First published: Sep 7, 2022 Updated 2 times since publishing Unfortunately, ClamAV doesn’t have many features. It’s good for scanning and removing viruses on your device, directories, and mail servers. However, it doesn’t offer extra features like parental controls, a personal firewall, or a VPN that you’d get with fully-featured antiviruses. ClamAV works mostly via a command line interface where you can run scans and remove infected files from your system. There’s also a GUI app for Windows and Linux devices. It offers real-time protection (on-access scanning) for mail gateways and when you open a file on your Linux system. ClamAV’s virus database is constantly being updated to address newer threats.
In a Rush? Here’s a 1-Minute Summary
ClamAV provides excellent malware detection results. It offers real-time scanning for malware on Linux-based devices and email gateway scanning. I was very impressed with the speed of the virus scanner. However, ClamAV lacks features like a quick scanner, web protection, and a firewall feature. These are features you would usually find included with top antiviruses.
Virus Scan — Near-Perfect Detection Scores
ClamAV provides a robust antivirus engine that’s constantly updated. It can detect trojans, viruses, malware, and other malicious threats. To test ClamAV’s effectiveness, I planted malware samples from the European Institute for Computer Anti-Virus Research (EICAR) on my test machine. ClamAV detected and removed all EICAR samples from my system during my tests. I also downloaded other malware samples including trojans and potentially unwanted applications. Unfortunately, ClamAV failed to detect one of the trojan files hidden in a zip file. This was because ClamAV only uses a signature-based system to detect malware. In contrast, top antiviruses like Norton adopt a behavior-based detection system alongside the signature-based system to catch zero-day malware and even malicious applications. I was impressed with ClamAV’s multithreaded scanner daemon. You can run a one-time scan using the command line interface for specific folders, drives, or directories. ClamAV doesn’t have a quick scanner, but I could scan individual folders like my PC download folder in just 24 seconds. I also scanned C:/ drive (similar to a full scan) and ClamAV checked 116,941 files in 4 hours. In comparison, Norton’s full scan took only 23 minutes.
Real-Time Protection — Scans Files When You Open Them
ClamAV only offers real-time scanning for Linux devices. Its On-Access scanning automatically scans files when they’re accessed on a directory. It runs a separate scan application capable of preventing any malicious file that it discovers. To enable On-Access scanning, you have to configure it on the “clamd.conf” file in the ClamAV folder. You can choose to configure the on-access scanner for prevention mode or notify mode. Prevention mode restricts access to the malicious files whereas notify mode only alerts you if a malicious file is detected, after which you can use the command line interface to take additional actions.
Mail Gateway Protection — Detects Viruses and Spam in Mail Servers
ClamAV provides a simple tool to scan your mail servers for malware and spam messages. It provides a mail filter for different mail transfer agents like Send mail, SMTP servers, and Outlook. I like that ClamAV easily scans all emails for viruses, spam, and security vulnerabilities. During my tests, ClamAV detected all viruses in file attachments in my inbound and outbound emails. It was also able to detect phishing attacks, trojans, spam, worms, and spyware. ClamAV isn’t designed to be a full-fledged antivirus program. Its main use case is for detecting malware on systems and mail servers. As open-source software, its contributors leave out many extra features found in a traditional antivirus suite. You won’t find features like a VPN for encrypting your internet traffic, parental control features, personal firewall, device tune-up tools, gamer mode, and password manager. Top antivirus software like McAfee and TotalAV come bundled with all these features. With an ever-increasing threat across all areas of the internet, you need an antivirus that provides protection against malware, internet security features, and device optimization tools. ClamAV previously had a Safe Browsing feature that protected users against emails with links to suspicious websites. The feature was based on Google’s Safe Browsing API that was available for free. However, due to changes in the terms of use of the API, ClamAV no longer supports it.
ClamAV is compatible with Windows, Mac, and Linux devices, but it doesn’t work on mobile devices (instead, I recommend trying one of these antiviruses if you have an iPhone). It’s a bit complicated to install and set up the command line interface (CLI). However, ClamAV also offers third-party GUI apps for Windows (ClamWin) and Linux systems (ClamTK). ClamAV is a lightweight app but it isn’t easy to set up and use. Compared to user-friendly antiviruses like TotalAV, ClamAV is very complicated to set up. If you’re not an advanced user, you may find it difficult to use ClamAV’s CLI.
