@@ -1,3 +1,70 @@

+Tue Sep 3 18:37:13 2013 EDT 2013 (dar)

+------------------------------------

+ * V 0.98.0 RC

+

+Thu Aug 15 17:44:49 2013 EDT 2013 (dar)

+------------------------------------

+ * code quality fixes on libclamav, clamd, sigtool, clamav-milter, clamconf and clamdtop

+

+Fri Aug 9 18:33:06 2013 EDT 2013 (dar)

+------------------------------------

+ * code quality fixes on libclamav, libclamunrar and freshclam

+

+Wed Aug 7 18:55:13 EDT 2013 (dar)

+------------------------------------

+ * valgrind suppression rules for dl_catch_error complaints

+

+Tue Jul 30 15:07:25 EDT 2013 (dar)

+------------------------------------

+ * bb #8385: PDF ASCII85Decode zero-length fix

+

+Thu Jun 20 13:43:46 EDT 2013 (dar)

+------------------------------------

+ * libclamav: SCAN_ALL mode fixes

+

+Thu May 9 12:50:46 EDT 2013 (dar)

+------------------------------------

+ * bb #7436: elf64 header early exit

+

+Mon Apr 22 11:06:37 EDT 2013 (dar)

+------------------------------------

+ * iso9660: iso_scan_file rewrite

+

+Wed Apr 17 11:20:48 EDT 2013 (olney)

+------------------------------------

+ * V 0.97.8

+

+Mon Apr 15 17:58:26 EDT 2013 (dar)

+------------------------------------

+ * cache: cacheset_remove fix and better logging

+

+Fri Apr 12 14:20:23 EDT 2013 (swebb)

+------------------------------------

+ * libclamav: Fix bugs in mpool and readdb

+

+Fri Apr 5 17:36:54 EDT 2013 (dar)

+------------------------------------

+ * libclamav: Bugs reported by Felix Groebert of the Google Security Team

+

+Thu Mar 28 17:11:56 EDT 2013 (morgan)

+------------------------------------

+ * signature.pdf updates

+ * Update clam doc for allmatch mode

+ * doc: add target 12 for CL_TYPE_JAVA

+ * signature.tex fixup for bb6988

+

+Tue Mar 26 16:51:51 EDT 2013 (dar)

+------------------------------------

+ * libclamav: include cb_meta on copy or apply engine settings

+

+Fri Mar 22 12:05:59 EDT 2013 (dar)

+------------------------------------

+ * libclamav: vba strings fix-ups

+

+Tue Mar 12 15:00:07 EDT 2013 (swebb)

+------------------------------------

+ * Add valgrind suppression rule for LLVM subcode shutdown

+

 Fri Mar 8 17:48:34 EDT 2013 (dar)

 ------------------------------------

  * libclamav: SHA1/SHA256 handling changes and wildcard-size support

@@ -10,11 +77,19 @@ Thu Feb 28 13:55:04 EDT 2013 (dar)

 ------------------------------------

  * libclamav/pe_icons.c: introduce LOGPARSEICONDETAILS define to reduce parseicon logging in default build

+Thu Mar 7 16:10:49 EDT 2012 (olney)

+----------------------------------

+ * V 0.97.7

+

 Wed Feb 20 10:05:00 EDT 2013 (multiple)

 ------------------------------------

  * Bug reported by Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the

  Google Security Team

+Thu Feb 7 14:04:06 EDT 2013 (dar)

+------------------------------------

+ * Add CL_TYPE_JAVA for Java class detection, type and target

+

 Tue Feb 5 19:38:35 EDT 2013 (dar)

 ------------------------------------

  * Add runtime enable/disable of SWF scanning

@@ -261,6 +336,10 @@ Mon Sep 17 12:47:47 EDT 2012 (morgan)

  * check return code from fstat(). If less than 0, log error message and

  return error to caller, bb#5778

+Mon Sep 17 11:19:33 EDT 2012 (olney)

+----------------------------------

+ * V 0.97.6

+

 Fri Sep 14 18:57:41 EDT 2012 (dar)

 ----------------------------------

  * bb #5659: Log rotation in Windows wrapper

@@ -408,6 +487,10 @@ Wed Mar 31 18:08:01 CET 2012 (acab)

 ---------------------------------

  * add recovery mode to 7z ansi

+Wed Mar 14 22:52:48 CET 2012 (tk)

+---------------------------------

+ * V 0.97.4

+

 Fri Mar 2 19:36:04 CET 2012 (tk)

 ---------------------------------

  * properly connect to ClamAuth after database reload

@@ -767,6 +850,10 @@ Mon Oct 17 19:40:34 CEST 2011 (tk)

 ----------------------------------

  * disable swf decoder in scanners.c

+Mon Oct 17 18:04:30 CEST 2011 (tk)

