Browse code

Updated the NEWS.md, and reformatted it to improve the markdown. updated the version string from 0.100.0-rc to 0.100.0 in preparation for the release.

Micah Snyder authored on 2018/03/30 05:51:58
Showing 7 changed files
... ...
@@ -1,82 +1,112 @@
1
-ClamAV News
2
-===========
1
+# ClamAV News
3 2
 
4
-Note: This file refers to the source tarball. Things described here may
5
- differ slightly from the binary packages.
3
+Note: This file refers to the source tarball. Things described here may differ
4
+ slightly from the binary packages.
6 5
 
7
-0.100.0
6
+## 0.100.0
8 7
 
9 8
 ClamAV 0.100.0 is a feature release which includes many code submissions
10
- from the ClamAV community.  Some of the more prominent submissions include:
11
-
12
-    - Interfaces to the Prelude SIEM open source package for collecting
13
-      ClamAV virus events.
14
-    - Support for Visual Studio 2015 for Windows builds.
15
-    - Support libmspack internal code or as a shared object library.
16
-      The internal library is the default and contains additional
17
-      integrity checks.
18
-    - Linking with openssl 1.1.0.
19
-    - Deprecation of the AllowSupplementaryGroups parameter statement
20
-      in clamd, clamav-milter, and freshclam. Use of supplementary
21
-      is now in effect by default.
22
-    - Numerous bug fixes, typo corrections, and compiler warning fixes.
9
+ from the ClamAV community.  As always, it can be downloaded from our downloads
10
+ page on clamav.net. Some of the more prominent submissions include:
11
+
12
+- Interfaces to the Prelude SIEM open source package for collecting
13
+  ClamAV virus events.
14
+- Support for Visual Studio 2015 for Windows builds.  Please note that we
15
+  have deprecated support for Windows XP, and while Vista may still work,
16
+  we no longer test ClamAV on Windows XP or Vista.
17
+- Support libmspack internal code or as a shared object library.
18
+  The internal library is the default and includes modifications to enable
19
+  parsing of CAB files that do not entirely adhere to the CAB file format.
20
+- Linking with OpenSSL 1.1.0.
21
+- Deprecation of the AllowSupplementaryGroups parameter statement
22
+  in clamd, clamav-milter, and freshclam. Use of supplementary
23
+  is now in effect by default.
24
+- Numerous bug fixes, typo corrections, and compiler warning fixes.
23 25
 
24 26
 Additionally, we have introduced important changes and new features in
25 27
 ClamAV 0.100, including but not limited to:
26 28
 
27
-    - Deprecating internal LLVM code support. The configure script has changed
28
-      to search the system for an installed instance of the LLVM development
29
-      libraries, and to otherwise use the bytecode interpreter for ClamAV
30
-      bytecode signatures. To use the LLVM Just-In-Time compiler for
31
-      executing bytecode signatures, please ensure that the LLVM development
32
-      package at version 3.6 or lower is installed. Using the deprecated LLVM
33
-      code is possible with the command: `./configure --with-system-llvm=no`,
34
-      but it no longer compiles on all platforms.
35
-    - Compute and check PE import table hash (a.k.a. "imphash") signatures.
36
-    - Support file property collection and analysis for MHTML files.
37
-    - Raw scanning of PostScript files.
38
-    - Fix clamsubmit to use the new virus and false positive submission web
39
-      interface.
40
-    - Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when
41
-      size limitations are exceeded.
42
-    - Improved decoders for PDF files.
43
-    - Reduced number of compile time warnings.
44
-    - Improved support for C++11.
45
-    - Improved detection of system installed libraries.
46
-    - Fixes to ClamAV's Container system and the introduction of Intermediates
47
-      for more descriptive signatures.
48
-    - Improvements to clamd's On-Access scanning capabilities for Linux.
29
+- Deprecating internal LLVM code support. The configure script has changed
30
+  to search the system for an installed instance of the LLVM development
31
+  libraries, and to otherwise use the bytecode interpreter for ClamAV
32
+  bytecode signatures. To use the LLVM Just-In-Time compiler for
33
+  executing bytecode signatures, please ensure that the LLVM development
34
+  package at version 3.6 or lower is installed. Using the deprecated LLVM
35
+  code is possible with the command: `./configure --with-system-llvm=no`,
36
+  but it no longer compiles on all platforms.
37
+- Compute and check PE import table hash (a.k.a. "imphash") signatures.
38
+- Support file property collection and analysis for MHTML files.
39
+- Raw scanning of PostScript files.
40
+- Fix clamsubmit to use the new virus and false positive submission web
41
+  interface.
42
+- Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when
43
+  size limitations are exceeded.
44
+- Improved decoders for PDF files.
45
+- Reduced number of compile time warnings.
46
+- Improved support for C++11.
47
+- Improved detection of system installed libraries.
48
+- Fixes to ClamAV's Container system and the introduction of Intermediates
49
+  for more descriptive signatures.
50
+- Improvements to clamd's On-Access scanning capabilities for Linux.
51
+
52
+### Acknowledgements
49 53
 
50 54
 The ClamAV team thanks the following individuals for their code submissions:
51 55
 
52
-Andreas Schulze
53
-Anthony Chan
54
-Bill Parker
55
-Chris Miserva
56
-Daniel J. Luke
57
-Georgy Salnikov
58
-James Ralston
59
-Jonas Zaddach
60
-Keith Jones
61
-Marc Deslauriers
62
-Mark Allan
63
-Matthew Boedicker
64
-Michael Pelletier
65
-Ningirsu
66
-Sebastian Andrzej Siewior
67
-Stephen Welker
68
-Tuomo Soini
69
-
70
-0.99.4
56
+- Andreas Schulze
57
+- Anthony Chan
58
+- Bill Parker
59
+- Chris Miserva
60
+- Daniel J. Luke
61
+- Georgy Salnikov
62
+- James Ralston
63
+- Jonas Zaddach
64
+- Keith Jones
65
+- Marc Deslauriers
66
+- Mark Allan
67
+- Matthew Boedicker
68
+- Michael Pelletier
69
+- Ningirsu
70
+- Sebastian Andrzej Siewior
71
+- Stephen Welker
72
+- Tuomo Soini
73
+
74
+### Known Issues
75
+
76
+ClamAV has an active issue queue and enjoys continual improvement but as sad as
77
+ I am to say it, we couldn't address every bug in this release.  I want to draw
78
+ your attention a couple bugs in particular so as not to frustrate users
79
+ setting up ClamAV:
80
+
81
+- Platform: macOS:
82
+  - Bug:  If you attempt to build ClamAV with a system installed LLVM you may
83
+    receive a linker error.  We recently changed default linking behavior to
84
+    prefer dynamic linking over static linking.  As a result, we've uncovered a
85
+    bug in building on macOS where dynamic linking against the LLVM libraries
86
+    fails.  To work around this bug, please add the --with-llvm-linking=static
87
+    option to your ./configure call.
88
+
89
+- Platform: CentOS 6 32bit, older versions of AIX:
90
+  - Bug:  On CentOS 6 32bit we observed that specific versions of zlib fail to
91
+    correctly decompress the CVD signature databases.  If you are on an older
92
+    system such as CentoOS 6 32bit and observe failures loading the signature
93
+    database, please consider upgrading to a newer version of zlib.
94
+
95
+- Platform: Miscellaneous
96
+  - Bug:  When cross compiling on certain legacy systems (Solaris, AIX, OSX)
97
+    against older system libraries that do not support strn functions linking
98
+    may fail during compile time. While automatic checking is done during
99
+    configure time to check for unsupported libs, this problem can be manually
100
+    avoided using the --enable-strni configure flag if it is encountered.
101
+
102
+## 0.99.4
71 103
 
72 104
 ClamAV 0.99.4 is a hotfix release to patch a set of vulnerabilities.
73 105
 
