Clam AntiVirus

ClamAV ( Clam AntiVirus ) is a standing under the GNU General Public License so-called anti-virus program - that an application against pests such as viruses - with a phishing filter, which is often on e -mail servers to filter out so-called computer worms and phishing e -mails is used. When ClamAV is a library that can be integrated into your own applications, a running background service (daemon ) and a command line application.

Under Linux, ClamAV accesses the dazuko kernel module back to redirect the access to the file system on the virus scanner, and can therefore be used as a real- time scanner; Windows are necessary for use as a real- time scanner add-on tools.

  • 4.1 Revision history

Technical details

ClamAV consists of a plurality of individual applications, the most important are:

  • The working on the command line virus scanner clamscan,
  • The optional usable daemon clamd. It uploads the virus signatures only once at system startup in the memory, not as clamscan at each call.
  • The comparatively slim frontend program clamdscan transfers the files to be checked to clamd and evaluates the results of.
  • Freshclam manages the available virus signatures. It can also download virus signature updates from a server by Sourcefire VRT.

For use in mail transfer agents, there are other applications such as clamav -milter, amavis, simscan or qmail-scanner.

Since ClamAV is a free software, it quickly found its way into various Linux distributions and has been ported to other operating systems. In addition, a series of graphical user interfaces have been developed.

Example session

In a ClamAV session the program is called clamscan to search the current directory. The following example loops through three files. The first file is detected as phishing e -mail, the second as a virus e- mail. The third file is detected as clean:

Foo @ bar: ~ $ clamscan / home / foo / phishing e- mail: HTML.Phishing.Bank -159 FOUND / home / foo / virus email: Adware.Casino -1 FOUND / home / foo / clean file: OK ----------- SCAN SUMMARY ----------- Known viruses: 42498 Engine version: 0.88 Scanned directories: 1 Scanned files: 3 Infected files: 2 Data scanned: 0.99 MB Time: 1.765 sec ( 0 m 1 s) derivatives

ClamWin for Windows

ClamWin was standing under the GPL virus scanner for Windows, developed by Alex Cherney and is based on ClamAV. The porting of the original ClamAV Quellcodee, in a on the Windows platform, carried out since version 0.88.1 and is no longer dependent on a Unix runtime environment such as Cygwin. ClamWin is available in a package as a Windows installer and since 18 April 2006, without installing usable usable as portable software that can for example also be run from a USB stick.

There is also the open source web browser Mozilla Firefox extensions ClamWin Antivirus Glue for Firefox (with support up to Firefox version 1.5.0.x ) and Fireclam (from Firefox version 3.0), with the self-employed all downloaded files by Clamwin can be checked.

Included in the application are:

  • Time scheduled scans
  • Automatic update of virus signatures
  • Integration in the context menu of Windows Explorer
  • Integration with Microsoft Outlook
  • POP3 virus scanning
  • Alarm if a virus is found


  • On- access scanner

ClamAV for Windows

Furthermore, there are also various ports of ClamAV for Windows, which, like the Linux variant on the network interface ( via port 3310 ) can be addressed - both directly executable version and with the help of Cygwin '.

Immediately executable versions:

  • ClamAV Antivirus Native Win32 Port - forms the basis for ClamWin
  • ClamAV for Windows - the base was the original source code from ClamAV

Porting to Cygwin (for Windows):

  • ClamAV / SOSDG

KDE interface KlamAV

KlamAV is a standing under the GPL KDE frontend for ClamAV, which is being developed by Robert Hogan.

Included in the application are:

  • Time scheduled scans
  • Automatic update of virus signatures
  • Plug-in for Novell Evolution and KMail
  • POP3 virus scanning

ClamXav for Mac OS X

With ClamXav exists a graphical user interface that uses ClamAV as a base and is constantly evolving for the operating system Mac OS X.

ClamAV - GUI for OS / 2

Also for the operating system OS / 2 and eComStation its derivative exists a graphical user interface that uses ClamAV as a basis and will be further developed.

ClamMail for Windows

ClamMail is an e -mail proxy based Clamav. Before the mail arrives in the e -mail client, it passes through the virus scanner. Included in the program is an automatic update function.


Since 2007, the ClamAV project is one of Sourcefire, a commercial hardware and software manufacturers in the field of network security.

On 5 October 2009, it was announced by the developers that the virus signature updates is no longer supported version older than 0.94.x. For this purpose it is planned from 15 April 2010 to decommission all versions no longer supported with a special signature update.

Revision history

Latest version: 0.75.1 30 July 2004

Latest version: 0.88.7 of 11 December 2006

Latest version: 0.94.2 of 26 November 2008

Latest version: 0.95.3 of 28 October 2009

Latest version: 0.96.5 from November 30, 2010

It was followed by four versions in the 0.97er series ( after 0.97 of 0.97.1 to 0.97.6 ) Latest version: 0.97.8 from April 23, 2013


ClamAV was mainly because of its low detection rates in the criticism. In January 2008, ClamAV reached in a test of Magdeburg security institute AV-Test with over a million pests a detection rate of only 77.3 percent ( the highest value of 99.9 %, worst 55.8 %). Also, the rate of false alarms was relatively high.

In August 2007, ClamAV yet reached with the version 0.91-1-1 the Linux client on Ubuntu in an independent test of the service provider Untangle a value of 100 percent of the catch- rate (equivalent to the products of Kaspersky and Norton Company ) in the wild EICAR test and evidenced by over 90 percent in the overall result the 2nd place.


ClamAV itself (on Windows) does not offer real -time scanner, but can be used in conjunction with programs such as clamfs, Spyware Terminator Clam Sentinel or Winpooch for real-time scanning.