Clam AntiVirus

src: i.ytimg.com

Clam AntiVirus ( ClamAV ) is a free, cross-platform and open-source antivirus software capable of detecting many types of malicious software, including viruses. One of the main uses is on the mail server as a server-side email server scanner. This app was developed for Unix and has third-party versions available for AIX, BSD, HP-UX, Linux, MacOS, OpenVMS, OSF (Tru64) and Solaris. Starting version 0.97.5, ClamAV is built and runs on Microsoft Windows. Both ClamAV and its updates are available for free.

Sourcefire, the makers of intrusion detection products and owner Snort, announced on August 17, 2007 that they have acquired trademark and copyright to ClamAV from five major developers. After joining Sourcefire, the ClamAV team joined the Sourcefire VRT. In turn, Sourcefire was acquired by Cisco in 2013. The Sourcefire Vulnerability Research Team (VRT) became Cisco Talos, and ClamAV development remained there.

Video Clam AntiVirus

Features

ClamAV includes a number of utilities: command line scanners, automatic database updates and scalable multi-threaded daemons, running on anti-virus machines from shared libraries.

The app also features a Milter interface for sendmail and scanning when needed. It has support for Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS format, most file format letters, ELF executable and Portable Executable (PE) files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor. It also supports many document formats, including Microsoft Office, HTML, Rich Text Format (RTF) and Portable Document Format (PDF).

The ClamAV virus database is updated at least every four hours and since February 10, 2017 contains more than 5,760,000 virus signatures with DB04040 DB numbers updated daily.

Maps Clam AntiVirus

Effectiveness

ClamAV is currently tested daily in comparative tests against other antivirus products at Shadowserver . In 2011, Shadowserver tested more than 25 million samples against ClamAV and a host of other antivirus products. Of the 25 million samples tested, ClamAV scored 76.60% ranked 12 out of 19, ranking higher than some of its more established competitors.

In 2008 AV-Test, which compares ClamAV with other antivirus software, it is rated: on-demand: very bad, false positives: poor, access: poor, response time: excellent, rootkit: very bad.

In a six-month Shadowserver test between June and December 2011, ClamAV detected over 75.45% of all tested viruses, placing it in fifth place behind AhnLab, Avira, BitDefender, and Avast. AhnLab, the top antivirus, detects 80.28%.

src: cdn3.geckoandfly.com

Unofficial databases

A reliable ClamAV engine is used to detect some file types. Specifically, some phishing emails can be detected using antivirus techniques. However, false positive numbers are inherently higher than traditional malware detection. Sanesecurity is an organization that maintains a number of such databases; in addition they distribute and classify a number of similar databases from other parties, such as Porcupine, Julian Field, MalwarePatrol. SecuriteInfo.com also provides additional signatures for Clamav.

ClamAV Unofficial Signatures is mainly used by system administrators to filter email messages. Detection of these groups should be assessed, rather than causing a direct block of "infected" messages.

src: i.ytimg.com

Platform

Linux, BSD

ClamAV is available for Linux and BSD based operating systems. In many cases it is available through the distribution repository for installation.

On Linux servers, ClamAV can be run in daemon mode, serving requests to scan files sent from other processes. This can include mail exchange programs, files on Samba shares, or data packets that pass through the proxy server.

On Linux and BSD desktops, ClamAV provides on-demand scans for individual files, directories or entire PCs.

macOS

Apple MacOS Server includes ClamAV since version 10.4. This is used in the operating system email service. A paid graphics user interface is available from Canimaan Software Ltd in the form of ClamXav . In addition, Fink, Homebrew and MacPorts have ported ClamAV.

Another program that uses ClamAV engine, in macOS, is Counteragent. Working with the Eudora Internet Mail Server program, Counteragent scans email for viruses using ClamAV and also optionally provides spam filtering via SpamAssassin.

