ClamAV

from Wikipedia, the free encyclopedia
ClamAV - Clam AntiVirus

ClamTk.png
ClamAV with the interface ClamTk on Xubuntu 10.04
Basic data

developer Cisco (from 2013; before Sourcefire )
Publishing year 2001
Current  version 0.102.2
( February 4, 2020 )
operating system Cross-platform ( Unix-like , such as Linux and Mac , as well as Windows and similar, such as OS / 2 )
programming language C ++ , C
category Antivirus program
License GPLv2
German speaking Yes
www.clamav.net

ClamAV ( Clam A nti V irus ) is under the GNU General Public License standing antivirus program - so one application against pests such as viruses - with a phishing filter , which often e-mail servers to filter out so-called computer worms and phishing e -Mail is used. ClamAV is a library that can be integrated into your own applications , a service ( daemon ) running in the background and a command line application.

Under Linux , ClamAV uses fanotify to redirect access to the file system via the virus scanner and can therefore be used as a real-time scanner ; additional tools are required for use as real-time scanners under Windows .

Technical details

ClamAV consists of several individual applications. The most important are:

  • The virus scanner clamscan working on the command line ,
  • The optionally usable daemon clamd . It loads the virus signatures into the main memory only once when the system is started and not like clamscan each time it is called.
  • The comparatively lean front-end program clamdscan transfers the files to be checked to clamd and evaluates its results .
  • freshclam manages the existing virus signatures. It can also download virus signature updates from a Sourcefire VRT server.

There are other applications such as clamav-milter , amavis , simscan or qmail-scanner for integration in mail transfer agents .

Since ClamAV is free software , it quickly found its way into various Linux distributions and was also ported to other operating systems. In addition, a number of graphical interfaces were developed.

Sample session

During a ClamAV session, the clamscan program is called to search the current directory. The following example searches three files. The first file is recognized as a phishing e-mail, the second as a virus e-mail. The third file is recognized as clean: 

foo@bar:~$ clamscan
/home/foo/Phishing-E-Mail: HTML.Phishing.Bank-159 FOUND
/home/foo/Virus-E-Mail: Adware.Casino-1 FOUND
/home/foo/saubere-Datei: OK

----------- SCAN SUMMARY -----------
Known viruses: 42498
Engine version: 0.88
Scanned directories: 1
Scanned files: 3
Infected files: 2
Data scanned: 0.99 MB
Time: 1.765 sec (0 m 1 s)

Derivatives and graphical user interfaces

ClamWin for Windows

ClamWin 0.95.1 runs on Windows XP

ClamWin is a GPL virus scanner for Windows that is developed by Alex Cherney and is based on ClamAV. The porting of the original ClamAV - source code on Windows - platform takes place from version 0.88.1 and is no longer a Unix runtime environment such as Cygwin -dependent. ClamWin is available in a package as a Windows installer and, since April 18, 2006, can alternatively be used without installation as portable software , which can be run from a USB stick , for example.

There are also the extensions ClamWin Antivirus Glue for Firefox (with support up to Firefox version 1.5.0.x ) and Fireclam (from Firefox version 3.0 ), with which all downloaded files are automatically available for the open source web browser Mozilla Firefox ClamWin can be verified.

The application includes:

Planned:

  • Real-time monitoring ( real-time scanner , on-access scanner )

Clam Sentinel

Clam Sentinel is a real-time scanner and is based on ClamWin. It runs under Windows 98 / 98SE / ME / XP / Vista / 7/8 and is embedded as an application in the notification area of ​​the taskbar. It detects changes to the file system and checks them using a ClamWin running in the background. Connected drives, e.g. B. USB sticks, monitored by Clam Sentinel. It offers the following functions:

  • Extends ClamWin with real-time protection
  • Integrated system for the detection of attacks (intrusion detection)
  • Heuristic protection
  • Protection for USB sticks and removable media
  • Uses the ClamWin quarantine directory
  • Checks log files, drives, memory and messages in real time
  • Preferences are already set up for most computers
  • Simple configuration via the symbol in the information area ( system tray )
  • Supports operating systems from Win98 and newer
  • Available in English, Italian, German and French
  • Multi-user capable

ClamAV for Windows

There are also various ports of ClamAV for Windows, which, like the Linux version, can be addressed via the network interface (via port 3310 ) - both directly executable versions and those that require the help of Cygwin .

Directly executable variants:

  • ClamAV Antivirus Native Win32 Port - forms the basis for ClamWin
  • ClamAV for Windows , now Immunet Antivirus - the basis was the original source code of ClamAV

Porting to Cygwin (for Windows):

  • ClamAV / SOSDG

KDE interface KlamAV

The KlamAV settings window

KlamAV is standing under the GPL KDE - frontend for ClamAV, that of Robert Hogan is developed.