74
-    - fixes for the following CVE's: CVE-2012-6706, CVE-2017-6419,
75
-      CVE-2017-11423, CVE-2018-0202, and CVE-2018-1000085.
76
-    - also included are 2 fixes for file descriptor leaks as well fixes for
77
-      a handful of other important bugs, including patches to support g++ 6, C++11.
106
+- fixes for the following CVE's: CVE-2012-6706, CVE-2017-6419,
107
+  CVE-2017-11423, CVE-2018-0202, and CVE-2018-1000085.
108
+- also included are 2 fixes for file descriptor leaks as well fixes for
109
+  a handful of other important bugs, including patches to support g++ 6, C++11.
78 110
 
79 111
 Thank you to the following ClamAV community members for your code
80 112
 submissions and bug reports! 
... ...
@@ -92,65 +122,62 @@ Suleman Ali
92 92
 yongji.oy
93 93
 xrym
94 94
 
95
-0.99.3
95
+## 0.99.3
96 96
 
97 97
 ClamAV 0.99.3 is a hotfix release to patch a set of vulnerabilities.
98 98
 
99
-    - fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420, 
100
-      CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, 
101
-      CVE-2017-12378, CVE-2017-12379, CVE-2017-12380. 
102
-    - also included are 2 minor fixes to properly detect openssl install
103
-      locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#
104
-      version numbers. 
99
+- fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420,
100
+  CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
101
+  CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.
102
+- also included are 2 minor fixes to properly detect openssl install
103
+  locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#
104
+  version numbers.
105 105
 
106 106
 Thank you to the following ClamAV community members for your code
107
-submissions and bug reports! 
107
+submissions and bug reports!
108 108
 
109
-Alberto Garcia
110
-Daniel J. Luke
111
-Francisco Oca
112
-Sebastian A. Siewior
113
-Suleman Ali
109
+- Alberto Garcia
110
+- Daniel J. Luke
111
+- Francisco Oca
112
+- Sebastian A. Siewior
113
+- Suleman Ali
114 114
 
115 115
 Special thanks to Offensive Research at Salesforce.com for responsible disclosure.
116 116
 
117
-0.99.2
117
+## 0.99.2
118 118
 
119 119
 ClamAV 0.99.2 is a release of bug fixes and minor enhancements.
120 120
 
121
-    - fix ups improving the reliability of several ClamAV file parsers.
122
-    - sigtool now decodes file type signatures (e.g., daily.ftm CVD file).
123
-    - now supporting libpcre2 in addition to libpcre.
124
-    - systemd support for clamd and freshclam. Patch provided by 
125
-      Andreas Cadhalpun.
126
-    - fixed builds on Mac OS X 10.10 & 10.11.
127
-    - improved debug info for certificate metadata.
128
-    - improved freshclam messaging when using a proxy.
129
-    - fixed some freshclam functionality when using private mirrors.
130
-    - clamd refinements of open file limitations on Solaris. Patch by
131
-      Jim Morris
132
-    - clamav-milter signal handling for improved clean up during
133
-      termination.
121
+- fix ups improving the reliability of several ClamAV file parsers.
122
+- sigtool now decodes file type signatures (e.g., daily.ftm CVD file).
123
+- now supporting libpcre2 in addition to libpcre.
124
+- systemd support for clamd and freshclam. Patch provided by 
125
+  Andreas Cadhalpun.
126
+- fixed builds on Mac OS X 10.10 & 10.11.
127
+- improved debug info for certificate metadata.
128
+- improved freshclam messaging when using a proxy.
129
+- fixed some freshclam functionality when using private mirrors.
130
+- clamd refinements of open file limitations on Solaris. Patch by
131
+  Jim Morris
132
+- clamav-milter signal handling for improved clean up during
133
+  termination.
134 134
 
135 135
 Thank you to the following ClamAV community members for your code
136
-submissions and bug reports! 
137
-
138
-Brandon Perry
139
-Sebastian Andrzej Siewior
140
-Andreas Cadhalpun
141
-Jim Morris
142
-Kai Risku
143
-Bill Parker
144
-Tomasz Kojm
145
-Steve Basford
146
-Daniel J. Luke
147
-James Ralston
148
-John Dodson
149
-
150
-0.99.1
136
+submissions and bug reports!
137
+
138
+- Brandon Perry
139
+- Sebastian Andrzej Siewior
140
+- Andreas Cadhalpun
141
+- Jim Morris
142
+- Kai Risku
143
+- Bill Parker
144
+- Tomasz Kojm
145
+- Steve Basford
146
+- Daniel J. Luke
147
+- James Ralston
148
+- John Dodson
149
+
150
+## 0.99.1
151 151
 
152 152
 ClamAV 0.99.1 contains a new feature for parsing Hancom Office files
153 153
 including extracting and scanning embedded objects. ClamAV 0.99.1
... ...
@@ -159,42 +186,41 @@ also contains important bug fixes. Please see ChangeLog for details.
159 159
 Thanks to the following community members for code submissions used in
160 160
 ClamAV 0.99.1:
161 161
 
162
-Jim Morris
163
-Andreas Cadhalpun
164
-Mark Allan
165
-Sebastian Siewior
162
+- Jim Morris
163
+- Andreas Cadhalpun
164
+- Mark Allan
165
+- Sebastian Siewior
166 166
 
167
-0.99
167
+## 0.99
168 168
 
169 169
 ClamAV 0.99 contains major new features and changes. YARA rules, 
170 170
 Perl Compatible Regular Expressions, revamped on-access scanning
171 171
 for Linux, and other new features join the many great features of ClamAV:
172 172
 
173
-    - Processing of YARA rules(some limitations- see signatures.pdf).
174
-    - Support in ClamAV logical signatures for many of the features
175
-      added for YARA, such as Perl Compatible Regular Expressions,
176
-      alternate strings, and YARA string attributes. See signatures.pdf
177
-      for full details.
178
-    - New and improved on-access scanning for Linux. See the recent blog
179
-      post and clamdoc.pdf for details on the new on-access capabilities.
180
-    - A new ClamAV API callback function that is invoked when a virus 
181
-      is found. This is intended primarily for applications running in 
182
-      all-match mode. Any applications using all-match mode must use 
183
-      the new callback function to record and report detected viruses.    
184
-    - Configurable default password list to attempt zip file decryption.
185
-    - TIFF file support.
186
-    - Upgrade Windows pthread library to 2.9.1.
187
-    - A new signature target type for designating signatures to run
188
-      against files with unknown file types.
189
-    - Improved fidelity of the "data loss prevention" heuristic
190
-      algorithm. Code supplied by Bill Parker.
191
-    - Support for LZMA decompression within Adobe Flash files.
192
-    - Support for MSO attachments within Microsoft Office 2003 XML files.
193
-    - A new sigtool option(--ascii-normalize) allowing signature authors
194
-      to more easily generate normalized versions of ascii files.
195
-    - Windows installation directories changed from \Program Files\Sourcefire\
196
-      ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.
173
+- Processing of YARA rules(some limitations- see signatures.pdf).
174
+- Support in ClamAV logical signatures for many of the features
175
+  added for YARA, such as Perl Compatible Regular Expressions,
176
+  alternate strings, and YARA string attributes. See signatures.pdf
177
+  for full details.
178
+- New and improved on-access scanning for Linux. See the recent blog
179
+  post and clamdoc.pdf for details on the new on-access capabilities.
180
+- A new ClamAV API callback function that is invoked when a virus 
181
+  is found. This is intended primarily for applications running in 
182
+  all-match mode. Any applications using all-match mode must use 
183
+  the new callback function to record and report detected viruses.    
184
+- Configurable default password list to attempt zip file decryption.
185
+- TIFF file support.
186
+- Upgrade Windows pthread library to 2.9.1.
187
+- A new signature target type for designating signatures to run
188
+  against files with unknown file types.
189
+- Improved fidelity of the "data loss prevention" heuristic
190
+  algorithm. Code supplied by Bill Parker.
191
+- Support for LZMA decompression within Adobe Flash files.
192
+- Support for MSO attachments within Microsoft Office 2003 XML files.
193
+- A new sigtool option(--ascii-normalize) allowing signature authors
194
+  to more easily generate normalized versions of ascii files.
195
+- Windows installation directories changed from \Program Files\Sourcefire\
196
+  ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.
197 197
 
