Those familiar with open-source operating systems should have heard of ClamAV, an open-source antivirus engine originally developed for Unix-based operating systems, including Linux, BSD, and MacOS. It’s also one of the best-known Linux antiviruses.
But what about ClamWin and ClamTK? Let’s break down the tech jargon to get your PC protected in no time.
What is ClamAV?
At its core, ClamAV is an antivirus engine, nothing more than a file command line interface (CLI) program. It scans files and folders to make sure that they’re not viruses, malware, or other cybersecurity threats.
Installing ClamAV includes both the engine and the ClamAV Virus Database (CVD), a list of known virus definitions that your system will quarantine. This list needs to be updated periodically to ensure you’re protected from the latest known threats.
By today’s standards, ClamAV is a rather basic antivirus engine. It’s a simple signature-based scanner and does not include behavioral and heuristic algorithms to look out for zero-day threats or ransomware. Despite this, independent testing laboratories have taken a fairly favorable view of its capabilities.
In fact, ClamAV has often placed ahead of commercial vendors in lab tests. Its database is managed by Cisco Talos, who acquired the engine’s initial manufacturer Sourcefire. Even though ClamAV and its frontends are open-source, some good technical resources go into ensuring it’s capable of detecting most known viruses and threats.
Note: as stated, ClamAV is a command line interface (CLI), so it’s designed to run within a terminal environment like Linux or a Windows command line (DOS). Don’t expect the typical visual user interface that most people have come to expect.
It is completely possible to use ClamAV without a graphical user interface (GUI) to make things easier for the end-user. It involves remembering a list of commands to execute scans, update the definitions database, and safely remove files from the quarantine, though. In addition, configuring automation for things like setting up recurring scans requires some knowledge of scripting and (for Linux users) Cron jobs.
What is ClamTK?
Many computer users lack the patience to use CLI tools regularly, so several developers have produced GUI frontends for the ClamAV engine. The best known of these is ClamTK, a lightweight Perl- and GTK-based frontend that can be installed on the vast majority of popular Linux-based operating systems, including Fedora, Debian, RedHat, OpenSUSE, Ubuntu, CentOS, Gentoo, Archlinux, and Mandriva.
ClamTK provides basic management options for using ClamAV on Linux desktops. For Ubuntu users, setup is simple—both ClamAV and ClamTK are in the main Ubuntu repositories, so they can be installed from the command line or the Software Center.
Once running, users can configure scan schedules, download definition updates, and manually scan individual files and directories. There’s also a quarantine manager where users can release or securely delete files that the engine has moved into the quarantine. A history browser lets users quickly access the scan logs.
I tested ClamTK on the latest LTS version of Lubuntu Desktop (18.04, Bionic Beaver). While it’s unlikely to win any design awards, I was able to quickly initiate scans, apply updates, and access a log showing a complete scan history.
For users who want to protect headless Linux-based systems such as servers, ClamAV is a perfect choice. In general, Linux-based systems are less susceptible to viruses than either Mac or Windows systems, but installing a basic antivirus is always prudent, whether you’re administering a desktop or server.
What is ClamWin?
Although ClamAV was developed by Linux users, it can be used with Windows as a CLI (within Windows DOS) or with ClamWin, its Windows frontend.
ClamWin is a little heavier to install than ClamTK—there’s a 165MB download which includes the program and an initial definitions library. Once installed, ClamWin contains roughly the same set of functionalities as ClamTK but in a slightly different design. Like ClamTK, it’s extremely lightweight on system resources and runs scans quickly.
ClamAV is an open-source antivirus engine and database originally developed for Linux-based operating systems and maintained by Cisco Talo. It can be used as a command line tool (CLI), which is perfect for protecting servers, but inconvenient for desktop users who don’t want to memorize long lists of commands.
ClamTK is the most popular GUI frontend for ClamAV. It provides simple visual options and is available for the full range of popular Linux distributions.
ClamWin is the main Windows frontend for ClamAV, although it’s also possible to simply run ClamAV as a command line tool using DOS.