@@ -1,82 +1,112 @@

-ClamAV News

-===========

+# ClamAV News

-Note: This file refers to the source tarball. Things described here may

- differ slightly from the binary packages.

+Note: This file refers to the source tarball. Things described here may differ

+ slightly from the binary packages.

-0.100.0

+## 0.100.0

 ClamAV 0.100.0 is a feature release which includes many code submissions

- from the ClamAV community.  Some of the more prominent submissions include:

-

-    - Interfaces to the Prelude SIEM open source package for collecting

-      ClamAV virus events.

-    - Support for Visual Studio 2015 for Windows builds.

-    - Support libmspack internal code or as a shared object library.

-      The internal library is the default and contains additional

-      integrity checks.

-    - Linking with openssl 1.1.0.

-    - Deprecation of the AllowSupplementaryGroups parameter statement

-      in clamd, clamav-milter, and freshclam. Use of supplementary

-      is now in effect by default.

-    - Numerous bug fixes, typo corrections, and compiler warning fixes.

+ from the ClamAV community.  As always, it can be downloaded from our downloads

+ page on clamav.net. Some of the more prominent submissions include:

+

+- Interfaces to the Prelude SIEM open source package for collecting

+  ClamAV virus events.

+- Support for Visual Studio 2015 for Windows builds.  Please note that we

+  have deprecated support for Windows XP, and while Vista may still work,

+  we no longer test ClamAV on Windows XP or Vista.

+- Support libmspack internal code or as a shared object library.

+  The internal library is the default and includes modifications to enable

+  parsing of CAB files that do not entirely adhere to the CAB file format.

+- Linking with OpenSSL 1.1.0.

+- Deprecation of the AllowSupplementaryGroups parameter statement

+  in clamd, clamav-milter, and freshclam. Use of supplementary

+  is now in effect by default.

+- Numerous bug fixes, typo corrections, and compiler warning fixes.

 Additionally, we have introduced important changes and new features in

 ClamAV 0.100, including but not limited to:

-    - Deprecating internal LLVM code support. The configure script has changed

-      to search the system for an installed instance of the LLVM development

-      libraries, and to otherwise use the bytecode interpreter for ClamAV

-      bytecode signatures. To use the LLVM Just-In-Time compiler for

-      executing bytecode signatures, please ensure that the LLVM development

-      package at version 3.6 or lower is installed. Using the deprecated LLVM

-      code is possible with the command: `./configure --with-system-llvm=no`,

-      but it no longer compiles on all platforms.

-    - Compute and check PE import table hash (a.k.a. "imphash") signatures.

-    - Support file property collection and analysis for MHTML files.

-    - Raw scanning of PostScript files.

-    - Fix clamsubmit to use the new virus and false positive submission web

-      interface.

-    - Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when

-      size limitations are exceeded.

-    - Improved decoders for PDF files.

-    - Reduced number of compile time warnings.

-    - Improved support for C++11.

-    - Improved detection of system installed libraries.

-    - Fixes to ClamAV's Container system and the introduction of Intermediates

-      for more descriptive signatures.

-    - Improvements to clamd's On-Access scanning capabilities for Linux.

+- Deprecating internal LLVM code support. The configure script has changed

+  to search the system for an installed instance of the LLVM development

+  libraries, and to otherwise use the bytecode interpreter for ClamAV

+  bytecode signatures. To use the LLVM Just-In-Time compiler for

+  executing bytecode signatures, please ensure that the LLVM development

+  package at version 3.6 or lower is installed. Using the deprecated LLVM

+  code is possible with the command: `./configure --with-system-llvm=no`,

+  but it no longer compiles on all platforms.

+- Compute and check PE import table hash (a.k.a. "imphash") signatures.

+- Support file property collection and analysis for MHTML files.

+- Raw scanning of PostScript files.

+- Fix clamsubmit to use the new virus and false positive submission web

+  interface.

+- Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when

+  size limitations are exceeded.

+- Improved decoders for PDF files.

+- Reduced number of compile time warnings.

+- Improved support for C++11.

+- Improved detection of system installed libraries.

+- Fixes to ClamAV's Container system and the introduction of Intermediates

+  for more descriptive signatures.

+- Improvements to clamd's On-Access scanning capabilities for Linux.

