Clam AntiVirus

Clam AntiVirus ( ClamAV ) is a free , cross-platform and open-source antivirus software toolkit that can detect many types of malicious software, including viruses . One of its main uses is on mail servers as a server-side email virus scanner. The app Was Developed for Unix and HAS third party versions available for AIX , BSD , HP-UX , Linux , macOS, OpenVMS , OSF (Tru64) and Solaris. As of version 0.97.5, ClamAV builds and runs on Microsoft Windows . [1] [2] Both ClamAV and its updates are made available free of charge.

Sourcefire , a maker of intrusion detection products and the owner of Snort , announced on August 17, 2007 that it had acquired trademarks and copyrights to ClamAV from five key developers. [3] In turn, Sourcefire was acquired by Cisco in 2013. [4]

Features

ClamAV includes a number of utilities: a command-line scanner, an automatic database updater and a scalable multi-threaded daemon , running on an anti-virus engine from a shared library. [1]

The application also features a Milter interface for sendmail and on-demand scanning. It has support for Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS formats, most mail file formats, ELF executables and Portable Executable (PE) compressed files with UPX , FSG, Small, NsPack, wwpack32 , MEW, Upack and obfuscated with SUE, Y0da Cryptor. It also supports many document formats, including Microsoft Office , HTML , Rich Text Format (RTF) and Portable Document Format (PDF). [1]

The ClamAV virus is updated over 5,760,000 virus signatures citation needed ] with the daily update Virus DB number at 23040. [5] [6]

Effectiveness

ClamAV is currently being tested in other antivirus products on Shadowserver . In 2011, Shadowserver tested over 25 million samples against ClamAV and numerous other antivirus products . Out of the 25 million tested samples, ClamAV scored 76.60% ranking 12 out of 19, a higher rating [7]

In the 2008 AV-Test, which compared ClamAV to other antivirus software, it rated: on-demand: very poor, false positive: poor, on-access: poor, response time: very good, rootkits: very poor. [8]

In a Shadowserver six-month test between June and December 2011, ClamAV detected over 75.45% of all viruses tested, putting it in fifth place behind AhnLab, Avira, BitDefender and Avast. AhnLab, the top antivirus, detected 80.28%. [9]

Unofficial databases

The ClamAV engine can be reliably used to detect several types of files. In particular, some phishing emails can be detected using antivirus techniques. However, false positive rates are inherently higher than those of traditional malware detection. [10] Sanesecurity is an organization that maintains a number of such databases; in addition to CRDF Threat Center, Porcupine, Julian Field, MalwarePatrol. [11] SecuriteInfo.com also provides additional signatures for Clamav. [12]

ClamAV Unofficial Signatures are mainly used by system administrators to filter email messages. [13] Detections of these groups should be scored, rather than caused an outright block of the “infected” message. [11]

Platforms

Linux, BSD

ClamAV is available for Linux and BSD – based operating systems. [1] In most cases it is available through the distribution’s repositories for installation.

On Linux servers ClamAV can be run in daemon mode, servicing requests to scan files sent from other processes. These methods include Samba shares, or packets of data passing through a proxy server ( IPCop , for example, has an add-on called Copfilter which scans incoming packets for malicious data).

ClamAV provides on-demand scanning of individual files, directories or the whole PC. [1]

macOS

Apple macOS Server has included ClamAV since version 10.4. It is used within the operating system’s email service. A paid-for graphical user interface is available from Canimaan Software Ltd. [14] in the form of ClamXav . [15]Additionally, Fink , Homebrew and MacPorts have ported ClamAV.

Another program which uses the ClamAV engine, on macOS, is Counteragent. Working alongside the Eudora Internet Mail Server program, Counteragent scans emails for viruses using ClamAV and SpamAssassin .

OpenVMS

ClamAV for OpenVMS is available for DEC Alpha and Itanium platforms. The build process is simple and provides basic functionality, including: library, clamscan utility, clam daemon and freshclam for update. [16]

Windows

ClamAV for Windows is now part of the Immunet client produced by Sourcefire. Immunet is a real-time cloud based detection software, maintained by Sourcefire, which owns both ClamAV and Immunet. [17]

eComStation

ClamAV for eComStation ( OS / 2 ) is available from OS / 2 Power Wiki. The attachment provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via the Internet. shared library distributed with the Clam AntiVirus package, which is most importantly, the virus is kept up to date. ” [18]

Graphical interfaces

Since ClamAV does not include a graphical user interface (GUI) but instead is a part of the command line, a number of third-party developers have written GUIs for the application for various platforms and uses.

