@@ -1,3 +1,7 @@

+Mon Sep 20 15:31:21 CEST 2004 (tk)

+----------------------------------

+  V 0.80rc

+

 Mon Sep 20 13:46:15 BST 2004 (njh)

 ----------------------------------

   * libclamav/mbox.c:	Fix parsing problem

@@ -10,7 +14,7 @@ Mon Sep 20 12:12:09 CEST 2004 (tk)

 Mon Sep 20 10:44:35 BST 2004 (trog)

 -----------------------------------

-* libclamav/htmlnorm.c: Simplify handling of NL chars, treat as a space.

+  * libclamav/htmlnorm.c: Simplify handling of NL chars, treat as a space.

 Mon Sep 20 10:09:55 BST 2004 (njh)

 ----------------------------------

@@ -2,6 +2,125 @@ Note: This README/NEWS file refers to the source tarball. Some things described

 here may not be available in binary packages.

 --

+0.80rc

+------

+

+The development version of ClamAV is ready for general testing! New mechanisms

+have already proved very nasty to Internet worms successfully protecting

+against the new versions R, S, T, U, V and W of the infamous Mydoom worm

+and detecting them as Worm.Mydoom.Gen before they were analysed and specific

+signatures added by the ClamAV database maintainers. That means servers running

+the new version of ClamAV have detected and blocked 100% of Mydoom attacks!

+

+New features in this release include:

+

+-) libclamav

+    + Portable Executable analyser (CL_SCAN_PE) featuring:

+	o UPX decompression (all versions)

+	o Petite decompression (2.x)

+	o FSG decompression (1.3, 1.31, 1.33)

+	o detection of broken executables (CL_SCAN_BLOCKBROKEN)

+    + new, memory efficient, pattern matching algorithm (multipattern variant

+      of Boyer-Moore) - it's now primary matcher and Aho-Corasick is only used

+      for regular expression extended signatures

+    + new signature format with advanced target type and offset specification

+    + support for MD5 based signatures

+    + extended regular expression scanner

+    + added support for MS cabinet files

+    + added support for CHM files

+    + added support for POSIX tar archives

+    + scanning inside PowerPoint documents

+    + HTML normaliser with support for decoding of MS Script Encoder code

+    + great improvements in e-mail scanner (now handles even more worm tricks)

+    + new method of mail files detection

+    + all e-mail attachments are now scanned (previously only the first ten

+      attachments were scanned)

+    + added support for scanning URLs in e-mails (CL_SCAN_MAILURL)

+    + detection of Worm.Mydoom.M.log

+    + updated API (still backward compatible but please consult clamdoc.pdf

+      (Section 6) and adapt your software)

+

+-) clamd

+    + new directive ScanHTML (enables HTML normalisator and ScrEnc decoder)

+    + new directive ScanPE (win32 executable analyser and decompressor)

+    + new directive DetectBrokenExecutables (try to detect broken executables

+      and mark them as Broken.Executable)

+    + new directive MailFollowURLs (try to download and scan files from URLs

+      in mails. BE CAREFUL! DO NOT ENABLE IT ON LOADED MAIL SERVERS)

+    + new directive ArchiveBlockMax (archives that exceed limits will be

+      marked as viruses)

+    + clamav.conf was renamed clamd.conf

+

+-) clamscan

+    + mail files are scanned by default, use --no-mail to disable it

+    + new option --no-html (disables HTML normalisator)

+    + new option --no-pe (disables PE analyser)

+    + new option --detect-broken

+    + new option --block-max

+    + new option --mail-follow-urls (download and scan files from URLs in mails)

+

+-) clamdscan

+    + now prints warnings if some activated command line options are only

+      supported by clamscan

+    + added support for archive scanning in stdin mode

+

+-) clamav-milter

+    + improved template file format

+    + quarantined file names now contain virus names

+    + initial support for SESSION mode of clamd

+

+-) freshclam:

+    + new directive DNSDatabaseInfo that enables ultra lightweight version

+      verification method through DNS (using TXT records). Based on idea by

+      Christopher X. Candreva and enabled by default.

+      (see http://www.gossamer-threads.com/lists/clamav/users/11102)

+    + new option --no-dns (quick option to disable DNS method without editing

+      freshclam.conf)

+

+-) sigtool

+    + removed ability of automatic signature generation (use MD5 sums to

+      create your own signatures, see signatures.pdf for details)

+    + new option --md5

+    + new option --html-normalise (saves HTML normalisation and decryption

+      results in three html files in current directory)

+

+-) configure:

+    + new option --disable-gethostbyname_r (try enabling it if clamav-milter

+      compilation fails)

+    + new option --disable-dns (try enabling it if freshclam compilation fails)

+    + extended regular expression scanner

+

+-) documentation

+    + included new Mac OS X installation instructions

+    + official documentation rewritten and outdated docs removed

+

+-) new 3rd party software with support for ClamAV:

+    + OdeiaVir - an e-mail filter for qmail and Exim

+    + ClamSMTP - a lightweight (written in C) and simple filter for Postfix

+    + Protea AntiVirus Tools - a virus filter for Lotus Domino

+    + PTSMail Utilities - an e-mail filter for Sendmail

+    + mxGuard for IMail - a mail filter for Ipswitch IMail (W32)

+    + Zabit - a content and attachment filter for qmail

+    + BeClam - ClamAV port for BeOS

+    + clamXav - a virus scanner with GUI for Mac OS X

+

+Special thanks to aCaB for his work on UPX, FSG and Petite decompressors.