+

+### Acknowledgements

 The ClamAV team thanks the following individuals for their code submissions:

-Andreas Schulze

-Anthony Chan

-Bill Parker

-Chris Miserva

-Daniel J. Luke

-Georgy Salnikov

-James Ralston

-Jonas Zaddach

-Keith Jones

-Marc Deslauriers

-Mark Allan

-Matthew Boedicker

-Michael Pelletier

-Ningirsu

-Sebastian Andrzej Siewior

-Stephen Welker

-Tuomo Soini

-

-0.99.4

+- Andreas Schulze

+- Anthony Chan

+- Bill Parker

+- Chris Miserva

+- Daniel J. Luke

+- Georgy Salnikov

+- James Ralston

+- Jonas Zaddach

+- Keith Jones

+- Marc Deslauriers

+- Mark Allan

+- Matthew Boedicker

+- Michael Pelletier

+- Ningirsu

+- Sebastian Andrzej Siewior

+- Stephen Welker

+- Tuomo Soini

+

+### Known Issues

+

+ClamAV has an active issue queue and enjoys continual improvement but as sad as

+ I am to say it, we couldn't address every bug in this release.  I want to draw

+ your attention a couple bugs in particular so as not to frustrate users

+ setting up ClamAV:

+

+- Platform: macOS:

+  - Bug:  If you attempt to build ClamAV with a system installed LLVM you may

+    receive a linker error.  We recently changed default linking behavior to

+    prefer dynamic linking over static linking.  As a result, we've uncovered a

+    bug in building on macOS where dynamic linking against the LLVM libraries

+    fails.  To work around this bug, please add the --with-llvm-linking=static

+    option to your ./configure call.

+

+- Platform: CentOS 6 32bit, older versions of AIX:

+  - Bug:  On CentOS 6 32bit we observed that specific versions of zlib fail to

+    correctly decompress the CVD signature databases.  If you are on an older

+    system such as CentoOS 6 32bit and observe failures loading the signature

+    database, please consider upgrading to a newer version of zlib.

+

+- Platform: Miscellaneous

+  - Bug:  When cross compiling on certain legacy systems (Solaris, AIX, OSX)

+    against older system libraries that do not support strn functions linking

+    may fail during compile time. While automatic checking is done during

+    configure time to check for unsupported libs, this problem can be manually

+    avoided using the --enable-strni configure flag if it is encountered.

+

+## 0.99.4

 ClamAV 0.99.4 is a hotfix release to patch a set of vulnerabilities.

-    - fixes for the following CVE's: CVE-2012-6706, CVE-2017-6419,

-      CVE-2017-11423, CVE-2018-0202, and CVE-2018-1000085.

-    - also included are 2 fixes for file descriptor leaks as well fixes for

-      a handful of other important bugs, including patches to support g++ 6, C++11.

+- fixes for the following CVE's: CVE-2012-6706, CVE-2017-6419,

+  CVE-2017-11423, CVE-2018-0202, and CVE-2018-1000085.

+- also included are 2 fixes for file descriptor leaks as well fixes for

+  a handful of other important bugs, including patches to support g++ 6, C++11.

 Thank you to the following ClamAV community members for your code

 submissions and bug reports! 

@@ -92,65 +122,62 @@ Suleman Ali

 yongji.oy

 xrym

-0.99.3

+## 0.99.3

 ClamAV 0.99.3 is a hotfix release to patch a set of vulnerabilities.

-    - fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420, 

-      CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, 

-      CVE-2017-12378, CVE-2017-12379, CVE-2017-12380. 

-    - also included are 2 minor fixes to properly detect openssl install

-      locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#

-      version numbers. 

+- fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420,

+  CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,

+  CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.

+- also included are 2 minor fixes to properly detect openssl install

+  locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#

+  version numbers.

 Thank you to the following ClamAV community members for your code

-submissions and bug reports! 

+submissions and bug reports!

-Alberto Garcia

-Daniel J. Luke

-Francisco Oca

-Sebastian A. Siewior

-Suleman Ali

+- Alberto Garcia

+- Daniel J. Luke

+- Francisco Oca

+- Sebastian A. Siewior

+- Suleman Ali

 Special thanks to Offensive Research at Salesforce.com for responsible disclosure.

-0.99.2

+## 0.99.2

 ClamAV 0.99.2 is a release of bug fixes and minor enhancements.

-    - fix ups improving the reliability of several ClamAV file parsers.

-    - sigtool now decodes file type signatures (e.g., daily.ftm CVD file).

-    - now supporting libpcre2 in addition to libpcre.

-    - systemd support for clamd and freshclam. Patch provided by 

-      Andreas Cadhalpun.

-    - fixed builds on Mac OS X 10.10 & 10.11.

-    - improved debug info for certificate metadata.

