ClamAV is an open source cross-platform antivirus software which is used in a variety of situations including email scanning, web scanning, and endpoint security. It includes a multi-threaded scanner daemon, command line utilities for on demand file scanning and automatic signature updates.
Related: Antivirus on Linux: Should I Really Use it and if So, When Do I Need it?
One of ClamAV’s most popular usage is scanning emails on mail gateways and checking the attachment file in real-time. By using a Milter interface, email can be scanned within mail applications like Postfix, Sendmail and Exim.
ClamAV has several components, including a daemon process named clamd. Optionally, the command-line utility clamdscan can talk to the daemon and request scanning of data.
A few days ago ClamAV 0.104 has been released with some important changes. So let’s take a quick look at what’s new.
ClamAV 0.104 Major Changes
The new version adds a new scan option to alert on broken media (graphics) file formats. This feature mitigates the risk of malformed media files intended to exploit vulnerabilities in other software. To enable this feature, you need to set AlertBrokenMedia yes in the clamd.conf configuration file, or use the --alert-broken-media option when using clamscan.
ClamAV 0.104 now enables Windows users to run clamd and freshclam as Windows services. To install and run them, use the --install-service option and net start [name] command.
The ClamAV project also announced a new Long Term Support (LTS) program in an update to ClamAV’s End-of-Life (EOL) policy. LTS feature releases will be supported for at least three years from the initial publication date of that LTS feature version. In other words, support for the LTS release “X.Y” starts when version “X.Y.0” is published and ends three years after. For your information, the previous released ClamAV 0.103 is the first Long Term Support (LTS) feature release.
Non-LTS feature releases will be supported with critical patch versions for at least four months from the initial publication date of the next feature release or until the feature release after that is published.
For detailed information about all changes in ClamAV 0.104, you can refer to the official announcement.
ClamAV in Docker
ClamAV 0.104 introduces a long awaited new feature – an official Docker image. In other words now ClamAV can be run within a Docker container. If you are new or unfamiliar with Docker containers, you can check our Introductory Guide to Docker Containers for Beginners.
ClamAV image tags on Docker Hub follow this naming convention:
- clamav/clamav:<version>: A release preloaded with signature databases.
- clamav/clamav:<version>_base: A release with no signature databases.
To pull and run the official ClamAV images from the Docker Hub registry, try the following command:
docker run \
--interactive \
--tty \
--rm \
--name "clamav_container" \
clamav/clamav:stableCode language: JavaScript (javascript)The above command creates an interactive container with the current TTY connected to it. This is optional but useful when getting started as it allows one to directly see the output and, in the case of clamd, send ctrl-c to close the container.
The --rm parameter ensures the container is cleaned up again after it exits and the --name parameter names the container, so it can be referenced through other Docker commands, as several containers of the same image can be started without conflicts.
For detailed instructions on how to use ClamAV with the Docker you can refer to the official documentation.
