...
|
...
|
@@ -1,82 +1,112 @@
|
1
|
|
-ClamAV News
|
2
|
|
-===========
|
|
1
|
+# ClamAV News
|
3
|
2
|
|
4
|
|
-Note: This file refers to the source tarball. Things described here may
|
5
|
|
- differ slightly from the binary packages.
|
|
3
|
+Note: This file refers to the source tarball. Things described here may differ
|
|
4
|
+ slightly from the binary packages.
|
6
|
5
|
|
7
|
|
-0.100.0
|
|
6
|
+## 0.100.0
|
8
|
7
|
|
9
|
8
|
ClamAV 0.100.0 is a feature release which includes many code submissions
|
10
|
|
- from the ClamAV community. Some of the more prominent submissions include:
|
11
|
|
-
|
12
|
|
- - Interfaces to the Prelude SIEM open source package for collecting
|
13
|
|
- ClamAV virus events.
|
14
|
|
- - Support for Visual Studio 2015 for Windows builds.
|
15
|
|
- - Support libmspack internal code or as a shared object library.
|
16
|
|
- The internal library is the default and contains additional
|
17
|
|
- integrity checks.
|
18
|
|
- - Linking with openssl 1.1.0.
|
19
|
|
- - Deprecation of the AllowSupplementaryGroups parameter statement
|
20
|
|
- in clamd, clamav-milter, and freshclam. Use of supplementary
|
21
|
|
- is now in effect by default.
|
22
|
|
- - Numerous bug fixes, typo corrections, and compiler warning fixes.
|
|
9
|
+ from the ClamAV community. As always, it can be downloaded from our downloads
|
|
10
|
+ page on clamav.net. Some of the more prominent submissions include:
|
|
11
|
+
|
|
12
|
+- Interfaces to the Prelude SIEM open source package for collecting
|
|
13
|
+ ClamAV virus events.
|
|
14
|
+- Support for Visual Studio 2015 for Windows builds. Please note that we
|
|
15
|
+ have deprecated support for Windows XP, and while Vista may still work,
|
|
16
|
+ we no longer test ClamAV on Windows XP or Vista.
|
|
17
|
+- Support libmspack internal code or as a shared object library.
|
|
18
|
+ The internal library is the default and includes modifications to enable
|
|
19
|
+ parsing of CAB files that do not entirely adhere to the CAB file format.
|
|
20
|
+- Linking with OpenSSL 1.1.0.
|
|
21
|
+- Deprecation of the AllowSupplementaryGroups parameter statement
|
|
22
|
+ in clamd, clamav-milter, and freshclam. Use of supplementary
|
|
23
|
+ is now in effect by default.
|
|
24
|
+- Numerous bug fixes, typo corrections, and compiler warning fixes.
|
23
|
25
|
|
24
|
26
|
Additionally, we have introduced important changes and new features in
|
25
|
27
|
ClamAV 0.100, including but not limited to:
|
26
|
28
|
|
27
|
|
- - Deprecating internal LLVM code support. The configure script has changed
|
28
|
|
- to search the system for an installed instance of the LLVM development
|
29
|
|
- libraries, and to otherwise use the bytecode interpreter for ClamAV
|
30
|
|
- bytecode signatures. To use the LLVM Just-In-Time compiler for
|
31
|
|
- executing bytecode signatures, please ensure that the LLVM development
|
32
|
|
- package at version 3.6 or lower is installed. Using the deprecated LLVM
|
33
|
|
- code is possible with the command: `./configure --with-system-llvm=no`,
|
34
|
|
- but it no longer compiles on all platforms.
|
35
|
|
- - Compute and check PE import table hash (a.k.a. "imphash") signatures.
|
36
|
|
- - Support file property collection and analysis for MHTML files.
|
37
|
|
- - Raw scanning of PostScript files.
|
38
|
|
- - Fix clamsubmit to use the new virus and false positive submission web
|
39
|
|
- interface.
|
40
|
|
- - Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when
|
41
|
|
- size limitations are exceeded.
|
42
|
|
- - Improved decoders for PDF files.
|
43
|
|
- - Reduced number of compile time warnings.
|
44
|
|
- - Improved support for C++11.
|
45
|
|
- - Improved detection of system installed libraries.
|
46
|
|
- - Fixes to ClamAV's Container system and the introduction of Intermediates
|
47
|
|
- for more descriptive signatures.
|
48
|
|
- - Improvements to clamd's On-Access scanning capabilities for Linux.