-    - improved freshclam messaging when using a proxy.

-    - fixed some freshclam functionality when using private mirrors.

-    - clamd refinements of open file limitations on Solaris. Patch by

-      Jim Morris

-    - clamav-milter signal handling for improved clean up during

-      termination.

+- fix ups improving the reliability of several ClamAV file parsers.

+- sigtool now decodes file type signatures (e.g., daily.ftm CVD file).

+- now supporting libpcre2 in addition to libpcre.

+- systemd support for clamd and freshclam. Patch provided by 

+  Andreas Cadhalpun.

+- fixed builds on Mac OS X 10.10 & 10.11.

+- improved debug info for certificate metadata.

+- improved freshclam messaging when using a proxy.

+- fixed some freshclam functionality when using private mirrors.

+- clamd refinements of open file limitations on Solaris. Patch by

+  Jim Morris

+- clamav-milter signal handling for improved clean up during

+  termination.

 Thank you to the following ClamAV community members for your code

-submissions and bug reports! 

-

-Brandon Perry

-Sebastian Andrzej Siewior

-Andreas Cadhalpun

-Jim Morris

-Kai Risku

-Bill Parker

-Tomasz Kojm

-Steve Basford

-Daniel J. Luke

-James Ralston

-John Dodson

-

-0.99.1

+submissions and bug reports!

+

+- Brandon Perry

+- Sebastian Andrzej Siewior

+- Andreas Cadhalpun

+- Jim Morris

+- Kai Risku

+- Bill Parker

+- Tomasz Kojm

+- Steve Basford

+- Daniel J. Luke

+- James Ralston

+- John Dodson

+

+## 0.99.1

 ClamAV 0.99.1 contains a new feature for parsing Hancom Office files

 including extracting and scanning embedded objects. ClamAV 0.99.1

@@ -159,42 +186,41 @@ also contains important bug fixes. Please see ChangeLog for details.

 Thanks to the following community members for code submissions used in

 ClamAV 0.99.1:

-Jim Morris

-Andreas Cadhalpun

-Mark Allan

-Sebastian Siewior

+- Jim Morris

+- Andreas Cadhalpun

+- Mark Allan

+- Sebastian Siewior

-0.99

+## 0.99

 ClamAV 0.99 contains major new features and changes. YARA rules, 

 Perl Compatible Regular Expressions, revamped on-access scanning

 for Linux, and other new features join the many great features of ClamAV:

-    - Processing of YARA rules(some limitations- see signatures.pdf).

-    - Support in ClamAV logical signatures for many of the features

-      added for YARA, such as Perl Compatible Regular Expressions,

-      alternate strings, and YARA string attributes. See signatures.pdf

-      for full details.

-    - New and improved on-access scanning for Linux. See the recent blog

-      post and clamdoc.pdf for details on the new on-access capabilities.

-    - A new ClamAV API callback function that is invoked when a virus 

-      is found. This is intended primarily for applications running in 

-      all-match mode. Any applications using all-match mode must use 

-      the new callback function to record and report detected viruses.    

-    - Configurable default password list to attempt zip file decryption.

-    - TIFF file support.

-    - Upgrade Windows pthread library to 2.9.1.

-    - A new signature target type for designating signatures to run

-      against files with unknown file types.

-    - Improved fidelity of the "data loss prevention" heuristic

-      algorithm. Code supplied by Bill Parker.

-    - Support for LZMA decompression within Adobe Flash files.

-    - Support for MSO attachments within Microsoft Office 2003 XML files.

-    - A new sigtool option(--ascii-normalize) allowing signature authors

-      to more easily generate normalized versions of ascii files.

-    - Windows installation directories changed from \Program Files\Sourcefire\

-      ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.

+- Processing of YARA rules(some limitations- see signatures.pdf).

+- Support in ClamAV logical signatures for many of the features

+  added for YARA, such as Perl Compatible Regular Expressions,

+  alternate strings, and YARA string attributes. See signatures.pdf

+  for full details.

+- New and improved on-access scanning for Linux. See the recent blog

+  post and clamdoc.pdf for details on the new on-access capabilities.

+- A new ClamAV API callback function that is invoked when a virus 

+  is found. This is intended primarily for applications running in 

+  all-match mode. Any applications using all-match mode must use 

+  the new callback function to record and report detected viruses.    

+- Configurable default password list to attempt zip file decryption.

+- TIFF file support.

+- Upgrade Windows pthread library to 2.9.1.

+- A new signature target type for designating signatures to run

+  against files with unknown file types.

