Why it matters: ClamAV describes itself as an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. Detection levels are pretty low compared to Windows antimalware programs, yet the development has been going on for decades. The tool is available on all platforms, even though it’s targeted primarily at Linux.
ClamAV recently released its latest version, an update that can be considered historically significant despite its lackluster changelog. The milestone is ClamAV finally reaching version 1.0.0. It’s the first major release as versioning conventions go, and it came only six months after celebrating its 20th birthday.
Tomasz Kojm, the original creator of ClamAV, released the first version (0.10) on May 8, 2002. ClamAV 1.0.0 follows the previously released version 0.105.1, bringing a neat new feature to scan and decrypt read-only, OLE2-based .xls (Excel) files encrypted with the default password. The changes also include an overhauled implementation of the all-match feature, improved scanning function in archives, fixed compiled warnings, and many bug fixes here and there.
ClamAV is an open-source antivirus engine primarily used in Linux environments and for mail gateway scanning. The program has been ported almost everywhere, from open source operating systems (FreeBSD) to macOS Server. Starting with version 0.97.5, ClamAV can also run on Windows — even though it isn’t the most popular AV tool for any Microsoft OS. ClamAV is pretty different compared to a standard antimalware program for Windows users. The tool runs from the command line and is just an on-demand scanner with no real-time monitoring component.
Nevertheless, ClamAV includes many advanced and complex antivirus features like scanning inside many compressed archive types (Zip, Rar, Dmg, Tar, Gzip, Bzip2, and more), multi-threaded parallel scans, built-in support for all standard mail file formats, Elf (Linux) executables and popular document formats, monitoring of specific folders/directories for changes and more.
Being an open-source project managed by volunteers with just a handful of paid developers, ClamAV is hard to compare with commercial antivirus packages. In an old comparative test run by AV-TEST (2008), ClamAV scored poorly in on-demand detection, avoiding false positives and rootkit detection.
A more recent study by Splunk (2022) involved around 400,000 malware samples, concluding that ClamAV had just a 59.94% detection rate against commodity malware. These results suggest that ClamAV works better for the limited number of Linux malware suites than the more prominent Windows trojans, viruses, and worms.