One Blaster worm can ruin your whole day -- but Clam AntiVirus is free, fast, and can save the day.
Clam AntiVirus is an antivirus toolkit for
When a new worm spreads, the development team usually releases a database update in less than an hour. Users can develop their own signatures, and submit them -- or suspect files -- to the developers. Updates work either in an interactive mode (on demand from the command line) or as a daemon (updating silently in the background). All virus updates are digitally signed to validate proof of authenticity.
Clam AntiVirus is capable of scanning files and directories, including recursive directories. Its multi-threaded execution makes use of the numerous CPU processors found in most contemporary machines. ClamAV also protects against malware hidden within archives by scanning inside compressed files. ClamAV supports ZIP, RAR, SFX, TAR, GZIP, MS cabinet (CAB) files, CHM (compiled HTML), BinHex and more. The product is also capable of examining several special file formats, including HTML, RTF, PDF, uuencode, TNEF (winmail.dat) and JPEG files looking for hidden exploits.
In addition to scanning files and folders, Clam AntiVirus scans data streams for viruses that may attempt to traverse the network. ClamAV is also extensible and supports added functionality via third-party add-on modules, such as the phishing module that blocks SSL mismatches in URLs to prevent users from being redirected to phony look-alike identity-theft sites. SpamAssassin users may appreciate the third-party plug-in for SpamAssassin, which calls ClamAV and adds a score based on the result of ClamAV's scan.
Clam AntiVirus is an active open source project licensed under the the General Public License (GNU). Most popular Unix-based operating systems are supported, including Linux, Solaris, BSD and Mac OS X. There is also a ClamAV Windows port offered at w32.clamav.net. ClamAV excels at flagging malware, though falls short in its ability to auto-block active threats. Nonetheless Clam AntiVirus is a worthy arrow in your security quiver.
About the author:
Scott Sidel is an ISSO with Lockheed Martin.
This was first published in May 2007