Open-source antivirus tech may get commercial help

eEye Digital Security may adopt and improve the open-source Clam AntiVirus technology to add to its intrusion-prevention product.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
To plug a hole in its intrusion-prevention product, eEye Digital Security may adopt the Clam AntiVirus project and improve the open-source software.

eEye's Blink intrusion-prevention product includes system- and application-level firewalls and protects computers against phishing, spyware and exploitation of known vulnerabilities. "Antivirus is the only missing piece," Ross Brown, eEye's chief operating officer, said in an interview with CNET News.com.

Blink is used by about 250 organizations worldwide, including the U.S. Army and the Department of Homeland Security, according to Brown. Some want the product to include antivirus support, so eEye is considering its options, including adopting the Clam AntiVirus project. "It seems like a good marriage for us," he said.

If eEye picks the open-source technology, it plans to improve the software. Some eEye developers would work on real-time and file-scanning capabilities, Brown said.

Clam AntiVirus has been adopted in commercial products, such as appliances that scan e-mail for viruses. It is also available as a free virus scanner for Windows, under the ClamWin name.

Clam AntiVirus is fast in offering signatures for new threats, often quicker than commercial competitors including Symantec and McAfee, but it lags in detection capabilities, said Andreas Marx, an antivirus-software expert at the University of Magdeburg in Germany and an authority on testing antivirus software.

"The technology used in Clam AntiVirus is far behind," Marx said. However, they are quite successful, because the scanner is free and the source code is available and portable to any platform."

eEye is still plotting its strategy, deciding between using the open-source antivirus technology and licensing a commercial antivirus-scanning engine from a company such as Computer Associates, Brown said. "We don't want to sign a contract and pay a bunch of money for something that is a commodity," he said.

Additionally, eEye is also developing its own antivirus technology, which will use a behavioral approach instead of the classic, signature-based approach used by Clam AntiVirus and most commercial products, said eEye cofounder and Chief Hacking Officer Marc Maiffret.

"We'll definitely be adding antivirus functionality to Blink," he said. "Most likely there will be the classic antivirus and the nonsignature-based approach."

Signature-based systems check potentially malicious software against a database of known threats while behavioral systems look at a program's behavior to determine whether or not it is malicious.

Regardless of if it picks the proprietary or open-source route, eEye sees its move as a way to plug a hole in its software, not as a way to push into a new market. "I don't want to get into the antivirus-signature business. Protecting customers from viruses is definitely what we want to do, but it in a smarter, more comprehensive method," said Brown.

Marx recommends against adopting Clam AntiVirus. "I like eEye's products, but adding Clam AntiVirus would be a very bad idea in my eyes. Mixing good software with bad software will create bad software."

That's why eEye wants to improve the Clam AntiVirus product before they adopt it, said eEye's Brown.