ClamAV is a free, open source antivirus. The program can detect viruses, trojans, and malware. One of ClamAV’s most popular applications is scanning emails on mail gateways and checking the attachment file in real-time. ClamAV antivirus databases are constantly updated. The program supports the search for viruses in archives (in compressed files). ClamAV antivirus is managed through the command line. Although it is free, it is quite limited in its features. Our review is needed to clear things out and to understand whether ClamAV is the best antivirus for Linux operating system.
Is ClamAV Any Good?
ClamAV stands somewhat apart in the company of other Linux antivirus solutions. It is a free GPL licensed product available for all major operating systems. The right question is how effective this antivirus is. In this review, we will try to figure out what is good and bad about the open source antivirus and whether it can help you protect your data in 2020.
An important point to clarify right away: ClamAV is not the best antivirus for protecting workstations; its main purpose is to work on mail gateways, which leaves a certain imprint on the product characteristics and its capacities. At the same time, there are desktop versions of the antivirus and even commercial products that use its solutions as parts of their products. In this review, we will pinpoint highlights of the antivirus within its functionality. Does it handle its main purpose of which is securing mail gateways well? Is it enough to have the only ClamAV antivirus on Linux operating system? Do you need a separate antivirus for such a narrow purpose?
ClamAV Pros and Cons
Although open source ClamAV is not typical antivirus software, it has its pros, which keep it relevant even in 2020. Nonetheless, it has weak spots, which makes it weaker compared to commercial security products.
- Compatible with main operating systems (Windows, Linux, or macOS, etc.)
- Open-source database (non-commercial project)
- Mail gateway scan is the main feature of the antivirus
- Multi-threaded virtual scanner against malware
- The utility command-line allows easy navigation
- This antivirus is free, with no conditions or billing details
- Narrow functionality – focuses on mail gateway protection
- No support service
- User interface is not quite intuitive
Highlights of ClamAV
- The first thing that attracts attention is the high scanning speed, perhaps the highest among the antiviruses we know. Considering that the main purpose of ClamAV antivirus program is scanning mail traffic on gateways, it becomes clear that speed is at the forefront, possibly even at the expense of efficiency, which is confirmed by the results.
- The Linux version of ClamAV identifies a little more than half of the proposed set; the Windows version unexpectedly shows a noticeably worse result.
- Although the free and open source ClamAV proves to be much better than Microsoft Security, its effectiveness is clearly not enough to protect workstations. However, it is not promised by the developers.
- Considering that the main use of ClamAV is gateways and this is the first line of antivirus protection of the infrastructure, the result is very, very good, given the possibility of scanning traffic (and not just email). Indeed, 50% of viruses eliminated in the first stage are many times fewer virus incidents on your network. Of course, but what we have, we have. In any case, we see no reason to abandon ClamAV as solutions for gateways and replace it with commercial solutions. High speed and free make ClamAV a good choice for small and medium networks.
Features of ClamAV
Command bar management
Designed to manage the operations in the antivirus, it gives you quick access to all the functions and commands in the antivirus command line. You can set the program or run a check with the management section.
Mail servers integration
You can use the antivirus with mail servers, including the implementation of the milter-interface for Sendmail. You can integrate it into the mail server you use and check its security any time you need it.
C library scanner
The collection of programs or objects used to develop the antivirus is written in the C language. You can access it in case you need it. It is not an interesting feature for a commonplace user, but it is quite useful for experts.
Real-time scanning files and mail
All the files that go through your email server are instantly scanned for viruses and threats. It is one of the strongest sides of the antivirus. It secures the gateway through which you receive file and data online.
Updated virus database
The antivirus can detect over 850,000 viruses. They include various types of malware, like worms, trojans, phishing messages, and other threats that can originate from your mailbox or mail server. The database is continuously updated.
Reliability and Security
The official website of ClamAV antivirus software contains a link to Immunet, a commercial product based on ClamAV, and designed to protect workstations running on Windows. This product offers three antivirus engines for use: ClamAV, TETRA, and a cloud-based engine based on ClamAV, which requires an Internet connection. There is also a free version in which only ClamAV and the cloud engine are available.
The cloud engine can be combined with two others; the joint use of ClamAV and TETRA is not recommended. The antivirus engine in the cloud is a rather unusual, but quite expected step; all leading antivirus vendors offer cloud solutions. In addition to the downfalls, in the form of a mandatory Internet connection, this approach has several advantages: the software is always up-to-date base, it runs on a high speed of response to new threats.
The latest tests of ClamAV on AV-Comparatives date back to 2015, so we need to conduct our tests. We tested each engine separately and bundles of offline and cloud engines; as a result, the following results were obtained:
The cloud engine showed a higher result than ClamWin, but still very low for a desktop antivirus. In addition, the requirement of a constant Internet connection allows you to use this engine only as an additional one.
ClamAV showed a better result, but it is also insufficient for an application to protect workstations. In combination with the cloud, a slightly higher result was obtained, but it was still insufficient for a desktop product.
Dynamic virus database
ClamAV uses cloud technology to maintain the relevance of protection against the latest malware, in particular against viruses, spyware, bots, worms, trojans, and keyloggers in your mail. You don’t have to worry about downloading signature updates to your computer.
Collective protection mechanisms help to maintain a high level of threat detection for all users. If Immunet detects a new threat on the computer of one of the users, it will be instantly blocked on the machines of other community members.
Flexible and lightweight
ClamAV requires little space to operate, which is 35 times less than necessary for a traditional antivirus and has virtually no effect on computer performance. Besides, ClamAV is compatible with any stationary antivirus protection and provides an additional level of security.
ClamAV provides lightning-fast malware protection that does not affect PC performance. No longer need to download virus definitions, and the open-source database maintains the relevance of protection.
ClamAV is designed to adapt easily to new mail threats with its unique signature automation technology.
Ease of Use
Regarding the poly-functionality of the antivirus programs, it is quite easy to use. You can access scanning and setting in no time. However, if you face complications with the way ClamAV scanner works, you will have to study many manuals or forums, as it will not be possible to contact the support team of the antivirus. The interface of the antivirus is minimalistic. It displays functions, features, and settings of the antivirus. However, a proficient PC user may feel more comfortable with using the program. Nonetheless, the antivirus lets you know if there is a malicious attack or threat in your mail, and the program presents you with the clear options you can take with the threat.
Pricing and Packages
There are no options in packages, as the antivirus is open-source and free of charge. It is a non-commercial product. All you need to get ClamAV is download it from the official website and install it on your computer following the instructions.
ClamAV during our testing showed very mixed results, in comparison to other antivirus programs. On the one hand, high speed with an average level of detection makes it the right solution for gateways, taking into account free of charge. On the other hand, the result is not enough to protect workstations, and Immunet 3.0 demonstrated this very well. Therefore, we do not recommend using ClamAV to protect user PCs, but at the same time, we see no reason to refuse it on gateways and Linux servers as the first line of antivirus protection.