docs.clamav.net
Open in
urlscan Pro
2606:4700::6810:db54
Public Scan
Submitted URL: http://docs.clamav.net/
Effective URL: https://docs.clamav.net/
Submission: On April 06 via api from US — Scanned from DE
Effective URL: https://docs.clamav.net/
Submission: On April 06 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>Text Content
1. 1. Introduction
2. 2. Installing
3. 1. 2.1. Packages
2. 2.2. Docker
3. 2.3. Unix from source (v0.104+)
4. 2.4. Unix from source (v0.103-)
5. 2.5. Windows from source
6. 2.6. Community Projects
7. 2.7. Add a service user account
4. 3. Usage
5. 1. 3.1. Configuration
2. 3.2. Updating Signature Databases
3. 3.3. Scanning
4. 1. 3.3.1. On-Access Scanning
5. 3.4. Running ClamAV Services
6. 3.5. Report a Bug
6. 4. Signatures
7. 1. 4.1. CVD Info File
2. 4.2. Dynamic Configuration Settings
3. 4.3. Trusted and Revoked EXE Certificates
4. 4.4. File Type Recognition
5. 4.5. Allow Lists
6. 4.6. Hash-based Signatures
7. 4.7. Content-based Signature Format
8. 1. 4.7.1. Logical Signatures
2. 4.7.2. Extended Signatures
9. 4.8. YARA Rules
10. 4.9. Phishing Signatures
11. 4.10. Bytecode Signatures
12. 4.11. Container Metadata Signatures
13. 4.12. Archive Passwords (experimental)
14. 4.13. Signature Names
8. 5. For Developers
9. 1. 5.1. Pull Request Basics
2. 5.2. ClamAV Git Work Flow
3. 5.3. Working with Your Fork
4. 5.4. Reviewing Pull Requests
5. 5.5. Building for Development
6. 5.6. Building the Installer Packages
7. 5.7. Dev Tips & Tricks
8. 5.8. Performance Profiling
9. 5.9. Computing Code Coverage
10. 5.10. Fuzzing Sanitizers
11. 5.11. libclamav
12. 5.12. Contribute
10. 6. Frequently Asked Questions
11. 1. 6.1. Selecting the Right Version of ClamAV for You
2. 6.2. FreshClam (Signature Updater)
3. 6.3. Signature Database (CVD)
4. 6.4. Malware and False Positive Report
5. 6.5. Misc
6. 6.6. Mailing Lists
7. 6.7. Safe Browsing
8. 6.8. Troubleshooting
9. 6.9. Interpreting Scan Alerts
10. 6.10. Upgrading
11. 6.11. Rust
12. 6.12. Win32
13. 6.13. PUA (Potentially Unwanted Application)
14. 6.14. Ignore
15. 6.15. Uninstall
16. 6.16. ClamAV EOL Policy
17.
12. 7. Community Resources
13.
14. 8. Appendix
15. 1. 8.1. Terminology
2. 8.2. Hosting a Private Database Mirror
3. 8.3. Microsoft Authenticode Signature Verification
4. 8.4. ClamAV File Types and Target Types
5. 8.5. ClamAV Versions and Functionality Levels
* Dark
* Light
CLAMAV DOCUMENTATION
CLAMAV
ClamAV is an open source (GPLv2) anti-virus toolkit, designed especially for
e-mail scanning on mail gateways. It provides a number of utilities including a
flexible and scalable multi-threaded daemon, a command line scanner and advanced
tool for automatic database updates. The core of the package is an anti-virus
engine available in a form of shared library.
> Tip: ClamAV is not a traditional anti-virus or endpoint security suite. For a
> fully featured modern endpoint security suite, check out Cisco Secure
> Endpoint. See "related products", below, for more details.
ClamAV is brought to you by Cisco Systems, Inc.
COMMUNITY PROJECTS
ClamAV has a diverse ecosystem of community projects, products, and other tools
that either depend on ClamAV to provide malware detection capabilities or
supplement ClamAV with new features such as improved support for 3rd party
signature databases, graphical user interfaces (GUI), and more.
