@@ -50,6 +50,9 @@ configuration options.

     - [`libcurl`](#libcurl)

     - [`ncurses` or `pdcurses`, for `clamdtop`](#ncurses-or-pdcurses-for-clamdtop)

     - [Bytecode Runtime](#bytecode-runtime)

+      - [Interpreter Bytecode Runtime](#interpreter-bytecode-runtime)

+      - [LLVM JIT Bytecode Runtime](#llvm-jit-bytecode-runtime)

+      - [Disabling the Bytecode Runtime](#disabling-the-bytecode-runtime)

   - [Compiling For Multiple Architectures (Cross-Compiling)](#compiling-for-multiple-architectures-cross-compiling)

   - [Un-install](#un-install)

@@ -618,9 +621,16 @@ need to specify the following:

 ### `llvm` (optional, _see "Bytecode Runtime" section_)

+Set:

 ```sh

   -D BYTECODE_RUNTIME="llvm"

-  -D LLVM_ROOT_DIR="_path to llvm install root_" -D LLVM_FIND_VERSION="3.6.0"

+```

+

+Options for a custom LLVM install path, or to select a specific version if you

+have multiple LLVM installations:

+```sh

+  -D LLVM_ROOT_DIR="_path to llvm install root_"

+  -D LLVM_FIND_VERSION="3.6.0"

 ```

 ### `libcurl`

@@ -669,6 +679,8 @@ ClamAV has two bytecode runtimes:

    We ran out of time in 0.104 development to update to support newer versions

    of LLVM. LLVM 3.6.2 is the newest version supported in ClamAV 0.104.

+#### Interpreter Bytecode Runtime

+

 At the moment, the *interpreter* is the default runtime, while we work out

 compatibility issues with newer versions of libLLVM. This default equates to:

@@ -676,15 +688,54 @@ compatibility issues with newer versions of libLLVM. This default equates to:

 cmake .. -D BYTECODE_RUNTIME="interpreter"

 ```

-If you wish to build using LLVM instead of the intereter, you will need to

-obtain v3.6 of the LLVM development libraries. Then build using these options:

+#### LLVM JIT Bytecode Runtime

+

+If you wish to build using LLVM JIT for the bytecode runtime instead of the

+bytecode interpreter, you will need to install the LLVM development libraries.

+ClamAV currently supports LLVM versions 8.0 through 12.0.

+To build with LLVM for the bytecode runtime, build with this option:

 ```sh

 cmake .. \

-  -D BYTECODE_RUNTIME="llvm"       \

-  -D LLVM_ROOT_DIR="/opt/llvm/3.6" \

-  -D LLVM_FIND_VERSION="3.6.0"

+  -D BYTECODE_RUNTIME="llvm"

+```

+

+If you have multiple LLVM installations, or have a custom path for the LLVM

+installation, you may also set `LLVM_ROOT_DIR` and `LLVM_FIND_VERSION` options

+to help CMake find the right LLVm installation. For example:

+```sh

+  -D LLVM_ROOT_DIR="/opt/llvm/8.0"

+  -D LLVM_FIND_VERSION="8.0.1"

+```

+

+If the build fails to detect LLVM or linking with LLVM fails using the above

+options, you may try adding this CMake parameter to enable

+[CMake's package-config feature](https://cmake.org/cmake/help/latest/variable/CMAKE_FIND_PACKAGE_PREFER_CONFIG.html):