The application includes:

ClamXav for Mac OS X

With ClamXav, there is also a graphical user interface for the macOS operating system , which ClamAV uses as a basis and is constantly being further developed. However, as of version 2.8, this is a commercial product.

ClamAV GUI for OS / 2

There is also a graphical user interface for the OS / 2 operating system and its derivative eComStation , which ClamAV uses as a basis and is being further developed.

ClamMail for Windows

ClamMail is an e-mail proxy based on ClamAV. Before the mail reaches the e-mail client, it goes through the virus scanner. The program includes an automatic update function.

history

ClamAV has existed since the early 2000s.

In July 2003, ClamAV moved to SourceForge . In October 2003, Round Robin followed the mirror server of its database by means of a resource record , in January 2004 the database was expanded by leaps and bounds, and in February 2004 a method inspired by Debian to quickly update all mirror servers.

In August 2007 the main developers of ClamAV sold the project to Sourcefire .

In July 2013, Sourcefire and with it ClamAV were bought by Cisco .

history

version published on Notes and most important changes
Older version; no longer supported: 0.60 July 29, 2003 Support until September 1st, 2004.
Older version; no longer supported: 0.65 November 12, 2003 Compressed and digitally signed database.
Older version; no longer supported: 0.70 March 15, 2004 More robust daemon and extended to VBA macros for MS Office .

Six other versions of the 0.7 series from 0.71 to 0.75.1 followed on July 30, 2004.

Older version; no longer supported: 0.80 October 17, 2004 19 other versions followed in the 0.80 series (after 0.80 from 0.81 to 0.88.7)

Last version: 0.88.7 on December 11, 2006

Older version; no longer supported: 0.90 February 13, 2007 14 other versions followed in the 0.90 series up to the end of the 0.94 series (after 0.90 from 0.90.1 to 0.94.2)

Last version: 0.94.2 on November 26, 2008

Older version; no longer supported: 0.95 March 23, 2009 New: Support for Windows systems; 3 more versions followed in the 0.95 series (after 0.95 from 0.95.1 to 0.95.3) with security and stability updates

Last version: 0.95.3 on October 28, 2009

Older version; no longer supported: 0.96 March 31, 2010 New: heuristics for Windows malware detection; Support of the file formats for 7zip , InstallShield , cpio and others; new in version 0.96.2: new parser for PDF files, as well as optimization of execution speed and memory consumption; community-based verification procedures (with cloud computing and support for the internet community); five versions followed in the 0.96 series (after 0.96 from 0.96.1 to 0.96.5), including security and stability updates

Last version: 0.96.5 on November 30, 2010

Older version; no longer supported: 0.97 February 7, 2011 New: Windows support, support for signatures based on SHA1 and SHA256 , improved error detection, speed and memory optimizations

Four versions followed in the 0.97 series (after 0.97 from 0.97.1 to 0.97.6)
Last version: 0.97.8 on April 23, 2013

Older version; no longer supported: 0.98 19th September 2013 In addition to supporting other file formats (such as ISO-9660 images and self-extracting 7z archives), the Clamuko / Dazuko module for real-time monitoring has been replaced by fanotify ;

Last version: 0.98.7 on April 28, 2015

Older version; no longer supported: 0.99 1st December 2015 u. a. Extension with the malware description language YARA , as well as new real-time monitoring for Linux

Last version: 0.99.4 on March 1st, 2018

Older version; no longer supported: 0.100 April 9, 2018 Support of OpenSSL , but no longer support for Windows XP (and Vista )

Last version: 0.100.3 on March 26, 2019

Older version; still supported: 0.101 3rd December 2018 it will now u. a. so-called rar archives in version 5 are also supported

Last version: 0.101.5 on November 20, 2019

Current version: 0.102 2nd October 2019 u. a. with improvements in checking executable files in PE format

Current: 0.102.1 on November 20, 2019

Legend:
Older version; no longer supported
Older version; still supported
Current version
Current preliminary version
Future version

Expandability

ClamAV itself has the problem of a bad virus definition file. The open source project clamav-unofficial-sigs , which can be optionally installed under Linux , is intended to integrate a large number of other virus definitions and to significantly increase the detection rate of ClamAV.

ClamAV itself is not a real-time scanner (under Windows), but can be used as a real-time scanner together with programs such as ClamFS , Spyware Terminator , Clam Sentinel or Winpooch .

criticism

ClamAV was particularly criticized for its low detection rates. In January 2008, ClamAV achieved a detection rate of only 77.3 percent in a test by the Magdeburg security institute AV-Test with over a million malware threats (best value 99.9%, worst 55.8%). The rate of false alarms was also comparatively high. In August 2007, ClamAV with version 0.91-1-1 of the Linux client under Ubuntu achieved a value of 100 percent for the catch rate (equivalent to the products of the companies Kaspersky and Norton) in an independent test by the service provider Untangle - and EICAR test and took 2nd place with over 90 percent in the overall result.

