Clam AntiVirus

From Infogalactic: the planetary knowledge core
Jump to: navigation, search
Clam AntiVirus
150px
Clamav096.png
Clam AV 0.96, running a definition update, scanning a file and identifying a Trojan from the command-line.
Developer(s) Cisco Systems
Stable release 0.99 / December 1, 2015; 8 years ago (2015-12-01)
Written in C, C++
Operating system Cross-platform
Type Antivirus software
License GNU General Public License
Website www.clamav.net

Clam AntiVirus (ClamAV) is a free and open-source, cross-platform antivirus software toolkit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. The application was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, OS X, OpenVMS, OSF (Tru64) and Solaris. As of version 0.97.5, ClamAV builds and runs on Microsoft Windows.[1][2] Both ClamAV and its updates are made available free of charge.

Sourcefire, a maker of intrusion detection products and the owner of Snort, announced on 17 August 2007 that it had acquired the trademarks and copyrights to ClamAV from five key developers.[3] In turn, Sourcefire was acquired by Cisco in 2013.[4]

Features

ClamAV includes a number of utilities: a command-line scanner, automatic database updater and a scalable multi-threaded daemon, running on an anti-virus engine from a shared library.[1]

The application also features a Milter interface for sendmail and on-demand scanning. It has support for Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS formats, most mail file formats, ELF executables and Portable Executable (PE) files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor. It also supports many document formats, including Microsoft Office, HTML, Rich Text Format (RTF) and Portable Document Format (PDF).[1]

The ClamAV virus database is updated at least every four hours and as of 25 December 2014 contained over 3,700,000 virus signatures with the daily update Virus DB number at 19837.[1][5]

Effectiveness

ClamAV is currently tested daily in comparative tests against other antivirus products on Shadowserver. In 2011, Shadowserver tested over 25 million samples against ClamAV and numerous other antivirus products. Out of the 25 million samples tested, ClamAV scored 76.60% ranking 12 out of 19, a higher rating than some much more established competitors.[6]

ClamAV was included in comparative tests against other antivirus products. In the 2008 AV-Test it rated: on-demand: very poor, false positives: poor, on-access: poor, response time: very good, rootkits: very poor.[7]

In a Shadowserver six-month test between June and December 2011, ClamAV detected over 75.45% of all viruses tested, putting it in fifth place behind AhnLab, Avira, BitDefender and Avast. AhnLab, the top antivirus, detected 80.28%.[8]

Unofficial databases

The ClamAV engine can be reliably used to detect several kinds of files. In particular, some phishing emails can be detected using antivirus techniques. However, false positive rates are inherently higher than those of traditional malware detection.[9] Sanesecurity is an organization that maintains a number of such databases; in addition they distribute and classify a number of similar databases from other parties, such as CRDF Threat Center, Porcupine, Julian Field, MalwarePatrol.[10] SecuriteInfo.com also provides additional signatures for Clamav.[11]

ClamAV Unofficial Signatures are mainly used by system administrators to filter email messages.[12] Detections of these groups should be scored, rather than causing an outright block of the "infected" message.[10]

Platforms

Linux, BSD

ClamAV is available for Linux and BSD-based operating systems.[1] In most cases it is available through the distribution's repositories for installation.

On Linux servers ClamAV can be run in daemon mode, servicing requests to scan files sent from other processes. These can include mail exchange programs, files on Samba shares, or packets of data passing through a proxy server (IPCop, for example, has an add-on called Copfilter which scans incoming packets for malicious data).

On Linux and BSD desktops ClamAV provides on-demand scanning of individual files, directories or the whole PC.[1]

Mac OS X

Apple Mac OS X Server has included ClamAV since version 10.4. It is used within the operating system's email service. A graphical user interface is available in the form of ClamXav.[13] Additionally, Fink, Homebrew and MacPorts have ported ClamAV.

Another program which uses the ClamAV engine, on Mac OS X, is Counteragent. Working alongside the Eudora Internet Mail Server program, Counteragent scans emails for viruses using ClamAV and also optionally provides spam filtering through SpamAssassin.

OpenVMS

ClamAV for OpenVMS is available for DEC Alpha and Itanium platforms. The build process is simple and provides basic functionality, including: library, clamscan utility, clamd daemon and freshclam for update.[14]

Windows

ClamAV for Windows is now a part of the Immunet client produced by Sourcefire. Immunet is a real-time cloud based detection software, maintained by Sourcefire, which owns both ClamAV and Immunet.[15]

eComStation

ClamAV for eComStation (OS/2) is available from OS/2 Power Wiki. "The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date."[16]

Graphical interfaces

Since ClamAV does not include a graphical user interface (GUI) but instead is run from the command line, a number of third-party developers have written GUIs for the application for various platforms and uses.

