ClamAV
ClamAV - Clam AntiVirus
|
|
---|---|
ClamAV with the interface ClamTk on Xubuntu 10.04 |
|
Basic data
|
|
developer | Cisco (from 2013; before Sourcefire ) |
Publishing year | 2001 |
Current version |
0.102.2 ( February 4, 2020 ) |
operating system | Cross-platform ( Unix-like , such as Linux and Mac , as well as Windows and similar, such as OS / 2 ) |
programming language | C ++ , C |
category | Antivirus program |
License | GPLv2 |
German speaking | Yes |
www.clamav.net |
ClamAV ( Clam A nti V irus ) is under the GNU General Public License standing antivirus program - so one application against pests such as viruses - with a phishing filter , which often e-mail servers to filter out so-called computer worms and phishing e -Mail is used. ClamAV is a library that can be integrated into your own applications , a service ( daemon ) running in the background and a command line application.
Under Linux , ClamAV uses fanotify to redirect access to the file system via the virus scanner and can therefore be used as a real-time scanner ; additional tools are required for use as real-time scanners under Windows .
Technical details
ClamAV consists of several individual applications. The most important are:
- The virus scanner clamscan working on the command line ,
- The optionally usable daemon clamd . It loads the virus signatures into the main memory only once when the system is started and not like clamscan each time it is called.
- The comparatively lean front-end program clamdscan transfers the files to be checked to clamd and evaluates its results .
- freshclam manages the existing virus signatures. It can also download virus signature updates from a Sourcefire VRT server.
There are other applications such as clamav-milter , amavis , simscan or qmail-scanner for integration in mail transfer agents .
Since ClamAV is free software , it quickly found its way into various Linux distributions and was also ported to other operating systems. In addition, a number of graphical interfaces were developed.
Sample session
During a ClamAV session, the clamscan program is called to search the current directory. The following example searches three files. The first file is recognized as a phishing e-mail, the second as a virus e-mail. The third file is recognized as clean:
foo@bar:~$ clamscan /home/foo/Phishing-E-Mail: HTML.Phishing.Bank-159 FOUND /home/foo/Virus-E-Mail: Adware.Casino-1 FOUND /home/foo/saubere-Datei: OK
----------- SCAN SUMMARY ----------- Known viruses: 42498 Engine version: 0.88 Scanned directories: 1 Scanned files: 3 Infected files: 2 Data scanned: 0.99 MB Time: 1.765 sec (0 m 1 s)
Derivatives and graphical user interfaces
ClamWin for Windows
ClamWin is a GPL virus scanner for Windows that is developed by Alex Cherney and is based on ClamAV. The porting of the original ClamAV - source code on Windows - platform takes place from version 0.88.1 and is no longer a Unix runtime environment such as Cygwin -dependent. ClamWin is available in a package as a Windows installer and, since April 18, 2006, can alternatively be used without installation as portable software , which can be run from a USB stick , for example.
There are also the extensions ClamWin Antivirus Glue for Firefox (with support up to Firefox version 1.5.0.x ) and Fireclam (from Firefox version 3.0 ), with which all downloaded files are automatically available for the open source web browser Mozilla Firefox ClamWin can be verified.
The application includes:
- scheduled scans
- automatic update of virus signatures
- Integration into the context menu of Windows Explorer
- Integration in Microsoft Outlook
- POP3 virus scan
- Alert if a virus is found
Planned:
- Real-time monitoring ( real-time scanner , on-access scanner )
Clam Sentinel
Clam Sentinel is a real-time scanner and is based on ClamWin. It runs under Windows 98 / 98SE / ME / XP / Vista / 7/8 and is embedded as an application in the notification area of the taskbar. It detects changes to the file system and checks them using a ClamWin running in the background. Connected drives, e.g. B. USB sticks, monitored by Clam Sentinel. It offers the following functions:
- Extends ClamWin with real-time protection
- Integrated system for the detection of attacks (intrusion detection)
- Heuristic protection
- Protection for USB sticks and removable media
- Uses the ClamWin quarantine directory
- Checks log files, drives, memory and messages in real time
- Preferences are already set up for most computers
- Simple configuration via the symbol in the information area ( system tray )
- Supports operating systems from Win98 and newer
- Available in English, Italian, German and French
- Multi-user capable
ClamAV for Windows
There are also various ports of ClamAV for Windows, which, like the Linux version, can be addressed via the network interface (via port 3310 ) - both directly executable versions and those that require the help of Cygwin .
Directly executable variants:
- ClamAV Antivirus Native Win32 Port - forms the basis for ClamWin
- ClamAV for Windows , now Immunet Antivirus - the basis was the original source code of ClamAV
Porting to Cygwin (for Windows):
- ClamAV / SOSDG
KDE interface KlamAV
KlamAV is standing under the GPL KDE - frontend for ClamAV, that of Robert Hogan is developed.
The application includes:
- Scheduled exams
- Automatic update of virus signatures
- Plug-in for KMail and Novell Evolution
- POP3 virus scan
ClamXav for Mac OS X
With ClamXav, there is also a graphical user interface for the macOS operating system , which ClamAV uses as a basis and is constantly being further developed. However, as of version 2.8, this is a commercial product.
