Sourcefire buys ClamAV open-source antimalware project

Acquisition brings together the Snort and ClamAV open-source security technologies

Network security specialist Sourcefire announced Friday that it has acquired ClamAV, an open-source gateway anti-malware project whose technologies are used in the products of a number of other vendors.

Sourcefire said that under the terms of the deal, it has purchased all of the project's technology and related trademarks, as well as the copyrights controlled by all developers involved in the effort, including its founder Tomasz Kojm.

The company will also assume ownership of all of the project's online properties and continue to involve all of ClamAV's existing five-person team in the continued development of its technologies, with those individuals becoming Sourcefire employees and retaining management of the effort on a daily basis.

ClamAV claims that its software updates currently cover roughly 120 million IP addresses, with the technology embedded in the products and services offered by vendors including Barracuda Networks, Demon, and WatchGuard, as well as a handful of Internet service and e-mail providers.

Sourcefire, a provider of integrated network defense tools, already controls Snort, an open-source intrusion prevention and detection technology created in 1998 by company founder and chief technology officer Martin Roesch.

The acquisition stands as the first major strategic move made by Sourcefire since its March 2007 initial public offering (IPO).

The company's stock feel by over 25 percent earlier this month when it announced mixed second-quarter results. Shares of its stock opened at roughly US$9.75 (AU$12.25) on Friday, up from a low of just under US$9 after the earnings announcement at the beginning of August.

Sourcefire said that it expects to report a one-time charge in the third quarter of 2007 of between US$0.09 and US$0.12 per share to write off research and development expenses related to the deal. Other details of the transaction weren't disclosed.

"This acquisition gives Sourcefire the ability to bring together two of the security industry's most widely adopted open-source projects Snort and ClamAV," Roesch said in a statement. "Sourcefire will continue to invest in the ClamAV technology, much as we have with Snort and"

In a conference call, Sourcefire executives said that the company would mirror its model for Snort, which balances enterprise licensing with open source development.

The deal should also allow the company to move into a number of other security markets, said Wayne Jackson, the company's chief executive officer.

ClamAV's technology is currently being used in unified threat management (UTM) systems, as well as Web and messaging gateways.

For its part, Sourcefire's flagship Enterprise Threat Management (ETM) product offering already offers integrated intrusion protection, network accesses control and vulnerability assessment technologies.

"This acquisition not only effectively broadens Sourcefire's open source footprint, essentially doubling it, but opens significant opportunities in growing security markets," Jackson said.

The CEO said on the call that Sourcefire is still finalizing its specific plans for future product roll-outs based on the deal, but reported that the company will likely soon create a set of tools that integrate its existing technologies with ClamAV's UTM capabilities.

The ClamAV technologies will also serve as the "foundation" for a range of specialized next-generation gateway security offerings, Jackson said. The company did not rule out a potential leap into the desktop security market.

Under Sourcefire's initial plans, it will extend new support and training services for existing ClamAV users during the fourth quarter of 2007, in a model similar to the one used by Red Hat for its enterprise Linux products, according to the CEO.

After a clean-up of the project's code base, Sourcefire will likely create a new license for third party providers of the technology during the first quarter of 2008.

While Sourcefire has promised to continue to distribute versions of ClamAv software that meet the parameters of the open source general product license (GPL), the OEM licensing model will not necessarily adhere to all elements of the GPL, Jackson said. The arrangement fits the same model Sourcefire has pursued with Snort.

During the latter half of 2008, the company plans to release its new product offerings that incorporate ClamAV into its own enterprise products.

Industry watchers observed that the ClamAV assets could become an intriguing opportunity for Sourcefire if it can devise an effective way to monetize its existing customer base and push the companies that have licensed its anti-malware engine for free, and continue to do so, to pay for updates or extensions to the technology.

In his blog, network access control guru Alan Shimel -- the chief strategy officer at rival network access control (NAC) technology provider StillSecure -- predicted that Sourcefire would likely pursue such a strategy.

"Anti-virus is not exactly a cutting-edge technology, but it can be a cash cow, there are lots of options in the AV market," said Shimel. "If I was a UTM provider or managed services provider using ClamAV right now, I would be exploring my options, waiting for the other shoe to drop here. I think this once again shows that if you are incorporating open source tools into your technology as a vendor, unless you own the copyrights, do so at your own risk."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?