+----------------------------------

+ * V 0.97.3

+

 Mon Oct 17 15:03:08 CEST 2011 (tk)

 ----------------------------------

  * sync with daily.ftm

@@ -856,6 +943,7 @@ Wed Aug  3 15:41:28 CEST 2011 (tk)

 Tue Aug  2 17:03:33 CEST 2011 (tk)

 ----------------------------------

+ * V 0.97.2

  * docs: clarify behavior of --scan-*/Scan* options (bb#3134)

 Mon Jul 25 17:14:39 EEST 2011 (tk)

@@ -1077,7 +1165,7 @@ Fri Jun 10 21:22:46 CEST 2011 (edwin)

 ------------------------------------

  * fmapify cli_scanbzip

- Jun 10 20:17:19 CEST 2011 (edwin)

+Fri Jun 10 20:17:19 CEST 2011 (edwin)

 ------------------------------------

  * mbox already fmapified, just drop descriptor

@@ -1109,6 +1197,10 @@ Tue Jun 7 12:03:19 EEST 2011 (edwin)

 ------------------------------------

  * libclamav/phishcheck.c: fix safebrowsing detection on certain URLs

+Thu Jun  9 09:10:49 CEST 2011 (tk)

+----------------------------------

+ * V 0.97.1

+

 Thu Jun  9 08:22:31 CEST 2011 (acab)

 ------------------------------------

  * libclamav/mew.c: harden boundary check on e8/e9 fixup

@@ -1,45 +1,62 @@

-0.97.2

+0.98

 ------

-ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing detection,

-hash matcher, and other minor issues. Please see the ChangeLog file for

-details.

-

-*** Announcement ***

-

-The ClamAV project is launching a new service called "Third Party web

-interface". It will allow selected individuals/organizations to publish

-ClamAV Virus Databases (CVD) through the ClamAV mirror network.

-

-If you choose to publish your signatures through our Third Party

-web interface you will benefit from the following:

-

-- before publishing the signatures, we will test them for

-  false positives against our false positive file collection.

-- before publishing the signatures, we'll verify that the latest two major

-  versions of ClamAV can load them correctly.

-- the signatures will be digitally signed and packaged into a single

-  .cvd compressed file.

-- there will be no ".UNOFFICIAL" suffix in the detection names.

-- a custom prefix will be added to the detection names, identifying the

-  organization which published the signature.

-- updates will be distributed both as full CVD files and cdiff

-  incremental updates. Users will benefit from lower network traffic.

-- the .cvd and .cdiff files will be distributed through the

-  ClamAV mirror network.

-- the service should result in faster remediation of false positives.

-- ClamAV users will be able to download the third party databases

-  using freshclam, by adding a single line to freshclam.conf, what

-  should make signature maintenance significantly easier.

-

-The service is still in beta, you are welcome to contact Luca Gibelli

-<luca*clamav.net> if you intend to join the beta program.

-

-We especially welcome those who already distribute their own unofficial

-signatures to join. A list of databases distributed by the new service

-will be available at http://www.clamav.net/download/cvd/3rdparty

-

-We will be happy to answer any questions you might have.

+ClamAV 0.98 includes many new features, across all the different components

+of ClamAV. There are new scanning options, extensions to the libclamav API,

+support for additional filetypes and internal upgrades.

+

+    - Signature improvements: New signature targets have been added for

+      PDF files, Flash files and Java class files. NOTE: Java archive files

+      (JAR) are not part of the Java target. Hash signatures can now be

+      written with a * size if the size is unknown. Using wildcard size

+      requires setting the minimum engine FLEVEL to avoid backwards

+      compatibility issues. For more details read the ClamAV Signatures

+      guide.

+

+    - Scanning enhancements: New filetypes can be unpacked and scanned,

+      including ISO9660, Flash and self-extracting 7z files. PDF

+      handling is now more robust and better handles encrypted PDF files.

+

+    - Authenticode: ClamAV is now aware of the certificate chain when

+      scanning signed PE files. When the database contains signatures for

+      trusted root certificate authorities, the engine can whitelist

+      PE files with a valid signature. The same database file can also

+      include known compromised certificates to be rejected! This

+      feature can also be disabled in clamd.conf (DisableCertCheck) or

+      the command-line (nocerts).

+

+    - New options: Several new options for clamscan and clamd have been

+      added. For example, ClamAV can be set to print infected files and

+      error files and suppress printing OK results. This can be helpful

+      when scanning large numbers of files. This new option is "-o" for

+      clamscan and "LogClean" for clamd. Check clamd.conf or the clamscan

+      help message for specific details.