These include:

  • Linux
    • ClamTk using gtk2-perl; were used for the Tk libraries that were used when it began [19] [20]
    • KlamAV for KDE , discontinued development in 2009 [21]
    • wbmclamav is a webmin module to manage Clam AntiVirus [22]
  • macOS
    • ClamXav is a port which includes a graphical user interfaces and has a “sentry” service which can be used for a number of times. There is also an update and scanning scheduler through a cron job facilitated by the graphical interface. ClamXav can detect malware specific to macOS, Unix, or Windows. The ClamXav app and the ClamAV engine, are updated regularly. [23] ClamXav is written by Canimaan Software Ltd. [14]
    • Tiger Cache Cleaner is shareware software qui installs and presents a graphic interface for using ClamAV to scan for viruses, and other unrelated Provides functions.
  • Microsoft Windows
    • Immunet
    • ClamWin
    • CS Antivirus [24]
    • Graugon AntiVirus [24]
    • Clam Sentinel

ClamWin

ClamWin is a graphical user front end interface for ClamWin for Microsoft Windows built by ClamWin Pty Ltd. Features include on-demand (user started) scanning, automatic updates, scan scheduling, context menu integration to Explorer, and an add-in for Microsoft Outlook . ClamWin does not provide on-access scanning , additional software must be used.

Plugins for Mozilla Firefox which uses ClamWin to scan downloaded files are also available. [25] [26] Several other extensions allow users to process files with any software and scan the files with ClamWin. [27] [28] [29] [30]

Clam Sentinel

Clam Sentinel [31] is a free software system that uses ClamWin in real-time. [32] It works with Windows 98 / 98SE / ME / XP / Vista / 7/8. It features a real-time scanner for ClamWin, an optional system changes messages and proactive heuristic protection.

Real-time file scanning

ClamAV is not a real-time virus scanner, but can be used with other applications such as ClamFS (for any Unix-like operating system supporting FUSE ), DazukoFS (for Linux), Clam Sentinel , Moon Secure Antivirus , and Winpooch (both for Windows) to provide real-time checks. [33] [34] [35]

Patent lawsuit

In 2008, Barracuda Networks was released by Trend Micro for its distribution of ClamAV as part of a security package. [36] Trend Micro Claimed That Barracuda’s utilization of ClamAV infringes was obvious software for filtering viruses is an Internet gateway . The free software community responded by calling for a boycott against Trend Micro. The boycott was also endorsed by the Free Software Foundation . [37] Barracuda Networks counter-sued with IBM obtained patents in July 2008. [38] On May 19, 2011, the US Patent and Trademark Office issued a Final Rejection [39]in the reexamination of Trend Micro US Patent 5,623,600. [40]

