ClamAV
Tool and Usage
Project details
- License
- GPLv2
- Programming language
- C
- Latest release
- clamav-1.4.1
- Latest release date
Project health
Why this tool?
ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won't encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often used to support scanning incoming emails for malicious content.
How it works
The tooling has several components, including a daemon process named clamd. By using a Milter interface, email can be scanned within mail applications like Sendmail and Postfix. Optionally, the command-line utility clamdscan can talk to the daemon and request scanning of data.
ClamAV uses a few definition databases which contain the fingerprints of malware samples. Each utility responsible for scanning will work with this set of databases. The freshclam tool is a helper utility to update these databases.
Background information
The ClamAV project has a long history and is currently under development by Cisco. This is an indirect acquisition, as first the Snort project was acquired by Sourcefire. Then Cisco acquired Sourcefire in 2013, making it the new owner of the project.
Usage and audience
ClamAV is commonly used for malware analysis, malware detection, or malware scanning. Target users for this tool are general public, malware analysts, and system administrators.
Features
- Command line interface
- Custom payloads
- Customization and additions are possible
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
Strengths
- + Many maintainers
- + The source code of this software is available
History and highlights
Year | Event |
---|---|
2013 | Cisco acquired Sourcefire |
2007 | Acquired by Sourcefire |
Installation
Supported operating systems
ClamAV is known to work on FreeBSD, Linux, Microsoft Windows, and macOS.
Frequently Asked Questions
Can I create my own ClamAV signatures?Yes, it is possible to create your own signatures. The tools clambc and sigtool help with the creation and manipulation of custom signatures.
Is the clam daemon (clamd) required to use ClamAV?The clam daemon process is not strictly required. The clamscan tool can be used to scan a directory or file without using the daemon.
ClamAV alternatives
Similar tools to ClamAV:
LMD
Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.
Rootkit Hunter
Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix
chkrootkit
chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
Compare ClamAV with other tools
Categories
This tool is categorized as a Linux malware detection tool, Linux malware scanner, and Linux rootkit scanner.