|
|
29
|
+- Deprecating internal LLVM code support. The configure script has changed
|
|
30
|
+ to search the system for an installed instance of the LLVM development
|
|
31
|
+ libraries, and to otherwise use the bytecode interpreter for ClamAV
|
|
32
|
+ bytecode signatures. To use the LLVM Just-In-Time compiler for
|
|
33
|
+ executing bytecode signatures, please ensure that the LLVM development
|
|
34
|
+ package at version 3.6 or lower is installed. Using the deprecated LLVM
|
|
35
|
+ code is possible with the command: `./configure --with-system-llvm=no`,
|
|
36
|
+ but it no longer compiles on all platforms.
|
|
37
|
+- Compute and check PE import table hash (a.k.a. "imphash") signatures.
|
|
38
|
+- Support file property collection and analysis for MHTML files.
|
|
39
|
+- Raw scanning of PostScript files.
|
|
40
|
+- Fix clamsubmit to use the new virus and false positive submission web
|
|
41
|
+ interface.
|
|
42
|
+- Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when
|
|
43
|
+ size limitations are exceeded.
|
|
44
|
+- Improved decoders for PDF files.
|
|
45
|
+- Reduced number of compile time warnings.
|
|
46
|
+- Improved support for C++11.
|
|
47
|
+- Improved detection of system installed libraries.
|
|
48
|
+- Fixes to ClamAV's Container system and the introduction of Intermediates
|
|
49
|
+ for more descriptive signatures.
|
|
50
|
+- Improvements to clamd's On-Access scanning capabilities for Linux.
|
|
51
|
+
|
|
52
|
+### Acknowledgements
|
49
|
53
|
|
50
|
54
|
The ClamAV team thanks the following individuals for their code submissions:
|
51
|
55
|
|
52
|
|
-Andreas Schulze
|
53
|
|
-Anthony Chan
|
54
|
|
-Bill Parker
|
55
|
|
-Chris Miserva
|
56
|
|
-Daniel J. Luke
|
57
|
|
-Georgy Salnikov
|
58
|
|
-James Ralston
|
59
|
|
-Jonas Zaddach
|
60
|
|
-Keith Jones
|
61
|
|
-Marc Deslauriers
|
62
|
|
-Mark Allan
|
63
|
|
-Matthew Boedicker
|
64
|
|
-Michael Pelletier
|
65
|
|
-Ningirsu
|
66
|
|
-Sebastian Andrzej Siewior
|
67
|
|
-Stephen Welker
|
68
|
|
-Tuomo Soini
|
69
|
|
-
|
70
|
|
-0.99.4
|
|
56
|
+- Andreas Schulze
|
|
57
|
+- Anthony Chan
|
|
58
|
+- Bill Parker
|
|
59
|
+- Chris Miserva
|
|
60
|
+- Daniel J. Luke
|
|
61
|
+- Georgy Salnikov
|
|
62
|
+- James Ralston
|
|
63
|
+- Jonas Zaddach
|
|
64
|
+- Keith Jones
|
|
65
|
+- Marc Deslauriers
|
|
66
|
+- Mark Allan
|
|
67
|
+- Matthew Boedicker
|
|
68
|
+- Michael Pelletier
|
|
69
|
+- Ningirsu
|
|
70
|
+- Sebastian Andrzej Siewior
|
|
71
|
+- Stephen Welker
|
|
72
|
+- Tuomo Soini
|
|
73
|
+
|
|
74
|
+### Known Issues
|
|
75
|
+
|
|
76
|
+ClamAV has an active issue queue and enjoys continual improvement but as sad as
|
|
77
|
+ I am to say it, we couldn't address every bug in this release. I want to draw
|
|
78
|
+ your attention a couple bugs in particular so as not to frustrate users
|
|
79
|
+ setting up ClamAV:
|
|
80
|
+
|
|
81
|
+- Platform: macOS:
|
|
82
|
+ - Bug: If you attempt to build ClamAV with a system installed LLVM you may
|
|
83
|
+ receive a linker error. We recently changed default linking behavior to
|
|
84
|
+ prefer dynamic linking over static linking. As a result, we've uncovered a
|
|
85
|
+ bug in building on macOS where dynamic linking against the LLVM libraries
|
|
86
|
+ fails. To work around this bug, please add the --with-llvm-linking=static
|
|
87
|
+ option to your ./configure call.
|
|
88
|
+
|
|
89
|
+- Platform: CentOS 6 32bit, older versions of AIX:
|
|
90
|
+ - Bug: On CentOS 6 32bit we observed that specific versions of zlib fail to
|
|
91
|
+ correctly decompress the CVD signature databases. If you are on an older
|
|
92
|
+ system such as CentoOS 6 32bit and observe failures loading the signature
|
|
93
|
+ database, please consider upgrading to a newer version of zlib.
