Friday, June 22, 2012

Earlier this week we announced a new chapter for ClamAV with the departure of Tomasz Kojm, Alberto Wu, Luca Gibelli and Edwin Török. While we are sad to see them go, we are grateful for the contributions they have made and are committed to carrying on the project with the community in mind.

As Tomasz mentioned in his own email, ClamAV just had its 10th birthday. Over the years we've been able to integrate ClamAV into our own product suite and it is now used by millions of mail filters, operating systems and millions of file scans per day. It's big, and we want it to be even bigger, with open source commitment at its core.

So, now that we've begun this new chapter, I’d like to introduce you to some new members of the ClamAV team. These folks might be new to ClamAV, but they have been with the Sourcefire Vulnerability Research Team (VRT) for quite some time, and all have worked on other open source projects. Without further ado, they are:

Matthew Olney is the project development lead for ClamAV and lead architect for the Razorback framework. Pulling from his experience as a network and security engineer, he’s also a detection specialist for Snort and a frequent contributor of signatures to the ClamAV engine itself.

Ryan Pentney is the lead bytecode engine developer for ClamAV; a perfect complement to his role as lead developer for file format detection for the Razorback framework. He also is a contributor to both the Snort and ClamAV engines.

Tom Judge has a strong background in systems and security operations. He is a FreeBSD committer, a lead developer for the Razorback framework and a long-time user of ClamAV. On the ClamAV development team, he concentrates on FireAMP integration, virtual machine interfacing and freshclam development.

David Raynor is the core engine developer for ClamAV. He was a developer of a major scalable security system for the United States Department of Homeland Security before coming to Sourcefire.

Nigel Houghton has been with Sourcefire as the lead of the Department of Intelligence Excellence for almost 10 years. Nigel has vast knowledge of programming, operating systems, administration, and security. His team is responsible for the ClamAV supporting infrastructure as well as releasing signature updates.

As I mentioned, all of the above are members of the VRT, led by Matt Watchinski, who has overseen the ClamAV project since Sourcefire acquired it in 2007. We remain committed to continuing the open source nature of the project, pushing the growth of the project even farther.

As always, you can reach us on the ClamAV Mailing lists found here: We look forward to hearing your ideas and feedback. Thanks for using ClamAV and we look forward to working with you.

Joel Esler
Open Source Community Manager
Senior Research Engineer, VRT

Tuesday, June 19, 2012

Earlier today, Tomasz Kojm sent an email to the ClamAV mailing list on behalf of himself and three of his teammates - Alberto Wu, Luca Gibelli, Edwin Török. As he wrote in his email, since they joined us via acquisition in 2007, we’ve been able to work together on some great projects. And now, as we celebrate the 10-year anniversary of ClamAV, the team has decided to move onto new development projects outside of Sourcefire. From his email:
“ is time for us to make a change. ClamAV is now mature software and we are confident that Sourcefire will successfully continue its development, move it forward and maintain the integrity of its infrastructure.”
And mature it has. Today the solution has more than 2 million active installations and scans hundreds of millions of files every day. I am incredibly proud of the leadership of Tomasz and the tenacity of his team in all of these development projects. While I am remiss to see them go, I am excited and looking forward to what they come up with next.

Now, what does this mean for you, our ClamAV users and community? The good news is that I will continue to oversee the development project, as I have done since our acquisition of the company in 2007.  Joel Esler, our Open Source community manager, will still be your main point of contact. I do want you to be aware of a few changes to come:
  • ClamAV source package signing. The signing key will no longer be It will be This is the main VRT GPG key, and has been signed by 
  • New faces 
    • Matt Olney
    • David Raynor
    • Tom Judge
    • Nigel Houghton
  • 0.97.5 New Release

If you need to reach us for any reason, email In the meantime, please join me in expressing thanks to Tomasz, Alberto, Luca and Edwin for all of their contributions to the ClamAV project.

Friday, June 15, 2012

Just released is version 0.97.5 of ClamAV.  Below is the changelog:

Fri Jun 1 13:15:50 EST 2012 (dar)
 * libclamav: Scan output at end of truncated tar (bb#4625) 

Wed May 30 17:27:00 EST 2012 (dar)
 * libclamav: Fix handling of tar file with malformed header

Fri May 25 13:05:40 EST 2012 (dar)
 * libclamav: Scan chm with invalid handling (bb#4626)

Thu May 10 15:45:56 CEST 2012 (tk)
 * freshclam: give custom dbs higher priority during update

Tue May  8 15:31:51 CEST 2012 (acab)
 * libclamav: detect read races and abort the scan with an error

Tue Apr 10 17:04:20 CEST 2012 (tk)
 * libclamav/pe.c: drop old header check (bb#4699)

We are currently experiencing some problems updating our freshmeat account, however, in the meantime ClamAV, as always, is available from