ClamAV

ClamAV is designed primarily for integration with mail servers to scan attachments for viruses. The main package offers a command-line scanner (clamscan), while clamav-daemon provides a scalable multi-threaded daemon for fast scanning, including on-access and remote capabilities. Additional tools like freshclam automate virus database updates from the internet, or clamav-data for offline use.

Key features include support for numerous archive formats (Zip, Tar, Gzip, etc.), mail formats, ELF/PE executables (including compressed/obfuscated), and document types like Microsoft Office, PDF, HTML, and RTF. It relies on libclamav for core scanning functionality, which other software can also use.

Use cases involve malware detection in emails, filesystems, and networks, especially in server environments. Tools like clamdscan client remote scanning via daemon, clamonacc for on-access scanning, and clamsubmit for reporting false positives/negatives enhance its utility.

ClamAV uses libclamav library for signature-based detection, loading virus databases updated via freshclam. The clamscan tool performs on-demand multi-threaded scans supporting archives, emails, executables, and documents. The clamd daemon handles concurrent scans with on-access (via clamonacc), remote access over TCP/Unix sockets, and integration with MTAs via clamav-milter. Bytecode signatures enable advanced detection, with clambc for testing. Limits on scan time, file sizes, recursion prevent resource exhaustion.