ClamAV earns an official Windows makeover
by Steve Ragan - Mar 3 2010, 16:15RSA Conference 2010 – On Tuesday, Immunet announced that they have teamed with Sourcefire to layer their cloud-based offerings into a new version of ClamAV for Windows.
ClamAV on the Windows platform has been around for a while, thanks to ClamAV being an Open Source project, and remaining so even after it was acquired by Sourcefire, whom many know because of SNORT.
Now, there are two versions of ClamAV for use on Windows. The oldest maintained by ClamWin Pty Ltd., which is a spinoff from the original ClamAV project called ClamWin, and an official version supported by Immunet and distributed by Sourcefire.
The two versions of ClamAV for Windows are completely different with regards to the GUI. The Sourcefire version uses a design similar to Immunet’s own, as seen in Immunet Protect. Another difference between the two is that the official ClamAV for Windows from Sourcefire augments the basic signature database with the detections from Immunet, which reside in the cloud. However, ClamWin could benefit with this, as you can download detection databases manually.
Sourcefire explains the detection parity in the new ClamAV for Windows by noting that they continually update Immunet’s database with their detected samples and false positives. Likewise Immunet sends its own data to Sourcefire. In short, detections from either side will be made available to the others.
However, there is a catch. “Immunet’s On Access (when you open, copy, etc a file) file monitor only deals with PE files in this initial version. This means that files like PDF’s or Documents that ClamAV would normally detect won’t be scanned by this initial version,” notes Sourcefire’s documentation.
However, the next version of ClamAV for Windows, version 0.96, is expected to include offline scanning by adding the ClamAV engine locally, resolving the parity issues. For those using the *Nix (UNIX or Linux) version of ClamAV, Sourcefire expects to use Immunet’s technologies in future developments as well.
If you’re curious, Sourcefire also noted that the development of a Windows version will not impact the status of the ClamAV source code. It will remain Open Source. “Everything stays GPL period.”
ClamAV is one of the most commonly used Open Source security offerings online. Sourcefire notes that over two million gateway devices are downloading ClamAV updates daily from 121 mirror servers located in 43 countries. In addition, the ClamAV team and user community deliver daily updates to the ever-growing Malware database of over 700,000 signatures.
More information is here: http://www.clamav.net/about/win32/
If you’re interested, ClamWin can be located here: http://www.clamwin.com/
Comment on this Story