FEATURES
* ClamAV is designed to scan files quickly.
* Real time protection (Linux only). The ClamOnAcc client for the ClamD
scanning daemon provides on-access scanning on modern versions of Linux. This
includes an optional capability to block file access until a file has been
scanned (on-access prevention).
* ClamAV detects millions of viruses, worms, trojans, and other malware,
including Microsoft Office macro viruses, mobile malware, and other threats.
* ClamAV's bytecode signature runtime, powered by either LLVM or our custom
bytecode interpreter, allows the ClamAV signature writers to create and
distribute very complex detection routines and remotely enhance the scanner’s
functionality.
* Signed signature databases ensure that ClamAV will only execute trusted
signature definitions.
* ClamAV scans within archives and compressed files but also protects against
archive bombs. Built-in archive extraction capabilities include:
* Zip (including SFX, excluding some newer or more complex extensions)
* RAR (including SFX, most versions)
* 7Zip
* ARJ (including SFX)
* Tar
* CPIO
* Gzip
* Bzip2
* DMG
* IMG
* ISO 9660
* PKG
* HFS+ partition
* HFSX partition
* APM disk image
* GPT disk image
* MBR disk image
* XAR
* XZ
* Microsoft OLE2 (Office documments)
* Microsoft OOXML (Office documments)
* Microsoft Cabinet Files (including SFX)
* Microsoft CHM (Compiled HTML)
* Microsoft SZDD compression format
* HWP (Hangul Word Processor documents)
* BinHex
* SIS (SymbianOS packages)
* AutoIt
* InstallShield
* ESTsoft EGG
* Supports Windows executable file parsing, also known as Portable Executables
(PE) both 32/64-bit, including PE files that are compressed or obfuscated
with:
* AsPack
* UPX
* FSG
* Petite
* PeSpin
* NsPack
* wwpack32
* MEW
* Upack
* Y0da Cryptor
* Supports ELF and Mach-O files (both 32 and 64-bit)
* Supports almost all mail file formats
* Support for other special files/formats includes:
* HTML
* RTF
* PDF
* Files encrypted with CryptFF and ScrEnc
* uuencode
* TNEF (winmail.dat)
* Advanced database updater with support for scripted updates, digital
signatures and DNS based database version queries
> Disclaimer: Many of the above file formats continue to evolve. Executable
> packing and obfuscation tools in particular are constantly changing. We cannot
> guarantee that we can unpack or extract every version or variant of the listed
> formats.
LICENSE
ClamAV is licensed under the GNU General Public License, Version 2.
SUPPORTED PLATFORMS
Clam AntiVirus is highly cross-platform. The development team cannot test every
OS, so we have chosen to test ClamAV using the two most recent Long Term Support
(LTS) versions of each of the most popular desktop operating systems. Our
regularly tested operating systems include:
* GNU/Linux
* Alpine
* 3.17 (x86_64)
* Ubuntu
* 18.04 (x86_64, i386)
* 20.04 (x86_64)
* Debian
* 10 (x86_64, i386)
* 11 (x86_64, i386)
* CentOS
* 7 (x86_64, i386)
* Fedora
* 31 (x86_64)
* 33 (x86_64)
* openSUSE
* 15 Leap (x86_64)
* UNIX
* FreeBSD
* 12 (x86_64)
* 13 (x86_64)
* macOS
* 10.13 High Sierra (Intel x86_64)
* 10.15 Catalina (Intel x86_64)
* 11.5 Big Sur (Intel x86_64, arm64 Apple M1)
* Windows
* 7 (x86_64, i386)
* 10 (x86_64, i386)
> Disclaimer: Platforms and operating systems other than the ones above are not
> as well tested by the ClamAV development team. In particular, uncommon
> operating systems such as HP-UX and Solaris, and uncommon processor
> architectures such as sparc64, armhf, pp64le, etc. are not supported.
