08 running on Ubuntu 9.04 Jaunty Jackalope
  • Linux
    • ClamTk using gtk2-perl. The project takes its name from the Tk libraries that were used when it was first started.[16][17]
    • KlamAV for KDE[18]
  • Mac OS X
    • ClamXav is a freeware port which includes a graphical user interfaces and has a "sentry" service which can watch for changes or new files in many cases. There is also an update and scanning scheduler through a cron job facilitated by the graphical interface. ClamXav can detect OS X-specific malware, as well as UNIX-specific and Windows-specific malware, but the malware definitions for OS X are not updated as often, with sometimes as much as a year passing between updates. However, the ClamXav application and the ClamAV engine, are updated regularly.[19]
    • Tiger Cache Cleaner is shareware software which installs and presents a graphic interface for using Clamav to scan for viruses, as well as providing other unrelated functions.
  • Microsoft Windows
  • Miscellaneous
    • Untangle is an open source network gateway that uses ClamAV in its Virus Blocker application.[20]

[edit] Comparisons

ClamAV is occasionally included in comparative tests against other antivirus products; some results are provided below. In response to low scores, some commentators with contrary experience have suggested that the testing procedures, which are often undocumented, do not represent a fair evaluation of the software.[21] In addition, ClamAV is often not included in mainstream tests, possibly due to there historically being no businesses to sponsor its inclusion.[22]

  • AV-Test (2008)[23]
    • On-demand: very poor
    • False positives: poor
    • On-access: poor
    • Response time: very good
    • Rootkits: very poor
  • Virus.gr (2007)[24], note that ClamWin differs from ClamAV and often has lower detection rates.
    • ClamWin ranked 39th (out of 53)
  • Untangle (2007)
    • Ranked 2nd (out of 10) ahead of Symantec, F-Prot, Sophos, McAfee, GlobalHauri, Fortinet, and SonicWall.[25]

[edit] Patents

Barracuda Networks is being sued by Trend Micro for its distribution of ClamAV as part of a security package.[26] Trend Micro claims that Barracuda's utilization of ClamAV infringes on a software patent for filtering viruses on an Internet gateway. The free software community has responded in part by calling for a boycott against Trend Micro. The boycott has been endorsed by the Free Software Foundation.[27]

