Sourcefire acquires open source ClamAV

Sourcefire founder and chief technology officer Martin Roesch vowed earlier this year to expand his company's product portfolio. Friday, the maker of the popular Snort open source intrusion defense (IDS) tool took a step in that direction by announcing the acquisition of ClamAV, an open source email gateway antivirus and antimalware project.

This will not only broaden our reach, but will also allow us to extend our product family into a number of intriguing new markets. Martin Roesch, founder and chief technology officer at Sourcefire

In a statement, Roesch said ClamAV will broaden Sourcefire's open source footprint and enable the company to develop new products and services as part of its Enterprise Threat Management network security portfolio. In addition to email gateway scanning, ClamAV software provides a number of automated utilities including a multi-threaded daemon, a command line scanner and automatic database updates.

"This will not only broaden our reach, but will also allow us to extend our product family into a number of intriguing new markets," he said, adding that the success of the ClamAV project is a "direct reflection of the talent and dedication of the founding team and the project community," he said.

Roesch said Sourcefire will continue to invest in the ClamAV technology, as it has with Snort and Snort.org. ClamAV updates are downloaded by about a million users a day across 38 countries and, like Snort, is one of the more popular open source security tools.

Sourcefire CEO Wayne Jackson said in a conference call with reporters Friday that he expects ClamAV to begin shipping as part of the Enterprise Threat Management network in the latter half of 2008. He also reiterated Sourcefire's intention to keep ClamAV as an open source tool.

"As a succesful open source project, ClamAV benefits from the expertise of hundreds if not thousands of individuals who contribute to the rapid evolution of the ClamAV inspection technology and the vast library of ClamAV malware signatures," he said.

Under terms of the deal, Sourcefire will assume control of the ClamAV project, including the ClamAV.org domain, Web site content and the ClamAV Sourceforge project page. The ClamAV team will officially become Sourcefire employees, continuing management of the project on a daily basis, according to the statement.

Sourcefire: Sourcefire, Nmap deal to open vulnerability scanning: Sourcefire and Insecure.org have inked an agreement to develop open source vulnerability scanning tools based on Insecure's Nmap scripting engine. Sourcefire expands strategy in effort to leverage its network real estate: Sourcefire has announced plans to expand its overall product strategy to span network access control, intrusion prevention, and network behavior anomaly detection. Snort creator, Sourcefire seek fresh approach: Sourcefire  is launching Enterprise Threat Management. Sourcefire says the open source tool Snort is the backbone of the new strategy.

Financial terms of the transaction was not disclosed.

"Sourcefire is a well-respected company in the open source arena, and they really understand how to balance open source community investment with the commercial needs of their customers," project founder Tomasz Kojm said in a statement.

The past year and a half has been eventful for Sourcefire. In November the company filed with the U.S. Securities and Exchange Commission to raise up to $75 million in an initial public offering (IPO) of stock. Seven months earlier, Check Point had dropped plans to acquire Sourcefire amid concerns that foreign ownership of Snort would threaten U.S. national security.

At the Gartner IT Security Summit in Washington D.C. in June, Roesch told SearchSecurity.com that the war chest Sourcefire has developed as a newly public company would be used for future acquisitions.

"We are looking at certain M&A (mergers and acquisitions) transactions in spaces that complement what we are doing now," he said at the time. "We are looking for ways to leverage open source more effectively."