>
> You are welcome to report bugs and contribute bug fixes for unsupported
> platforms. We may be unable to verify that a platform-specific bug-fix is
> resolves an issue. But provided that a contributed fix appears technically
> sound, and does not cause other issues, we will be happy to merge it.
RECOMMENDED SYSTEM REQUIREMENTS
The following minimum recommended system requirements are for using ClamScan or
ClamD applications with the standard ClamAV signature database provided by
Cisco.
Minimum recommended RAM for ClamAV:
* FreeBSD and Linux server edition: 3 GiB+
* Linux non-server edition: 3 GiB+
* Windows 7 & 10 32-bit: 3 GiB+
* Windows 7 & 10 64-bit: 3 GiB+
* macOS: 3 GiB+
> Tip: Server environments, like Docker, as well as and embedded runtime
> environments are often resource constrained. We recommend at 3-4 GiB of RAM,
> but you may get by with less if you're willing to accept some limitations. You
> can find more information here.
Minimum recommended CPU for ClamAV:
* 1 CPU at 2.0 Ghz+
Minimum available hard disk space required:
For the ClamAV application we recommend having 5 GiB of free space available.
This recommendation is in addition to the recommended disk space for each OS.
> Note: The tests to determine these minimum requirements were performed on
> systems that were not running other applications. If other applications are
> being run on the system, additional resources will be required in addition to
> our recommended minimums.
MAILING LISTS AND CHAT
MAILING LISTS
If you have a trouble installing or using ClamAV try asking on our mailing
lists. There are four lists available:
* clamav-announce (at) lists.clamav.net
* info about new versions, moderated.
* Subscribers are not allowed to post to this mailing list.
* clamav-users (at) lists.clamav.net
* user questions
* clamav-devel (at) lists.clamav.net
* technical discussions
* clamav-virusdb (at) lists.clamav.net
* database update announcements, moderated
You can subscribe and search the mailing list archives here.
To unsubscribe: Use the same form page that you used when you subscribed. Search
at the bottom for "unsubscribe".
IMPORTANT: When you subscribe or unsubscribe, you will receive a confirmation
email with a link that you must click on or else no action will occur. If you
did not receive the confirmation email, check your spam folder.
CHAT
You can join the community on our ClamAV Discord chat server.
SUBMITTING NEW OR OTHERWISE UNDETECTED MALWARE
If you've got a virus which is not detected by the current version of ClamAV
using the latest signature databases, please submit the sample for review at our
website:
https://www.clamav.net/reports/malware
Likewise, if you have a benign file that is flagging as a virus and you wish to
report a False Positive, please submit the sample for review at our website:
https://www.clamav.net/reports/fp
If you have questions about the submission process, please read the Malware and
False Positive Report FAQ
How long does it take for a signature change after submitting new malware or
submitting a false positive report?
> In most cases, it takes at least 48 hours from initial submission before any
> change will be published in the official ClamAV signature databases.
Who analyzes malware and false positive file uploads?
> Given the volume of submissions, the vast majority of files are handled by
> automation.
Who has access to the uploaded files?
> All engineers and analysts within Cisco's Talos organization have access to
> the files.
Are malware or false positive file uploads shared with other companies?
> No. Files that are submitted for review through the ClamAV Malware and False
> Positive web forms (or the clamsubmit tool), are not shared outside of Cisco.
> However, sample sharing is fair game if we've already received the same file
> from a different source (VirusTotal, Cisco SMA, various feeds, etc.).
Are the files deleted after the analysis?
> No. Uploaded files are kept indefinitely.
Is the file accessible using a public URL at any point in this process?
> No. Uploaded files are not accessible using a public URL. They are processed
> internally and kept internal to Cisco Talos.
RELATED PRODUCTS
Cisco Secure Endpoint (formerly AMP for Endpoints) is Cisco's cloud-based
security suite for commercial and enterprise customers. Secure Endpoint is
available for Windows, Linux, and macOS and provides superior malware detection
capabilities, behavioral monitoring, dynamic file analysis, endpoint isolation,
analytics, and threat hunting. Secure Endpoint sports a modern administrative
web interface (dashboard).