ClamAV

ClamAV is an open-source antivirus engine designed for detecting trojans, viruses, malware, and other malicious threats on Linux and other Unix-like systems. It is the most widely deployed open-source antivirus solution in the hosting industry and is included by default on cPanel servers.

The primary use case in hosting is email scanning. ClamAV integrates with mail transfer agents (Postfix, Exim) through Amavis, Rspamd, or direct milter integration to scan incoming and outgoing email attachments for malware. When a virus is detected, the email is quarantined or rejected before it reaches the customer's mailbox.

ClamAV also scans files uploaded through web applications, FTP uploads, and can be used for periodic filesystem scans of hosting accounts. On cPanel servers, the ClamAV scanner plugin allows hosting customers to scan their files on demand from the control panel interface.

The virus signature database is updated multiple times daily through the freshclam daemon. Signatures cover a wide range of threats including traditional viruses, ransomware, phishing attempts, and malicious scripts. The community and commercial (Cisco Talos) signature feeds ensure comprehensive coverage.

Performance is reasonable for a signature-based scanner, though it uses significant memory (1-2GB with full signatures loaded). The clamd daemon keeps signatures in memory for fast scanning, while clamscan loads them per invocation (slower but uses less persistent memory). For hosting servers, clamd is the standard deployment for performance.

While ClamAV is a solid baseline antivirus, it is not a replacement for dedicated hosting security tools like Imunify360 which provide proactive defense, web application firewalls, and more sophisticated malware detection. ClamAV catches known threats through signatures; Imunify360 adds behavioral detection and AI-powered analysis on top of that.