+

+Thanks to good reaction times on new threats ClamAV was awarded as best

+security tool for 2004 by Linux Journal: "...With this year's outbreak of

+e-mail worms for non-Linux platforms, ClamAV has been getting quite a workout,

+and Linux admins on mailing lists report that database update times are keeping

+up with or beating the proprietary alternatives." Thanks!

+

+SourceWear.com is selling some very nice t-shirts and polo shirts powered by

+ClamAV. Wear them and virus writers will stay away from you :-) A quarter out

+of every dollar profited from the sale of these shirts will go to the ClamAV

+project. Visit http://www.sourcewear.com and click on ClamAV logo! 

+

+

+--

+The ClamAV team (http://www.clamav.net/team.html)

+

 0.75

 ----

@@ -2,6 +2,125 @@ Note: This README/NEWS file refers to the source tarball. Some things described

 here may not be available in binary packages.

 --

+0.80rc

+------

+

+The development version of ClamAV is ready for general testing! New mechanisms

+have already proved very nasty to Internet worms successfully protecting

+against the new versions R, S, T, U, V and W of the infamous Mydoom worm

+and detecting them as Worm.Mydoom.Gen before they were analysed and specific

+signatures added by the ClamAV database maintainers. That means servers running

+the new version of ClamAV have detected and blocked 100% of Mydoom attacks!

+

+New features in this release include:

+

+-) libclamav

+    + Portable Executable analyser (CL_SCAN_PE) featuring:

+	o UPX decompression (all versions)

+	o Petite decompression (2.x)

+	o FSG decompression (1.3, 1.31, 1.33)

+	o detection of broken executables (CL_SCAN_BLOCKBROKEN)

+    + new, memory efficient, pattern matching algorithm (multipattern variant

+      of Boyer-Moore) - it's now primary matcher and Aho-Corasick is only used

+      for regular expression extended signatures

+    + new signature format with advanced target type and offset specification

+    + support for MD5 based signatures

+    + extended regular expression scanner

+    + added support for MS cabinet files

+    + added support for CHM files

+    + added support for POSIX tar archives

+    + scanning inside PowerPoint documents

+    + HTML normaliser with support for decoding of MS Script Encoder code

+    + great improvements in e-mail scanner (now handles even more worm tricks)

+    + new method of mail files detection

+    + all e-mail attachments are now scanned (previously only the first ten

+      attachments were scanned)

+    + added support for scanning URLs in e-mails (CL_SCAN_MAILURL)

+    + detection of Worm.Mydoom.M.log

+    + updated API (still backward compatible but please consult clamdoc.pdf

+      (Section 6) and adapt your software)

+

+-) clamd

+    + new directive ScanHTML (enables HTML normalisator and ScrEnc decoder)

+    + new directive ScanPE (win32 executable analyser and decompressor)

+    + new directive DetectBrokenExecutables (try to detect broken executables

+      and mark them as Broken.Executable)

+    + new directive MailFollowURLs (try to download and scan files from URLs

+      in mails. BE CAREFUL! DO NOT ENABLE IT ON LOADED MAIL SERVERS)

+    + new directive ArchiveBlockMax (archives that exceed limits will be

+      marked as viruses)

+    + clamav.conf was renamed clamd.conf

+

+-) clamscan

+    + mail files are scanned by default, use --no-mail to disable it

+    + new option --no-html (disables HTML normalisator)

+    + new option --no-pe (disables PE analyser)

+    + new option --detect-broken

+    + new option --block-max

+    + new option --mail-follow-urls (download and scan files from URLs in mails)

+

+-) clamdscan

+    + now prints warnings if some activated command line options are only

+      supported by clamscan

+    + added support for archive scanning in stdin mode

+

+-) clamav-milter

+    + improved template file format

+    + quarantined file names now contain virus names

+    + initial support for SESSION mode of clamd

+

+-) freshclam:

+    + new directive DNSDatabaseInfo that enables ultra lightweight version

+      verification method through DNS (using TXT records). Based on idea by

+      Christopher X. Candreva and enabled by default.

