SourceForge Q&A: Open-Source Antivirus Engine


SourceForge’s February “Community Choice” Project of the Month is ClamAntiVirus, a GPL antivirus toolkit for UNIX that integrates with mail servers. The ClamAV team sat down with SourceForge’s editors to share their thoughts about the project’s history, purpose, and direction.

Check out the latest open source development jobs.

Tell me about the ClamAV project, please.

ClamAV is an open source (GPL) anti-virus engine used in a variety of situations including email scanning, Web scanning, and end point security. It provides a number of utilities, including a flexible and scalable multi-threaded daemon, a command line scanner, and an advanced tool for automatic database updates.

What made you start this?

ClamAV began in 2001 after the original author of ClamAV discovered an open-source antivirus product entitled OpenAntiVirus. However, that project was written in Java, lacked a command line scanner, and automatic updates. So ClamAV began. The project was purchased by Sourcefire in 2007 and lives on today as part of Cisco.

Has the original vision been achieved?

Yes. The original vision was to make an open-source antivirus that was simple to use and had an open detection language. This has been achieved, and over the years many more features have been added as the code base has been expanded. ClamAV is now the largest free antivirus and email gateway malware scanner in the world.

Who can benefit the most from your project?

Users of almost any operating system can use ClamAV to protect their files and detect any malicious content; however, ClamAV is mostly used as a mail gateway scanner.

What is the need for this Open Source antivirus engine?

ClamAV allows anyone to write detection for malicious files. This allows local installations to target malware or files specific to their environment without sharing that information with the rest of world. The reverse is also true. [By] allowing the code and signature base to be open source, we receive a ton of contributions of detection that users give to us for distribution to the world.

What’s the best way to get the most out of using ClamAV?

Download, install, and run it. It’s antivirus, so protecting yourself against modern malware is crucial.

What has your project team done to help build and nurture your community?

Once an Open Source project becomes mature and contributions to the main code base slow down, encouragement to contribute to a different part of the code base is vital. In our case we encouraged people to submit community-based malware signatures. This is where the majority of contributions to the project take place now. We still accept and receive bug reports and security bugs from the community.

Have you all found that more frequent releases helps build up your community of users?

Frequent releases are important to maintain interest; however, people value quality, as well. The size of your user base will grow with stable releases. The amount of people that use “frequent” test releases will always be a subset of your user base.

What is the next big thing for ClamAV?

One of the big things we are working on currently is support for other major malware languages. We are hoping this increases our usage and people using the project to submit detection back to us.

How long do you think that will take?

We are still planning our next release, which will have this feature. 

Do you have the resources you need to make that happen?


If you had it to do over again, what would you do differently for ClamAV?

Make the Website simpler.


We recently performed a redesign of the Website and and our downloads increased by about 600 installs a day!

Upload Your ResumeEmployers want candidates like you. Upload your resume. Show them you’re awesome.

Related Articles

Image: ClamAV