+```

+  -D CMAKE_FIND_PACKAGE_PREFER_CONFIG=TRUE

 ```

+Normally, ClamAV would use the `FindLLVM.cmake` module in our `<src>/cmake`

+directory to find LLVM. With this option enabled, it will instead try to use

+`<LLVM_ROOT_DIR>/lib/cmake/llvm/LLVMConfig.cmake` to determine the LLVM package

+configuration.

+

+> _Known Issues_: Known issues building with LLVM:

+> - Enabling `CMAKE_FIND_PACKAGE_PREFER_CONFIG` may fail to build with some LLVM

+>   packages that are missing the `libPolly.a` library. This includes some LLVM

+>   packages distributed by Debian, Ubuntu, and OpenSUSE.

+> - Not enabling `CMAKE_FIND_PACKAGE_PREFER_CONFIG` may fail to build with some

+>   LLVM packages using `gcc` when RTTI was disabled for the LLVM build, but is

+>   enabled for the ClamAV build. Using `clang` instead of `gcc` may have better

+>   results.

+> - Building ClamAV in Debug-mode with a Release-LLVM build may fail, and

+>   building ClamAV in Release-mode with a Debug-LLVM build may fail.

+> - The unit tests may fail in Debug-mode builds on the `libclamav` "bytecode"

+>   test due to an assertion/abort.

+> - Windows-only: CMake fails to collect library dependencies when building with

+>   LLVM. That is, the tests will fail because it can't load libssl.dll and

+>   other DLL dependencies. This issue only applies when not using VCPkg.

+

+#### Disabling the Bytecode Runtime

 To disable bytecode signature support entirely, you may build with this option:

@@ -9,10 +9,101 @@ ClamAV 0.105.0 includes the following improvements and changes.

 ### New Requirements

+- Starting with ClamAV v0.105, the Rust toolchain is required to compile ClamAV.

+

+  You can install the Rust toolchain for your development environment by

+  following the instructions on the [`rustup`](https://rustup.rs/) website.

+  Some binary package distributions do provide relatively up-to-date packages of

+  the Rust toolchain, but many do not. Using `rustup` ensures that you have the

+  most up-to-date Rust compiler at the time of installation. Keep your toolchain

+  updated for new features and bug/security fixes by periodically executing:

+  ```sh

+  rustup update

+  ```

+

+  Building ClamAV requires, at a minimum, Rust compiler version 1.56, as it

+  relies on features introduced in the Rust 2021 Edition.

+

+  ClamAV's third-party Rust library dependencies are vendored into the release

+  tarball (`clamav-<version>.tar.gz`) file that we publish on

+  [clamav.net/downloads](https://www.clamav.net/downloads).

+  But, if you build from a Git clone or from an unofficial tarball taken from

+  GitHub.com, you will need the internet to download the Rust libraries during

+  the build.

+

 ### Major changes

+- Increased the default limits for file-size and scan-size:

+  - MaxScanSize:        100M -> 400M

+  - MaxFileSize:        25M  -> 100M

+  - StreamMaxLength:    25M  -> 100M

+  - PCREMaxFileSize:    25M  -> 100M

+  - MaxEmbeddedPE:      10M  -> 40M

+  - MaxHTMLNormalize:   10M  -> 40M

+  - MaxScriptNormalize: 5M   -> 20M

+  - MaxHTMLNoTags:      2M   -> 8M

+

+- Added image fuzzy hash subsignatures for logical signatures.

+

+  Image fuzzy hash subsignatures are a new feature for detecting images known to

+  be used in phishing campaigns or otherwise used when distributing malware.

+

+  Image fuzzy hash subsignatures follow this format:

+  ```

+  fuzzy_img#<hash>

+  ```

+  For example:

+  ```

+  logo.png;Engine:150-255,Target:0;0;fuzzy_img#af2ad01ed42993c7

+  logo.png-2;Engine:150-255,Target:0;0&1;49484452;fuzzy_img#af2ad01ed42993c7

+  ```

+

+  This initial implementation does not support matching with a hamming distance.

+  Support for matching with a hamming distance may be added in a future release.

+

+  ClamAV's image fuzzy hash is very close to, but not 100% identical to, the

+  fuzzy hash generated by the Python `imagehash` package's `phash()` function.

+  Note that these are only clean-room approximations of the pHash™️ algorithm.

+  ClamAV's image fuzzy hashes are not expected to match the fuzzy hashes

+  generated using other tools. Some images may match, while others do not.

+

+  To generate the image fuzzy hash you can run this command:

+  ```

+  clamscan --gen-json --debug /path/to/file

+  ```

+  The hash will appear in the JSON above the "SCAN SUMMARY" under the object

+  named "ImageFuzzyHash".

+

+- ClamScan & ClamDScan (Windows-only):

+  - Added a process memory scanning feature from ClamWin's ClamScan.

+

+    This adds three new options to ClamScan and ClamDScan on Windows:

+    * `--memory`

+    * `--kill`

+    * `--unload`

+

+    Special thanks to:

+    - Gianluigi Tiesi for allowing us to integrate the Windows process memory

+      scanning feature from ClamWin into the ClamAV.

+    - Grace Kang for integrating the ClamScan feature, and for extending it to

+      work with ClamDScan in addition.

+

 ### Notable changes

+- Updated the LLVM bytecode runtime support so that it can use LLVM versions

+  8 through 12 and removed support for earlier LLVM versions.

+  Using LLVM JIT for the bytecode runtime may improve scan performance over the

+  built-in bytecode interpreter runtime, which is the default.

+  If you wish to build using LLVM, you must obtain a complete build of

+  the LLVM libraries including the devopment headers and static libraries.

+

+  There are some known issues both compiling and running the test suite with

+  some LLVM installations. We are working to further stabilize LLVM bytecode

+  runtime support, and document specific edge cases. Your feedback is welcome.

+

+  For details about building ClamAV with the LLVM bytecode runtime, see the

+  [install reference documentation](INSTALL.md#bytecode-runtime).

+

 - Added a `GenerateMetadataJson` option to ClamD.

   The functionality is equivalent to the `clamscan --gen-json` option.

   Scan metadata is useful for file analysis and for debugging scan behavior.

@@ -21,13 +112,217 @@ ClamAV 0.105.0 includes the following improvements and changes.

   in the scan-temp directory. You can customize the scan-temp directory path

   using the `TemporaryDirectory` option.

+- The `libclamunrar.so` library's SO version now matches that of `libclamav.so`.

+  The upstream UnRAR library does not have an SO version that we should match.

+  This change is to prevent a possible collision when multiple ClamAV versions

+  are installed.

+

+- CMake: Added support for using an external TomsFastMath library (libtfm).

+

+  To use an external TomsFastMath library, configure the build with the new

+  option `-D ENABLE_EXTERNAL_TOMSFASTMATH=ON`. The following CMake variables may

+  also be set as needed:

+  - `-D TomsFastMath_INCLUDE_DIR=<path>` - The directory containing `tfm.h`.

+  - `-D TomsFastMath_LIBRARY=<path>` - The path to the TomsFastMath library.

+

+  Also updated the vendored TomsFastMath code to version 0.13.1.

+

 ### Other improvements

+- Freshclam:

+  - Improve `ReceiveTimeout` behavior so that will abort a download attempt if

+    the download is not making significant progress. Previously this limit was

+    an absolute time limit for the download and could abort prematurely for

+    those on a slower connection.

+    Special thanks to Simon Arlott for this improvement.

+

+- Rewrote the ClamAV database archive incremental-update feature (CDIFF) from

+  scratch in Rust. The new implementation was our first module to be rewritten