+

+    - New callbacks added to the API: The libclamav API has additional hooks

+      for developers to use when wrapping ClamAV scanning. These function

+      types are defined to start with "clcb_" and allow developers to add

+      logic at certain steps of the scanning process without directly

+      modifying the library. For more details refer to the clamav.h file.

+

+    - More configurable limits: Several hardcoded values are now configurable

+      parameters, providing more options for tuning the engine to match your

+      needs. Check clamd.conf or the clamscan help message for specific

+      details.

+

+    - Performance improvements: This release furthers the use of memory maps

+      during scanning and unpacking, continuing the conversion started in

+      prior releases. Complex math functions have been switched from

+      libtommath to tomsfastmath functions. The A/C matcher code has also

+      been optimized to provide a speed boost.

+

+    - Support for on-access scanning using Clamuko/Dazuko has been replaced

+      with fanotify. Accordingly, clamd.conf settings related to on-access

+      scanning have had Clamuko removed from the name. Clamuko-specific

+      configuration items have been marked deprecated and should no longer

+      be used.

+

+There are also fixes for other minor issues and code quality changes. Please

+see the ChangeLog file for details.

 --

 The ClamAV team (http://www.clamav.net/team)

@@ -3,10 +3,88 @@ here may not be available in binary packages.

 --

 0.98

+------

+

+ClamAV 0.98 includes many new features, across all the different components

+of ClamAV. There are new scanning options, extensions to the libclamav API,

+support for additional filetypes and internal upgrades.

+

+    - Signature improvements: New signature targets have been added for

+      PDF files, Flash files and Java class files. NOTE: Java archive files

+      (JAR) are not part of the Java target. Hash signatures can now be

+      written with a * size if the size is unknown. Using wildcard size

+      requires setting the minimum engine FLEVEL to avoid backwards

+      compatibility issues. For more details read the ClamAV Signatures

+      guide.

+

+    - Scanning enhancements: New filetypes can be unpacked and scanned,

+      including ISO9660, Flash and self-extracting 7z files. PDF

+      handling is now more robust and better handles encrypted PDF files.

+

+    - Authenticode: ClamAV is now aware of the certificate chain when

+      scanning signed PE files. When the database contains signatures for

+      trusted root certificate authorities, the engine can whitelist

+      PE files with a valid signature. The same database file can also

+      include known compromised certificates to be rejected! This

+      feature can also be disabled in clamd.conf (DisableCertCheck) or

+      the command-line (nocerts).

+

+    - New options: Several new options for clamscan and clamd have been

+      added. For example, ClamAV can be set to print infected files and

+      error files and suppress printing OK results. This can be helpful

+      when scanning large numbers of files. This new option is "-o" for

+      clamscan and "LogClean" for clamd. Check clamd.conf or the clamscan

+      help message for specific details.

+

+    - New callbacks added to the API: The libclamav API has additional hooks

+      for developers to use when wrapping ClamAV scanning. These function

+      types are defined to start with "clcb_" and allow developers to add

+      logic at certain steps of the scanning process without directly

+      modifying the library. For more details refer to the clamav.h file.

+

+    - More configurable limits: Several hardcoded values are now configurable

+      parameters, providing more options for tuning the engine to match your

+      needs. Check clamd.conf or the clamscan help message for specific

+      details.

+

+    - Performance improvements: This release furthers the use of memory maps

+      during scanning and unpacking, continuing the conversion started in

+      prior releases. Complex math functions have been switched from

+      libtommath to tomsfastmath functions. The A/C matcher code has also

+      been optimized to provide a speed boost.

+

+    - Support for on-access scanning using Clamuko/Dazuko has been replaced

+      with fanotify. Accordingly, clamd.conf settings related to on-access

+      scanning have had Clamuko removed from the name. Clamuko-specific

+      configuration items have been marked deprecated and should no longer

+      be used.

+

+There are also fixes for other minor issues and code quality changes. Please

+see the ChangeLog file for details.

+

+--

+The ClamAV team (http://www.clamav.net/team)

+

+0.97.8

+----

+

+ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to

+Felix Groebert of the Google Security Team for finding and reporting these

+issues.

+

+0.97.7

+----

+

+ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to

+Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security

+Team for finding and reporting these issues.

+

+0.97.6

 ----

-Bug reported by Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security

-Team.

+ClamAV 0.97.6 includes minor bug fixes and detection improvements.

+ClamAV 0.97.6 corrects bug 5252 "CL_EFORMAT: Bad format or broken data ERROR

+reported as scan result."

 0.97.5

 ------

@@ -14,7 +92,7 @@ Team.

 ClamAV 0.97.5 addresses possible evasion cases in some archive formats 

 (CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability 

 issues in portions of the bytecode engine. This release is recommended for 

-all

+all users.

 0.97.4

 ------