ClamAV GUI for OS / 2
There is also a graphical user interface for the OS / 2 operating system and its derivative eComStation , which ClamAV uses as a basis and is being further developed.
ClamMail for Windows
ClamMail is an e-mail proxy based on ClamAV. Before the mail reaches the e-mail client, it goes through the virus scanner. The program includes an automatic update function.
history
ClamAV has existed since the early 2000s.
In July 2003, ClamAV moved to SourceForge . In October 2003, Round Robin followed the mirror server of its database by means of a resource record , in January 2004 the database was expanded by leaps and bounds, and in February 2004 a method inspired by Debian to quickly update all mirror servers.
In August 2007 the main developers of ClamAV sold the project to Sourcefire .
In July 2013, Sourcefire and with it ClamAV were bought by Cisco .
history
version | published on | Notes and most important changes | |||
---|---|---|---|---|---|
0.60 | July 29, 2003 | Support until September 1st, 2004. | |||
0.65 | November 12, 2003 | Compressed and digitally signed database. | |||
0.70 | March 15, 2004 | More robust daemon and extended to VBA macros for MS Office . Six other versions of the 0.7 series from 0.71 to 0.75.1 followed on July 30, 2004. |
|||
0.80 | October 17, 2004 | 19 other versions followed in the 0.80 series (after 0.80 from 0.81 to 0.88.7) Last version: 0.88.7 on December 11, 2006 |
|||
0.90 | February 13, 2007 | 14 other versions followed in the 0.90 series up to the end of the 0.94 series (after 0.90 from 0.90.1 to 0.94.2) Last version: 0.94.2 on November 26, 2008 |
|||
0.95 | March 23, 2009 | New: Support for Windows systems; 3 more versions followed in the 0.95 series (after 0.95 from 0.95.1 to 0.95.3) with security and stability updates Last version: 0.95.3 on October 28, 2009 |
|||
0.96 | March 31, 2010 | New: heuristics for Windows malware detection; Support of the file formats for 7zip , InstallShield , cpio and others; new in version 0.96.2: new parser for PDF files, as well as optimization of execution speed and memory consumption; community-based verification procedures (with cloud computing and support for the internet community); five versions followed in the 0.96 series (after 0.96 from 0.96.1 to 0.96.5), including security and stability updates Last version: 0.96.5 on November 30, 2010 |
|||
0.97 | February 7, 2011 | New: Windows support, support for signatures based on SHA1 and SHA256 , improved error detection, speed and memory optimizations Four versions followed in the 0.97 series (after 0.97 from 0.97.1 to 0.97.6) |
|||
0.98 | 19th September 2013 | In addition to supporting other file formats (such as ISO-9660 images and self-extracting 7z archives), the Clamuko / Dazuko module for real-time monitoring has been replaced by fanotify ; Last version: 0.98.7 on April 28, 2015 |
|||
0.99 | 1st December 2015 | u. a. Extension with the malware description language YARA , as well as new real-time monitoring for Linux Last version: 0.99.4 on March 1st, 2018 |
|||
0.100 | April 9, 2018 | Support of OpenSSL , but no longer support for Windows XP (and Vista ) Last version: 0.100.3 on March 26, 2019 |
|||
0.101 | 3rd December 2018 | it will now u. a. so-called rar archives in version 5 are also supported Last version: 0.101.5 on November 20, 2019 |
|||
0.102 | 2nd October 2019 | u. a. with improvements in checking executable files in PE format Current: 0.102.1 on November 20, 2019 |
|||
Older version; no longer supported
Older version; still supported
Current version
|
Expandability
ClamAV itself has the problem of a bad virus definition file. The open source project clamav-unofficial-sigs , which can be optionally installed under Linux , is intended to integrate a large number of other virus definitions and to significantly increase the detection rate of ClamAV.
ClamAV itself is not a real-time scanner (under Windows), but can be used as a real-time scanner together with programs such as ClamFS , Spyware Terminator , Clam Sentinel or Winpooch .
criticism
ClamAV was particularly criticized for its low detection rates. In January 2008, ClamAV achieved a detection rate of only 77.3 percent in a test by the Magdeburg security institute AV-Test with over a million malware threats (best value 99.9%, worst 55.8%). The rate of false alarms was also comparatively high. In August 2007, ClamAV with version 0.91-1-1 of the Linux client under Ubuntu achieved a value of 100 percent for the catch rate (equivalent to the products of the companies Kaspersky and Norton) in an independent test by the service provider Untangle - and EICAR test and took 2nd place with over 90 percent in the overall result.
See also
- Desinfec't (formerly known as Knoppicillin )
Web links
-
Clam AntiVirus - Official Website (English)
- User Manual (English; PDF, 252 kB)
- ClamWin Free Antivirus - Company website for ClamWin
- ClamWin Portable - Site of the portable variant at PortableApps.com
- ClamMail - an e-mail proxy for Windows at SourceForge (English)
- ClamXav - ClamAV for Mac OS X (English)
Individual evidence
- ↑ www.clamav.net . February 4, 2020 (accessed March 13, 2020).
