Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
ClamAV
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Features == ClamAV includes a command-line scanner, automatic database updater, and a scalable multi-threaded [[daemon (computer software)|daemon]] running on an anti-virus engine from a shared library.<ref name=ClamAbout/> The application features a [[Milter]] interface for sent mail and on-demand scanning. It recognizes: * [[ZIP (file format)|ZIP]], [[RAR (file format)|RAR]], [[Tar (computing)|Tar]], [[Gzip]], [[Bzip2]], [[OLE2]], [[Cabinet (file format)|Cabinet]], [[Compiled HTML|CHM]], [[BinHex]], and [[SIS (file format)|SIS]] formats * Most mail file formats * [[Executable and Linkable Format|ELF]] and [[Portable Executable]] (PE) files compressed with [[UPX]], FSG, Petite, NsPack, wwpack32, MEW, and Upack, or obfuscated with SUE, Y0da Cryptor. * [[Office Open XML file formats]], [[HTML]], [[Rich Text Format]] (RTF) and [[Portable Document Format]] (PDF).<ref name="ClamAbout" /> The ClamAV virus database is updated at least every four hours and as of 10 February 2017 contained over 5,760,000 virus signatures<ref>{{Cite web |title=Introduction β ClamAV Documentation |url=https://docs.clamav.net/ |access-date=2024-03-09 |website=docs.clamav.net}}</ref> with the daily update Virus DB number at 23040.<ref name="AboutClamAV">{{cite web |url=http://www.clamav.net/about/ |archive-url=https://web.archive.org/web/20081120213532/http://www.clamav.net./about |url-status=dead |archive-date=2008-11-20 |title=About ClamAV |access-date=2008-12-25}}</ref><ref name="ClamHome">{{cite web |url=http://www.clamav.net/lang/en/about/ |archive-url=https://web.archive.org/web/20100918141732/http://www.clamav.net/lang/en/about/ |url-status=dead |archive-date=2010-09-18 |title=Latest Stable Release |access-date=2010-08-21}}</ref> === Real-time file scanning === {{Update section|date=December 2023|reason=based on old versions}} In older [[Linux]] application versions, ClamAV did support [[Real time protection|real-time protection]] via the [[Fanotify]] add-on for the Linux kernel (version 3.8 and later.)<ref>{{Cite web|url=https://blog.clamav.net/2016/03/configuring-on-access-scanning-in-clamav.html|title=Configuring On-Access Scanning in ClamAV|first=Mickey|last=Sola}}</ref> Alternatively, one could use ClamFS (for any [[Unix-like]] [[operating system]] supporting [[Filesystem in Userspace|FUSE]]). Nowadays, the Real-Time Protection in Linux Systems, is provided through ClamAV's ClamOnAcc application (under the name of "''On-Access Scanning''") β which uses ''Clamd'' to provide real-time protection by scanning files when they are accessed.<ref name=":1">{{Cite web |title=Scanning β ClamAV Documentation |url=https://docs.clamav.net/manual/Usage/Scanning.html#on-access-scanning |access-date=2024-05-02 |website=docs.clamav.net}}</ref> In other words, the ''On-Access Scanner'' can detect and prevent access to malicious files based on the verdict received from ''Clamd''.<ref name=":1" /> By default, it operates in "''notify-only mode''", alerting users of any threats detected without actively blocking file access.<ref name=":1" /> Enabling "''prevention mode''" can considerably impact performance, especially in commonly accessed directories, so it is advised to use it judiciously.<ref name=":1" /> In order to use ClamOnAcc, users need to first run clamd and then start the On-Access Scanner as root (to leverage its kernel event detection and intervention capabilities).<ref name=":1" /> Configuration for On-Access Scanning is primarily done through ''clamd.conf,'' with additional options available in the On-Access Scanning User Guide.<ref name=":1" /> Users can run multiple instances of ClamOnAcc simultaneously with different configurations, allowing for customized protection settings for various directories.<ref name=":1" /> ''ClamOnAcc'' (v0.102+) is a client application that operates alongside clamd (the ClamAV daemon), to perform On-Access Scanning.<ref name=":1" /> Regarding previous versions that were meant for [[Microsoft Windows]], a free, open-source app called Clam Sentinel did use to detect file changes and scanned modified files using ClamWin.<ref>{{cite web | url=http://cyberpillar.com/dirsver/1/mainsite/techns/bhndscen/protsoft/antimalw/antivir/avmswin/clamwin/mkclmwrt/mkclmwrt.htm | title=Clam Sentinel β Making ClamWin Be Used In Real-Time | author=Cyber Pillar | access-date=2014-09-01 | archive-date=2014-08-19 | archive-url=https://web.archive.org/web/20140819161847/http://cyberpillar.com/dirsver/1/mainsite/techns/bhndscen/protsoft/antimalw/antivir/avmswin/clamwin/mkclmwrt/mkclmwrt.htm | url-status=dead }}</ref> It did work with Windows 98 and later. In addition to on-access scanning, it used to feature optional system change messages and proactive heuristic protection.<ref name="ClamSentinel">{{cite web|url=http://sourceforge.net/projects/clamsentinel/ |title=Clam Sentinel |access-date = 2014-06-19}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)