+  in Rust. It is significantly faster at applying updates that remove large

+  numbers of signatures from a database, such as when migrating signatures from

+  `daily.cvd` to `main.cvd`.

+

+- Freshclam & ClamD:

+  - Increased the maximum line-length for `freshclam.conf` and `clamd.conf` from

+    512-characters to 1024-characters. This change was by request to accommodate

+    very long `DatabaseMirror` options when using access tokens in the URI.

+

+- Removed the Heuristics.PNG.CVE-2010-1205 detection. This alert had been placed

+  behind the `--alert-broken-media` (`SCAN_HEURISTIC_BROKEN_MEDIA`) option in

+  0.103.3 and 0.104 because of excessive alerts on slightly malformed but non-

+  malicious files. Now it is completely removed.

+

+- Added support for building ClamDTop using ncursesw if ncurses can not be

+  found. Patch courtesy of Carlos Velasco.

+

 ### Bug fixes

+- ClamOnAcc: Fixed a number of assorted stability issues and added niceties for

+  debugging ClamOnAcc. Patches courtesy of Frank Fegert.

+

+- Fixed an issue causing byte-compare subsignatures to cause an alert when they

+  match even if other conditions of the given logical signatures were not met.

+

+- Fixed an issue causing XLM macro false positives when scanning XLS documents

+  containing images if the `--alert-macros` (`AlertOLE2Macros`) option was

+  enabled.

+

+- Fixed an issue preventing multiple matches when scanning in all-match mode.

+

+- Docker:

+  - Fixed an issue exposing the health check port. Patch courtesy of Sammy Chu.

+  - Fixed an issue with health check failure false positives during container

+    startup. Patch courtesy of Olliver Schinagl.

+  - Set the default time zone to `Etc/UTC`. The `--env` parameter can be used to

+    customize the time zone by setting `TZ` environment variable.

+    Patch courtesy of Olliver Schinagl.

+

+- Added support for detecting the curses library dependency even when the

+  associated pkg-config file is not present. This resolves a build issue on some

+  BSD distributions. Patch courtesy of Stuart Henderson.

+

+- Assorted bug fixes and improvements.

+

 ### Acknowledgements

 The ClamAV team thanks the following individuals for their code submissions:

+- Ahmon Dancy

+- Alexander Sulfrian

+- Carlos Velasco

+- Bernd Kuhls

+- David Korczynski

+- Fabrice Fontaine

+- Frank Fegert

+- Gianluigi Tiesi

+- Giovanni Bechis

+- Grace Kang

+- John Humlick

+- Jordan Ernst

+- JunWei Song

+- mko-x

+- Olliver Schinagl

+- Sammy Chu

+- Sergey Valentey

+- Simon Arlott

+- Stuart Henderson

+- Yann E. Morin

+

+## 0.104.2

+

+ClamAV 0.104.2 is a critical patch release with the following fixes:

+

+- [CVE-2022-20698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698):

+  Fix for invalid pointer read that may cause a crash.

+  Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and

+  the `CL_SCAN_GENERAL_COLLECT_METADATA` scan option (the `clamscan --gen-json`

+  option) is enabled.

+

+  Cisco would like to thank Laurent Delosieres of ManoMano for reporting this

+  vulnerability.

+

+- Fixed ability to disable the file size limit with libclamav C API, like this:

+  ```c

+    cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);

+  ```

+  This issue didn't impact ClamD or ClamScan which also can disable the limit by

+  setting it to zero using `MaxFileSize 0` in `clamd.conf` for ClamD, or

+  `clamscan --max-filesize=0` for ClamScan.

+

+  Note: Internally, the max file size is still set to 2 GiB. Disabling the limit

+  for a scan will fall back on the internal 2 GiB limitation.

+

+- Increased the maximum line length for ClamAV config files from 512 bytes to

+  1024 bytes to allow for longer config option strings.

+

+Special thanks to the following for code contributions and bug reports:

+- Laurent Delosieres

+

+## 0.104.1

+

+ClamAV 0.104.1 is a critical patch release with the following fixes:

+

+- FreshClam:

+  - Add a 24-hour cool-down for FreshClam clients that have received an HTTP

+    403 (Forbidden) response from the CDN.

+    This is to reduce the volume of 403-response data served to blocked

+    FreshClam clients that are configured with a tight update-loop.

+  - Fixed a bug where FreshClam treats an empty CDIFF as an incremental update

+    failure instead of as an intentional request to download the whole CVD.

+

+- ClamDScan: Fix a scan error when broken symlinks are encountered on macOS with

+  "FollowDirectorySymlinks" and "FollowFileSymlinks" options disabled.

+

+- Overhauled the scan recursion / nested archive extraction logic and added new

+  limits on embedded file-type recognition performed during the "raw" scan of

+  each file. This limits embedded file-type misidentification and prevents

+  detecting embedded file content that is found/extracted and scanned at other

+  layers in the scanning process.

+

+- Fix an issue with the FMap module that failed to read from some nested files.

+

+- Fixed an issue where failing to load some rules from a Yara file containing

+  multiple rules may cause a crash.

+

+- Fixed assorted compiler warnings.

+

+- Fixed assorted Coverity static code analysis issues.

+

+- Scan limits:

+  - Added virus-name suffixes to the alerts that trigger when a scan limit has

+    been exceeded. Rather than simply `Heuristics.Limits.Exceeded`, you may now

+    see limit-specific virus-names, to include:

+    - `Heuristics.Limits.Exceeded.MaxFileSize`

+    - `Heuristics.Limits.Exceeded.MaxScanSize`

+    - `Heuristics.Limits.Exceeded.MaxFiles`

+    - `Heuristics.Limits.Exceeded.MaxRecursion`

+    - `Heuristics.Limits.Exceeded.MaxScanTime`

+  - Renamed the `Heuristics.Email.ExceedsMax.*` alerts to align with the other

+    limit alerts names. These alerts include:

+    - `Heuristics.Limits.Exceeded.EmailLineFoldcnt`

+    - `Heuristics.Limits.Exceeded.EmailHeaderBytes`

+    - `Heuristics.Limits.Exceeded.EmailHeaders`

+    - `Heuristics.Limits.Exceeded.EmailMIMEPartsPerMessage`

+    - `Heuristics.Limits.Exceeded.EmailMIMEArguments`

+  - Fixed an issue where the Email-related scan limits would alert even when the

+    "AlertExceedsMax" (`--alert-exceeds-max`) scan option is not enabled.

+  - Fixes an issue in the Zip parser where exceeding the "MaxFiles" limit or

+    the "MaxFileSize" limit would abort the scan but would fail to alert.

+    The Zip scan limit issues were independently identified and reported by

+    Aaron Leliaert and Max Allan.

+

+- Fixed a leak in the Email parser when using the `--gen-json` scan option.

+

+- Fixed an issue where a failure to record metadata in the Email parser when

+  using the `--gen-json` scan option could cause the Email parser to abort the

+  scan early and fail to extract and scan additional content.

+

+- Fixed a file name memory leak in the Zip parser.

+

+- Fixed an issue where certain signature patterns may cause a crash or cause

+  unintended matches on some systems when converting characters to uppercase if

+  a UTF-8 unicode single-byte grapheme becomes a multi-byte grapheme.

+  Patch courtesy of Andrea De Pasquale.

+

+- CMake:

+  - Fix a packaging issue with the Windows `*.msi` installer so that it will

+    include all of the required files.

+  - Add support for developer code-signing on macOS during the build.

+  - Fix an issue finding and linking with the `tinfo` library on systems where

+    `tinfo` is separate from `ncurses`. Patch courtesy of Luca Barbato.

+

+- Tests: Improved the Freshclam incremental update tests to verify correct

+  behavior when a zero-byte CDIFF is downloaded and the CVD served to FreshClam

+  is older than advertised.

+

+- Docker: Remove the `freshclam.dat` file when building the Docker image with

+  the databases-included so FreshClam agents running in the container will have

+  a unique ID in the HTTP User-Agent.

+

+Special thanks to the following for code contributions and bug reports:

+- Aaron Leliaert

+- Andrea De Pasquale

+- Luca Barbato

+- Max Allan

 ## 0.104.0

@@ -194,6 +489,192 @@ The ClamAV team thanks the following individuals for their code submissions:

 - Vasile Papp

 - Yasuhiro Kimura

+## 0.103.5

+

+ClamAV 0.103.5 is a critical patch release with the following fixes:

+

+- [CVE-2022-20698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698):

+  Fix for invalid pointer read that may cause a crash.

+  Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and

+  the `CL_SCAN_GENERAL_COLLECT_METADATA` scan option (the `clamscan --gen-json`

+  option) is enabled.

+

+  Cisco would like to thank Laurent Delosieres of ManoMano for reporting this

+  vulnerability.

+

+- Fixed ability to disable the file size limit with libclamav C API, like this:

+  ```c

+    cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);

+  ```

+  This issue didn't impact ClamD or ClamScan which also can disable the limit by

+  setting it to zero using `MaxFileSize 0` in `clamd.conf` for ClamD, or

+  `clamscan --max-filesize=0` for ClamScan.

+

+  Note: Internally, the max file size is still set to 2 GiB. Disabling the limit

+  for a scan will fall back on the internal 2 GiB limitation.

+

+- Increased the maximum line length for ClamAV config files from 512 bytes to

+  1024 bytes to allow for longer config option strings.

+

+- SigTool: Fix insufficient buffer size for `--list-sigs` that caused a failure

+  when listing a database containing one or more very long signatures.

+  This fix was backported from 0.104.

+

+Special thanks to the following for code contributions and bug reports:

+- Laurent Delosieres

+

+## 0.103.4

+

+ClamAV 0.103.4 is a critical patch release with the following fixes:

+

+- FreshClam:

+  - Add a 24-hour cool-down for FreshClam clients that have received an HTTP

+    403 (Forbidden) response from the CDN.

+    This is to reduce the volume of 403-response data served to blocked

+    FreshClam clients that are configured with a tight update-loop.

+  - Fixed a bug where FreshClam treats an empty CDIFF as an incremental update

+    failure instead of as an intentional request to download the whole CVD.

+

+- ClamDScan: Fix a scan error when broken symlinks are encountered on macOS with

+  "FollowDirectorySymlinks" and "FollowFileSymlinks" options disabled.

+

+- Overhauled the scan recursion / nested archive extraction logic and added new

+  limits on embedded file-type recognition performed during the "raw" scan of

+  each file. This limits embedded file-type misidentification and prevents

+  detecting embedded file content that is found/extracted and scanned at other

+  layers in the scanning process.

+

+- Fix an issue with the FMap module that failed to read from some nested files.

+

+- Fixed an issue where failing to load some rules from a Yara file containing

+  multiple rules may cause a crash.

+

+- Fixed assorted compiler warnings.

+

+- Fixed assorted Coverity static code analysis issues.

+

+- Scan limits:

+  - Added virus-name suffixes to the alerts that trigger when a scan limit has

+    been exceeded. Rather than simply `Heuristics.Limits.Exceeded`, you may now

+    see limit-specific virus-names, to include:

+    - `Heuristics.Limits.Exceeded.MaxFileSize`

+    - `Heuristics.Limits.Exceeded.MaxScanSize`

+    - `Heuristics.Limits.Exceeded.MaxFiles`

+    - `Heuristics.Limits.Exceeded.MaxRecursion`

+    - `Heuristics.Limits.Exceeded.MaxScanTime`

+  - Renamed the `Heuristics.Email.ExceedsMax.*` alerts to align with the other

+    limit alerts names. These alerts include:

+    - `Heuristics.Limits.Exceeded.EmailLineFoldcnt`

+    - `Heuristics.Limits.Exceeded.EmailHeaderBytes`

+    - `Heuristics.Limits.Exceeded.EmailHeaders`

+    - `Heuristics.Limits.Exceeded.EmailMIMEPartsPerMessage`

+    - `Heuristics.Limits.Exceeded.EmailMIMEArguments`

+  - Fixed an issue where the Email-related scan limits would alert even when the

+    "AlertExceedsMax" (`--alert-exceeds-max`) scan option is not enabled.

+  - Fixes an issue in the Zip parser where exceeding the "MaxFiles" limit or

+    the "MaxFileSize" limit would abort the scan but would fail to alert.

+    The Zip scan limit issues were independently identified and reported by

+    Aaron Leliaert and Max Allan.

+

+- Fixed a leak in the Email parser when using the `--gen-json` scan option.

+

+- Fixed an issue where a failure to record metadata in the Email parser when

+  using the `--gen-json` scan option could cause the Email parser to abort the

+  scan early and fail to extract and scan additional content.

+

+- Fixed a file name memory leak in the Zip parser.

+

+- Fixed an issue where certain signature patterns may cause a crash or cause

+  unintended matches on some systems when converting characters to uppercase if

+  a UTF-8 unicode single-byte grapheme becomes a multi-byte grapheme.

+  Patch courtesy of Andrea De Pasquale.

+

+Other fixes backported from 0.104.0:

+

+- Fixed a crash in programs that use libclamav when the programs don't set a

+  callback for the "virus found" event.

+  Patch courtesy of Markus Strehle.

+

+- Added checks to the the SIS archive parser to prevent an SIS file entry from

+  pointing to the archive, which would result in a loop. This was not an actual

