Talk:ClamAV

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles ??? This article has not yet received a rating on the project's importance scale. This article is supported by WikiProject Computing. Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Software: Computing This article is within the scope of WikiProject Software, a collaborative effort to improve the coverage of software on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.SoftwareWikipedia:WikiProject SoftwareTemplate:WikiProject Softwaresoftware articles ??? This article has not yet received a rating on the project's importance scale. This article is supported by WikiProject Computing. Computing: Software / Free and open-source software This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles ??? This article has not yet received a rating on the project's importance scale. This article is supported by WikiProject Software. This article is supported by Free and open-source software (assessed as Mid-importance).

On 3 December 2023, it was proposed that this article be moved from Clam AntiVirus to ClamAV. The result of the discussion was moved.

Advertising. RickK 20:54, Aug 10, 2004 (UTC)

• Can somebody explain how this got deleted from the VfD page? RickK 05:57, Aug 11, 2004 (UTC)

• Comment: Looks like it was overwritten by Neutrality adding Pacific Root. Maybe caused by this bug: "mediawiki overwrites sections"? Securiger 06:31, 11 Aug 2004 (UTC)

• Whatever happened, it needs to be deleted. TPK 06:36, 11 Aug 2004 (UTC)
• Keep, NPOV / cleanup, is quite a popular package among us sysadmins what have to clean up all the Windows-generated muck clogging the email systems. --Ianb 06:47, 11 Aug 2004 (UTC)
• Keep, popular program, I use it on 2 servers myself. I'll try to cleanup. Thue | talk 16:32, 11 Aug 2004 (UTC)
• Keep. I'll assume prior comments are correct as to the notability of this topic. If it can be cleaned up, it should be kept. Skyler 18:48, Aug 11, 2004 (UTC)
• Keep. Widely used and notable. - Centrx 19:05, 12 Aug 2004 (UTC)
• Keep. --Dittaeva 21:20, 15 Aug 2004 (UTC)
• Keep. Notable (for sysadmins though). Przepla 21:39, 16 Aug 2004 (UTC)

end moved discussion

Not diss-ing the product, just thinking of the Ordinary User, who needs to know this.... (ClamWin page could do with similar warning)

"note that ClamWin differs from ClamAV and often has lower detection rates" - ClamWin uses the current version of ClamAV. As of right now, this is 0.95.3. Where is there any citation that shows different detection rates? --Kurt (talk) 04:03, 27 February 2010 (UTC)[reply]

I agree, it is uncited and doesn't logically make sense since Clamwin is just a GUI front end to ClamAV - I'll remove it.

In discussion [1]: has been said that ClamAV and ClamWin has near nothing in common, especially they use different databases. It was written about 2010 and by person looking to be developer of, or other way connected with ClamAV. 10:21, 3 December 2014 (UTC) — Preceding unsigned comment added by 193.22.175.1 (talk)

I read that thread and it is important to not confuse ClamWin with ClamAV for Windows as they are different products. - Ahunt (talk) 13:17, 3 December 2014 (UTC)[reply]

Can someone clarify wheter clamav detects only Windows viruses, or MacOS and Linux viruses as well. (do the latter exist? ) —The preceding unsigned comment was added by 195.229.242.88 (talk) 16:08, 9 March 2007 (UTC).[reply]

Yeah I'd like to know this as well. Linux viruses do exist but they're not common when it comes to home users. That might change though if Linux drastically increases its market share among home users (Linux is already huge in the server market). — Preceding unsigned comment added by 95.147.5.140 (talk) 10:25, 11 August 2019 (UTC)[reply]

Linux already dominates in computing in general, as the majority of cellphones run Linux. The reason Linux malware is rare is because it is mostly ineffective; it is nothing to do with Linux's market share. ClamAV detects any virus in its databases, which includes sigs for Linux viruses. - Ahunt (talk) 17:39, 11 August 2019 (UTC)[reply]