+- Improved fidelity of the "data loss prevention" heuristic

+  algorithm. Code supplied by Bill Parker.

+- Support for LZMA decompression within Adobe Flash files.

+- Support for MSO attachments within Microsoft Office 2003 XML files.

+- A new sigtool option(--ascii-normalize) allowing signature authors

+  to more easily generate normalized versions of ascii files.

+- Windows installation directories changed from \Program Files\Sourcefire\

+  ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.

 PLEASE NOTE:  If you are using clamd on-access scanning or have applications

 using all-match mode, you will want to review the changes and make any necessary

@@ -204,48 +230,47 @@ aware of the change of installation directories.

 Thank you to the ClamAV community members who sent patches and bug reports

 included for ClamAV 0.99:

-Steve Basford

-Sebastian Andrzej Siewior

-Bill Parker

-Andreas Schulze

-Yann E. Morin

-Andreas Cadhalpun

-Dmitry Marakasov

-Michael Pelletier

-Felix Groebert

-Stephen Welker

+- Steve Basford

+- Sebastian Andrzej Siewior

+- Bill Parker

+- Andreas Schulze

+- Yann E. Morin

+- Andreas Cadhalpun

+- Dmitry Marakasov

+- Michael Pelletier

+- Felix Groebert

+- Stephen Welker

-0.98.7

+## 0.98.7

 ClamAV 0.98.7 is here! This release contains new scanning features

 and bug fixes. 

-    - Improvements to PDF processing: decryption, escape sequence

-      handling, and file property collection.

-    - Scanning/analysis of additional Microsoft Office 2003 XML format.

-    - Fix infinite loop condition on crafted y0da cryptor file. Identified

-      and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.

-    - Fix crash on crafted petite packed file. Reported and patch

-      supplied by Sebastian Andrzej Siewior. CVE-2015-2222.

-    - Fix false negatives on files within iso9660 containers. This issue

-      was reported by Minzhuan Gong.

-    - Fix a couple crashes on crafted upack packed file. Identified and

-      patches supplied by Sebastian Andrzej Siewior.

-    - Fix a crash during algorithmic detection on crafted PE file.

-      Identified and patch supplied by Sebastian Andrzej Siewior.

-    - Fix an infinite loop condition on a crafted "xz" archive file.

-      This was reported by Dimitri Kirchner and Goulven Guiheux.

-      CVE-2015-2668.

-    - Fix compilation error after ./configure --disable-pthreads.

-      Reported and fix suggested by John E. Krokes.

-    - Apply upstream patch for possible heap overflow in Henry Spencer's 

-      regex library. CVE-2015-2305.

-    - Fix crash in upx decoder with crafted file. Discovered and patch

-      supplied by Sebastian Andrzej Siewior. CVE-2015-2170.

-    - Fix segfault scanning certain HTML files. Reported with sample by

-      Kai Risku.

-    - Improve detections within xar/pkg files.

+- Improvements to PDF processing: decryption, escape sequence

+  handling, and file property collection.

+- Scanning/analysis of additional Microsoft Office 2003 XML format.

+- Fix infinite loop condition on crafted y0da cryptor file. Identified

+  and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.

+- Fix crash on crafted petite packed file. Reported and patch

+  supplied by Sebastian Andrzej Siewior. CVE-2015-2222.

+- Fix false negatives on files within iso9660 containers. This issue

+  was reported by Minzhuan Gong.

+- Fix a couple crashes on crafted upack packed file. Identified and

+  patches supplied by Sebastian Andrzej Siewior.

+- Fix a crash during algorithmic detection on crafted PE file.

+  Identified and patch supplied by Sebastian Andrzej Siewior.

+- Fix an infinite loop condition on a crafted "xz" archive file.

+  This was reported by Dimitri Kirchner and Goulven Guiheux.

+  CVE-2015-2668.

+- Fix compilation error after ./configure --disable-pthreads.

+  Reported and fix suggested by John E. Krokes.

+- Apply upstream patch for possible heap overflow in Henry Spencer's 

+  regex library. CVE-2015-2305.

+- Fix crash in upx decoder with crafted file. Discovered and patch

+  supplied by Sebastian Andrzej Siewior. CVE-2015-2170.

+- Fix segfault scanning certain HTML files. Reported with sample by

+  Kai Risku.

+- Improve detections within xar/pkg files.