+      (see http://www.gossamer-threads.com/lists/clamav/users/11102)

+    + new option --no-dns (quick option to disable DNS method without editing

+      freshclam.conf)

+

+-) sigtool

+    + removed ability of automatic signature generation (use MD5 sums to

+      create your own signatures, see signatures.pdf for details)

+    + new option --md5

+    + new option --html-normalise (saves HTML normalisation and decryption

+      results in three html files in current directory)

+

+-) configure:

+    + new option --disable-gethostbyname_r (try enabling it if clamav-milter

+      compilation fails)

+    + new option --disable-dns (try enabling it if freshclam compilation fails)

+    + extended regular expression scanner

+

+-) documentation

+    + included new Mac OS X installation instructions

+    + official documentation rewritten and outdated docs removed

+

+-) new 3rd party software with support for ClamAV:

+    + OdeiaVir - an e-mail filter for qmail and Exim

+    + ClamSMTP - a lightweight (written in C) and simple filter for Postfix

+    + Protea AntiVirus Tools - a virus filter for Lotus Domino

+    + PTSMail Utilities - an e-mail filter for Sendmail

+    + mxGuard for IMail - a mail filter for Ipswitch IMail (W32)

+    + Zabit - a content and attachment filter for qmail

+    + BeClam - ClamAV port for BeOS

+    + clamXav - a virus scanner with GUI for Mac OS X

+

+Special thanks to aCaB for his work on UPX, FSG and Petite decompressors.

+

+Thanks to good reaction times on new threats ClamAV was awarded as best

+security tool for 2004 by Linux Journal: "...With this year's outbreak of

+e-mail worms for non-Linux platforms, ClamAV has been getting quite a workout,

+and Linux admins on mailing lists report that database update times are keeping

+up with or beating the proprietary alternatives." Thanks!

+

+SourceWear.com is selling some very nice t-shirts and polo shirts powered by

+ClamAV. Wear them and virus writers will stay away from you :-) A quarter out

+of every dollar profited from the sale of these shirts will go to the ClamAV

+project. Visit http://www.sourcewear.com and click on ClamAV logo! 

+

+

+--

+The ClamAV team (http://www.clamav.net/team.html)

+

 0.75

 ----

@@ -15,5 +15,5 @@

 #  along with this program; if not, write to the Free Software

 #  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

-EXTRA_DIST = clamdoc.pdf html man clamav-mirror-howto.pdf signatures.pdf Polish

+EXTRA_DIST = clamdoc.pdf html man clamav-mirror-howto.pdf signatures.pdf MacOSX

 man_MANS = man/clamscan.1 man/freshclam.1 man/sigtool.1 man/clamd.8 man/clamd.conf.5 man/clamdscan.1 man/clamav-milter.8 man/freshclam.conf.5

@@ -179,7 +179,7 @@ target_alias = @target_alias@

 target_cpu = @target_cpu@

 target_os = @target_os@

 target_vendor = @target_vendor@

-EXTRA_DIST = clamdoc.pdf html man clamav-mirror-howto.pdf signatures.pdf Polish

+EXTRA_DIST = clamdoc.pdf html man clamav-mirror-howto.pdf signatures.pdf MacOSX

 man_MANS = man/clamscan.1 man/freshclam.1 man/sigtool.1 man/clamd.8 man/clamd.conf.5 man/clamdscan.1 man/clamav-milter.8 man/freshclam.conf.5

 all: all-am

@@ -20,6 +20,9 @@

  *

  * Change History:

  * $Log: untar.c,v $

+ * Revision 1.10  2004/09/20 13:37:44  kojm

+ * 0.80rc

+ *

  * Revision 1.9  2004/09/14 10:29:31  nigelhorne

  * Fix compilation error on AIX and OSF

  *

@@ -48,7 +51,7 @@

  * First draft

  *

  */

-static	char	const	rcsid[] = "$Id: untar.c,v 1.9 2004/09/14 10:29:31 nigelhorne Exp $";

+static	char	const	rcsid[] = "$Id: untar.c,v 1.10 2004/09/20 13:37:44 kojm Exp $";

 #include <stdio.h>

 #include <errno.h>

@@ -141,7 +144,7 @@ cli_untar(const char *dir, int desc)

 			strncpy(magic, block+257, 6);

 			magic[6] = '\0';

 			if(strcmp(magic, "ustar ") != 0) {

-				cli_errmsg("Incorrect magic number in tar header\n");

+				cli_dbgmsg("Incorrect magic number in tar header\n");

 				return CL_EFORMAT;

 			}

@@ -1,6 +1,6 @@

 clam.exe is an extremely small (544 bytes!) MZ+PE executable that prints

-a nice message :-) You can use it to test if your mail scanner using ClamAV

-properly scans the attachments.

+a nice message :-) You can use it to test attachment scanning in your ClamAV

+based mail scanner.

 Due to license issues libclamav does not support RAR 3.0 archives (only 2.0

 are supported). Currently only clamscan is able to scan the clam-error.rar