See also

  • List of antivirus software
  • Software patents and free software

References

  1. ^ Jump up to:e ClamAV (2007). “About ClamAV” . Retrieved 2008-12-25 .
  2. Jump up^ ClamAV (2007). “ClamAV Packages and Ports” . Retrieved 2008-12-31 .
  3. Jump up^ “Sourcefire acquires ClamAV” . ClamAV. 2007-09-17. Archived from the original on 2007-12-15 . Retrieved 2008-02-12 .
  4. Jump up^ “Cisco Complete Acquisition of Sourcefire” . cisco.com . 2013-10-07 . Retrieved 2014-06-18 .
  5. Jump up^ “About ClamAV” . Archived from the original on 2008-12-25 . Retrieved 2008-12-25 .
  6. Jump up^ “Latest Stable Release” . Archived from the original on 2010-08-21 . Retrieved 2010-08-21 .
  7. Jump up^ “ShadowServer Yearly Stats” . shadowserver.org. 2012-01-05 . Retrieved 2012-01-05 .
  8. Jump up^ “Anti-virus comparison test of current anti-malware products, Q1 / 2008”. AV-Test GmbH. 22 January 2008. Archived from the original on 15 July 2011 . Retrieved 12 February 2008 .
  9. Jump up^ “ShadowServer 180 Day Stats” . shadowserver.org. 2011-08-16 . Retrieved 2011-12-16 .
  10. Jump up^ Brad Wardman; Tommy Stallings; Gary Warner; Anthony Skjellum (August 5, 2011). “High-Performance Content-Based Phishing Attack Detection”(PDF) . uab.edu . Retrieved 2 September 2014 .
  11. ^ Jump up to:b Sanesecurity Phishing Scam and malware signatures for ClamAV
  12. Jump up^ SecuriteInfo.comAdd 500,000 signatures to Clamav Antivirus
  13. Jump up^ “ClamAV Unofficial Signatures Updater” . sourceforge.net . May 24, 2009. Retrieved 2 September 2014 .
  14. ^ Jump up to:b “About us” . ClamXAV . Retrieved 2017-07-15 .
  15. Jump up^ ClamXav.com (nd). “ClamXAV.com” . Retrieved 2009-01-24 .
  16. Jump up^ Chupahin, Alexey (December 2008). “Clam AntiVirus OpenVMS Project News” . Retrieved 2008-12-25 .
  17. Jump up^ “Immunet Online Protection” . Retrieved 2015-05-23 .
  18. Jump up^ “OS / 2 Power Wiki: ClamAV” . January 2011 . Retrieved 2012-08-17 .
  19. Jump up^ Mauroni, Dave (December 2008). “ClamTk Virus Scanner” . Retrieved 2008-12-25 .
  20. Jump up^ Mauroni, Dave (October 2008). “ClamTk README” . Retrieved 2008-12-26 .
  21. Jump up^ KlamAV F. (May 2006). “KlamAV – Main Page” . Retrieved 2013-03-04 .
  22. Jump up^ “wbmclamav project” .
  23. Jump up^ ClamXav.com (November 2008). “ClamXav.com” . Retrieved 2008-12-25.
  24. ^ Jump up to:b “CS Anti-Virus Description” . Softpedia.com. 2009-03-23 . Retrieved 2010-11-09 .
  25. Jump up^ “FireClam: Use ClamAV to scan Firefox downloads for viruses” . Firefox Addons . Retrieved 2009-11-02 .
  26. Jump up^ “ClamWin Antivirus Glue for Firefox” . Firefox Addons. Archived from the original on 2012-12-20 . Retrieved 2008-04-15 .
  27. Jump up^ “Download Scan” . Downloadstatusbar.mozdev.org. 2005-08-19 . Retrieved 2010-11-09 .
  28. Jump up^ Download Statusbar
  29. Jump up^ “Safe Download” . Extensions.geckozone.org . Retrieved 2010-11-09 .
  30. Jump up^ ClamWin Pty Ltd (2009). “About ClamWin Free Antivirus” . Retrieved 2009-03-13 .
  31. Jump up^ Clam Sentinel (2014-09-01). “Clam Sentinel – Free Realtime Antivirus” .
  32. Jump up^ Cyber ​​Pillar. “Clam Sentinel – Making ClamWin Be Used In Real-Time” . Retrieved 2014-09-01 .
  33. Jump up^ “Clam Sentinel” . Retrieved 2014-06-19 .
  34. Jump up^ Moon Secure Antivirus at Sourceforge
  35. Jump up^ “Winpooch” . Retrieved 2014-06-19 .
  36. Jump up^ “Micro Trend patent claim provokes FOSS community, leads to boycott” . Linux.com. 2008-02-11 . Retrieved 2008-02-12 .
  37. Jump up^ “Boycott Trend Micro” . Free Software Foundation . 2008-02-11 . Retrieved 2008-02-12 .
  38. Jump up^ Paul, Ryan (2008-07-02). “Barracuda bites back at Micro Trend in ClamAV patent lawsuit” . Arstechnica.com . Retrieved 2012-02-14 .
  39. Jump up^ “Ex Parte Reexamination” (PDF) . US Patent and Trademark Office. 2011-05-19 . Retrieved 2015-10-04 .
  40. Jump up^ “Anatomy of a Patent Dying – The Reexamination of Micro Trend ‘600 Patent” . Groklaw.net. 2011-06-13 . Retrieved 2015-10-04 .

Leave a Reply

Your email address will not be published. Required fields are marked *