 As always, we appreciate contributions of bug reports, code fixes,

 and sample submission from the ClamAV community members:

@@ -257,30 +282,29 @@ Goulven Guiheux

 John E. Krokes

 Kai Risku

-0.98.6

+## 0.98.6

 ClamAV 0.98.6 is a bug fix release correcting the following:

-    - library shared object revisions.

-    - installation issues on some Mac OS X and FreeBSD platforms.

-    - includes a patch from Sebastian Andrzej Siewior making

-      ClamAV pid files compatible with systemd.

-    - Fix a heap out of bounds condition with crafted Yoda's

-      crypter files. This issue was discovered by Felix Groebert

-      of the Google Security Team.

-    - Fix a heap out of bounds condition with crafted mew packer

-      files. This issue was discovered by Felix Groebert of the

-      Google Security Team.

-    - Fix a heap out of bounds condition with crafted upx packer

-      files. This issue was discovered by Kevin Szkudlapski of

-      Quarkslab.

-    - Fix a heap out of bounds condition with crafted upack packer

-      files. This issue was discovered by Sebastian Andrzej Siewior.

-      CVE-2014-9328.

-    - Compensate a crash due to incorrect compiler optimization when

-      handling crafted petite packer files. This issue was discovered

-      by Sebastian Andrzej Siewior.

+- library shared object revisions.

+- installation issues on some Mac OS X and FreeBSD platforms.

+- includes a patch from Sebastian Andrzej Siewior making

+  ClamAV pid files compatible with systemd.

+- Fix a heap out of bounds condition with crafted Yoda's

+  crypter files. This issue was discovered by Felix Groebert

+  of the Google Security Team.

+- Fix a heap out of bounds condition with crafted mew packer

+  files. This issue was discovered by Felix Groebert of the

+  Google Security Team.

+- Fix a heap out of bounds condition with crafted upx packer

+  files. This issue was discovered by Kevin Szkudlapski of

+  Quarkslab.

+- Fix a heap out of bounds condition with crafted upack packer

+  files. This issue was discovered by Sebastian Andrzej Siewior.

+  CVE-2014-9328.

+- Compensate a crash due to incorrect compiler optimization when

+  handling crafted petite packer files. This issue was discovered

+  by Sebastian Andrzej Siewior.

 Thanks to the following ClamAV community members for code submissions

 and bug reporting included in ClamAV 0.98.6:

@@ -291,8 +315,7 @@ Kevin Szkudlapski

 Mark Pizzolato

 Daniel J. Luke

-0.98.5

+## 0.98.5

 Welcome to ClamAV 0.98.5! ClamAV 0.98.5 includes important new features

 for collecting and analyzing file properties. Software developers and

@@ -307,27 +330,27 @@ properties.

 ClamAV 0.98.5 also includes these new features and bug fixes:

-    - Support for the XDP file format and extracting, decoding, and

-      scanning PDF files within XDP files.

-    - Addition of shared library support for LLVM versions 3.1 - 3.5

-      for the purpose of just-in-time(JIT) compilation of ClamAV

-      bytecode signatures. Andreas Cadhalpun submitted the patch

-      implementing this support.

-    - Enhancements to the clambc command line utility to assist

-      ClamAV bytecode signature authors by providing introspection

-      into compiled bytecode programs.

-    - Resolution of many of the warning messages from ClamAV compilation.

-    - Improved detection of malicious PE files.

-    - Security fix for ClamAV crash when using 'clamscan -a'. This issue

-      was identified by Kurt Siefried of Red Hat.

-    - Security fix for ClamAV crash when scanning maliciously crafted

-      yoda's crypter files. This issue, as well as several other bugs

-      fixed in this release, were identified by Damien Millescamp of

-      Oppida.

-    - ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode.

-      Thanks to Reinhard Max for supplying the patch.

-    - Bug fixes and other feature enhancements. See Changelog or

-      git log for details.

+- Support for the XDP file format and extracting, decoding, and

+  scanning PDF files within XDP files.

+- Addition of shared library support for LLVM versions 3.1 - 3.5

+  for the purpose of just-in-time(JIT) compilation of ClamAV

+  bytecode signatures. Andreas Cadhalpun submitted the patch

+  implementing this support.

+- Enhancements to the clambc command line utility to assist

+  ClamAV bytecode signature authors by providing introspection

+  into compiled bytecode programs.

+- Resolution of many of the warning messages from ClamAV compilation.

+- Improved detection of malicious PE files.

+- Security fix for ClamAV crash when using 'clamscan -a'. This issue

+  was identified by Kurt Siefried of Red Hat.

