CalmAV: an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats

ClamAV is an open source (GPLv2) anti-virus toolkit, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.

General Features

• Command-line scanner.
• Milter interface for sendmail.
• Advanced database updater with support for scripted updates and digital signatures.
• Virus database updated multiple times per day.
• Built-in support for all standard mail file formats.

All Features

• ClamAV is designed to scan files quickly.
• Real time protection (Linux only). The ClamOnAcc client for the ClamD scanning daemon provides on-access scanning on modern versions of Linux. This includes an optional capability to block file access until a file has been scanned (on-access prevention).
• ClamAV detects millions of viruses, worms, trojans, and other malware, including Microsoft Office macro viruses, mobile malware, and other threats.
• ClamAV's bytecode signature runtime, powered by either LLVM or our custom bytecode interpreter, allows the ClamAV signature writers to create and distribute very complex detection routines and remotely enhance the scanner’s functionality.
• Signed signature databases ensure that ClamAV will only execute trusted signature definitions.
• ClamAV scans within archives and compressed files but also protects against archive bombs. Built-in archive extraction capabilities include:
  • Zip (including SFX, excluding some newer or more complex extensions)
  • RAR (including SFX, most versions)
  • 7Zip
  • ARJ (including SFX)
  • Tar
  • CPIO
  • Gzip
  • Bzip2
  • DMG
  • IMG
  • ISO 9660
  • PKG
  • HFS+ partition
  • HFSX partition
  • APM disk image
  • GPT disk image
  • MBR disk image
  • XAR
  • XZ
  • Microsoft OLE2 (Office documments)
  • Microsoft OOXML (Office documments)
  • Microsoft Cabinet Files (including SFX)
  • Microsoft CHM (Compiled HTML)
  • Microsoft SZDD compression format
  • HWP (Hangul Word Processor documents)
  • BinHex
  • SIS (SymbianOS packages)
  • AutoIt
  • InstallShield
  • ESTsoft EGG
• Supports Windows executable file parsing, also known as Portable Executables (PE) both 32/64-bit, including PE files that are compressed or obfuscated with:
  • AsPack
  • UPX
  • FSG
  • Petite
  • PeSpin
  • NsPack
  • wwpack32
  • MEW
  • Upack
  • Y0da Cryptor
• Supports ELF and Mach-O files (both 32 and 64-bit)
• Supports almost all mail file formats
• Support for other special files/formats includes:
  • HTML
  • RTF
  • PDF
  • Files encrypted with CryptFF and ScrEnc
  • uuencode
  • TNEF (winmail.dat)
• Advanced database updater with support for scripted updates, digital signatures and DNS based database version

macOS Support

• macOS
  • 10.13 High Sierra (x86_64)
  • 10.15 Catalina (x86_64)
  • 11.5 Big Sur (x86_64, arm64)

Requirements (macOS)

• macOS: 3 GiB+

Other Platforms

Supported platforms Clam AntiVirus is highly cross-platform. The development team cannot test every OS, so we have chosen to test ClamAV using the two most recent Long Term Support (LTS) versions of each of the most popular desktop operating systems. Our regularly tested operating systems include:

• GNU/Linux
  • Alpine
    • 3.11 (64bit)
  • Ubuntu
    • 18.04 (64bit, 32bit)
    • 20.04 (64bit)
  • Debian
    • 9 (64bit, 32bit)
    • 10 (64bit, 32bit)
  • CentOS
    • 7 (64bit, 32bit)
    • 8 (64bit)
  • Fedora
    • 30 (64bit)
    • 31 (64bit)
  • openSUSE
  • Leap (64bit)
• UNIX
• FreeBSD
  • 11 (64bit)
  • 12 (64bit)
• Windows
  • 7 (64bit, 32bit)
  • 10 (64bit, 32bit)

Min Requirements for other systems

• FreeBSD and Linux server edition: 3 GiB+
• Linux non-server edition: 3 GiB+
• Windows 7 & 10 32-bit: 3 GiB+
• Windows 7 & 10 64-bit: 3 GiB+

License

ClamAV is licensed under the GNU General Public License, Version 2.