Monday, May 9, 2022

Celebrating 20 years of ClamAV



ClamAV has come a long way from being the reason a small Polish college was the target of a distributed denial-of-service attack. Today, 20 years after our first release, we’re proud that ClamAV is instead known for preventing these types of attacks on thousands of devices around the world. 

After many releases, updates, bugs and late nights from our developers, ClamAV is proud to celebrate its 20th anniversary this week. We’re celebrating by inching closer to the long-anticipated 1.0 release and continuing to test our release candidate for 0.105.0. 

Tomasz Kojm, the original creator of ClamAV, released the first 0.10 version of the open-source anti-virus engine on May 8, 2002, with the goal of making the internet safer at large and helping users filter out spam from their email inboxes. At the time, he was hosting the virus databases on his college and previous high school’s servers in Poland. Unfortunately, this led to a DoS condition on these pages because it was so popular, which Kojm told us via email he wishes he could have avoided. But if nothing else, this at least was an important lesson for Kojm and his co-creators to build off. 

“It only took a few weeks for me to become ‘that guy who kills the internet,’” he joked. 

Kojm had planned on calling it TurtleAV, but eventually went with ClamAV so the name better suited the software’s functions. 

“[It] not only sounded better performance-wise but also on the efficacy side, as clams are very efficient filter feeds and can effectively clean and even immediately detect any contamination,” he said.  

Kojm set out to create a solution that was easy for the public to pick up and use on first release, hence why 0.10.0 was the first public release. The public release came with a patch for Amavis — at the time, it was the most popular content filter for virus scanners — and the virus database update tool we still use today, FreshClam.  

ClamAV was an immediate hit. Kojm said he received many software patches and more than 50 emails just a few hours after the launch announcement. 

Over the years, ClamAV has gone through many forms, eventually coming under the Sourcefire umbrella and then becoming part of Cisco Talos as part of the Sourcefire acquisition. We have come a long way from version 0.10, adding a bevy of features along the way and adding signatures to protect users from everyday spam to state-sponsored actors’ ransomware campaigns. ClamAV has become a commonplace software for filtering email traffic for malicious or otherwise undesirable emails, a popular alternative to paid anti-virus solutions for a wide range of network storage (NAS) devices, and a critical component for file analysis and classification in a variety of software products. If you’re new to ClamAV, we suggest starting with the ClamAV documentation page to learn about using ClamAV. 

Micah Snyder, the current ClamAV project lead and open-source community manager, said in his four-plus years of working on ClamAV, he’s most proud of the small, incremental changes he and his team have added to improve the user experience and make it easier for the community to contribute to the project, to provide feedback, and to report bugs and vulnerabilities. Recently, we made the switch from Bugzilla to GitHub Issues for reporting issues and vulnerabilities, allowing us to switch to using a template for reporting bugs that has already been shown to improve the quality of bug reports. 

And over the past year, we’ve switched over to a new documentation system to make it easier for anyone to pick up and use ClamAV and launched a Discord server to open a new platform to communicate with the community.  

We’re always looking to add new tools and features, too, and by the time we get to our 25th anniversary, ClamAV is sure to be in a completely new place.  Snyder is particularly excited about recent and upcoming improvements to security-related ClamAV design features such as ClamAV’s adoption of the Rust programming language for new software development, and some early prototypes the team is working with to enable application sandboxing for the scanning process.  Rust allows us to be a bit more flexible with our builds and increases customizability and makes our builds more stable.  

We would like to thank all the community members and contributors who have helped us build ClamAV over the past 20 years. This software would not be where it is today without you. 

As always, if you’d like to engage with the ClamAV team, you can join our Discord or mailing lists, tweet at us or use one of these several contact methods to submit a signature, report a false positive or bug, or just celebrate our anniversary along with us.