Linux doesn't dominate in computing "in general" at all; for that to be true it would have to dominate in the home market and it doesn't. Linux has a tiny home user share of just a few percent compared to Windows (meaning desktops & laptops, who would count Android phones in these figures?). As for Android phones, they run a modified Linux kernel. Android phones are kinda sorta Linux, but not what most people think of when they think of a desktop or laptop running Linux (which often means GNU/Linux). Android also contains a lot of proprietary Google apps like the Play Store, Gmail, YouTube and Chrome (so Android isn't remotely free/libre), plus there are a lot of things people can't do on an Android phone that they can do on a Linux laptop or desktop (like running ClamAV to name just one). The reason Linux malware is rare is (a) because users have to enter the superuser password to install software, (b) because of regular security updates and (c) because of Linux's tiny home market share. If the situation was reversed and Linux had the market share that Windows does, malware developers would concentrate on the bigger target, which would be Linux. And to infect Linux users' machines the most effective ways of doing that would probably be social engineering/spear phishing (i.e. tricking people to run software as the superuser), malware masquarading as legitimate programs downloaded from websites & PPAs (rather than the repos) and altering software in the repos so they contain malware (installing software considered safe because it's from a reputable source is one of the hardest things to defend against as happened with CCleaner a while back. The biggest challenge there no doubt would be faking checksums but I'm sure someone clever enough could work out how to do it). There are no doubt methods that could be used for privilege escalation too.

As for ClamAV I'd like to know what percentage of its signatures are for Linux malware and what percent for other OSes. Also the section on effectiveness is very out of date. — Preceding unsigned comment added by 95.147.5.140 (talk)

Yeah that is a common myth. Desktop users these days are a tiny fraction of the total number of computers in use. Because Linux dominates in super computers, servers, web servers and is run by many large organizations with infrastructure critical employment, like the ISS, The US Army, US Navy and Nav Canada, it should be a very big target for malware. You explained much of it above, though, it is just quite hardened against malware. It is hard to install and run malware on Linux, so most writers concentrate on easier targets instead. See this and this for more background on that.

I have never seen a breakdown on the ClamAV sig files, but if you can find a ref that does analyze them for virus OS then we can add it to the article. Likewise more recent effectiveness testing results requires references quoting published test results. If you have them we can add them. - Ahunt (talk) 17:42, 12 August 2019 (UTC)[reply]

What exactly is a common myth? You wrote "Desktop users these days are a tiny fraction of the total number of computers in use." That has nothing to do with the fact that most home users use Windows, not Linux. Plus when it comes to non-home users, there are plenty of businesses and industries around the world that use Windows desktops (and laptops), so I'm not sure how accurate your "tiny" statement is.

As for the organisations you mentioned, of course they're a large target for malware. I expect people/nation states are trying to hack them 24/7 regardless of the OS they use.

Some Linux distros are more hardended than others, but for someone to think that using Linux makes him/her unhackable is simply complacent. As for referring to Windows as an easier target, I've heard in a couple of YouTube videos on computer security that exploit kits aren't as effective these days against Windows as they used to be (and users of such kits were complaining about their loss of revenue). I'd say that this is because Windows 10 comes with Defender firewall and anti-malware enabled by default, plus Defender also has anti-exploit features that were adopted from EMET (such as ASLR, SEHOP and heap integrity validation) as well as core isolation. Anti-ransomware can also be turned on in Defender as well as memory integrity (which is part of core isolation). Windows 10 is far more secure than previous versions of Windows and adding uBlock Origin to a browser also provides a very useful layer of defence as well as setting UAC to its highest level (and actually reading any alerts and not just clicking through them to get rid of them).

As for it being hard to run malware on Linux, yes if users aren't duped. But phishing and spear phishing are how a lot of people get infected regardless of the OS they use.

If I find any info relating to which OSes ClamAV covers percentage-wise and any up-to-date info relating to effectiveness, then I'll add it here. — Preceding unsigned comment added by 95.147.5.140 (talk) 22:16, 12 August 2019 (UTC)[reply]

Great. - Ahunt (talk) 22:21, 12 August 2019 (UTC)[reply]

Now that Mac OS Ten is a Unix certified OS, maybe the lead paragraph should mention Unix and Unix-like ... --Click me! 22:22, 9 August 2007 (UTC)[reply]

Given that all Unix-certified systems (certified, BTW, by The Open Group, not SCO) are Unix-like systems, "Unix-like" suffices. (OS X isn't the first SUSv3-certified system to run ClamAV - Solaris binaries are also available, for example.) Guy Harris 06:03, 15 August 2007 (UTC)[reply]

I've started an article, Sourcefire, Inc, for the company that develops the Snort and ClamAV free software packages. Contributions very welcome. --Gronky 09:38, 23 October 2007 (UTC)[reply]

Wikipedia editors who use ClamAV may want to add this userbox to their user page:

Code	Result	What links here
{{User:Ahunt/Clam}}	This user uses the open source ClamWin, ClamTk or ClamAV virus scanner.	Usage

- Ahunt (talk) 20:53, 3 March 2008 (UTC)[reply]

Has there been any word on whether any version of Clam is vulnerable to the anti-antivirus archive file attack that was just published affecting some 40 vendors? See [2]. Ham Pastrami (talk) 00:20, 19 March 2008 (UTC)[reply]

No idea. Perhaps that's something you should ask their developers? ~~ [Jam]^[talk] 09:38, 19 March 2008 (UTC)[reply]

Just to let you know. The purpose of selecting an article is both to point readers to the article and to highlight it to potential contributors. It will remain on the portal for a week or so. The previous selected article was Amarok - some mature software for organising music files.

For other interesting free software articles, you can take a look at the archive of PF's selectees. --Gronky (talk) 23:03, 19 March 2008 (UTC)[reply]

The portal selectee has moved on and is now Frets on Fire - a game like Guitar Hero. FoF is also involved in software patent controversy after discussions of it's removal from Fedora (GNU/Linux distribution). --Gronky (talk) 12:13, 25 March 2008 (UTC)[reply]

It appears that Immunet Protect is being used by "ClamAV for Windows" (http://www.clamav.net/lang/en/about/win32/) as announced by the Immunet site (http://immunet.com/pressreleases?id=13). However, the http://www.clamwin.com/ site has the "new" 0.96 version which is all very confusing... If someone can make sense of this, it would probably be worthwhile to update the appropriate subset of these articles: (Clam AntiVirus), ClamWin, and Immunet Protect. Royanee (talk) 19:02, 14 April 2010 (UTC)[reply]

User:Jerome Charles Potts tagged this section as out of date. I would be happy to update it, do you have any references? - Ahunt (talk) 12:53, 9 February 2011 (UTC)[reply]

I added a short section about unofficial databases for ClamAV. There are various organizations involved in this activity, some of which I mentioned. I left a red link for Sanesecurity (with a note referencing the link found in the Debian package). I feel most of those people and organizations don't meet Wikipedia:Notability. They themselves don't recount who they are and why they are committed to such activity. Yet, they are many and their activity is noteworthy as such, besides being important for our security.

This topic would certainly deserve its own space if there were multiple free antivirus. Since ClamAV is the only one package of its kind (another unusual case), perhaps it can stay in that section, for the time being. But some expansion is needed. ale (talk) 08:21, 3 September 2014 (UTC)[reply]

Hello fellow Wikipedians,

I have just added archive links to one external link on Clam AntiVirus. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

• Added archive http://web.archive.org/web/20110610213539/https://addons.mozilla.org/en-US/firefox/addon/clamwin-antivirus-glue-for-fir/ to https://addons.mozilla.org/en-US/firefox/addon/clamwin-antivirus-glue-for-fir/

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

Y An editor has reviewed this edit and fixed any errors that were found.

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 17:55, 28 February 2016 (UTC)[reply]

- Ahunt (talk) 21:14, 28 February 2016 (UTC)[reply]

Is there any reason not to delete the effectiveness comparison from 2008? — Preceding unsigned comment added by 75.73.1.89 (talk) 09:15, 3 November 2016 (UTC)[reply]

Yes, because Wikipedia gives the history of subjects, we don't delete old information, just put it in historical context. - Ahunt (talk) 19:02, 3 November 2016 (UTC)[reply]

Hello fellow Wikipedians,

I have just modified one external link on Clam AntiVirus. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20071215031743/http://www.clamav.org/2007/08/17/sourcefire-acquires-clamav/ to http://www.clamav.org/2007/08/17/sourcefire-acquires-clamav/

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

Y An editor has reviewed this edit and fixed any errors that were found.

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 07:44, 11 November 2016 (UTC)[reply]

- Ahunt (talk) 14:34, 11 November 2016 (UTC)[reply]

Hello fellow Wikipedians,

I have just modified one external link on Clam AntiVirus. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20130717143626/http://www.sourcefire.com/ to http://www.sourcefire.com/

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 18:27, 8 August 2017 (UTC)[reply]

The following Wikimedia Commons file used on this page or its Wikidata item has been nominated for deletion:

• ClamWin on Windows XP.png

Participate in the deletion discussion at the nomination page. —Community Tech bot (talk) 05:37, 12 September 2022 (UTC)[reply]