198 198
 PLEASE NOTE:  If you are using clamd on-access scanning or have applications
199 199
 using all-match mode, you will want to review the changes and make any necessary
... ...
@@ -204,48 +230,47 @@ aware of the change of installation directories.
204 204
 Thank you to the ClamAV community members who sent patches and bug reports
205 205
 included for ClamAV 0.99:
206 206
 
207
-Steve Basford
208
-Sebastian Andrzej Siewior
209
-Bill Parker
210
-Andreas Schulze
211
-Yann E. Morin
212
-Andreas Cadhalpun
213
-Dmitry Marakasov
214
-Michael Pelletier
215
-Felix Groebert
216
-Stephen Welker
207
+- Steve Basford
208
+- Sebastian Andrzej Siewior
209
+- Bill Parker
210
+- Andreas Schulze
211
+- Yann E. Morin
212
+- Andreas Cadhalpun
213
+- Dmitry Marakasov
214
+- Michael Pelletier
215
+- Felix Groebert
216
+- Stephen Welker
217 217
 
218
-0.98.7
218
+## 0.98.7
219 219
 
220 220
 ClamAV 0.98.7 is here! This release contains new scanning features
221 221
 and bug fixes. 
222 222
 
223
-    - Improvements to PDF processing: decryption, escape sequence
224
-      handling, and file property collection.
225
-    - Scanning/analysis of additional Microsoft Office 2003 XML format.
226
-    - Fix infinite loop condition on crafted y0da cryptor file. Identified
227
-      and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
228
-    - Fix crash on crafted petite packed file. Reported and patch
229
-      supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
230
-    - Fix false negatives on files within iso9660 containers. This issue
231
-      was reported by Minzhuan Gong.
232
-    - Fix a couple crashes on crafted upack packed file. Identified and
233
-      patches supplied by Sebastian Andrzej Siewior.
234
-    - Fix a crash during algorithmic detection on crafted PE file.
235
-      Identified and patch supplied by Sebastian Andrzej Siewior.
236
-    - Fix an infinite loop condition on a crafted "xz" archive file.
237
-      This was reported by Dimitri Kirchner and Goulven Guiheux.
238
-      CVE-2015-2668.
239
-    - Fix compilation error after ./configure --disable-pthreads.
240
-      Reported and fix suggested by John E. Krokes.
241
-    - Apply upstream patch for possible heap overflow in Henry Spencer's 
242
-      regex library. CVE-2015-2305.
243
-    - Fix crash in upx decoder with crafted file. Discovered and patch
244
-      supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
245
-    - Fix segfault scanning certain HTML files. Reported with sample by
246
-      Kai Risku.
247
-    - Improve detections within xar/pkg files.
223
+- Improvements to PDF processing: decryption, escape sequence
224
+  handling, and file property collection.
225
+- Scanning/analysis of additional Microsoft Office 2003 XML format.
226
+- Fix infinite loop condition on crafted y0da cryptor file. Identified
227
+  and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
228
+- Fix crash on crafted petite packed file. Reported and patch
229
+  supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
230
+- Fix false negatives on files within iso9660 containers. This issue
231
+  was reported by Minzhuan Gong.
232
+- Fix a couple crashes on crafted upack packed file. Identified and
233
+  patches supplied by Sebastian Andrzej Siewior.
234
+- Fix a crash during algorithmic detection on crafted PE file.
235
+  Identified and patch supplied by Sebastian Andrzej Siewior.
236
+- Fix an infinite loop condition on a crafted "xz" archive file.
237
+  This was reported by Dimitri Kirchner and Goulven Guiheux.
238
+  CVE-2015-2668.
239
+- Fix compilation error after ./configure --disable-pthreads.
240
+  Reported and fix suggested by John E. Krokes.
241
+- Apply upstream patch for possible heap overflow in Henry Spencer's 
242
+  regex library. CVE-2015-2305.
243
+- Fix crash in upx decoder with crafted file. Discovered and patch
244
+  supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
245
+- Fix segfault scanning certain HTML files. Reported with sample by
246
+  Kai Risku.
247
+- Improve detections within xar/pkg files.
248 248
 
249 249
 As always, we appreciate contributions of bug reports, code fixes,
250 250
 and sample submission from the ClamAV community members:
... ...
@@ -257,30 +282,29 @@ Goulven Guiheux
257 257
 John E. Krokes
258 258
 Kai Risku
259 259
 
260
-0.98.6
260
+## 0.98.6
261 261
 
262 262
 ClamAV 0.98.6 is a bug fix release correcting the following:
263 263
 
264
-    - library shared object revisions.
265
-    - installation issues on some Mac OS X and FreeBSD platforms.
266
-    - includes a patch from Sebastian Andrzej Siewior making
267
-      ClamAV pid files compatible with systemd.
268
-    - Fix a heap out of bounds condition with crafted Yoda's
269
-      crypter files. This issue was discovered by Felix Groebert
270
-      of the Google Security Team.
271
-    - Fix a heap out of bounds condition with crafted mew packer
272
-      files. This issue was discovered by Felix Groebert of the
273
-      Google Security Team.
274
-    - Fix a heap out of bounds condition with crafted upx packer
275
-      files. This issue was discovered by Kevin Szkudlapski of
276
-      Quarkslab.
277
-    - Fix a heap out of bounds condition with crafted upack packer
278
-      files. This issue was discovered by Sebastian Andrzej Siewior.
279
-      CVE-2014-9328.
280
-    - Compensate a crash due to incorrect compiler optimization when
281
-      handling crafted petite packer files. This issue was discovered
282
-      by Sebastian Andrzej Siewior.
264
+- library shared object revisions.
265
+- installation issues on some Mac OS X and FreeBSD platforms.
266
+- includes a patch from Sebastian Andrzej Siewior making
267
+  ClamAV pid files compatible with systemd.
268
+- Fix a heap out of bounds condition with crafted Yoda's
269
+  crypter files. This issue was discovered by Felix Groebert
270
+  of the Google Security Team.
271
+- Fix a heap out of bounds condition with crafted mew packer
272
+  files. This issue was discovered by Felix Groebert of the
273
+  Google Security Team.
274
+- Fix a heap out of bounds condition with crafted upx packer
275
+  files. This issue was discovered by Kevin Szkudlapski of
276
+  Quarkslab.
277
+- Fix a heap out of bounds condition with crafted upack packer
278
+  files. This issue was discovered by Sebastian Andrzej Siewior.
279
+  CVE-2014-9328.
280
+- Compensate a crash due to incorrect compiler optimization when
281
+  handling crafted petite packer files. This issue was discovered
282
+  by Sebastian Andrzej Siewior.
283 283
       
284 284
 Thanks to the following ClamAV community members for code submissions
285 285
 and bug reporting included in ClamAV 0.98.6:
... ...
@@ -291,8 +315,7 @@ Kevin Szkudlapski
291 291
 Mark Pizzolato
292 292
 Daniel J. Luke
293 293
 
294
-0.98.5
294
+## 0.98.5
295 295
 
296 296
 Welcome to ClamAV 0.98.5! ClamAV 0.98.5 includes important new features
297 297
 for collecting and analyzing file properties. Software developers and
... ...
@@ -307,27 +330,27 @@ properties.
307 307
 
