ClamAV

ClamAV is an open-source antivirus engine and toolkit designed primarily for mail gateway and on-demand file scanning. It provides a shared engine library, a multi-threaded scanning daemon, command-line utilities, and automated signature updates for detecting trojans, viruses, and other malware. (docs.clamav.net)

Key Features

• Multi-threaded scanning daemon (clamd) and command-line scanners (clamscan/clamdscan) for on-demand and gateway scanning. (docs.clamav.net)
• Automatic signature updates and signed signature databases for trusted definitions. (docs.clamav.net)
• Bytecode signature runtime (LLVM or custom interpreter) for complex detection routines. (docs.clamav.net)
• Broad file-format and archive unpacking support (ZIP, RAR, 7Zip, ISO, DMG, OLE2/OOXML, many others). (docs.clamav.net)
• Flexible deployment: daemon for servers, CLI tools for ad-hoc scanning, and Docker images for containerized use. (github.com)

Use Cases

• Mail gateway scanning: integrate clamd with MTA stacks to scan incoming/outgoing mail for malware. (docs.clamav.net)
• On-demand file and archive scanning: scheduled or manual scans of file shares, uploads, or CI/CD artifacts. (docs.clamav.net)
• Embedded or containerized scanning: run ClamAV in containers or include libclamav in tooling to provide detection capabilities. (github.com)

Limitations and Considerations

• Large file/archive size: ClamAV historically has limitations scanning archives larger than ~2 GiB; community tools exist to work around that limitation. Users scanning very large archives should verify current limits and consider supplemental tooling. (github.com)

ClamAV is maintained by the Cisco Talos team and is licensed under GPLv2. The project source, build system (CMake), and supplemental Rust components are available in the public repository. The official site lists the latest stable release and downloads, while full documentation and platform support details are published in the project manual. (github.com)