OpenVMS

ClamAV for OpenVMS is available for DEC Alpha and Itanium platforms. The manufacturing process is simple and provides basic functionality, including: libraries, clamscan utilities, clamd daemons and freshclam for updates.

Windows

ClamAV for Windows is now part of the Immunet client manufactured by Cisco. Immunet is a real-time cloud-based detection software, managed by Cisco, which owns ClamAV and Immunet.

eComStation

ClamAV for eComStation (OS/2) is available from OS/2 Power Wiki. "The main purpose of this software is integration with email servers (attachment scanning).This package provides flexible and scalable multi-scrolled daemons, command line scanners and tools for automatic updates over the Internet This program is based on shared libraries distributed with packages Clam AntiVirus, which you can use with your own software, most importantly, the virus database is always updated. "

src: 3.bp.blogspot.com

Graphical interface

Because ClamAV does not include a graphical user interface (GUI) but is instead run from the command line, a number of third-party developers have written GUIs for applications for various platforms and usages.

These include:

• Linux
  • ClamTk using gtk2-perl; the project is named for the Tk library used upon start
  • KlamAV for KDE, construction that was discontinued in 2009
  • wbmclamav is a webmin module for managing Clam AntiVirus
• macOS
  • ClamXav is a port that includes a graphical user interface and has a "sentry" service that can monitor changes or new files in most cases. There are also updates and scheduler scans through cron tasks that are facilitated by the graphical interface. ClamXav can detect special malware for macOS, Unix, or Windows. The ClamXav app and ClamAV engine, updated regularly. ClamXav is written and sold by Canimaan Software Ltd.
  • Tiger Cache Cleaner is a shareware software that installs and presents a graphical interface to use ClamAV to scan for viruses, and provides other unrelated functions.
• Microsoft Windows
  • Immunet
  • ClamWin
  • CS Antivirus
  • Graugon AntiVirus
  • Clam Sentinel

ClamWin

ClamWin is a front end graphical user interface for ClamAV for Microsoft Windows built by ClamWin Pty Ltd. Features include scanning on-demand (user starts), automatic updates, scan scheduling, context menu integration for Explorer, and add-ins for Microsoft Outlook. ClamWin does not provide access scanning, additional software must be used.

Plugins for Mozilla Firefox that use ClamWin to scan downloaded files are also available. Some other extensions allow users to process files downloaded with any software and scan files with ClamWin.

Clam Sentinel

Clam Sentinel is a free software system tray application that detects file system changes and scans files modified using ClamWin in real-time. It works with Windows 98/98SE/ME/XP/Vista/7/8. It features a real-time scanner for ClamWin, optional system change messages and proactive heuristic protection.

src: i.ytimg.com

Real-time file scanning

ClamAV is not a real-time virus scanner (it does not scan when files are read or written), but can be used with other applications such as ClamFS (for Unix-like operating systems that support FUSE), DazukoFS (for Linux), Clam Sentinel, Moon Secure Antivirus, and Winpooch (both for Windows) to provide real-time checks. Since Version 0.99, ClamAV supports scanning during access through the Linux kernel (version & gt; = 3.8) fanotify module.

src: i.ytimg.com

Patent demands

In 2008, Barracuda Networks was sued by Trend Micro for ClamAV distribution as part of a security package. Trend Micro claims that the use of ClamAV by Barracuda infringes on software patents to filter viruses on the Internet gateway. The free software community partially answers by calling for a boycott of Trend Micro. The boycott is also supported by the Free Software Foundation. Barracuda Networks opposed back with IBM obtaining a patent in July 2008. On May 19, 2011, the US Patent and Trademark Office issued a Final Rejection in the re-examination of US Trend Micro patent 5,623,600.

src: 4.bp.blogspot.com

See also

• List of antivirus software
• Free software and software patents

src: i.ytimg.com

References

src: i.ytimg.com

Further reading

• Interview with ClamAV founder Tomasz Kojm archives version

src: d2.alternativeto.net

External links

• Official website

Source of the article : Wikipedia