308 308
 ClamAV 0.98.5 also includes these new features and bug fixes:
309 309
 
310
-    - Support for the XDP file format and extracting, decoding, and
311
-      scanning PDF files within XDP files.
312
-    - Addition of shared library support for LLVM versions 3.1 - 3.5
313
-      for the purpose of just-in-time(JIT) compilation of ClamAV
314
-      bytecode signatures. Andreas Cadhalpun submitted the patch
315
-      implementing this support.
316
-    - Enhancements to the clambc command line utility to assist
317
-      ClamAV bytecode signature authors by providing introspection
318
-      into compiled bytecode programs.
319
-    - Resolution of many of the warning messages from ClamAV compilation.
320
-    - Improved detection of malicious PE files.
321
-    - Security fix for ClamAV crash when using 'clamscan -a'. This issue
322
-      was identified by Kurt Siefried of Red Hat.
323
-    - Security fix for ClamAV crash when scanning maliciously crafted
324
-      yoda's crypter files. This issue, as well as several other bugs
325
-      fixed in this release, were identified by Damien Millescamp of
326
-      Oppida.
327
-    - ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode.
328
-      Thanks to Reinhard Max for supplying the patch.
329
-    - Bug fixes and other feature enhancements. See Changelog or
330
-      git log for details.
310
+- Support for the XDP file format and extracting, decoding, and
311
+  scanning PDF files within XDP files.
312
+- Addition of shared library support for LLVM versions 3.1 - 3.5
313
+  for the purpose of just-in-time(JIT) compilation of ClamAV
314
+  bytecode signatures. Andreas Cadhalpun submitted the patch
315
+  implementing this support.
316
+- Enhancements to the clambc command line utility to assist
317
+  ClamAV bytecode signature authors by providing introspection
318
+  into compiled bytecode programs.
319
+- Resolution of many of the warning messages from ClamAV compilation.
320
+- Improved detection of malicious PE files.
321
+- Security fix for ClamAV crash when using 'clamscan -a'. This issue
322
+  was identified by Kurt Siefried of Red Hat.
323
+- Security fix for ClamAV crash when scanning maliciously crafted
324
+  yoda's crypter files. This issue, as well as several other bugs
325
+  fixed in this release, were identified by Damien Millescamp of
326
+  Oppida.
327
+- ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode.
328
+  Thanks to Reinhard Max for supplying the patch.
329
+- Bug fixes and other feature enhancements. See Changelog or
330
+  git log for details.
331 331
 
332 332
 Thanks to the following ClamAV community members for code submissions
333 333
 and bug reporting included in ClamAV 0.98.5:
... ...
@@ -338,25 +361,18 @@ Damien Millescamp
338 338
 Reinhard Max
339 339
 Kurt Seifried
340 340
 
341
-0.98.4
341
+## 0.98.4
342 342
 
343 343
 ClamAV 0.98.4 is a bug fix release. The following issues are now resolved:
344 344
 
345
-    - Various build problems on Solaris, OpenBSD, AIX.
346
-
347
-    - Crashes of clamd on Windows and Mac OS X platforms when reloading
348
-      the virus signature database.
349
-
350
-    - Infinite loop in clamdscan when clamd is not running.
351
-
352
-    - Freshclam failure on Solaris 10.
353
-
354
-    - Buffer underruns when handling multi-part MIME email attachments.
355
-
356
-    - Configuration of OpenSSL on various platforms.
357
-
358
-    - Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1.
345
+- Various build problems on Solaris, OpenBSD, AIX.
346
+- Crashes of clamd on Windows and Mac OS X platforms when reloading
347
+  the virus signature database.
348
+- Infinite loop in clamdscan when clamd is not running.
349
+- Freshclam failure on Solaris 10.
350
+- Buffer underruns when handling multi-part MIME email attachments.
351
+- Configuration of OpenSSL on various platforms.
352
+- Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1.
359 353
 
360 354
 Thanks to the following individuals for testing, writing patches, and
361 355
 initiating quality improvements in this release:
... ...
@@ -374,52 +390,41 @@ Larry Rosenbaum
374 374
 Dave Simonson
375 375
 Sebastian Andrzej Siewior
376 376
 
377
-0.98.2
377
+## 0.98.2
378 378
 
379 379
 Here are the new features and improvements in ClamAV 0.98.2:
380 380
 
381
-    - Support for common raw disk image formats using 512 byte sectors,
382
-      specifically GPT, APM, and MBR partitioning.
383
-
384
-    - Experimental support of OpenIOC files. ClamAV will now extract file
385
-      hashes from OpenIOC files residing in the signature database location,
386
-      and generate ClamAV hash signatures. ClamAV uses no other OpenIOC
387
-      features at this time. No OpenIOC files will be delivered through
388
-      freshclam. See openioc.org and iocbucket.com for additional information
389
-      about OpenIOC.
390
-
391
-    - All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)
392
-      now support IPV6 addresses and configuration parameters.
393
-
394
-    - Use OpenSSL file hash functions for improved performance. OpenSSL 
395
-      is now prerequisite software for ClamAV 0.98.2.
396
-
397
-    - Improved detection of malware scripts within image files. Issue reported
398
-      by Maarten Broekman.
399
-
400
-    - Change to circumvent possible denial of service when processing icons within
401
-      specially crafted PE files. Icon limits are now in place with corresponding
402
-      clamd and clamscan configuration parameters. This issue was reported by 
403
-      Joxean Koret.
404
-
405
-    - Improvements to the fidelity of the ClamAV pattern matcher, an issue
406
-      reported by Christian Blichmann.
407
-
408
-    - Opt-in collection of statistics. Statistics collected are: sizes and MD5 
409
-      hashes of files, PE file section counts and section MD5 hashes, and names
410
-      and counts of detected viruses. Enable statistics collection with the
411
-      --enable-stats clamscan flag or StatsEnabled clamd configuration
412
-      parameter.
413
-
414
-    - Improvements to ClamAV build process, unit tests, and platform support with
415
-      assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,
416
-      and Dave Simonson.
417
-
418
-    - Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.
419
-
420
-    - ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation 
421
-      improvements.
381
+- Support for common raw disk image formats using 512 byte sectors,
382
+  specifically GPT, APM, and MBR partitioning.
383
+- Experimental support of OpenIOC files. ClamAV will now extract file
384
+  hashes from OpenIOC files residing in the signature database location,
385
+  and generate ClamAV hash signatures. ClamAV uses no other OpenIOC
386
+  features at this time. No OpenIOC files will be delivered through
387
+  freshclam. See openioc.org and iocbucket.com for additional information
388
+  about OpenIOC.
389
+- All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)
390
+  now support IPV6 addresses and configuration parameters.
391
+- Use OpenSSL file hash functions for improved performance. OpenSSL 
392
+  is now prerequisite software for ClamAV 0.98.2.
393
+- Improved detection of malware scripts within image files. Issue reported
394
+  by Maarten Broekman.
395
+- Change to circumvent possible denial of service when processing icons within
396
+  specially crafted PE files. Icon limits are now in place with corresponding
397
+  clamd and clamscan configuration parameters. This issue was reported by 
398
+  Joxean Koret.
399
+- Improvements to the fidelity of the ClamAV pattern matcher, an issue
400
+  reported by Christian Blichmann.
401
+- Opt-in collection of statistics. Statistics collected are: sizes and MD5 
402
+  hashes of files, PE file section counts and section MD5 hashes, and names
403
+  and counts of detected viruses. Enable statistics collection with the
404
+  --enable-stats clamscan flag or StatsEnabled clamd configuration
405
+  parameter.
406
+- Improvements to ClamAV build process, unit tests, and platform support with
407
+  assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,
408
+  and Dave Simonson.
409
+- Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.
410
+- ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation 
411
+  improvements.
422 412
 
423 413
 Thanks to the following ClamAV community members for sending patches or reporting
424 414
 bugs and issues that are addressed in ClamAV 0.98.2:
... ...
@@ -430,7 +435,7 @@ Joxean Koret
430 430
 Arkadiusz Miskiewicz
431 431
 Dave Simonson
432 432
 Maarten Broekman
433
-Christian Blichmann 
433
+Christian Blichmann
434 434
 
435 435
 --
436 436
 
... ...
@@ -450,88 +455,87 @@ do not wish to do so, delete this exception statement from your
450 450
 version.  If you delete this exception statement from all source
451 451
 files in the program, then also delete it here.
452 452
 
453
-0.98.1
453
+## 0.98.1
454
+
454 455
 ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and 
455 456
 quality improvements. These include:
456 457
 
457
-    - Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.
458
+- Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.
458 459
 
459
-    - Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
460
-      XAR format is commonly used for software packaging, such as PKG and RPM, as well as 
461
-      general archival.
460
+- Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
461
+  XAR format is commonly used for software packaging, such as PKG and RPM, as well as 
462
+  general archival.
462 463
 
463
-    - Decompression and scanning of files in "Xz" compression format.
464
+- Decompression and scanning of files in "Xz" compression format.
464 465
 
465
-    - Recognition of Open Office XML formats.
466
+- Recognition of Open Office XML formats.
466 467
 
