Twenty years on, command-line virus scanner ClamAV puts out version 1

The ClamAV command-line virus scanner used on many Linux boxes has attained an important-looking milestone release: version 1.0.0.

It's not really the first finished version, of course. Open source version numbering is something of a work of fiction, up there with "Of course I love you" and "The check's in the post," but even so, this particular milestone has been a while in coming. ClamAV, which describes itself as "the open-source standard for mail gateway-scanning software", has finally emitted an official one-point-zero version, only six months after its 20th birthday – and what's more, it's a long-term support release, too.

Original developer Tomasz Kojm released the first version, 0.10, on May 8, 2002. As it's open source, since then, it's been ported to almost anything you're likely to find connected to the internet. It's included in the repos of most Linux distros, as well as FreeBSD, OpenBSD and NetBSD. It's also part of Apple's optional extra macOS Server package. Indeed it runs on most things, from OpenVMS to OS/2.

The project was acquired by SourceFire in 2007, which itself was subsequently bought by Cisco in 2013, and which still sponsors development.

After a few release candidates, the new version follows version 0.105.1 which appeared in July. The release notes don't contain any massive blockbuster new features, although the ability to scan inside encrypted Microsoft Excel .XLS files so long as they use the default password sounds useful.

ClamAV is a command-line virus scanner, rather than the sort of real-time antivirus protection program that most Windows users have to be familiar with. It's also important not to confuse it with the various add-on tools which wrap it in a GUI, such as ClamXAV on macOS, which went commercial some years ago, although it remains try-before-you-buy.

ClamAV itself only runs when invoked, although it is a sophisticated tool which can look inside all manner of compressed file formats, performs multithreaded parallel scans, and can hook into kernel notification APIs enabling it to monitor specific folders for any changes in their contents.

• We need to talk about criminal hackers using Cobalt Strike, says Cisco Talos
• Unofficial fix emerges for Windows bug abused to infect home PCs with ransomware
• Apple boosts bug bounties but may not fix some bugs in past operating systems
• Could you not? BlackByte ransomware slinger twists the knife with data stealer

It runs perfectly well on Windows, but it's not a replacement for a proper antivirus program, which can also do things like scan programs as and when they're loaded into memory, block suspicious activities such as modifying executables, and so on. However, this does mean that you can safely run it alongside any Windows antivirus app, including the built-in one. (This is normally a no-no: don't run two resident antivirus shields at once, as they can prevent each other from working properly as well as destabilize your computer. The difference is that a simple scanner as well as a resident antivirus shield is fine.)

The Github page contains versions in .DEB and .RPM format, as well as Windows 32-bit and 64-bit and a universal macOS package – and the source code, of course. Other OSes and distros will doubtless pick up the new version soon. ®