Tool and Usage
- Programming language
- Latest release
- Latest release date
Why this tool?
ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won't encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often used to support scanning incoming emails for malicious content.
How it works
The tooling has several components, including a daemon process named clamd. By using a Milter interface, email can be scanned within mail applications like Sendmail and Postfix. Optionally, the command-line utility clamdscan can talk to the daemon and request scanning of data.
ClamAV uses a few definition databases which contain the fingerprints of malware samples. Each utility responsible for scanning will work with this set of databases. The freshclam tool is a helper utility to update these databases.
The ClamAV project has a long history and is currently under development by Cisco. This is an indirect acquisition, as first the Snort project was acquired by Sourcefire. Then Cisco acquired Sourcefire in 2013, making it the new owner of the project.
Usage and audience
ClamAV is commonly used for malware analysis, malware detection, or malware scanning. Target users for this tool are general public, malware analysts, and system administrators.
- Command line interface
- Custom payloads
- Customization and additions are possible
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + Many maintainers
- + The source code of this software is available
History and highlights
|Cisco acquired Sourcefire
|Acquired by Sourcefire
Supported operating systems
ClamAV is known to work on FreeBSD, Linux, Microsoft Windows, and macOS.
Frequently Asked QuestionsCan I create my own ClamAV signatures?
Yes, it is possible to create your own signatures. The tools clambc and sigtool help with the creation and manipulation of custom signatures.Is the clam daemon (clamd) required to use ClamAV?
The clam daemon process is not strictly required. The clamscan tool can be used to scan a directory or file without using the daemon.
Similar tools to ClamAV:
Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.
Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix
chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.
This tool page was updated at . Found an improvement? Help the community by submitting an update.