Английская Википедия:ClamAV

Материал из Онлайн справочника
Перейти к навигацииПерейти к поиску

Шаблон:Short description Шаблон:Infobox software

ClamAV (antivirus) is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses. It was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF (Tru64), Solaris and Haiku. As of version 0.97.5, ClamAV builds and runs on Microsoft Windows.[1][2] Both ClamAV and its updates are made available free of charge. One of its main uses is on mail servers as a server-side email virus scanner.

History

ClamAV was initially released with version 0.10 on May 8, 2002, by Polish university student Tomasz Kojm.[3] In 2007, it was acquired by Sourcefire,[4] which in turn was acquired by Cisco in 2013[5] and now operates under its Talos cybersecurity division.

Patent lawsuit

In 2008, Barracuda Networks was sued by Trend Micro for its distribution of ClamAV as part of a security package.[6] Trend Micro claimed that Barracuda's utilization of ClamAV infringes on a software patent for filtering viruses on an Internet gateway. The free software community responded in part by calling for a boycott against Trend Micro. The boycott was also endorsed by the Free Software Foundation.[7] Barracuda Networks counter-sued with IBM-obtained patents in July 2008.[8] On May 19, 2011, the U.S. Patent and Trademark Office issued a Final Rejection[9] in the reexamination of Trend Micro's U.S. patent 5,623,600.[10]

Features

ClamAV includes a command-line scanner, automatic database updater, and a scalable multi-threaded daemon running on an anti-virus engine from a shared library.[1] The application features a Milter interface for sent mail and on-demand scanning. It recognizes:

The ClamAV virus database is updated at least every four hours and as of 10 February 2017 contained over 5,760,000 virus signaturesШаблон:Citation needed with the daily update Virus DB number at 23040.[11][12]

Real-time file scanning

Шаблон:Update section On Linux, ClamAV (versions 0.99 and later) supports real-time protection via the Fanotify add-on for the Linux kernel (version 3.8 and later.)[13] Alternatively, one could use ClamFS (for any Unix-like operating system supporting FUSE).

On Microsoft Windows, a free, open-source app called Clam Sentinel detects file changes and scans modified files using ClamWin.[14] It works with Windows 98 and later. In addition to on-access scanning, it features optional system change messages and proactive heuristic protection.[15]

Effectiveness

In the 2008 AV-TEST comparison of antivirus tools, ClamAV scored poorly in on-demand detection, avoiding false positives, and rootkit detection.[16]

In a Shadowserver six-month test between June and December 2011, ClamAV detected over 75.45% of all viruses tested, putting it in fifth place behind AhnLab, Avira, BitDefender and Avast. AhnLab, the top antivirus, detected 80.28%.[17]

In 2022 Splunk conducted an efficacy study involving 416,561 malware samples sourced from MalwareBazaar, bucketed as follows: 106135 Banking Trojans (trojans targeted towards stealing financial information); 26875 Botnets (malware for making the victim a part of a botnet); 190371 Information Stealers (programs designed to steal client information. E.g. Keyloggers); 52422 Loaders (program that loads one or more other malicious programs - that is, a stager that fetches harmful things directly into memory); 1321 Miners (crypto currency miners); 30251 RATs (Remote access tools. E.g. Backdoors); and 8273 Trojans (a generic multipurpose malware that harms the user in different ways - generally disguises itself and delivered by tricking the user). Splunk's study concluded ClamAV that 59.94% effective overall at detecting commodity malware – being able to detect 249,696/416,561 samples.[18]

In that same study, ClamAV performed relatively well at detecting certain types of malware in certain types of files (E.g. docx files, dil files, elf files, doc files and exe files), but was less effective in detecting malware in jar files, js files, vbs files, z files, rar files, and xlsb files. In addition, ClamAV performed well to detect a few top level categories of malware like Trojans & Botnets but performed poorly on other malware types like Crypto Miners, RATs and Info Stealers.[19]

Unofficial databases

The ClamAV engine can be reliably used to detect several kinds of files. In particular, some phishing emails can be detected using antivirus techniques. However, false positive rates are inherently higher than those of traditional malware detection.[20]

There are several unofficial databases for ClamAV:

  • Sanesecurity is an organization that maintains a number of such databases; in addition they distribute and classify a number of similar databases from other parties, such as Porcupine, Julian Field, MalwarePatrol.[21]
  • SecuriteInfo.com also provides additional signatures for ClamAV.[22]

ClamAV Unofficial Signatures are mainly used by system administrators to filter email messages.[23] Detections of these groups should be scored, rather than causing an outright block of the "infected" message.[21]

Platforms

Linux, BSD

ClamAV is available for Linux and BSD-based operating systems.[1] In most cases it is available through the distribution's repositories for installation.

On Linux servers ClamAV can be run in daemon mode, servicing requests to scan files sent from other processes. These can include mail exchange programs, files on Samba shares, or packets of data passing through a proxy server.