467
-    - Improvements and fixes to extraction and scanning of ole formats.
468
+- Improvements and fixes to extraction and scanning of ole formats.
468 469
 
469
-    - Option to force all scanned data to disk. This impacts only a few file types where
470
-      some embedded content is normally scanned in memory. Enabling this option
471
-      ensures that a file descriptor exists when callback functions are used, at a small
472
-      performance cost. This should only be needed when callback functions are used
473
-      that need file access.
470
+- Option to force all scanned data to disk. This impacts only a few file types where
471
+  some embedded content is normally scanned in memory. Enabling this option
472
+  ensures that a file descriptor exists when callback functions are used, at a small
473
+  performance cost. This should only be needed when callback functions are used
474
+  that need file access.
474 475
 
475
-    - Various improvements to ClamAV configuration, support of third party libraries, 
476
-      and unit tests.
476
+- Various improvements to ClamAV configuration, support of third party libraries, 
477
+  and unit tests.
477 478
 
478
-0.98
479
+## 0.98
479 480
 
480 481
 ClamAV 0.98 includes many new features, across all the different components
481 482
 of ClamAV. There are new scanning options, extensions to the libclamav API,
482 483
 support for additional filetypes, and internal upgrades.
483 484
 
484
-    - Signature improvements: New signature targets have been added for
485
-      PDF files, Flash files and Java class files. (NOTE: Java archive files
486
-      (JAR) are not part of the Java target.) Hash signatures can now specify
487
-      a '*' (wildcard)  size if the size is unknown. Using wildcard size
488
-      requires setting the minimum engine FLEVEL to avoid backwards
489
-      compatibility issues. For more details read the ClamAV Signatures
490
-      guide.
491
-
492
-    - Scanning enhancements: New filetypes can be unpacked and scanned,
493
-      including ISO9660, Flash, and self-extracting 7z files. PDF
494
-      handling is now more robust and better handles encrypted PDF files.
495
-
496
-    - Authenticode: ClamAV is now aware of the certificate chains when
497
-      scanning signed PE files. When the database contains signatures for
498
-      trusted root certificate authorities, the engine can whitelist
499
-      PE files with a valid signature. The same database file can also
500
-      include known compromised certificates to be rejected! This
501
-      feature can also be disabled in clamd.conf (DisableCertCheck) or
502
-      the command-line (nocerts).
503
-
504
-    - New options: Several new options for clamscan and clamd have been
505
-      added. For example, ClamAV can be set to print infected files and
506
-      error files, and suppress printing OK results. This can be helpful
507
-      when scanning large numbers of files. This new option is "-o" for
508
-      clamscan and "LogClean" for clamd. Check clamd.conf or the clamscan
509
-      help message for specific details.
510
-
511
-    - New callbacks added to the API: The libclamav API has additional hooks
512
-      for developers to use when wrapping ClamAV scanning. These function
513
-      types are prefixed with "clcb_" and allow developers to add logic at 
514
-      certain steps of the scanning process without directly modifying the 
515
-      library. For more details refer to the clamav.h file.
516
-
517
-    - More configurable limits: Several hardcoded values are now configurable
518
-      parameters, providing more options for tuning the engine to match your
519
-      needs. Check clamd.conf or the clamscan help message for specific
520
-      details.
521
-
522
-    - Performance improvements: This release furthers the use of memory maps
523
-      during scanning and unpacking, continuing the conversion started in
524
-      prior releases. Complex math functions have been switched from
525
-      libtommath to tomsfastmath functions. The A/C matcher code has also
526
-      been optimized to provide a speed boost.
527
-
528
-    - Support for on-access scanning using Clamuko/Dazuko has been replaced
529
-      with fanotify. Accordingly, clamd.conf settings related to on-access
530
-      scanning have had Clamuko removed from the name. Clamuko-specific
531
-      configuration items have been marked deprecated and should no longer
532
-      be used.
485
+- Signature improvements: New signature targets have been added for
486
+  PDF files, Flash files and Java class files. (NOTE: Java archive files
487
+  (JAR) are not part of the Java target.) Hash signatures can now specify
488
+  a '*' (wildcard)  size if the size is unknown. Using wildcard size
489
+  requires setting the minimum engine FLEVEL to avoid backwards
490
+  compatibility issues. For more details read the ClamAV Signatures
491
+  guide.
492
+
493
+- Scanning enhancements: New filetypes can be unpacked and scanned,
494
+  including ISO9660, Flash, and self-extracting 7z files. PDF
495
+  handling is now more robust and better handles encrypted PDF files.
496
+
497
+- Authenticode: ClamAV is now aware of the certificate chains when
498
+  scanning signed PE files. When the database contains signatures for
499
+  trusted root certificate authorities, the engine can whitelist
500
+  PE files with a valid signature. The same database file can also
501
+  include known compromised certificates to be rejected! This
502
+  feature can also be disabled in clamd.conf (DisableCertCheck) or
503
+  the command-line (nocerts).
504
+
505
+- New options: Several new options for clamscan and clamd have been
506
+  added. For example, ClamAV can be set to print infected files and
507
+  error files, and suppress printing OK results. This can be helpful
508
+  when scanning large numbers of files. This new option is "-o" for
509
+  clamscan and "LogClean" for clamd. Check clamd.conf or the clamscan
510
+  help message for specific details.
511
+
512
+- New callbacks added to the API: The libclamav API has additional hooks
513
+  for developers to use when wrapping ClamAV scanning. These function
514
+  types are prefixed with "clcb_" and allow developers to add logic at 
515
+  certain steps of the scanning process without directly modifying the 
516
+  library. For more details refer to the clamav.h file.
517
+
518
+- More configurable limits: Several hardcoded values are now configurable
519
+  parameters, providing more options for tuning the engine to match your
520
+  needs. Check clamd.conf or the clamscan help message for specific
521
+  details.
522
+
523
+- Performance improvements: This release furthers the use of memory maps
524
+  during scanning and unpacking, continuing the conversion started in
525
+  prior releases. Complex math functions have been switched from
526
+  libtommath to tomsfastmath functions. The A/C matcher code has also
527
+  been optimized to provide a speed boost.
528
+
529
+- Support for on-access scanning using Clamuko/Dazuko has been replaced
530
+  with fanotify. Accordingly, clamd.conf settings related to on-access
531
+  scanning have had Clamuko removed from the name. Clamuko-specific
532
+  configuration items have been marked deprecated and should no longer
533
+  be used.
533 534
 
534 535
 There are also fixes for other minor issues and code quality changes. Please
535 536
 see the ChangeLog file for details.
... ...
@@ -539,57 +543,49 @@ see the ChangeLog file for details.
539 539
 --
540 540
 The ClamAV team (https://www.clamav.net/about.html#credits)
541 541
 
542
-0.97.8
542
+## 0.97.8
543 543
 
544 544
 ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to
545 545
 Felix Groebert of the Google Security Team for finding and reporting these
546 546
 issues.
547 547
 
548
-0.97.7
548
+## 0.97.7
549 549
 
550 550
 ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to
551 551
 Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security
552 552
 Team for finding and reporting these issues.
553 553
 
554
-0.97.6
554
+## 0.97.6
555 555
 
556 556
 ClamAV 0.97.6 includes minor bug fixes and detection improvements.
557 557
 ClamAV 0.97.6 corrects bug 5252 "CL_EFORMAT: Bad format or broken data ERROR
558 558
 reported as scan result."
559 559
 
560
-0.97.5
560
+## 0.97.5
561 561
 
562 562
 ClamAV 0.97.5 addresses possible evasion cases in some archive formats 
563 563
 (CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability 
564 564
 issues in portions of the bytecode engine. This release is recommended for 
565 565
 all users.
566 566
 
567
-0.97.4
567
+## 0.97.4
568 568
 
569 569
 ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial 
570 570
 support for on-access scanning under Mac OS X (see contrib/ClamAuth). 
571 571
 This update is recommended for all users.
572 572
 
573
-0.97.3
573
+## 0.97.3
574 574
 
575 575
 ClamAV 0.97.3 is a minor bugfix release and is recommended for all 
576 576
 users. Please refer to the ChangeLog file for details.
577 577
 
