Ask a hundred citizens what they think of Clam AntiVirus. One citizen will be a Linux manager. The remaining ninety-nine will think you’re covering the latest recipe on the Food Network.
The Linux administrator will tell you Clam AntiVirus is the definitive open source anti-virus toolkit. She’ll add that it’s an easy build on any POSIX-compatible system with a C compiler, and meshes perfectly with any number of POP3, Samba and Web servers, as well as all respectable Message Transfer Agents, from sendmail to qmail to postfix.
Once she gets a full head of steam, your network manager will gush about ClamAV’s thirty-plus worldwide database mirrors, support for most known compression formats, and… above all… it’s legendary speed and accuracy.
Then you’ll spring your trap. “OK, Smarty Pants, who invented Clam AntiVirus?”
Chances are, the name Tomasz Kojm won’t be rolling off her tongue. Kojm founded the Clam AntiVirus project in 2001 and, as Project Leader, has shepherded it to installation on over 500,000 servers across the planet. ClamAV is the little open source effort that consistently identifies and blocks viruses long before their big-box competitors.
Email Battles’ tech whiz Aaron Gillette kept the Polish genius up till half past three… that’s A.M… for our late-night e-lectronic quiz-fest.
Q: Some claim the open source model may lead to less secure software because security issues are less interesting to solve than new feature additions, and no one is specifically responsible for ensuring the security of the product. How would you respond to administrators who are wary about deploying open-source security solutions due to a perceived lack of quality control? Why should users trust an open source anti-virus suite?
A: Among various security software models, open source is definitely the best choice. Access to source code allows every user to inspect the code and search for potential bugs. Common audits lead to better code quality and programming experience of open source developers. The openness also eliminates the infamous “security through obscurity” practice when programmers think they can hide some problems just because they don’t release their software in a directly readable form. It’s a myth that security issues are less interesting to solve than new feature additions in the open source security software - in most cases the developers address the bugs much faster than the maintainers of closed-source programs. The answer on the last questions comes immediately: inspect it!
Q: Maintaining an effective virus filter requires an enormous amount of ongoing effort and organization. How do you respond to administrators who worry that an open-source project won’t be able to maintain this level of focus over the long-term? How is the ClamAV project structured to meet these demands?
A: Our primary goal is to effectively fight the flood of email malware. ClamAV is now being used on an enormous number of mail servers and we receive very good support from our users. New malware samples are very often submitted to us almost immediately at the time of their outbreaks. We also receive samples from popular malware scanning sites like VirusTotal.com and others. A special system developed by our coders detects possible outbreaks and alarms the virus database maintainers. Because almost all our developers have direct access to Internet for all the day, they can react very quickly. Thanks to their work, ClamAV was one of the main leaders in reaction times on new threats for the last two years. All anti-virus software greatly depends on never-ending human work, that’s why we train and admit new maintainers every few months. Our team is international and that allows us to monitor the threats globally.
In recent years, we have also focused on building a strong network infrastructure. Thanks to many companies, universities and other organisations which have been providing our project with fast and reliable mirrors all over the world, we were able to build a powerful intercontinental virus database distribution system.
Q: Microsoft bought Sybari, Rav and Frontbridge. Computer Associates bought ZoneLabs, Tiny Software and PestPatrol. Trend Micro bought Intermute anti-spyware. Symantec acquired Brightmail. Even Kaspersky just bought the Spamtest Project. It sometimes seems the little guys are quickly being bought up as the big broaden their portfolios and the industry consolidates. How would you respond to users who worry that ClamAV might change their license or be swallowed by a proprietary entity?
A: It’s not an easy thing to take over a GPL project. To change its license, the authors of all, even the smallest parts, would have to agree or their code must have been rewritten. The biggest advantage of the GPL software is that it cannot dissapear - a code once released under the GPL will always stay GPL ready for further development, possibly by other people.
Q: You’re conquering Unix. That’s great for system administrators and techies, but Joe User still has to buy off-the-shelf. Do you have any plans to go after the desktop (Windows, Mac, etc.)? What options would you suggest for PC/Mac users who are looking for open-source alternatives to proprietary anti-virus software?
A: As most open source developers we have great ambitions but currently our time and resources limit us to the Unix platform. Although there are ports of ClamAV to desktop systems, they cannot effectively compete with commercial alternatives and provide sufficient protection against viruses. The ClamAV core - libclamav, which provides virus scanning methods, and the scanning tools were designed with Unix in mind and to properly support other platforms some major components would have to be extended or added.
Q: What’s the future of anti-virus software? Will virus signatures continue to be the best tool in the arsenal, or do you have other tricks up your sleeve?
A: Virus signatures have always been the best and most reliable tool among virus detection tools but sometimes the’re not sufficient. Complex malware implements sophisticated methods to avoid detection based on signatures and anti-virus scanners must handle it. With every new major release, ClamAV includes new virus detection techniques. We also plan to add advanced heuristics in the near future which will allow the scanner to fight email malware yet better.
Q: If computer viruses disappeared tomorrow, what problem or problems would you tackle next?
A: Instead of viruses, I’d be watching my own weight