RealTime IT News

Sourcefire Takes ClamAV

Sourcefire , the company behind leading open source intrusion detection system Snort, is acquiring the open source antivirus project ClamAV. The move joins two widely used open source security tools under one corporate umbrella, as Sourcefire ramps up its efforts in the multi-billion-dollar security gateway market.

Wayne Jackson, CEO of Sourcefire, noted on an investor conference call that there is strategic significance in bringing together two of the industry's most important open source technologies together.

"This acquisition broadens and effectively doubles Sourcefire's open source footprint, and it also opens substantial new opportunities in a large and rapidly growing commercial market," Jackson said.

Financial terms of the deal are not being publicly disclosed at this time. As part of the deal Sourcefire will be obtaining all of the ClamAV trademarks, copyrights and domain names, as well as the project itself and its five core members.

Sourcefire has pledged that the core ClamAV project will remain available under an open source license.

The ClamAV project currently boasts that almost 1 million unique IP addresses contact the project's servers every day to get the latest malware updates. ClamAV does antivirus scanning and can run on Windows clients and servers.

Jackson explained that Sourcefire has a three-phase business plan for ClamAV. The first phase, which will kick off in the fourth quarter, will offer support and training services for ClamAV.

The second phase, which should roll out in the first quarter of 2008, will make a commercial version of ClamAV available for vendors that don't want an open source version.

By 2008 the third phase will kick in where Sourcefire is expected to have a physical product offering that will fit into Sourcefire's network gateway security portfolio.

But don't expect to see Sourcefire rolling out a commercial desktop solution based on ClamAV.

"Our principal focus is the network layer," Jackson said. "The desktop layer is not our current focus."

ClamAV is part of numerous solutions already, including those from open source network gateway vendors Untangle and Vyatta. Untangle actually has alleged that there has been a conspiracy by testing labs to not properly rank ClamAV.

A Fight Club event at LinuxWorld occurred as an attempt to try and prove that ClamAV is as good, if not better than, proprietary vendors' solutions.

The acquisition might also prove that open source antivirus has a commercial future.

"This is an important deal with ramifications in the open source and proprietary software and enterprise security software industries," 451 Group analyst Nick Selby wrote in a blog post.

"The acquisition, Sourcefire's first since going public, extends and builds upon Sourcefire's successful Snort efforts, proving the community/commercial hybrid model can not only work but work in such a way as to support a company which (current stock price woes aside) is publicly traded."