Cisco-Talos ClamAV ported to Haiku!

Hi all,
I’m porting many tools used for reverse engineering and malware analysis.
Tonight I decided to attempt a port of clamav.
Please, say hello to the (probably?) first AV running on haiku :smiley:

Updating clam database:

Scanning and detection of an infected file (EICAR virus test):

I’m very happy with the result of this porting, as this was not that easy!
I’d like to say thank you to @erysdren who gave me a lot of good suggestions tonight.

Building a recipe will not be that easy, but it possible ofcourse :slight_smile:


Wow, that was unexpected!


This is prolly a really good port to have in the long-term, considering that there is a Wine port available.

1 Like

Bravissimo Luca! complimenti ottimo lavoro!!!

1 Like

They was a port back in the beos days, nice to see a fresh one.


Thanks everyone for the kind words :slight_smile:

Now the focus is to create a recipe :wink:


Bravo! I worked with some coders about 5 years ago to try the same and failed miserably. Too many obstacles to get around and we simply gave up and walked away from the challenge.


Do you have a rough list? Any firewall, or intrusion detection?


I don’t have a list atm, sorry. I’m very interested in reverse engineering and malware analysis, so I’ll give priority to this type of software.

That said, yes I’ll try to port other security related software. Firewalls, for example, are usually deeply integrated in other OS components, so a port might be really hard, but let’s see what we can do.

Back to ClamAV:
I’ve removed all the hacks I used to build the modules and prepared a patchset file (that will be upstreamed later on). I’ve also fixed the default paths to match the Haiku ones. I’m starting to write the recipe, it might require some time tho.


PR is now live: ClamAV: added recipe by Luca1991 · Pull Request #9630 · haikuports/haikuports · GitHub


~> freshclam
Creating missing database directory: /boot/system/settings/clamav/db
Assigned ownership of database directory to user “user”.
ClamAV update process started at Wed Oct 18 16:31:01 2023
daily database available for download (remote version: 27065)
WARNING: Can’t download daily.cvd from
WARNING: FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN).
This could mean several things:

  1. You are running an out-of-date version of ClamAV / FreshClam.
    Ensure you are the most updated version by visiting ClamAVNet
  2. Your network is explicitly denied by the FreshClam CDN.
    In order to rectify this please check that you are:
    a. Running an up-to-date version of FreshClam
    b. Running FreshClam no more than once an hour
    c. If you have checked (a) and (b), please open a ticket at
    Issues · Cisco-Talos/clamav · GitHub
    and we will investigate why your network is blocked.
    WARNING: You are on cool-down until after: 2023-10-19 16:31:01
    ERROR: Database update process failed: Forbidden; Blocked by CDN
    ERROR: Update failed.

That looks like an issue with your IP being blocked, not with the port. Did you try running the update multiple times in a row?

1 Like

Yes, several times in a row and the first attempt was the same mistake

Well, you’re blocked until tomorrow afternoon at the earliest going on that.

Hi @Garic I don’t think that your issue is related to this Haiku port. It seems your IP is blacklisted until tomorrow. You can either change your IP and try again or use another mirror to get the current virus signature database.

I just checked the IP of and it seems it’s proxied through Cloudflare :roll_eyes:
IP Location Finder - IP Lookup With Detailed Geolocation Data | KeyCDN Tools
Cloudflare is famous for blocking people randomly or punishing them with captchas.
Tor users may know best what I’m talking about.

I found this random ClamAV database mirror on Presearch:
It’s hosted at some regional hosting company and I can connect to it without issues,however I can’t say how reliable it is as I don’t use this mirror (or ClamAV at all) myself.

1 Like

Important note to everyone

You can change the currently used mirror by editing /system/settings/clamav/freshclam.conf.
The default mirror (behind cloudflare) is:

I was not aware of the cloudflare problems mentioned by @nipos (thank you for reporting), so you might want to edit the DatabaseMirror value to change mirror.

PLEASE NOTE that this is NOT related to this port. This is a CDN/IP issue.

WARNING: using random/unverified mirrors can decrease your level of security!!! Always use mirrors you trust!!!


Just a note: “” has been up since… “forever”. It belongs to “Universidade Federal do Paraná” on Brazil. Pretty much the biggest mirror for on this side of the world too.


Just installed latest version, update works like charm.

~> freshclam
Creating missing database directory: /boot/system/settings/clamav/db
Assigned ownership of database directory to user “user”.
ClamAV update process started at Fri Oct 20 20:47:01 2023
daily database available for download (remote version: 27067)
Time: 2m 34s, ETA: 0.0s [========================>] 59.15MiB/59.15MiB
Testing database: ‘/boot/system/settings/clamav/db/tmp.359bbc9701/clamav-4c472103cd4e10d43ef3638a677d14ab.tmp-daily.cvd’ …
Database test passed.
daily.cvd updated (version: 27067, sigs: 2044121, f-level: 90, builder: raynman)
main database available for download (remote version: 62)
Time: 2m 51s, ETA: 0.0s [========================>] 162.58MiB/162.58MiB
Testing database: ‘/boot/system/settings/clamav/db/tmp.359bbc9701/clamav-0ae8a5fbf5b26e3aa059e8adf8652dbe.tmp-main.cvd’ …
Database test passed.
main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for download (remote version: 334)
Time: 0.6s, ETA: 0.0s [========================>] 285.12KiB/285.12KiB
Testing database: ‘/boot/system/settings/clamav/db/tmp.359bbc9701/clamav-e75256b330e1651aafe781ad7cf13470.tmp-bytecode.cvd’ …
Database test passed.
bytecode.cvd updated (version: 334, sigs: 91, f-level: 90, builder: anvilleg)