+  infinite loop, as ClamAV's scan recursion limit limits the depth of nested

+  archive extraction.

+

+- ClamOnAcc: Fixed a socket file descriptor leak that could result in a crash

+  when all available file descriptors are exhausted.

+

+- FreshClam: Fixed an issue where FreshClam would download a CVD repeatedly if a

+  zero-byte CDIFF is downloaded or if the incremental update failed and if the

+  CVD downloaded after that is older than advertised.

+  Patch courtesy of Andrew Williams.

+

+- ClamDScan:

+  - Fixed a memory leak of the scan target filename when using the

+    `--fdpass` or `--stream` options.

+  - Fixed an issue where ClamDScan would fail to scan any file after excluding

+    a file with the "ExcludePath" option when using when using the `--multiscan`

+    (`-m`) option along with either `--fdpass` or `--stream`.

+    Also fixed a memory leak of the accidentally-excluded paths in this case.

+  - Fixed a single file path memory leak when using `--fdpass`.

+  - Fixed an issue where the "ExcludePath" regex may fail to exclude absolute

+    paths when the scan is invoked with a relative path.

+

+Special thanks to the following for code contributions and bug reports:

+- Aaron Leliaert

+- Andrea De Pasquale

+- Andrew Williams

+- Markus Strehle

+- Max Allan

+

+## 0.103.3

+

+ClamAV 0.103.3 is a patch release with the following fixes:

+

+- Fixed a scan performance issue when ENGINE_OPTIONS_FORCE_TO_DISK is enabled.

+  This issue did not impacted most users but for those affected it caused every

+  scanned file to be copied to the temp directory before the scan.

+

+- Fix ClamDScan crashes when using the `--fdpass --multiscan` command-line

+  options in combination with the ClamD `ExcludePath` config file options.

+

+- Fixed an issue where the `mirrors.dat` file is owned by root when starting as

+  root (or with sudo) and using daemon-mode. File ownership will be set to the

+  `DatabaseOwner` just before FreshClam switches to run as that user.

+

+- Renamed the `mirrors.dat` file to `freshclam.dat`.

+

+  We used to recommend deleting `mirrors.dat` if FreshClam failed to update.

+  This is because `mirrors.dat` used to keep track of offline mirrors and

+  network interruptions were known to cause FreshClam to think that all mirrors

+  were offline. ClamAV now uses a paid CDN instead of a mirror network, and the

+  new FreshClam DAT file no longer stores that kind of information.

+  The UUID used in ClamAV's HTTP User-Agent is stored in the FreshClam DAT file

+  and we want the UUID to persist between runs, even if there was a failure.

+

+  Unfortunately, some users have FreshClam configured to automatically delete

+  `mirrors.dat` if FreshClam failed. Renaming `mirrors.dat` to `freshclam.dat`

+  should make it so those scripts don't delete important FreshClam data.

+

+- Disabled the `HTTPUserAgent` config option if the `DatabaseMirror` uses

+  clamav.net. This will prevent users from being inadvertently blocked and

+  will ensure that we can keep better metrics on which ClamAV versions are

+  being used.

+

+  This change effectively deprecates the `HTTPUserAgent` option for most users.

+

+- Moved the detection for Heuristics.PNG.CVE-2010-1205 behind the

+  ClamScan `--alert-broken-media` option (ClamD `AlertBrokenMedia yes`) option.

+  This type of PNG issue appears to be common enough to be an annoyance, and

+  the CVE is old enough that no one should be vulnerable at this point.

+

+- Fix ClamSubmit failures after changes to Cloudflare "__cfduid" cookies.

+  See: https://blog.cloudflare.com/deprecating-cfduid-cookie/

+

+Special thanks to the following for code contributions and bug reports:

+

+- Stephen Agate

+- Tom Briden

+

 ## 0.103.2

 ClamAV 0.103.2 is a security patch release with the following fixes:

@@ -3309,7 +3790,7 @@ the highest possible level.

 New mirroring mechanisms. Luca Gibelli (ClamAV) and mirror administrators

 (22 sites) are converting mirrors to new "push mirroring"

-method. It uses advanced techniques to ensure all the mirrors are up to date.

+method. It uses advanced techniques to ensure all the mirrors are up-to-date.

 We would like to thank our donors:

@@ -3656,7 +4137,7 @@ MacOSX and NetBSD (support for them was broken in 0.51).

 ## 0.51

-OAV database is up to date ! There was a problem with signature parsing,

+OAV database is up-to-date ! There was a problem with signature parsing,

 because some hex strings were upper case. Anyway, I still recommend you

 freshclam for a database updating.