+- Security fix for ClamAV crash when scanning maliciously crafted

+  yoda's crypter files. This issue, as well as several other bugs

+  fixed in this release, were identified by Damien Millescamp of

+  Oppida.

+- ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode.

+  Thanks to Reinhard Max for supplying the patch.

+- Bug fixes and other feature enhancements. See Changelog or

+  git log for details.

 Thanks to the following ClamAV community members for code submissions

 and bug reporting included in ClamAV 0.98.5:

@@ -338,25 +361,18 @@ Damien Millescamp

 Reinhard Max

 Kurt Seifried

-0.98.4

+## 0.98.4

 ClamAV 0.98.4 is a bug fix release. The following issues are now resolved:

-    - Various build problems on Solaris, OpenBSD, AIX.

-

-    - Crashes of clamd on Windows and Mac OS X platforms when reloading

-      the virus signature database.

-

-    - Infinite loop in clamdscan when clamd is not running.

-

-    - Freshclam failure on Solaris 10.

-

-    - Buffer underruns when handling multi-part MIME email attachments.

-

-    - Configuration of OpenSSL on various platforms.

-

-    - Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1.

+- Various build problems on Solaris, OpenBSD, AIX.

+- Crashes of clamd on Windows and Mac OS X platforms when reloading

+  the virus signature database.

+- Infinite loop in clamdscan when clamd is not running.

+- Freshclam failure on Solaris 10.

+- Buffer underruns when handling multi-part MIME email attachments.

+- Configuration of OpenSSL on various platforms.

+- Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1.

 Thanks to the following individuals for testing, writing patches, and

 initiating quality improvements in this release:

@@ -374,52 +390,41 @@ Larry Rosenbaum

 Dave Simonson

 Sebastian Andrzej Siewior

-0.98.2

+## 0.98.2

 Here are the new features and improvements in ClamAV 0.98.2:

-    - Support for common raw disk image formats using 512 byte sectors,

-      specifically GPT, APM, and MBR partitioning.

-

-    - Experimental support of OpenIOC files. ClamAV will now extract file

-      hashes from OpenIOC files residing in the signature database location,

-      and generate ClamAV hash signatures. ClamAV uses no other OpenIOC

-      features at this time. No OpenIOC files will be delivered through

-      freshclam. See openioc.org and iocbucket.com for additional information

-      about OpenIOC.

-

-    - All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)

-      now support IPV6 addresses and configuration parameters.

-

-    - Use OpenSSL file hash functions for improved performance. OpenSSL 

-      is now prerequisite software for ClamAV 0.98.2.

-

-    - Improved detection of malware scripts within image files. Issue reported

-      by Maarten Broekman.

-

-    - Change to circumvent possible denial of service when processing icons within

-      specially crafted PE files. Icon limits are now in place with corresponding

-      clamd and clamscan configuration parameters. This issue was reported by 

-      Joxean Koret.

-

-    - Improvements to the fidelity of the ClamAV pattern matcher, an issue

-      reported by Christian Blichmann.

-

-    - Opt-in collection of statistics. Statistics collected are: sizes and MD5 

-      hashes of files, PE file section counts and section MD5 hashes, and names

-      and counts of detected viruses. Enable statistics collection with the

-      --enable-stats clamscan flag or StatsEnabled clamd configuration

-      parameter.

-

-    - Improvements to ClamAV build process, unit tests, and platform support with

-      assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,

-      and Dave Simonson.

-

-    - Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.

-

-    - ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation 

-      improvements.

+- Support for common raw disk image formats using 512 byte sectors,

+  specifically GPT, APM, and MBR partitioning.

+- Experimental support of OpenIOC files. ClamAV will now extract file

+  hashes from OpenIOC files residing in the signature database location,

+  and generate ClamAV hash signatures. ClamAV uses no other OpenIOC

+  features at this time. No OpenIOC files will be delivered through

+  freshclam. See openioc.org and iocbucket.com for additional information

+  about OpenIOC.

+- All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)

+  now support IPV6 addresses and configuration parameters.

+- Use OpenSSL file hash functions for improved performance. OpenSSL 

+  is now prerequisite software for ClamAV 0.98.2.

+- Improved detection of malware scripts within image files. Issue reported

+  by Maarten Broekman.

+- Change to circumvent possible denial of service when processing icons within

+  specially crafted PE files. Icon limits are now in place with corresponding

+  clamd and clamscan configuration parameters. This issue was reported by 

+  Joxean Koret.

+- Improvements to the fidelity of the ClamAV pattern matcher, an issue

+  reported by Christian Blichmann.