[edit] See also

Free software portal

[edit] References

  1. ^ ClamAV (2007). "Team Members". http://www.clamav.net/about/team/. Retrieved on 2008-12-30. 
  2. ^ a b c d e f ClamAV (2007). "About ClamAV". http://www.clamav.net/about. Retrieved on 2008-12-25. 
  3. ^ ClamAV (2007). "ClamAV Packages and Ports". http://www.clamav.net/download/packages/. Retrieved on 2008-12-31. 
  4. ^ ClamAV (2008). "ClamAV for Windows". http://w32.clamav.net/. Retrieved on 2009-02-21. 
  5. ^ "Sourcefire acquires ClamAV". ClamAV. 2007-09-17. http://www.clamav.org/2007/08/17/sourcefire-acquires-clamav/. Retrieved on 2008-02-12. 
  6. ^ ClamAV (May 2009). "Latest Stable Release". http://www.clamav.net/. Retrieved on 2009-05-11. 
  7. ^ ClamXav.com (undated). "ClamXAV.com". http://www.clamxav.com/. Retrieved on 2009-01-24. 
  8. ^ Chupahin, Alexey (December 2008). "Clam AntiVirus OpenVMS Project News". http://clamav.dyndns.org/clamav/. Retrieved on 2008-12-25. 
  9. ^ "ClamWin Antivirus Glue for Firefox". Firefox Addons. https://addons.mozilla.org/en-US/firefox/addon/771. Retrieved on 2008-04-15. 
  10. ^ Download Scan
  11. ^ Download Statusbar
  12. ^ Safe Download
  13. ^ ClamWin Pty Ltd (2009). "About ClamWin Free Antivirus". http://www.clamwin.com/content/view/71/1/. Retrieved on 2009-03-13. 
  14. ^ Info About Moon Secure
  15. ^ Key Features of Spyware Terminator
  16. ^ Mauroni, Dave (December 2008). "ClamTk Virus Scanner". http://clamtk.sourceforge.net/. Retrieved on 2008-12-25. 
  17. ^ Mauroni, Dave (October 2008). "ClamTk README". http://clamtk.sourceforge.net/README. Retrieved on 2008-12-26. 
  18. ^ KlamAV F. (May 2006). "KlamAV - Main Page". http://klamav.sourceforge.net/. Retrieved on 2008-12-25. 
  19. ^ ClamXav.com (November 2008). "ClamXav.com". http://www.clamxav.com/. Retrieved on 2008-12-25. 
  20. ^ Untangle (2008). "Virus Blocking - Two Great Apps to Protect Your Network". http://www.untangle.com/index.php?option=com_content&task=view&id=362&Itemid=1288. Retrieved on 2008-12-25. 
  21. ^ Adam Hyde (2005-07-15). "Antivirus Tools: Clam AV Is The Best -- But Where Are The Rest?". InformationWeek. http://www.informationweek.com/software/opensource/166400446. Retrieved on 2008-02-12. 
  22. ^ Dirk Morris (2007-09-05). "AntiVirus Fightclub!". Untangle. http://blog.untangle.com/?p=95. Retrieved on 2008-02-12. 
  23. ^ "Anti-virus comparison test of current anti-malware products, Q1/2008". AV-Test GmbH. 2008-01-22. http://blogs.pcmag.com/securitywatch/Results-2008q1.htm. Retrieved on 2008-02-12. 
  24. ^ "23 April-10 May 2007". Virus.GR. 2007-03-10. http://www.virus.gr/portal/en/node/28. Retrieved on 2008-02-12. 
  25. ^ "Untangle Fight Club". 2007-09-05. http://virus.untangle.com/. Retrieved on 2008-02-12. 
  26. ^ "Trend Micro patent claim provokes FOSS community, leads to boycott". Linux.com. 2008-02-11. http://www.linux.com/feature/126851. Retrieved on 2008-02-12. 
  27. ^ "Boycott Trend Micro". Free Software Foundation. 2008-02-11. http://www.fsf.org/blogs/community/boycottTrendMicro.html. Retrieved on 2008-02-12. 

[edit] Further reading

[edit] External links

v  d  e
Sourcefire
Key People
John Burris, CEO  · Martin Roesch, CTO  · Tom McDonough, President/COO  · Todd Headley, CFO  · Michele Perry, CMO  · Douglas McNitt, General Council  · Tom Ashoff, VP of Engineering  · John Czupak, VP of Business Development  · John Negron, VP of Sales  · Lesley Pendergast, VP of Human Resources
Board of Directors
Steven Polk, Chairman  · John Beckler, Independent  · Asheem Chandna, Independent  · Michael Cristinziano, Independent  · Tim Guleri, Independent  · John Burris, Sourcefire  · Martin Roesch, Sourcefire
Products
Open Source Products
Snort  · ClamAV  · Daemonlogger  · OfficeCat
Certifications and Training
Sourcefire Security Education Program: SFCP  · SFCE  · SnortCP  · Rule Writing Best Practices  · Fundamentals of Exploit Development
Philanthropy
Annual Revenue: US$75.7 Million (FY 2008) (up 35% from 2007)  · Employees: 286 (2009) · Stock Symbol: NASDAQFIRE · Website: www.Sourcefire.com
v  d  e
Free and open source software
General
Free software
portal
Notable packages
Operating system families
AROS · BSD · Darwin · FreeDOS · GNU · Haiku · Inferno · Linux · Mach · MINIX · OpenSolaris · Plan 9 · ReactOS · Syllable
Development
GCC · Java · libJIT · LLVM · Lua · Open64 · Perl · PHP · Python · ROSE · Ruby · Tcl
History
Organizations
Licences
Apache · BSD · GNU GPL · ISC · LGPL · MIT · MPL · Ms-PL/RL · FSF approved licences
Challenges
Other topics
List of open source software packages
Retrieved from "http://en.wikipedia.org/wiki/Clam_AntiVirus"
Personal tools