On Linux and BSD desktops ClamAV provides on-demand scanning of individual files, directories or the whole PC.[1]

macOS

macOS Server has included ClamAV since version 10.4. It is used within the operating system's email service. A paid-for graphical user interface is available from Canimaan Software Ltd[24] in the form of ClamXav.[25] Additionally, Fink, Homebrew and MacPorts have ported ClamAV.

Another program which uses the ClamAV engine on macOS, is Counteragent. Working alongside the Eudora Internet Mail Server program, Counteragent scans emails for viruses using ClamAV and also optionally provides spam filtering through SpamAssassin.

OpenVMS

ClamAV for OpenVMS is available for DEC Alpha and Itanium platforms. The build process is simple and provides basic functionality, including library, the clamscan utility, the clamd daemon, and freshclam for update.[26]

Windows

There are IA-32 and x64 variants of ClamAV available for Windows; additionally, Cisco's Immunet uses ClamAV as its engine.[27]

OS/2

A port of ClamAV is available for OS/2 (including eComStation and ArcaOS) with a native UI written in REXX.[28][29]

Graphical interfaces

Since ClamAV does not include a graphical user interface (GUI) but instead is run from the command line, a number of third-party developers have written GUIs for the application for various platforms and uses.

These include:

Файл:ClamTk 5.27.png
ClamTk 5.27 running on Lubuntu 19.04
  • Linux
    • ClamTk using gtk2-perl; project is named for the Tk libraries that were used when it began[30][31]
    • KlamAV for TDE (development of the original KDE version was discontinued in 2009[32]).
    • wbmclamav is a webmin module to manage Clam AntiVirus[33]
  • macOS
    • ClamXav is a port which includes a graphical user interfaces and has a "sentry" service which can watch for changes or new files in many cases. There is also an update and scanning scheduler through a cron job facilitated by the graphical interface. ClamXav can detect malware specific to macOS, Unix, or Windows. The ClamXav application and the ClamAV engine are updated regularly.[34] ClamXav is written and sold by Canimaan Software Ltd.[24]
    • Tiger Cache Cleaner is shareware software which installs and presents a graphic interface for using ClamAV to scan for viruses, and provides other unrelated functions.
  • Microsoft Windows
  • OS/2

ClamWin

Шаблон:Main

Файл:ClamWin on Windows XP.png
ClamWin running on Windows XP

ClamWin is a graphical user interface front-end ClamWin Pty Ltd. developed for ClamAV on Microsoft Windows. Features include on-demand (user-started) scanning, automatic updates, scheduled scanning, and integration with File Explorer and Microsoft Outlook. ClamWin does not provide on-access scanning. A Firefox add-on enables ClamWin to scan downloaded files.[36][37] Several other extensions allow users to process downloaded files with any software and scan the files with ClamWin.[38][39][40][41]

See also

Шаблон:Portal

References

Шаблон:Reflist

Further reading

External links

Шаблон:Commons category

Шаблон:Antivirus software

Партнерские ресурсы
Криптовалюты
Магазины
Хостинг
Разное

  1. 1,0 1,1 1,2 1,3 1,4 Шаблон:Cite web
  2. Шаблон:Cite web
  3. Celebrating 20 years of ClamAV
  4. Sourcefire acquires ClamAV
  5. Cisco Acquires Cybersecurity Company Sourcefire For $2.7B
  6. Шаблон:Cite web
  7. Шаблон:Cite web
  8. Шаблон:Cite web
  9. Шаблон:Cite web
  10. Шаблон:Cite web
  11. Шаблон:Cite web
  12. Шаблон:Cite web
  13. Шаблон:Cite web
  14. Шаблон:Cite web
  15. Шаблон:Cite web
  16. Шаблон:Cite web
  17. Шаблон:Cite web
  18. Шаблон:Cite web
  19. Шаблон:Cite web
  20. Шаблон:Cite web
  21. 21,0 21,1 Sanesecurity Phishing, Scam and Malware signatures for ClamAV Шаблон:Webarchive
  22. SecuriteInfo.com Add 4.000.000 signatures to ClamAV Antivirus
  23. Шаблон:Cite web
  24. 24,0 24,1 Шаблон:Cite news
  25. Шаблон:Cite web
  26. Шаблон:Cite web
  27. Шаблон:Cite web
  28. 28,0 28,1 Шаблон:Cite web
  29. Шаблон:Cite web
  30. Шаблон:Cite web
  31. Шаблон:Cite web
  32. Шаблон:Cite web
  33. Шаблон:Cite web
  34. Шаблон:Cite web
  35. 35,0 35,1 Шаблон:Cite web
  36. Шаблон:Cite web
  37. Шаблон:Cite web
  38. Шаблон:Cite web
  39. Шаблон:Cite web
  40. Шаблон:Cite web
  41. Шаблон:Cite web
Источник — http://wikihandbk.com/ruwiki/index.php?title=Английская_Википедия:ClamAV&oldid=13973520