|
|
94
|
+
|
|
95
|
+- Platform: Miscellaneous
|
|
96
|
+ - Bug: When cross compiling on certain legacy systems (Solaris, AIX, OSX)
|
|
97
|
+ against older system libraries that do not support strn functions linking
|
|
98
|
+ may fail during compile time. While automatic checking is done during
|
|
99
|
+ configure time to check for unsupported libs, this problem can be manually
|
|
100
|
+ avoided using the --enable-strni configure flag if it is encountered.
|
|
101
|
+
|
|
102
|
+## 0.99.4
|
71
|
103
|
|
72
|
104
|
ClamAV 0.99.4 is a hotfix release to patch a set of vulnerabilities.
|
73
|
105
|
|
74
|
|
- - fixes for the following CVE's: CVE-2012-6706, CVE-2017-6419,
|
75
|
|
- CVE-2017-11423, CVE-2018-0202, and CVE-2018-1000085.
|
76
|
|
- - also included are 2 fixes for file descriptor leaks as well fixes for
|
77
|
|
- a handful of other important bugs, including patches to support g++ 6, C++11.
|
|
106
|
+- fixes for the following CVE's: CVE-2012-6706, CVE-2017-6419,
|
|
107
|
+ CVE-2017-11423, CVE-2018-0202, and CVE-2018-1000085.
|
|
108
|
+- also included are 2 fixes for file descriptor leaks as well fixes for
|
|
109
|
+ a handful of other important bugs, including patches to support g++ 6, C++11.
|
78
|
110
|
|
79
|
111
|
Thank you to the following ClamAV community members for your code
|
80
|
112
|
submissions and bug reports!
|
...
|
...
|
@@ -92,65 +122,62 @@ Suleman Ali
|
92
|
92
|
yongji.oy
|
93
|
93
|
xrym
|
94
|
94
|
|
95
|
|
-0.99.3
|
|
95
|
+## 0.99.3
|
96
|
96
|
|
97
|
97
|
ClamAV 0.99.3 is a hotfix release to patch a set of vulnerabilities.
|
98
|
98
|
|
99
|
|
- - fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420,
|
100
|
|
- CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
|
101
|
|
- CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.
|
102
|
|
- - also included are 2 minor fixes to properly detect openssl install
|
103
|
|
- locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#
|
104
|
|
- version numbers.
|
|
99
|
+- fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420,
|
|
100
|
+ CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
|
|
101
|
+ CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.
|
|
102
|
+- also included are 2 minor fixes to properly detect openssl install
|
|
103
|
+ locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#
|
|
104
|
+ version numbers.
|
105
|
105
|
|
106
|
106
|
Thank you to the following ClamAV community members for your code
|
107
|
|
-submissions and bug reports!
|
|
107
|
+submissions and bug reports!
|
108
|
108
|
|
109
|
|
-Alberto Garcia
|
110
|
|
-Daniel J. Luke
|
111
|
|
-Francisco Oca
|
112
|
|
-Sebastian A. Siewior
|
113
|
|
-Suleman Ali
|
|
109
|
+- Alberto Garcia
|
|
110
|
+- Daniel J. Luke
|
|
111
|
+- Francisco Oca
|
|
112
|
+- Sebastian A. Siewior
|
|
113
|
+- Suleman Ali
|
114
|
114
|
|
115
|
115
|
Special thanks to Offensive Research at Salesforce.com for responsible disclosure.
|
116
|
116
|
|
117
|
|
-0.99.2
|
|
117
|
+## 0.99.2
|
118
|
118
|
|
119
|
119
|
ClamAV 0.99.2 is a release of bug fixes and minor enhancements.
|
120
|
120
|
|
121
|
|
- - fix ups improving the reliability of several ClamAV file parsers.
|
122
|
|
- - sigtool now decodes file type signatures (e.g., daily.ftm CVD file).
|
123
|
|
- - now supporting libpcre2 in addition to libpcre.
|
124
|
|
- - systemd support for clamd and freshclam. Patch provided by
|
125
|
|
- Andreas Cadhalpun.
|
126
|
|
- - fixed builds on Mac OS X 10.10 & 10.11.
|
127
|
|
- - improved debug info for certificate metadata.
|
128
|
|
- - improved freshclam messaging when using a proxy.
|
129
|
|
- - fixed some freshclam functionality when using private mirrors.
|
130
|
|
- - clamd refinements of open file limitations on Solaris. Patch by
|
131
|
|
- Jim Morris
|
132
|
|
- - clamav-milter signal handling for improved clean up during
|
133
|
|
- termination.
|
|
121
|
+- fix ups improving the reliability of several ClamAV file parsers.
