Open Source Anti-Virus for the Whole Network: ClamAV

James Mikusi

Until recently, there was not a strong open source presence in the anti-virus realm. Now, however, there is more than one project in this arena, and the ClamAV project in particular is proving its ability to provide software scanning in a way that's adaptable and effective.

In the spirit of the Unix philosophy, Doug McIlroy said, "Write programs that do one thing and do it well. Write programs to work together." ClamAV demonstrates just how effective this model continues to be. The ClamAV engine simply filters any input given and outputs a basic summary stating whether a virus was detected. This simplicity makes it appropriate for scanning content on a local file system, network file system, Web proxy, mail gateway, or whatever. Simply send it input and get a yes/no result.

ClamAV Features

When weighing the effectiveness of anti-virus software, two features must be considered. The first aspect is the frequency and timeliness of virus database updates. This is an area of strength for open source collaboration because virus database updates are made continuously by the project's maintainers with help from the Internet community in general. The ClamAV project hosts a Web form where new virus discoveries can be posted and inspected by the virus database maintainers and added to daily.cvd publications if appropriate. On occasion, the ClamAV project has even been the first to identify new viruses and thus bestowed the right to name the virus. In my opinion, this global contribution to the virus database makes ClamAV a force to be reckoned with.

The second consideration is the performance of the scanning engine. How long do scans take? Are viruses detected pre-infection? Are suspicious files with virus-like actions, but not in the definition database, treated like viruses for protection? In this aspect, the ClamAV "suite" performs excellently, too.