These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes

UNIX03/Overview Of AV Software For Linux

Classnotes | UNIX03 | RecentChanges | Preferences

There is a variety of Anti Virus software available for Linux and Unix machines. Here, we will only be concerning ourselves with Linux-based solutions, though you should be aware that there is typically a generic UNIX-based counterpart for most of those mentionned.

First, we really should clarify exactly what we mean by "Linux Anti-Virus Software". We are not refering to software that necessarily watches for Linux or Unix viruses. That is because they largely don't exist (sure, there are some worms that target very specific versions from very specific vendors, but these are primarily in the minority with respect to the other viruses out there). Instead, we are talking about anti-virus software which scans for viruses principally from other systems (usually just Windows viruses).

Since most viruses are transmitted via e-mail (and primarilly for Microsoft Outlook) it makes sense to talk about Linux anti-virus software along side our anti-spam email gateway. In fact, integrating an anti-viral solution with this gateway would be very benefitial as not only spam but viruses could then be blocked.

So what are your choices in anti-virus software for Linux? Let's take a look at them, grouped by Open-Source versus Proprietary:

Open Source AV

We have already seen and used Amavisd-new, which is a new rewrite of Amavis and is more general than just viral scanning. But originally, AMaViS was intended to be a snap-in based anti-viral mail scanner.

Clam AV is an AV toolkit which can be integrated into mail systems or used as a stand alone scanner. It is fairly unique among Open Source AV solutions in that it has it's own viral database which the developers do a decent job keeping up to date ( The unfortunate thing is, this project simply does not have the manpower to keep up with proprietary AV houses and it always just a step or two behind.

OpenAntiVirus was one of the earliest attempts towards an open source AV solution. It was actually from this project that other projects like Amavis and Clam AV were spawned. Presently the thing that OAV provides which is most widely used is its open viral database.

Virus Hammer is part of the OAV project. It is a cross-platform AV scanner in Java. It can even be run from a web-interface.

While not an AV scanner, per se, may people do use this as part of their AV mail scanning suite.

Proprietary AV

Sophos provides several products for AV scanning under Linux and UNIX. They have a mail scanner for largish sites (which has rather limitting requirements and which I personally do not recommend) and many command line tools which mimick their Windows counterparts.

The one thing that sets Sophos apart is their open API which third-party developers can utilize to extend Sophos. This, IMHO, is the big draw to Sophos and is why I recommend it.

Symantec provides a number of fairl rich tools for AV under Windows and Linux. This is the reason many people prefer Norton to Sophos. However, you are largely limitted by the fact that there is no clear and simple API which can extend the basic functionality of the system. Coupled this with the fact that many of the requirements for Norton under Unix place restrictions on what you can do with your system, and you'll see why I personally don't recommend it.

For the longest time RAV was the preimere AV for UNIX machines. However, RAV has recently be purchased by Microsoft, so you can expect their UNIX support to fade with time.

I personally know very little about thie AV provider. Some Linux users swear by it (especially many SUSE users, which should not be surprising considering H+BDEV is in Germany), but I personally can't recommend it one way or the other.

You can find a much more comprehensive list of proprietary AV providers [here.]

Classnotes | UNIX03 | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited October 3, 2003 8:47 pm (diff)
(C) Copyright 2003 Samuel Hart
Creative Commons License
This work is licensed under a Creative Commons License.