ClamAV is an open-source (GPL) anti-virus engine used in a variety of situations, including email and web scanning, and endpoint security. It provides many utilities for users, including a flexible and scalable multi-threaded daemon, a command-line scanner and an advanced tool for automatic database updates.

Unlike most antivirus products, ClamAV requires no yearly subscription fee, and is completely free with source code to anyone who wishes to use it. Because ClamAV is released under the GPL v2 license, you must follow all license requirements if you modify the ClamAV source code, or use it in your own projects.

Who develops ClamAV?

ClamAV is an open-source antivirus engine developed by Cisco that detects malware, viruses, trojans, and other malicious threats on various platforms. It's widely used on mail servers and gateways to scan attachments and files for potential infections.

How do I update ClamAV's virus database?

At TechSpot, we provide daily updates and downloads for ClamAV and other leading antivirus engines, so users can stay protected with the most recent definition files. You can also update ClamAV's virus definitions by running the freshclam command, which automatically downloads the latest signatures from ClamAV's official servers.

Is ClamAV suitable for real-time protection?

By default, ClamAV performs on-demand scanning rather than continuous background protection, it doesn't monitor files in real time unless. If you need built-in real-time protection, consider alternatives such as Microsoft Defender, Bitdefender, Avast, Avira or ESET NOD32, which continuously monitor files and system activity for threats.

Features

  • Command-line scanner.
  • Milter interface for sendmail.
  • Advanced database updater with support for scripted updates and digital signatures.
  • Virus database updated multiple times per day.
  • Built-in support for all standard mail file formats.
  • Built-in support for various archive formats, including ZIP, RAR, Dmg, Tar, GZIP, BZIP2, OLE2, Cabinet, CHM, BinHex, SIS and others.
  • Built-in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others.
  • Built-in support for popular document formats, including MS Office and MacOffice files, HTML, Flash, RTF and PDF.

What's New

ClamAV 1.5.0 includes the following improvements and changes:

Major changes

  • Added checks to determine if an OLE2-based Microsoft Office document is encrypted.
  • Added the ability to record URIs found in HTML if the generate-JSON-metadata feature is enabled.
  • Also adds an option to disable this in case you want the JSON metadata feature but do not want to record HTML URIs.
  • The ClamScan command-line option is --json-store-html-uris=no.
  • The clamd.conf config option is JsonStoreHTMLURIs no.
  • The libclamav general scan option is CL_SCAN_GENERAL_STORE_HTML_URIS
  • Added the ability to record URIs found in PDFs if the generate-JSON-metadata feature is enabled.
  • Also adds an option to disable this in case you want the JSON metadata feature but do not want to record PDF URIs.
  • The ClamScan command-line option is --json-store-pdf-uris=no.
  • The clamd.conf config option is JsonStorePDFURIs no.
  • The libclamav general scan option is CL_SCAN_GENERAL_STORE_PDF_URIS
  • Added regex support for the clamd.conf OnAccessExcludePath config option.
  • This change courtesy of GitHub user b1tg.
  • Added CVD signing/verification with external .sign files.
  • Freshclam will now attempt to download external signature files to accompany existing .cvd databases and .cdiff patch files. Sigtool now has commands
  • to sign and verify using the external signatures.
  • ClamAV now installs a 'certs' directory in the app config directory (e.g., /etc/certs). The install path is configurable.
  • The CMake option to configure the CVD certs directory is -D CVD_CERTS_DIRECTORY=PATH
  • New options to set an alternative CVD certs directory:
    • The command-line option for Freshclam, ClamD, ClamScan, and Sigtool is --cvdcertsdir PATH
  • The environment variable for Freshclam, ClamD, ClamScan, and Sigtool is CVD_CERTS_DIR
  • The config option for Freshclam and ClamD is CVDCertsDirectory PATH
  • Added two new APIs to the public clamav.h header:
    • cl_error_t cl_cvdverify_ex( const char *file, const char *certs_directory, uint32_t dboptions); cl_error_t cl_cvdunpack_ex( const char *file, const char *dir, const char *certs_directory, uint32_t dboptions);
  • The original cl_cvdverify and cl_cvdunpack are deprecated.
  • Added a cl_engine_field enum option CL_ENGINE_CVDCERTSDIR.
  • You may set this option with cl_engine_set_str and get it with cl_engine_get_str, to override the compiled in default CVD certs directory.
  • Freshclam, ClamD, ClamScan, and Sigtool: Added an option to enable FIPS-like limits disabling MD5 and SHA1 from being used for verifying digital signatures or for being used to trust a file when checking for false positives (FPs). For freshclam.conf and clamd.conf set this config option:
  • FIPSCryptoHashLimits yes
  • For clamscan and sigtool use this command-line option:
    • --fips-limits
  • For libclamav: Enable FIPS-limits for a ClamAV engine like this:
    • cl_engine_set_num(engine, CL_ENGINE_FIPS_LIMITS, 1);
  • ClamAV will also attempt to detect if FIPS-mode is enabled. If so, it will automatically enable the FIPS-limits feature.
  • This change mitigates safety concerns over the use of MD5 and SHA1 algorithms to trust files and is required to enable ClamAV to operate legitimately in FIPS-mode enabled environments.

Note: ClamAV may still calculate MD5 or SHA1 hashes as needed for detection purposes or for informational purposes in FIPS-enabled environments and when the FIPS-limits option is enabled.

Read the complete release notes.