These include:

ClamTk 4.30 running on Ubuntu 11.04
  • Linux
    • ClamTk using gtk2-perl; project is named for the Tk libraries that were used when it began[17][18]
    • KlamAV for KDE, discontinued development in 2009[19]
    • wbmclamav is a webmin module to manage Clam AntiVirus[20]
  • Mac OS X
    • ClamXav is a port which includes a graphical user interfaces and has a "sentry" service which can watch for changes or new files in many cases. There is also an update and scanning scheduler through a cron job facilitated by the graphical interface. ClamXav can detect malware specific to Mac OS X, Unix, or Windows. The ClamXav application and the ClamAV engine, are updated regularly.[21]
    • Tiger Cache Cleaner is shareware software which installs and presents a graphic interface for using ClamAV to scan for viruses, and provides other unrelated functions.
  • Microsoft Windows

ClamWin

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Main article: ClamWin
ClamWin running on Windows XP

ClamWin is a graphical user interface front end for ClamAV for Microsoft Windows built by ClamWin Pty Ltd. Features include on-demand (user started) scanning, automatic updates, scan scheduling, context menu integration to Explorer, and an add-in for Microsoft Outlook. ClamWin does not provide on-access scanning, additional software must be used.

Plugins for Mozilla Firefox which use ClamWin to scan downloaded files are also available.[23][24] Several other extensions allow users to process downloaded files with any software and scan the files with ClamWin.[25][26][27][28]

Clam Sentinel

Clam Sentinel[29] is a free software system tray application that detects file system changes and scans the files modified using ClamWin in real-time.[30] It works with Windows 98/98SE/ME/XP/Vista/7/8. Its features a real-time scanner for ClamWin, optional system change messages and proactive heuristic protection.

Real-time file scanning

ClamAV is not a real-time virus scanner (does not scan when a file is read or written), but can be used with other applications such as ClamFS (for any Unix-like operating system supporting FUSE), DazukoFS (for Linux), Clam Sentinel, Moon Secure Antivirus, and Winpooch (both for Windows) to provide real-time checks.[31][32][33]

Patent lawsuit

In 2008, Barracuda Networks was sued by Trend Micro for its distribution of ClamAV as part of a security package.[34] Trend Micro claimed that Barracuda's utilization of ClamAV infringes on a software patent for filtering viruses on an Internet gateway. The free software community responded in part by calling for a boycott against Trend Micro. The boycott was also endorsed by the Free Software Foundation.[35] Barracuda Networks counter-sued with IBM obtained patents in July 2008.[36] On May 19, 2011, the U.S. Patent and Trademark Office issued a Final Rejection[37] in the reexamination of Trend Micro's U.S. patent 5,623,600.[38]

See also

References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 Lua error in package.lua at line 80: module 'strict' not found.
  2. Lua error in package.lua at line 80: module 'strict' not found.
  3. Lua error in package.lua at line 80: module 'strict' not found.
  4. Lua error in package.lua at line 80: module 'strict' not found.
  5. Lua error in package.lua at line 80: module 'strict' not found.
  6. Lua error in package.lua at line 80: module 'strict' not found.
  7. Lua error in package.lua at line 80: module 'strict' not found.
  8. Lua error in package.lua at line 80: module 'strict' not found.
  9. Lua error in package.lua at line 80: module 'strict' not found.
  10. 10.0 10.1 Sanesecurity Phishing, Scam and Malware signatures for ClamAV
  11. SecuriteInfo.com Add 500.000 signatures to Clamav Antivirus
  12. Lua error in package.lua at line 80: module 'strict' not found.
  13. Lua error in package.lua at line 80: module 'strict' not found.
  14. Lua error in package.lua at line 80: module 'strict' not found.
  15. Lua error in package.lua at line 80: module 'strict' not found.
  16. Lua error in package.lua at line 80: module 'strict' not found.
  17. Lua error in package.lua at line 80: module 'strict' not found.
  18. Lua error in package.lua at line 80: module 'strict' not found.
  19. Lua error in package.lua at line 80: module 'strict' not found.
  20. Lua error in package.lua at line 80: module 'strict' not found.
  21. Lua error in package.lua at line 80: module 'strict' not found.
  22. 22.0 22.1 Lua error in package.lua at line 80: module 'strict' not found.
  23. Lua error in package.lua at line 80: module 'strict' not found.
  24. Lua error in package.lua at line 80: module 'strict' not found.[dead link]
  25. Lua error in package.lua at line 80: module 'strict' not found.
  26. Download Statusbar
  27. Lua error in package.lua at line 80: module 'strict' not found.
  28. Lua error in package.lua at line 80: module 'strict' not found.
  29. Lua error in package.lua at line 80: module 'strict' not found.
  30. Lua error in package.lua at line 80: module 'strict' not found.
  31. Lua error in package.lua at line 80: module 'strict' not found.
  32. Moon Secure Antivirus at Sourceforge
  33. Lua error in package.lua at line 80: module 'strict' not found.
  34. Lua error in package.lua at line 80: module 'strict' not found.
  35. Lua error in package.lua at line 80: module 'strict' not found.
  36. Lua error in package.lua at line 80: module 'strict' not found.
  37. Lua error in package.lua at line 80: module 'strict' not found.
  38. Lua error in package.lua at line 80: module 'strict' not found.

Further reading

External links

Retrieved from "https://infogalactic.com/w/index.php?title=Clam_AntiVirus&oldid=1945550"