578
-0.97.2
578
+## 0.97.2
579 579
 
580 580
 ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing detection,
581 581
 hash matcher, and other minor issues. Please see the ChangeLog file for
582 582
 details.
583 583
 
584
-0.97.1
584
+## 0.97.1
585 585
 
586 586
 This is a bugfix release recommended for all users. Please refer to the
587 587
 ChangeLog file for details.
... ...
@@ -597,9 +593,7 @@ ChangeLog file for details.
597 597
 --
598 598
 The ClamAV team (https://www.clamav.net/about.html#credits)
599 599
 
600
-
601
-0.97
600
+## 0.97
602 601
 
603 602
 ClamAV 0.97 brings many improvements, including complete Windows support
604 603
 (all major components compile out-of-box under Visual Studio), support for
... ...
@@ -618,13 +612,10 @@ powered by ClamAV. If you run Windows systems in your environment and
618 618
 need an AV solution to protect them, give Immunet 3.0, powered by ClamAV
619 619
 a try; you can download it from https://www.clamav.net/download.html#otherversions 
620 620
 
621
-
622 621
 --
623 622
 The ClamAV team (https://www.clamav.net/about.html#credits)
624 623
 
625
-
626
-0.96.5
624
+## 0.96.5
627 625
 
628 626
 ClamAV 0.96.5 includes bugfixes and minor feature enhancements, such as
629 627
 improved handling of detection statistics, better file logging,
... ...
@@ -634,17 +625,14 @@ ChangeLog for details.
634 634
 --
635 635
 The ClamAV team (https://www.clamav.net/about.html#credits)
636 636
 
637
-
638
-0.96.4
637
+## 0.96.4
639 638
 
640 639
 ClamAV 0.96.4 is a bugfix release recommended for all users.
641 640
 
642 641
 --
643 642
 The ClamAV team (https://www.clamav.net/about.html#credits)
644 643
 
645
-0.96.3
644
+## 0.96.3
646 645
 
647 646
 This release fixes problems with the PDF parser and the internal bzip2
648 647
 library. A complete list of changes is available in the Changelog file.
... ...
@@ -652,15 +640,13 @@ library. A complete list of changes is available in the Changelog file.
652 652
 --
653 653
 The ClamAV team (https://www.clamav.net/about.html#credits)
654 654
 
655
-0.96.2
655
+## 0.96.2
656 656
 
657 657
 ClamAV 0.96.2 brings a new PDF parser, performance and memory improvements,
658 658
 and a number of bugfixes and minor enhancements. This upgrade is recommended
659 659
 for all users.
660 660
 
661
-0.96.1
661
+## 0.96.1
662 662
 
663 663
 This is a bugfix release, please refer to the ChangeLog for the complete
664 664
 list of changes.
... ...
@@ -668,40 +654,39 @@ list of changes.
668 668
 --
669 669
 The ClamAV team (https://www.clamav.net/about.html#credits)
670 670
 
671
-0.96
671
+## 0.96
672 672
 
673 673
 This release of ClamAV introduces new malware detection mechanisms and other
674 674
 significant improvements to the scan engine. The key features include:
675 675
 
676
-    - The Bytecode Interpreter: the interpreter built into LibClamAV allows
677
-      the signature writers to create and distribute very complex detection
678
-      routines and remotely enhance the scanner's functionality
676
+- The Bytecode Interpreter: the interpreter built into LibClamAV allows
677
+  the signature writers to create and distribute very complex detection
678
+  routines and remotely enhance the scanner's functionality
679 679
 
680
-    - Heuristic improvements: improve the PE heuristics detection engine by
681
-      adding support of bogus icons and fake PE header information. In a
682
-      nutshell, ClamAV can now detect malware that tries to disguise itself
683
-      as a harmless application by using the most common Windows program icons.
680
+- Heuristic improvements: improve the PE heuristics detection engine by
681
+  adding support of bogus icons and fake PE header information. In a
682
+  nutshell, ClamAV can now detect malware that tries to disguise itself
683
+  as a harmless application by using the most common Windows program icons.
684 684
 
685
-    - Signature Improvements: logical signature improvements to allow more
686
-      detailed matching and referencing groups of signatures. Additionally,
687
-      improvements to wildcard matching on word boundaries and newlines.
685
+- Signature Improvements: logical signature improvements to allow more
686
+  detailed matching and referencing groups of signatures. Additionally,
687
+  improvements to wildcard matching on word boundaries and newlines.
688 688
 
689
-    - Support for new archives: 7zip, InstallShield and CPIO. LibClamAV
690
-      can now transparently unpack and inspect their contents.
689
+- Support for new archives: 7zip, InstallShield and CPIO. LibClamAV
690
+  can now transparently unpack and inspect their contents.
691 691
 
692
-    - Support for new executable file formats: 64-bit ELF files and OS X
693
-      Universal Binaries with Mach-O files. Additionally, the PE module
694
-      can now decompress and inspect executables packed with UPX 3.0.
692
+- Support for new executable file formats: 64-bit ELF files and OS X
693
+  Universal Binaries with Mach-O files. Additionally, the PE module
694
+  can now decompress and inspect executables packed with UPX 3.0.
695 695
 
696
-    - Support for DazukoFS in clamd
696
+- Support for DazukoFS in clamd
697 697
 
698
-    - Performance improvements: overall performance improvements and memory
699
-      optimizations for a better overall resource utilization experience.
698
+- Performance improvements: overall performance improvements and memory
699
+  optimizations for a better overall resource utilization experience.
700 700
 
701
-    - Native Windows Support: ClamAV will now build natively under Visual
702
-      Studio. This will allow 3rd Party application developers on Windows
703
-      to easily integrate LibClamAV into their applications.
701
+- Native Windows Support: ClamAV will now build natively under Visual
702
+  Studio. This will allow 3rd Party application developers on Windows
703
+  to easily integrate LibClamAV into their applications.
704 704
 
705 705
 The complete list of changes is available in the ChangeLog file. For upgrade
706 706
 notes and tips please see: https://wiki.clamav.net/Main/UpgradeNotes096
... ...
@@ -709,8 +694,7 @@ notes and tips please see: https://wiki.clamav.net/Main/UpgradeNotes096
709 709
 --
710 710
 The ClamAV team (https://www.clamav.net/about.html#credits)
711 711
 
712
-0.95.3
712
+## 0.95.3
713 713
 
714 714
 ClamAV 0.95.3 is a bugfix release recommended for all users.
715 715
 Please refer to the ChangeLog included in the source distribution
... ...
@@ -719,8 +703,7 @@ for the list of changes.
719 719
 --
720 720
 The ClamAV team (https://www.clamav.net/about.html#credits)
721 721
 
722
-0.95.2
722
+## 0.95.2
723 723
 
724 724
 This version improves handling of archives, adds support for --file-list
725 725
 in clamscan and clamdscan, and fixes various issues found in previous
... ...
@@ -729,16 +712,14 @@ releases.
729 729
 --
730 730
 The ClamAV team (https://www.clamav.net/about.html#credits)
731 731
 
732
-0.95.1
732
+## 0.95.1
733 733
 
734 734
 This is a bugfix release only, please see the ChangeLog for details.
735 735
 
736 736
 --
737 737
 The ClamAV team (https://www.clamav.net/about.html#credits)
738 738
 
739
-0.95
739
+## 0.95
740 740
 
741 741
 ClamAV 0.95 introduces many bugfixes, improvements and additions. To make
742 742
 the transition easier, we put various tips and upgrade notes on this page:
... ...
@@ -747,57 +728,55 @@ and bugfixes, please see the ChangeLog.
747 747
 
