ClamAV clamps down on e-mail security

One Blaster worm can ruin your whole day -- but Clam AntiVirus is free, fast, and can save the day.

Clam AntiVirus is an antivirus toolkit for Unix, specializing in email scanning on mail gateways. Product features include a multi-threaded daemon, command-line scanner and automatic virus database updates. ClamAV detects more than 116,000 viruses, worms and Trojans, including Microsoft Office macro viruses and mobile malware.

When a new worm spreads, the development team usually releases a database update in less than an hour. Users can develop their own signatures, and submit them -- or suspect files -- to the developers. Updates work either in an interactive mode (on demand from the command line) or as a daemon (updating silently in the background). All virus updates are digitally signed to validate proof of authenticity.

For more Information: SearchSecurity.com's Intrusion Defense School puts the pieces of intrusion defense in perspective to help you implement a successful strategy against attacks. In this Messaging Security School lesson, security expert Mike Rothman discusses the growing threat of email messaging attacks. Application security expert Michael Cobb, discusses how to properly perform an email scan.

Clam AntiVirus is capable of scanning files and directories, including recursive directories. Its multi-threaded execution makes use of the numerous CPU processors found in most contemporary machines. ClamAV also protects against malware hidden within archives by scanning inside compressed files. ClamAV supports ZIP, RAR, SFX, TAR, GZIP, MS cabinet (CAB) files, CHM (compiled HTML), BinHex and more. The product is also capable of examining several special file formats, including HTML, RTF, PDF, uuencode, TNEF (winmail.dat) and JPEG files looking for hidden exploits.

In addition to scanning files and folders, Clam AntiVirus scans data streams for viruses that may attempt to traverse the network. ClamAV is also extensible and supports added functionality via third-party add-on modules, such as the phishing module that blocks SSL mismatches in URLs to prevent users from being redirected to phony look-alike identity-theft sites. SpamAssassin users may appreciate the third-party plug-in for SpamAssassin, which calls ClamAV and adds a score based on the result of ClamAV's scan.

Clam AntiVirus is an active open source project licensed under the the General Public License (GNU). Most popular Unix-based operating systems are supported, including Linux, Solaris, BSD and Mac OS X. There is also a ClamAV Windows port offered at w32.clamav.net. ClamAV excels at flagging malware, though falls short in its ability to auto-block active threats. Nonetheless Clam AntiVirus is a worthy arrow in your security quiver.

About the author:
Scott Sidel is an ISSO with Lockheed Martin.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Open Source Security Tools Free security tool helps track down bots Screencasts: On-screen demonstrations of today's IT tools FISMA compliance made easier with OpenFISMA Wireshark tutorial: How to sniff network traffic Screencast: How to use Nipper to create network security reports Sun launches open source OpenSSO for identity management What reporting tools are available for an enterprise IDS? Positive changes coming to ModSecurity Analysis tool uses Intel virtualization to hide from malware Can IBM's SMash technology secure Web applications? Email Security Appliances Trend Micro joins growing email encryption market Code Green enters consolidated DLP Market Small email security vendors thrive in saturated market Tumbleweed merger seen as a negative for email security customers Companies still monitoring email manually, survey finds Trend Micro aims Message Archiver at midmarket Are challenge-response technologies the best way to stop spam? Most antispam technologies get failing grade Security vendor Postini acquired by Google How vulnerable are document scanners and other 'scan to email' appliances? Scott Sidel's Downloads Review system event logs with Splunk FISMA compliance made easier with OpenFISMA Ophcrack: Password cracking made easy Nipper audits routers, reveals insecure settings Enigmail: Wrapping email in a digital security blanket Secure file copying with WinSCP FreeRADIUS: Acing a secure connection Spiceworks: Free network monitoring and management with a little zest VirusTotal: On-demand antivirus service scans malicious files Shining a spotlight on rootkits RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Back Orifice  (SearchSecurity.com) Blowfish  (SearchSecurity.com) Kermit  (SearchSecurity.com) Open Source Hardening Project  (SearchSecurity.com) Snort  (SearchSecurity.com) SnortSnarf  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.