+- Opt-in collection of statistics. Statistics collected are: sizes and MD5 

+  hashes of files, PE file section counts and section MD5 hashes, and names

+  and counts of detected viruses. Enable statistics collection with the

+  --enable-stats clamscan flag or StatsEnabled clamd configuration

+  parameter.

+- Improvements to ClamAV build process, unit tests, and platform support with

+  assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,

+  and Dave Simonson.

+- Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.

+- ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation 

+  improvements.

 Thanks to the following ClamAV community members for sending patches or reporting

 bugs and issues that are addressed in ClamAV 0.98.2:

@@ -430,7 +435,7 @@ Joxean Koret

 Arkadiusz Miskiewicz

 Dave Simonson

 Maarten Broekman

-Christian Blichmann 

+Christian Blichmann

 --

@@ -450,88 +455,87 @@ do not wish to do so, delete this exception statement from your

 version.  If you delete this exception statement from all source

 files in the program, then also delete it here.

-0.98.1

+## 0.98.1

+

 ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and 

 quality improvements. These include:

-    - Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.

+- Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.

-    - Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.

-      XAR format is commonly used for software packaging, such as PKG and RPM, as well as 

-      general archival.

+- Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.

+  XAR format is commonly used for software packaging, such as PKG and RPM, as well as 

+  general archival.

-    - Decompression and scanning of files in "Xz" compression format.

+- Decompression and scanning of files in "Xz" compression format.

-    - Recognition of Open Office XML formats.

+- Recognition of Open Office XML formats.

-    - Improvements and fixes to extraction and scanning of ole formats.

+- Improvements and fixes to extraction and scanning of ole formats.

-    - Option to force all scanned data to disk. This impacts only a few file types where

-      some embedded content is normally scanned in memory. Enabling this option

-      ensures that a file descriptor exists when callback functions are used, at a small

-      performance cost. This should only be needed when callback functions are used

-      that need file access.

+- Option to force all scanned data to disk. This impacts only a few file types where

+  some embedded content is normally scanned in memory. Enabling this option

+  ensures that a file descriptor exists when callback functions are used, at a small

+  performance cost. This should only be needed when callback functions are used

+  that need file access.

-    - Various improvements to ClamAV configuration, support of third party libraries, 

-      and unit tests.

+- Various improvements to ClamAV configuration, support of third party libraries, 

+  and unit tests.

-0.98

+## 0.98

 ClamAV 0.98 includes many new features, across all the different components

 of ClamAV. There are new scanning options, extensions to the libclamav API,

 support for additional filetypes, and internal upgrades.

-    - Signature improvements: New signature targets have been added for

-      PDF files, Flash files and Java class files. (NOTE: Java archive files

-      (JAR) are not part of the Java target.) Hash signatures can now specify

-      a '*' (wildcard)  size if the size is unknown. Using wildcard size

-      requires setting the minimum engine FLEVEL to avoid backwards

-      compatibility issues. For more details read the ClamAV Signatures

-      guide.

-

-    - Scanning enhancements: New filetypes can be unpacked and scanned,

-      including ISO9660, Flash, and self-extracting 7z files. PDF

-      handling is now more robust and better handles encrypted PDF files.

-

-    - Authenticode: ClamAV is now aware of the certificate chains when

-      scanning signed PE files. When the database contains signatures for

-      trusted root certificate authorities, the engine can whitelist

-      PE files with a valid signature. The same database file can also

-      include known compromised certificates to be rejected! This

-      feature can also be disabled in clamd.conf (DisableCertCheck) or

-      the command-line (nocerts).

-

-    - New options: Several new options for clamscan and clamd have been

-      added. For example, ClamAV can be set to print infected files and

-      error files, and suppress printing OK results. This can be helpful

-      when scanning large numbers of files. This new option is "-o" for

-      clamscan and "LogClean" for clamd. Check clamd.conf or the clamscan

-      help message for specific details.

-

-    - New callbacks added to the API: The libclamav API has additional hooks

-      for developers to use when wrapping ClamAV scanning. These function

-      types are prefixed with "clcb_" and allow developers to add logic at 

-      certain steps of the scanning process without directly modifying the 

-      library. For more details refer to the clamav.h file.

-

-    - More configurable limits: Several hardcoded values are now configurable

-      parameters, providing more options for tuning the engine to match your

-      needs. Check clamd.conf or the clamscan help message for specific

-      details.