748 748
 The following are the key features of this release:
749 749
 
750
-    - Google Safe Browsing support: in addition to the heuristic and signature
751
-      based phishing detection mechanisms already available in ClamAV, the
752
-      scanner can now make use of the Google's blacklists of suspected
753
-      phishing and malware sites. The ClamAV Project distributes a constantly
754
-      updated Safe Browsing database, which can be automatically fetched by
755
-      freshclam. For more information, please see freshclam.conf(5) and
756
-      https://www.clamav.net/documents/safebrowsing.
757
-
758
-    - New clamav-milter: The program has been redesigned and rewritten from
759
-      scratch. The most notable difference is that the internal mode has been
760
-      dropped which means that now a working clamd companion is required.
761
-      The milter now also has its own configuration file.
762
-
763
-    - Clamd extensions: The protocol has been extended to lighten the load
764
-      that clamd puts on the system, solve limitations of the old protocol,
765
-      and reduce latency when signature updates are received. For more
766
-      information about the new extensions please see the official
767
-      documentation and the upgrade notes.
768
-
769
-    - Improved API: The API used to program ClamAV's engine (libclamav) has
770
-      been redesigned to use modern object-oriented techniques and solves
771
-      various API/ABI compatibility issues between old and new releases.
772
-      You can find more information in Section 6 of clamdoc.pdf and in
773
-      the upgrade notes.
774
-
775
-    - ClamdTOP: This is a new program that allows system administrators to
776
-      monitor clamd. It provides information about the items in the clamd's
777
-      queue, clamd's memory usage, and the version of the signature database,
778
-      all in real-time and in nice curses-based interface.
779
-
780
-    - Memory Pool Allocator: Libclamav now includes its own memory pool
781
-      allocator based on memory mapping. This new solution replaces the
782
-      traditional malloc/free system for the copy of the signatures that
783
-      is kept in memory. As a result, clamd requires much less memory,
784
-      particularly when signature updates are received and the database is
785
-      loaded into memory.
786
-
787
-    - Unified Option Parser: Prior to version 0.95 each program in ClamAV's
788
-      suite of programs had its own set of runtime options. The new general
789
-      parser brings consistency of use and validation to these options across
790
-      the suite. Some command line switches of clamscan have been renamed
791
-      (the old ones will still be accepted but will have no effect and will
792
-      result in warnings), please see clamscan(1) and clamscan --help for
793
-      the details.
750
+- Google Safe Browsing support: in addition to the heuristic and signature
751
+  based phishing detection mechanisms already available in ClamAV, the
752
+  scanner can now make use of the Google's blacklists of suspected
753
+  phishing and malware sites. The ClamAV Project distributes a constantly
754
+  updated Safe Browsing database, which can be automatically fetched by
755
+  freshclam. For more information, please see freshclam.conf(5) and
756
+  https://www.clamav.net/documents/safebrowsing.
757
+
758
+- New clamav-milter: The program has been redesigned and rewritten from
759
+  scratch. The most notable difference is that the internal mode has been
760
+  dropped which means that now a working clamd companion is required.
761
+  The milter now also has its own configuration file.
762
+
763
+- Clamd extensions: The protocol has been extended to lighten the load
764
+  that clamd puts on the system, solve limitations of the old protocol,
765
+  and reduce latency when signature updates are received. For more
766
+  information about the new extensions please see the official
767
+  documentation and the upgrade notes.
768
+
769
+- Improved API: The API used to program ClamAV's engine (libclamav) has
770
+  been redesigned to use modern object-oriented techniques and solves
771
+  various API/ABI compatibility issues between old and new releases.
772
+  You can find more information in Section 6 of clamdoc.pdf and in
773
+  the upgrade notes.
774
+
775
+- ClamdTOP: This is a new program that allows system administrators to
776
+  monitor clamd. It provides information about the items in the clamd's
777
+  queue, clamd's memory usage, and the version of the signature database,
778
+  all in real-time and in nice curses-based interface.
779
+
780
+- Memory Pool Allocator: Libclamav now includes its own memory pool
781
+  allocator based on memory mapping. This new solution replaces the
782
+  traditional malloc/free system for the copy of the signatures that
783
+  is kept in memory. As a result, clamd requires much less memory,
784
+  particularly when signature updates are received and the database is
785
+  loaded into memory.
786
+
787
+- Unified Option Parser: Prior to version 0.95 each program in ClamAV's
788
+  suite of programs had its own set of runtime options. The new general
789
+  parser brings consistency of use and validation to these options across
790
+  the suite. Some command line switches of clamscan have been renamed
791
+  (the old ones will still be accepted but will have no effect and will
792
+  result in warnings), please see clamscan(1) and clamscan --help for
793
+  the details.
794 794
 
795 795
 --
796 796
 The ClamAV team (https://www.clamav.net/about.html#credits)
797 797
 
798
-
799
-0.94.2
798
+## 0.94.2
800 799
 
801 800
 This is a bugfix release, please refer to the ChangeLog for a complete
802 801
 list of changes.
... ...
@@ -805,9 +784,7 @@ list of changes.
805 805
 --
806 806
 The ClamAV team (https://www.clamav.net/about.html#credits)
807 807
 
808
-
809
-0.94.1
808
+## 0.94.1
810 809
 
811 810
 ClamAV 0.94.1 fixes some issues that were found in previous releases and
812 811
 includes one new feature, "Malware Statistics Gathering." This is an optional
... ...
@@ -820,50 +797,47 @@ by enabling SubmitDetectionStats in freshclam.conf.
820 820
 
821 821
 For more details, please refer to the ChangeLog
822 822
 
823
-
824 823
 --
825 824
 The ClamAV team (https://www.clamav.net/about.html#credits)
826 825
 
827
-
828
-0.94
826
+## 0.94
829 827
 
830 828
 Sourcefire and the ClamAV team are pleased to announce the release of
831 829
 ClamAV 0.94. The following are the key features and improvements of this
832 830
 version:
833 831
 
834
-  - Logical Signatures: The logical signature technology uses operators
835
-    such as AND, OR and NOT to allow the combination of more than one
836
-    signature into one entry in the signature database resulting in
837
-    more detailed and flexible pattern matching.
832
+- Logical Signatures: The logical signature technology uses operators
833
+  such as AND, OR and NOT to allow the combination of more than one
834
+  signature into one entry in the signature database resulting in
835
+  more detailed and flexible pattern matching.
838 836
 
839
-  - Anti-phishing Technology: Users can now change the priority and reporting
840
-    of ClamAV's heuristic anti-phishing scanner within the detection engine
841
-    process. They can choose whether, when scanning a suspicious file, ClamAV
842
-    should stop scanning and report the phish, or continue to scan in case the
843
-    file contains other malware (clamd: HeuristicScanPrecedence,
844
-    clamscan: --heuristic-scan-precedence)
837
+- Anti-phishing Technology: Users can now change the priority and reporting
838
+  of ClamAV's heuristic anti-phishing scanner within the detection engine
839
+  process. They can choose whether, when scanning a suspicious file, ClamAV
840
+  should stop scanning and report the phish, or continue to scan in case the
841
+  file contains other malware (clamd: HeuristicScanPrecedence,
842
+  clamscan: --heuristic-scan-precedence)
845 843
 
846
-  - Disassembly Engine: The initial version of the disassembly engine improves
847
-    ClamAV's detection abilities.
844
+- Disassembly Engine: The initial version of the disassembly engine improves
845
+  ClamAV's detection abilities.
848 846
 
849
-  - PUA Detection: Users can now decide which PUA signatures should be loaded
850
-    (clamd: ExcludePUA, IncludePUA; clamscan: --exclude-pua, --include-pua)
847
+- PUA Detection: Users can now decide which PUA signatures should be loaded
848
+  (clamd: ExcludePUA, IncludePUA; clamscan: --exclude-pua, --include-pua)
851 849
 
852
-  - Data Loss Prevention (DLP): This version includes a new module that, when
853
-    enabled, scans data for the inclusion of US formated Social Security
854
-    Numbers and credit card numbers (clamd: StructuredDataDetection,
855
-    clamscan: --detect-structured; additional fine-tuning options are available)
850
+- Data Loss Prevention (DLP): This version includes a new module that, when
851
+  enabled, scans data for the inclusion of US formated Social Security
852
+  Numbers and credit card numbers (clamd: StructuredDataDetection,
853
+  clamscan: --detect-structured; additional fine-tuning options are available)
856 854
 
857
-  - IPv6 Support: Freshclam now supports IPv6
855
+- IPv6 Support: Freshclam now supports IPv6
858 856
 
