LSE top 10LSE top 10ClamAV (4)ClamAV (4)

Tool and Usage

Project details

Programming language
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won't encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often used to support scanning incoming emails for malicious content.

How it works

The tooling has several components, including a daemon process named clamd. By using a Milter interface, email can be scanned within mail applications like Sendmail and Postfix. Optionally, the command-line utility clamdscan can talk to the daemon and request scanning of data.

ClamAV uses a few definition databases which contain the fingerprints of malware samples. Each utility responsible for scanning will work with this set of databases. The freshclam tool is a helper utility to update these databases.

Background information

The ClamAV project has a long history and is currently under development by Cisco. This is an indirect acquisition, as first the Snort project was acquired by Sourcefire. Then Cisco acquired Sourcefire in 2013, making it the new owner of the project.

Usage and audience

ClamAV is commonly used for malware analysis, malware detection, or malware scanning. Target users for this tool are general public, malware analysts, and system administrators.


  • Command line interface
  • Custom payloads
  • Customization and additions are possible

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + Many maintainers
  • + The source code of this software is available

History and highlights

2013Cisco acquired Sourcefire
2007Acquired by Sourcefire


Supported operating systems

ClamAV is known to work on FreeBSD, Linux, Microsoft Windows, and macOS.

Frequently Asked Questions

Can I create my own ClamAV signatures?

Yes, it is possible to create your own signatures. The tools clambc and sigtool help with the creation and manipulation of custom signatures.

Is the clam daemon (clamd) required to use ClamAV?

The clam daemon process is not strictly required. The clamscan tool can be used to scan a directory or file without using the daemon.

ClamAV alternatives

Similar tools to ClamAV:



Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.


Rootkit Hunter

Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix



chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.

All ClamAV alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Compare ClamAV with other tools


This tool is categorized as a Linux malware detection tool, Linux malware scanner, and Linux rootkit scanner.