Our statistics focus on the use of the ClamAV versions
It’s now October 2025. The current version of ClamAV is 1.5.0 and was released on October 8th this year. Since September 14th 2025, it's official:
the 0.103.12 and lower versions of the antivirus are no longer maintained by its publisher, Cisco.
At SecuriteInfo.com, we provide
additional signatures to those already published by the ClamAV teams.
Thousands of installations download our additional signatures every day. This gives us the opportunity to get to know the different versions of ClamAV that connect to our server.
So here are the results:
| ClamAV/0.104.3 | 0,00 % |
| ClamAV/1.5.0 | 0,01 % |
| ClamAV/1.2.1 | 0,01 % |
| ClamAV/0.103.6 | 0,03 % |
| ClamAV/1.1.1 | 0,03 % |
| ClamAV/1.3.2 | 0,04 % |
| ClamAV/0.103.5 | 0,06 % |
| ClamAV/0.103.8 | 0,06 % |
| ClamAV/1.0.0 | 0,09 % |
| ClamAV/1.3.0 | 0,12 % |
| ClamAV/0.104.2 | 0,12 % |
| ClamAV/0.103.7 | 0,15 % |
| ClamAV/1.3.1 | 0,16 % |
| ClamAV/0.103.9 | 0,25 % |
| ClamAV/1.2.2 | 0,26 % |
| ClamAV/0.103.12 | 0,28 % |
| ClamAV/1.0.3 | 0,31 % |
| ClamAV/1.2.0 | 0,34 % |
| ClamAV/1.0.3 | 0,41 % |
| ClamAV/1.0.6 | 0,47 % |
| ClamAV/0.103.10 | 0,70 % |
| ClamAV/1.0.1 | 1,04 % |
| ClamAV/0.103.8 | 1,06 % |
| ClamAV/0.104.1 | 1,59 % |
| ClamAV/1.1.0 | 1,72 % |
| ClamAV/1.4.1 | 2,26 % |
| ClamAV/0.103.11 | 5,28 % |
| ClamAV/1.0.7 | 7,25 % |
| ClamAV/1.4.2 | 16,55 % |
| ClamAV/1.0.9 | 27,35 % |
| ClamAV/1.4.3 | 31,98 % |
What do these figures mean?
The latest official version is not the most widely used
The first thing we notice is that version 0.105.0 is not the most used. Moreover, it doesn't even reach a 3% usage rate. Why? There are several reasons to this:
Administrators have to download, compile and install the latest version provided by ClamAV. Plus, some of them use quality processes that make it possible to determine whether the new version meets their usage requirements and does not contain any regression. This all takes time.
In addition, operating systems do not systematically include the latest version of software. Debian, for instance, prefers to prioritise the stability of its software rather than its versioning, which is often associated with new features and therefore new bugs in the making.
Speaking of Debian, the current stable release (Trixie),
delivers version 1.4.3. This is the main reason for the massive use of this version in our statistics table: more than 35% compared to less than 3% for the latest version, as mentioned above.
Is it a catastrophe that the latest version of ClamAV is not being used?
Obviously, it isn’t.
Admittedly, the latest version released by Cisco developers from time to time includes major advances in terms of malware detection. So, every new major version improves the antivirus detection engine. This is a step towards more security for you, the user.
But when you base the security of your information system on software, the most important thing is that you use software with no bugs or security flaws!
So when an operating system like Debian offers an earlier version, it also provides patches that enhance the stability of the antivirus (against memory leaks for instance) as well as the application of all security patches.
Therefore, the security of the versions published by the operating systems is guaranteed by them. This can therefore be considered reasonably reliable, and its deployment in companies can be recommended.
The (very) old versions of ClamAV do, however, pose a problem.
According to ClamAV’s official
"End Of Life (EOL)" document, versions 1.0.9 and above are still officially maintained by ClamAV. We will therefore consider that versions 0.105.2 and below are obsolete and should no longer be used in a production environment.
What share do these old versions account for ? In the table, if we add up the percentages of all versions from 0.103.5 to 0.104.3, we get 9.60%.
Is that all ? Only 9% ?
And if your antivirus let 9% of the viruses you receive slip through, would that be serious ?
And if your company lost 9% of its revenue, would that be serious ?
You’ve got it,
yes, that would be extremely serious!
9% across thousands of installations around the world represents
hundreds of installations with deficient security. Worse, the security of these versions is no longer even under control! And that is precisely the problem:
The antivirus scanning engine is obsolete.
Thousands of new viruses appear on the Internet every month. Some of them are so advanced that the virus detection engine has to be fine-tuned. A malware scanning engine that’s more than 3 years old is considered to be a virus leak.
Functional bugs are no longer fixed.
Some memory leak bugs have been fixed in the latest versions of ClamAV. Are you sure you want to use an antivirus for production that consumes more and more memory and resources?
Security vulnerabilities are no longer corrected.
It comes as a shock when you see
the number of CVEs listed for the ClamAV antivirus. Are you sure you want to use a production antivirus with 0-day vulnerabilities that will never be fixed?
I feel secure: I use ClamAV antivirus
At SecuriteInfo.com, we believe that feeling secure is worse than having no security at all.
If you don't have an antivirus, you know that. And you also know that if you do get a virus, you’re on your own.
But if you have an obsolete antivirus, which is no longer even supported by its publisher, be it ClamAV or another, you think you’re protected, but you’re not. And as soon as a security breach happens, the door is wide open to your most confidential data.
Getting hacked because of security software, and especially your anti-virus, would be the last straw!
Your antivirus is one of the most important components in protecting your information system. Keeping it up to date should be your
top priority. There’s absolutely
no good reason to keep an obsolete version of ClamAV.
About the author of the article
Arnaud Jacques is the co-founder and manager of SecuriteInfo.com, a website founded in 1999 and a cybersecurity company created in 2004.
He participated in the development of ClamAV as a sigmaker. His name appears in
the credits on the official ClamAV authors' page..
Since 2015, SecuriteInfo.com has been providing
additional signatures to the ClamAV antivirus to increase the malware detection rate. Both 0-day and 0-hour malware are detected by these signatures.
Tags
ANTIVIRUS
CLAMAV
MALWARE
OUTIL D'ADMINISTRATION
CYBERSÉCURITÉ
OPEN SOURCE
SYSTÈME D'EXPLOITATION
LINUX
Inscription à notre lettre d'information
Inscrivez-vous à notre
lettre d'information pour vous tenir au courant de nos actualités et de nos dernières trouvailles.