Command-Line Interface — Lightweight App for Removing Viruses
Beginners would find ClamAV’s CLI difficult to use. But if you have some previous Linux experience then it shouldn’t be a problem. To get started, I had to download the installation file from ClamAV’s website. I downloaded the latest package for my Windows PC and installed it in less than 2 minutes. You can also install the ClamAV and use the CLI for Mac and Linux devices. However, the commands are different for each operating system. After downloading the Windows app, I opened the Windows PowerShell terminal (you should run it as an administrator) and changed the directory to the folder of ClamAV on my system.
Desktop App — Easy-To-Use Apps for Windows and Linux
ClamAV has a third-party Windows app (ClamWin). It is an easy-to-use free antivirus program, but it isn’t as user-friendly as these Windows-friendly antiviruses. There’s also a GUI app for Linux devices (ClamTK), which is pretty easy to install and use. I downloaded the Windows app first during my tests. After the engine is updated, you can run a scan for malware and remove it from any folder (I used my downloads folder in this example) or your whole drive by running the command: .clamscan – recursive C:UsersHPDownloads – infected – remove After installing the Windows client in less than 2 minutes, I was able to run scans for my whole system and selected folders. However, I found the app to be pretty basic. The user interface isn’t aesthetically pleasing, and it offers very limited features (only a virus scanner). The Linux app (ClamTK) is similar to the Windows app, albeit with a more pleasant interface. It offers an easy-to-use, lightweight, on-demand desktop virus scanner for Linux. It is also very easy to install and works with major Linux distros, including Ubuntu, Arch Linux, and Linux Mint. Both ClamWin and ClamTK can be downloaded from SourceForge.
How to Download ClamAV’s GUI (ClamTK) for Ubuntu Linux
Email Support — Offers Community-Based Mailing List Subscription for Technical Support
ClamAV users have a mailing list that you can subscribe to get updates. You can also post a general question or seek technical support from other members of the list. I sent a question concerning the Mac app. However, I got an automated response that I had to subscribe to the list to post a question. Unfortunately, I tried repeatedly to subscribe to the list, but it wasn’t approved. That said, I like that you can also search the mail list archives for previous emails and responses from the community. There are emails with helpful questions and answers on the list. The archives are categorized into month-by-month groups with different questions and responses which made it more like a forum.
Discord Support — Offers Helpful and Fast Support on the Discord App
ClamAV has a Discord server with multiple channels. It includes channels for malware research, ClamAV signature issues, a suggestion box, and a help desk. I asked a question about the macOS app on the help desk channel and got a response 20 minutes later. The channels are very active and you’ll be able to surf through questions and responses from the community members. I found a lot of helpful answers on the Server, especially in the help desk channel. I find the Discord Server is the fastest way to get support for ClamAV and related projects.
ClamAV is free and open-source software. As a result, there are no premium plans. You can use the software for free across all your devices. The third-party graphical user interface (GUI) apps like ClamWin and ClamTK are also free to use. However, there are a few premium apps built on the ClamAV engine like ClamXAV and Cisco Secure Endpoint. Other antiviruses like Bitdefender offer robust protection for Linux devices at an affordable price with more impressive features and add-ons like email security. ClamAV detects and removes viruses, trojans, and malware from your system. While it is popular for providing antivirus for Linux, it is also compatible with other operating systems like macOS and Windows. However, ClamAV is best suited for advanced users. You can use it via the command line in your terminal, but there are graphical user interface apps (GUI) by third parties for Windows and Linux. I like how ClamAV protects my mail servers from viruses, phishing, and spam, with its mail filter. It also offers real-time protection (on-access scanning) on Linux. However, ClamAV lacks most features found on top antiviruses like VPN, parental controls, firewall, gamer mode, and password manager. ClamAV’s engine is constantly being updated, making it even more competitive as more samples are added to the signature database. However, ClamAV isn’t there yet. There’s still much work to do by the contributors to the software. You can get fully-feature AV for all your devices, including Linux. Bitdefender provides an easy-to-use antivirus that has better detection abilities and works on Linux as well.
ClamAV’s graphical user interface (GUI) app, ClamWin, doesn’t remove viruses by default. But you can enable it to remove or quarantine infected files from Tools > Preferences. You should set it to quarantine files in case it is a false positive. Editor’s Note: We value our relationship with our readers, and we strive to earn your trust through transparency and integrity. We are in the same ownership group as some of the industry-leading products reviewed on this site: ExpressVPN, CyberGhost, Private Internet Access, and Intego. That said, our detailed reviews follow a strict methodology that examines all relevant performance factors to help you arrive at your own informed conclusion.
