Sourcefire acquires ClamAV open-source anti-malware project

Network security specialist Sourcefire announced Friday that it has acquired ClamAV, an open-source gateway anti-malware project whose technologies are used in the products of a number of other vendors.

Sourcefire said that under the terms of the deal, it has purchased all of the project's technology and related trademarks, as well as the copyrights controlled by all developers involved in the effort, including its founder Tomasz Kojm.

The company will also assume ownership of all of the project's online properties and continue to involve all of ClamAV's existing five-person team in the continued development of its technologies, with those individuals becoming Sourcefire employees and retaining management of the effort on a daily basis.

ClamAV claims that its software updates currently cover roughly 120 million IP addresses, with the technology embedded in the products and services offered by vendors including Barracuda Networks, Demon, and WatchGuard, as well as a handful of Internet service and e-mail providers.

Sourcefire, a Columbia, Md.-based provider of integrated network defense tools, already controls Snort, an open-source intrusion prevention and detection technology created in 1998 by company founder and chief technology officer Martin Roesch.

The acquisition stands as the first major strategic move made by Sourcefire since its March 2007 initial public offering (IPO).

The company's stock feel by over 25 percent earlier this month when it announced mixed second-quarter results. Shares of its stock opened at roughly $9.75 on Friday, up from a low of just under $9 after the earnings announcement at the beginning of August.

Sourcefire said that it expects to report a one-time charge in the third quarter of 2007 of between $0.09 and $0.12 per share to write off research and development expenses related to the deal. Other details of the transaction weren't disclosed.

"This acquisition gives Sourcefire the ability to bring together two of the security industry's most widely adopted open-source projects Snort and ClamAV," Roesch said in a statement. "Sourcefire will continue to invest in the ClamAV technology, much as we have with Snort and Snort.org."

In a conference call, Sourcefire executives said that the company would mirror its model for Snort, which balances enterprise licensing with open source development.

The deal should also allow the company to move into a number of other security markets, said Wayne Jackson, the company's chief executive officer.

ClamAV's technology is currently being used in unified threat management (UTM) systems, as well as Web and messaging gateways.

For its part, Sourcefire's flagship Enterprise Threat Management (ETM) product offering already offers integrated intrusion protection, network accesses control and vulnerability assessment technologies.

"This acquisition not only effectively broadens Sourcefire's open source footprint, essentially doubling it, but opens significant opportunities in growing security markets," Jackson said.

The CEO said on the call that Sourcefire is still finalizing its specific plans for future product roll-outs based on the deal, but reported that the company will likely soon create a set of tools that integrate its existing technologies with ClamAV's UTM capabilities.