ClamAV is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. It features a command line interface for scanning files, updating the virus definitions, and a daemon for faster scanning needed on high performance systems.

Unlike most antivirus products, ClamAV requires no yearly subscription fee, and is completely free with source code to anyone who wishes to use it. Because ClamAV is released under the GPL v2 license, you must follow all license requirements if you modify the ClamAV source code, or use it in your own projects.

What's New

ClamAV 1.0.0 includes the following improvements and changes.

Major changes

  • Support for decrypting read-only OLE2-based XLS files that are encrypted with the default password. Use of the default password will now appear in the metadata JSON.
  • Overhauled the implementation of the all-match feature. The newer code is more reliable and easier to maintain.
  • This project fixed several known issues with signature detection in all- match mode:
  • Enabled embedded file-type recognition signatures to match when a malware signature also matched in a scan of the same layer.
  • Enabled bytecode signatures to run in all-match mode after a match has occurred.
  • Fixed an assortment of all-match edge case issues.
  • Added multiple test cases to verify correct all-match behavior.
  • Added a new callback to the public API for inspecting file content during a scan at each layer of archive extraction.
  • The new callback function type is clcb_file_inspection defined in clamav.h.
  • The function cl_engine_set_clcb_file_inspection() may be used to enable the callback prior to performing a scan.
  • This new callback is to be considered unstable for the 1.0 release. We may alter this function in a subsequent feature version.
  • Added a new function to the public API for unpacking CVD signature archives.
  • The new function is cl_cvdunpack(). The last parameter for the function may be set to verify if a CVD's signature is valid before unpacking the CVD content to the destination directory.
  • The option to build with an external TomsFastMath library has been removed. ClamAV requires non-default build options for TomsFastMath to support bigger floating point numbers. Without this change, database and Windows EXE/DLL authenticode certificate validation may fail. The ENABLE_EXTERNAL_TOMSFASTMATH build is now ignored.
  • Moved the Dockerfile and supporting scripts from the main ClamAV repository over to a new repository: https://github.com/Cisco-Talos/clamav-docker
  • The separate repository will make it easier to update the images and fix issues with images for released ClamAV versions.
  • Any users building the ClamAV Docker image rather than pulling them from Docker Hub will have to get the latest Docker files from the new location.
  • Increased the SONAME major version for libclamav because of ABI changes between the 0.103 LTS release and the 1.0 LTS release.