- ↑ github.com . February 4, 2020 (accessed March 13, 2020).
- ↑ a b www.openhub.net .
- ↑ About. ClamAV, accessed December 13, 2014 .
- ↑ ClamWin - Free Antivirus. ClamWin, accessed June 19, 2014 .
- ↑ ClamWin Portable Support (English) - page with development history at PortableApps.com ; As of June 28, 2013.
- ↑ Fireclam - Entry in Firefox Add-ons (accessed October 13, 2009)
- ↑ Clam Sentinel - Free Realtime Antivirus. Clam Sentinel, accessed September 1, 2014 .
- ↑ Clam Sentinel - Making ClamWin Be Used In Real-Time. Cyber Pillar, accessed September 1, 2014 .
- ↑ ClamAV Native Win32 Port. Gianluigi Tiesi, accessed April 8, 2009 .
- ↑ ClamAV - Windows Antivirus (English) - Information about Immunet AntiVirus on the Clam AntiVirus page , on November 24, 2016.
- ↑ ClamAV / SOSDG (English) - Summit Open Source Development Group , on March 25, 2009 (last backup in the Internet archive , on January 6, 2014)
- ↑ ClamAV-GUI for eCS (English and French)
- ↑ Alan Shimel: ClamAV Founders Moving On From Sourcefire. In: Network World. International Data Group , June 20, 2012, accessed December 15, 2015 .
- ^ New home for ClamAV. In: SourceForge. July 29, 2003, accessed December 15, 2015 .
- ↑ database distribution. In: SourceForge. October 30, 2003, accessed December 15, 2015 .
- ↑ huge database update. In: SourceForge. January 8, 2004, accessed December 15, 2015 .
- ↑ New mirroring system. In: SourceForge. February 18, 2004, accessed December 15, 2015 .
- ↑ Dirk Martin Knop: Sourcefire buys ClamAV project. In: Heise . August 17, 2007, accessed December 15, 2015 .
- ↑ Sourcefire: Cisco Acquires Intrusion Detection System Supplier Snort - Golem , July 24, 2013.
- ↑ Cisco buys Sourcefire - Admin Magazine , July 25, 2013.
- ↑ Browse / clamav (English) - Version list at SourceForge ; As of July 26, 2011.
- ↑ a b c Important notice for people using ClamAV 0.60. In: SourceForge. August 15, 2004, accessed December 15, 2015 .
- ↑ a b 0.70 release: new clamd and VBA macros decoding. In: SourceForge. March 15, 2004, accessed December 15, 2015 .
- ↑ ClamAV: Download - ClamAV: Back up your UNIX network - Netzwelt , on January 31, 2011.
- ↑ Security update for open source virus scanners - Heise , on April 11, 2009.
- ↑ Update for free virus scanner ClamAV eliminates poor eyesight - Heise , on June 17th, 2009.
- ↑ Free virus scanner ClamAV in version 0.96 available - Heise , on April 8, 2010.
- ↑ New PDF parser for ClamAV antivirus scanners - Admin-Magazin , on August 13, 2010.
- ↑ ClamAV for Windows 0.96.5 Download - Chip , December 19, 2010 (last backup in the Internet archive , September 19, 2013)
- ↑ ClamAV 0.97 has been released! (English) - ClamAV Blog , February 7, 2011.
- ↑ ClamAV 0.98 has been released! (English) - ClamAV , on September 19, 2013 (last backup in the Internet archive , on February 13, 2014)
- ↑ ClamAV virus scanner supports YARA - Admin-Magazin , on December 3rd, 2015.
- ↑ ClamAV 0.100.0 has been released! (English) - ClamAV Blog , April 9, 2018.
- ↑ ClamAV 0.101.2 and 0.100.3 patches have been released! (English) - Blog entry, March 26, 2019.
- ↑ ClamAV 0.101.0 has been released! (English) - ClamAV Blog , December 3, 2018.
- ↑ a b ClamAV 0.102.1 and 0.101.5 patches have been released! Associated blog entry, on November 20, 2019
- ↑ ClamAV 0.102.0 has been released - related blog entry, on October 2, 2019; u. a. also with ' Additional improvements to Windows executable (PE file) parsing. ' (partly translated as loan: "Additional improvements when parsing Windows executable files (PE files).")
- ↑ ClamAV: download . (English) - ClamavNet (last change on November 20, 2019.)
- ↑ clamav-unofficial-sigs on Github
- ↑ More extensive virus signature from Clamav with clamav-unofficial-sigs accessed February 10, 2020
- ↑ On the prowl! Antivirus solutions put to the test - c't 01/2008, on December 22, 2007.
- ↑ Anti-virus comparison test of current anti-malware products, Q1 / 2008 (English) - test results from AV-Test , last change on January 22, 2008 (last backup in the Internet archive , July 28, 2011)
- ↑ Untangle Fight Club (English) - Results of the FightClub at LinuxWorld 2007 (last backup in the Internet archive , on February 2, 2016)