859
-  - Improved Scanning of Scripts: The normalization of scripts now covers
860
-    JavaScript
857
+- Improved Scanning of Scripts: The normalization of scripts now covers
858
+  JavaScript
861 859
 
862
-  - Improved QA and Unit Testing: The improved QA process now includes
863
-    API testing and new library of test files in various formats that are
864
-    tested on a wide variety of systems (try running 'make check' in the source
865
-    directory)
860
+- Improved QA and Unit Testing: The improved QA process now includes
861
+  API testing and new library of test files in various formats that are
862
+  tested on a wide variety of systems (try running 'make check' in the source
863
+  directory)
866 864
 
867 865
 You may need to run 'ldconfig' after installing this version.
868 866
 
... ...
@@ -875,24 +849,19 @@ You may need to run 'ldconfig' after installing this version.
875 875
 --
876 876
 The ClamAV team (https://www.clamav.net/about.html#credits)
877 877
 
878
-
879
-0.93.3
878
+## 0.93.3
880 879
 
881 880
 This release fixes a problem in handling of .cld files introduced in 0.93.2.
882 881
 
883 882
 --
884 883
 The ClamAV team (https://www.clamav.net/about.html#credits)
885 884
 
886
-0.93.2
885
+## 0.93.2
887 886
 
888 887
 This release fixes and re-enables the Petite unpacker, improves database
889 888
 loading and solves some other minor issues.
890 889
 
891
-
892
-0.93.1
890
+## 0.93.1
893 891
 
894 892
 This version improves handling of PDF, CAB, RTF, OLE2 and HTML files
895 893
 and includes various bugfixes for 0.93 issues.
... ...
@@ -900,9 +869,7 @@ and includes various bugfixes for 0.93 issues.
900 900
 --
901 901
 The ClamAV team (https://www.clamav.net/about.html#credits)
902 902
 
903
-
904
-0.93
903
+## 0.93
905 904
 
906 905
 This release introduces many new features and engine enhancements, please
907 906
 see the notes below for the list of major changes. The most visible one
... ...
@@ -912,40 +879,38 @@ and the example config file for more information on the new options.
912 912
 
913 913
 Most important changes include:
914 914
 
915
-  * libclamav:
916
-    - New logic in scan limits: provides much more efficient protection against
917
-      DoS attacks but also results in different command line and config options
918
-      to clamscan and clamd (see below)
919
-    - New/improved modules: unzip, SIS, cabinet, CHM, SZDD, text normalisator,
920
-      entity converter
921
-    - Improved filetype detection; filetype definitions can be remotely updated
922
-    - Support for .cld containers (which replace .inc directories)
923
-    - Improved pattern matcher and signature formats
924
-    - More efficient scanning of HTML files
925
-    - Many other improvements
926
-
927
-  * clamd:
928
-    - NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion, MaxFiles
929
-    - ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: MailMaxRecursion,
930
-      ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles,
931
-      ArchiveMaxCompressionRatio, ArchiveBlockMax
932
-
933
-  * clamscan:
934
-    - NEW CMDLINE OPTIONS: --max-filesize, --max-scansize
935
-    - REMOVED OPTIONS: --block-max, --max-space, --max-ratio
936
-
937
-  * freshclam:
938
-    - NEW CONFIG OPTION CompressLocalDatabase
939
-    - NEW CMDLINE SWITCH --no-warnings
940
-    - main.inc and daily.inc directories are no longer used by ClamAV; please
941
-      remove them manually from your database directory
915
+- libclamav:
916
+  - New logic in scan limits: provides much more efficient protection against
917
+    DoS attacks but also results in different command line and config options
918
+    to clamscan and clamd (see below)
919
+  - New/improved modules: unzip, SIS, cabinet, CHM, SZDD, text normalisator,
920
+    entity converter
921
+  - Improved filetype detection; filetype definitions can be remotely updated
922
+  - Support for .cld containers (which replace .inc directories)
923
+  - Improved pattern matcher and signature formats
924
+  - More efficient scanning of HTML files
925
+  - Many other improvements
926
+
927
+- clamd:
928
+  - NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion, MaxFiles
929
+  - ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: MailMaxRecursion,
930
+    ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles,
931
+    ArchiveMaxCompressionRatio, ArchiveBlockMax
932
+
933
+- clamscan:
934
+  - NEW CMDLINE OPTIONS: --max-filesize, --max-scansize
935
+  - REMOVED OPTIONS: --block-max, --max-space, --max-ratio
936
+
937
+- freshclam:
938
+  - NEW CONFIG OPTION CompressLocalDatabase
939
+  - NEW CMDLINE SWITCH --no-warnings
940
+  - main.inc and daily.inc directories are no longer used by ClamAV; please
941
+    remove them manually from your database directory
942 942
 
943 943
 --
944 944
 The ClamAV team (https://www.clamav.net/about.html#credits)
945 945
 
946
-
947
-0.92.1
946
+## 0.92.1
948 947
 
949 948
 This is a bugfix release, please refer to the ChangeLog for a complete
950 949
 list of changes.
... ...
@@ -953,9 +918,7 @@ list of changes.
953 953
 --
954 954
 The ClamAV team (https://www.clamav.net/about.html#credits)
955 955
 
956
-
957
-0.92
956
+## 0.92
958 957
 
959 958
 This release provides various bugfixes, optimizations and improvements
960 959
 to the scanning engine. The new features include support for ARJ and
... ...
@@ -967,9 +930,7 @@ libclamav now includes the regex library from OpenBSD.
967 967
 --
968 968
 The ClamAV team (https://www.clamav.net/about.html#credits)
969 969
 
970
-
971
-0.91.2
970
+## 0.91.2
972 971
 
973 972
 This release fixes various bugs in libclamav, freshclam and clamav-milter,
974 973
 and adds support for PUA (Potentially Unwanted Application) signatures
... ...
@@ -1007,44 +968,38 @@ ClamAV engine and the signature database will remain under GPL.
1007 1007
 --
1008 1008
 The ClamAV team (https://www.clamav.net/about.html#credits)
1009 1009
 
1010
-
1011
-0.91.1
1010
+## 0.91.1
1012 1011
 
1013 1012
 This release fixes stability and other issues of 0.91.
1014 1013
 
1015 1014
 --
1016 1015
 The ClamAV team (https://www.clamav.net/about.html#credits)
1017 1016
 
1018
-
1019
-0.91
1017
+## 0.91
1020 1018
 
1021 1019
 ClamAV 0.91 is the first release to enable the anti-phishing technology
1022 1020
 in default builds. This technology combines heuristics with special
1023 1021
 signatures and provides effective protection against phishing threats.
1024 1022
 Other important changes and add-ons in this version include:
1025 1023
 
1026
-    - unpacker for NSIS (Nullsoft Scriptable Install System) self-extracting
1027
-      archives
1028
-    - unpacker for ASPack 2.12
1029
-    - new implementation of the Aho-Corasick pattern matcher providing
1030
-      better detection for wildcard enabled signatures
1031
-    - support for nibble matching and floating offsets
1032
-    - improved handling of .mdb files (fixes long startup times)
1033
-    - extraction of PE files embedded into other executables
1034
-    - better handling of PE & UPX
1035
-    - removed dependency on libcurl (improves stability)
1036
-    - libclamav.dll available under Windows
1037
-    - IPv6 support in clamav-milter
1038
-    - many other improvements and bugfixes
1024
+- unpacker for NSIS (Nullsoft Scriptable Install System) self-extracting
1025
+  archives
1026
+- unpacker for ASPack 2.12
1027
+- new implementation of the Aho-Corasick pattern matcher providing
1028
+  better detection for wildcard enabled signatures
1029
+- support for nibble matching and floating offsets
1030
+- improved handling of .mdb files (fixes long startup times)
1031
+- extraction of PE files embedded into other executables
1032
+- better handling of PE & UPX
1033
+- removed dependency on libcurl (improves stability)
1034
+- libclamav.dll available under Windows
1035
+- IPv6 support in clamav-milter
1036
+- many other improvements and bugfixes
1039 1037
 
1040 1038
 --
1041 1039
 The ClamAV team (https://www.clamav.net/about.html#credits)
1042 1040
 
1043