Is ClamAV Vulnerable to a Corporate Attack?

Software vulnerabilities caused by faulty code pop up every day, and most of them are fixed in a reasonably quick fashion. But there's another type of software vulnerability that’s going unpatched. That vulnerability has to do with intellectual property and patent claims.

As you might know, Microsoft claimed that various open-source software packages, such as Linux and, violate as many as 235 of the company’s patents. You can read more about Microsoft’s claims at To date, none of Microsoft’s claims have been backed up by evidence, so some Linux vendors think it's all a bunch of smoke and mirrors designed to frighten people away from using Linux.

Recently, Trend Micro has gone after Barracuda Networks—an avid supporter of open-source projects—because it includes the open-source ClamAV ( in its security appliances. In case, you've been living in a cave for the last five years, ClamAV is a hugely popular antimalware solution. More than one million people download its signature updates each day, if that gives you any idea as to how widespread its use has become. Many of those downloads come from a plethora of Windows users running a ported version of ClamAV.

Trend Micro's argument is that ClamAV violates at least one of Trend Micro’s patents that centers on scanning for viruses at a gateway. Because Barracuda Networks uses ClamAV, Trend Micro decided to file a lawsuit against the company. Trend Micro hasn't openly stated why it didn't go after the developers of ClamAV directly, but it doesn't take a rocket scientist to figure out that because ClamAV is a free, open-source product, there’s no money to be gained by suing the developers of ClamAV. Suing Barracuda Networks could kill two birds with one stone: Trend Micro might collect a ton of cash in a settlement, and the payment of a big settlement could, hypothetically, put Barracuda Networks out of business, thereby eliminating one of Trend Micro’s competitors.

Interestingly enough, Sourcefire acquired ClamAV in December of 2007. Sourcefire is the company behind the hugely popular Snort Intrusion Detection and Prevention system. Why Trend Micro hasn't confronted Sourcefire regarding ClamAV is yet another mystery. Trend Micro's legal approach might have something to do with the terms of the General Public License (GPL).

Mysteries aside, Barracuda Networks isn't waiting for the other shoe to drop. The company is going after Trend Micro's patent claims and hopes to have the patent negated. To do so, Barracuda Networks will need evidence of a prior work that existed before Trend Micro filed for its patent. Right now, it seems that Barracuda Networks is looking to get its hands on a copy of MIMESweeper 1.0 because the company thinks that the software could possibly represent a prior work.

I'm no legal expert, so I have no idea which company’s argument is stronger. If you're interesting in a pretty good amount of information about the battle, read Groklaw’s article at, which explains some of the finer points of the battle. But before you do that, head over to Barracuda Networks' Web site and read its summary of the allegations, which offers some good background information, at

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.