See also

Web links

Commons : ClamAV  - collection of images, videos and audio files

Individual evidence

  1. www.clamav.net . February 4, 2020 (accessed March 13, 2020).
  2. github.com . February 4, 2020 (accessed March 13, 2020).
  3. a b www.openhub.net .
  4. About. ClamAV, accessed December 13, 2014 .
  5. ClamWin - Free Antivirus. ClamWin, accessed June 19, 2014 .
  6. ClamWin Portable Support (English) - page with development history at PortableApps.com ; As of June 28, 2013.
  7. Fireclam - Entry in Firefox Add-ons (accessed October 13, 2009)
  8. Clam Sentinel - Free Realtime Antivirus. Clam Sentinel, accessed September 1, 2014 .
  9. Clam Sentinel - Making ClamWin Be Used In Real-Time. Cyber ​​Pillar, accessed September 1, 2014 .
  10. ClamAV Native Win32 Port. Gianluigi Tiesi, accessed April 8, 2009 .
  11. ClamAV - Windows Antivirus (English) - Information about Immunet AntiVirus on the Clam AntiVirus page , on November 24, 2016.
  12. ClamAV / SOSDG (English) - Summit Open Source Development Group , on March 25, 2009 (last backup in the Internet archive , on January 6, 2014)
  13. ClamAV-GUI for eCS (English and French)
  14. Alan Shimel: ClamAV Founders Moving On From Sourcefire. In: Network World. International Data Group , June 20, 2012, accessed December 15, 2015 .
  15. ^ New home for ClamAV. In: SourceForge. July 29, 2003, accessed December 15, 2015 .
  16. database distribution. In: SourceForge. October 30, 2003, accessed December 15, 2015 .
  17. huge database update. In: SourceForge. January 8, 2004, accessed December 15, 2015 .
  18. New mirroring system. In: SourceForge. February 18, 2004, accessed December 15, 2015 .
  19. Dirk Martin Knop: Sourcefire buys ClamAV project. In: Heise . August 17, 2007, accessed December 15, 2015 .
  20. Sourcefire: Cisco Acquires Intrusion Detection System Supplier Snort - Golem , July 24, 2013.
  21. Cisco buys Sourcefire - Admin Magazine , July 25, 2013.
  22. Browse / clamav (English) - Version list at SourceForge ; As of July 26, 2011.
  23. a b c Important notice for people using ClamAV 0.60. In: SourceForge. August 15, 2004, accessed December 15, 2015 .
  24. a b 0.70 release: new clamd and VBA macros decoding. In: SourceForge. March 15, 2004, accessed December 15, 2015 .
  25. ClamAV: Download - ClamAV: Back up your UNIX network - Netzwelt , on January 31, 2011.
  26. Security update for open source virus scanners - Heise , on April 11, 2009.
  27. Update for free virus scanner ClamAV eliminates poor eyesight - Heise , on June 17th, 2009.
  28. Free virus scanner ClamAV in version 0.96 available - Heise , on April 8, 2010.
  29. New PDF parser for ClamAV antivirus scanners - Admin-Magazin , on August 13, 2010.
  30. ClamAV for Windows 0.96.5 Download - Chip , December 19, 2010 (last backup in the Internet archive , September 19, 2013)
  31. ClamAV 0.97 has been released! (English) - ClamAV Blog , February 7, 2011.
  32. ClamAV 0.98 has been released! (English) - ClamAV , on September 19, 2013 (last backup in the Internet archive , on February 13, 2014)
  33. ClamAV virus scanner supports YARA - Admin-Magazin , on December 3rd, 2015.
  34. ClamAV 0.100.0 has been released! (English) - ClamAV Blog , April 9, 2018.
  35. ClamAV 0.101.2 and 0.100.3 patches have been released! (English) - Blog entry, March 26, 2019.
  36. ClamAV 0.101.0 has been released! (English) - ClamAV Blog , December 3, 2018.
  37. a b ClamAV 0.102.1 and 0.101.5 patches have been released! Associated blog entry, on November 20, 2019
  38. ClamAV 0.102.0 has been released - related blog entry, on October 2, 2019; u. a. also with ' Additional improvements to Windows executable (PE file) parsing. ' (partly translated as loan: "Additional improvements when parsing Windows executable files (PE files).")
  39. ClamAV: download . (English) - ClamavNet (last change on November 20, 2019.)
  40. clamav-unofficial-sigs on Github
  41. More extensive virus signature from Clamav with clamav-unofficial-sigs accessed February 10, 2020
  42. On the prowl! Antivirus solutions put to the test - c't 01/2008, on December 22, 2007.
  43. Anti-virus comparison test of current anti-malware products, Q1 / 2008 (English) - test results from AV-Test , last change on January 22, 2008 (last backup in the Internet archive , July 28, 2011)
  44. Untangle Fight Club (English) - Results of the FightClub at LinuxWorld 2007 (last backup in the Internet archive , on February 2, 2016)