-

-    - Performance improvements: This release furthers the use of memory maps

-      during scanning and unpacking, continuing the conversion started in

-      prior releases. Complex math functions have been switched from

-      libtommath to tomsfastmath functions. The A/C matcher code has also

-      been optimized to provide a speed boost.

-

-    - Support for on-access scanning using Clamuko/Dazuko has been replaced

-      with fanotify. Accordingly, clamd.conf settings related to on-access

-      scanning have had Clamuko removed from the name. Clamuko-specific

-      configuration items have been marked deprecated and should no longer

-      be used.

+- Signature improvements: New signature targets have been added for

+  PDF files, Flash files and Java class files. (NOTE: Java archive files

+  (JAR) are not part of the Java target.) Hash signatures can now specify

+  a '*' (wildcard)  size if the size is unknown. Using wildcard size

+  requires setting the minimum engine FLEVEL to avoid backwards

+  compatibility issues. For more details read the ClamAV Signatures

+  guide.

+

+- Scanning enhancements: New filetypes can be unpacked and scanned,

+  including ISO9660, Flash, and self-extracting 7z files. PDF

+  handling is now more robust and better handles encrypted PDF files.

+

+- Authenticode: ClamAV is now aware of the certificate chains when

+  scanning signed PE files. When the database contains signatures for

+  trusted root certificate authorities, the engine can whitelist

+  PE files with a valid signature. The same database file can also

+  include known compromised certificates to be rejected! This

+  feature can also be disabled in clamd.conf (DisableCertCheck) or

+  the command-line (nocerts).

+

+- New options: Several new options for clamscan and clamd have been

+  added. For example, ClamAV can be set to print infected files and

+  error files, and suppress printing OK results. This can be helpful

+  when scanning large numbers of files. This new option is "-o" for

+  clamscan and "LogClean" for clamd. Check clamd.conf or the clamscan

+  help message for specific details.

+

+- New callbacks added to the API: The libclamav API has additional hooks

+  for developers to use when wrapping ClamAV scanning. These function

+  types are prefixed with "clcb_" and allow developers to add logic at 

+  certain steps of the scanning process without directly modifying the 

+  library. For more details refer to the clamav.h file.

+

+- More configurable limits: Several hardcoded values are now configurable

+  parameters, providing more options for tuning the engine to match your

+  needs. Check clamd.conf or the clamscan help message for specific

+  details.

+

+- Performance improvements: This release furthers the use of memory maps

+  during scanning and unpacking, continuing the conversion started in

+  prior releases. Complex math functions have been switched from

+  libtommath to tomsfastmath functions. The A/C matcher code has also

+  been optimized to provide a speed boost.

+

+- Support for on-access scanning using Clamuko/Dazuko has been replaced

+  with fanotify. Accordingly, clamd.conf settings related to on-access

+  scanning have had Clamuko removed from the name. Clamuko-specific

+  configuration items have been marked deprecated and should no longer

+  be used.

 There are also fixes for other minor issues and code quality changes. Please

 see the ChangeLog file for details.

@@ -539,57 +543,49 @@ see the ChangeLog file for details.

 --

 The ClamAV team (https://www.clamav.net/about.html#credits)

-0.97.8

+## 0.97.8

 ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to

 Felix Groebert of the Google Security Team for finding and reporting these

 issues.

-0.97.7

+## 0.97.7

 ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to

 Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security

 Team for finding and reporting these issues.

-0.97.6

+## 0.97.6

 ClamAV 0.97.6 includes minor bug fixes and detection improvements.

 ClamAV 0.97.6 corrects bug 5252 "CL_EFORMAT: Bad format or broken data ERROR

 reported as scan result."

-0.97.5

+## 0.97.5

 ClamAV 0.97.5 addresses possible evasion cases in some archive formats 

 (CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability 

 issues in portions of the bytecode engine. This release is recommended for 

 all users.

-0.97.4

+## 0.97.4

 ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial 

 support for on-access scanning under Mac OS X (see contrib/ClamAuth). 

 This update is recommended for all users.

-0.97.3

+## 0.97.3

 ClamAV 0.97.3 is a minor bugfix release and is recommended for all 

 users. Please refer to the ChangeLog file for details.

-0.97.2

+## 0.97.2

 ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing detection,

 hash matcher, and other minor issues. Please see the ChangeLog file for

 details.

-0.97.1

+## 0.97.1

 This is a bugfix release recommended for all users. Please refer to the

 ChangeLog file for details.

@@ -597,9 +593,7 @@ ChangeLog file for details.

 --

 The ClamAV team (https://www.clamav.net/about.html#credits)