|
|
122
|
+- sigtool now decodes file type signatures (e.g., daily.ftm CVD file).
|
|
123
|
+- now supporting libpcre2 in addition to libpcre.
|
|
124
|
+- systemd support for clamd and freshclam. Patch provided by
|
|
125
|
+ Andreas Cadhalpun.
|
|
126
|
+- fixed builds on Mac OS X 10.10 & 10.11.
|
|
127
|
+- improved debug info for certificate metadata.
|
|
128
|
+- improved freshclam messaging when using a proxy.
|
|
129
|
+- fixed some freshclam functionality when using private mirrors.
|
|
130
|
+- clamd refinements of open file limitations on Solaris. Patch by
|
|
131
|
+ Jim Morris
|
|
132
|
+- clamav-milter signal handling for improved clean up during
|
|
133
|
+ termination.
|
134
|
134
|
|
135
|
135
|
Thank you to the following ClamAV community members for your code
|
136
|
|
-submissions and bug reports!
|
137
|
|
-
|
138
|
|
-Brandon Perry
|
139
|
|
-Sebastian Andrzej Siewior
|
140
|
|
-Andreas Cadhalpun
|
141
|
|
-Jim Morris
|
142
|
|
-Kai Risku
|
143
|
|
-Bill Parker
|
144
|
|
-Tomasz Kojm
|
145
|
|
-Steve Basford
|
146
|
|
-Daniel J. Luke
|
147
|
|
-James Ralston
|
148
|
|
-John Dodson
|
149
|
|
-
|
150
|
|
-0.99.1
|
|
136
|
+submissions and bug reports!
|
|
137
|
+
|
|
138
|
+- Brandon Perry
|
|
139
|
+- Sebastian Andrzej Siewior
|
|
140
|
+- Andreas Cadhalpun
|
|
141
|
+- Jim Morris
|
|
142
|
+- Kai Risku
|
|
143
|
+- Bill Parker
|
|
144
|
+- Tomasz Kojm
|
|
145
|
+- Steve Basford
|
|
146
|
+- Daniel J. Luke
|
|
147
|
+- James Ralston
|
|
148
|
+- John Dodson
|
|
149
|
+
|
|
150
|
+## 0.99.1
|
151
|
151
|
|
152
|
152
|
ClamAV 0.99.1 contains a new feature for parsing Hancom Office files
|
153
|
153
|
including extracting and scanning embedded objects. ClamAV 0.99.1
|
...
|
...
|
@@ -159,42 +186,41 @@ also contains important bug fixes. Please see ChangeLog for details.
|
159
|
159
|
Thanks to the following community members for code submissions used in
|
160
|
160
|
ClamAV 0.99.1:
|
161
|
161
|
|
162
|
|
-Jim Morris
|
163
|
|
-Andreas Cadhalpun
|
164
|
|
-Mark Allan
|
165
|
|
-Sebastian Siewior
|
|
162
|
+- Jim Morris
|
|
163
|
+- Andreas Cadhalpun
|
|
164
|
+- Mark Allan
|
|
165
|
+- Sebastian Siewior
|
166
|
166
|
|
167
|
|
-0.99
|
|
167
|
+## 0.99
|
168
|
168
|
|
169
|
169
|
ClamAV 0.99 contains major new features and changes. YARA rules,
|
170
|
170
|
Perl Compatible Regular Expressions, revamped on-access scanning
|
171
|
171
|
for Linux, and other new features join the many great features of ClamAV:
|
172
|
172
|
|
173
|
|
- - Processing of YARA rules(some limitations- see signatures.pdf).
|
174
|
|
- - Support in ClamAV logical signatures for many of the features
|
175
|
|
- added for YARA, such as Perl Compatible Regular Expressions,
|
176
|
|
- alternate strings, and YARA string attributes. See signatures.pdf
|
177
|
|
- for full details.
|
178
|
|
- - New and improved on-access scanning for Linux. See the recent blog
|
179
|
|
- post and clamdoc.pdf for details on the new on-access capabilities.
|
180
|
|
- - A new ClamAV API callback function that is invoked when a virus
|
181
|
|
- is found. This is intended primarily for applications running in
|
182
|
|
- all-match mode. Any applications using all-match mode must use
|
183
|
|
- the new callback function to record and report detected viruses.
|
184
|
|
- - Configurable default password list to attempt zip file decryption.
|
185
|
|
- - TIFF file support.
|
186
|
|
- - Upgrade Windows pthread library to 2.9.1.
|
187
|
|
- - A new signature target type for designating signatures to run
|
188
|
|
- against files with unknown file types.
|
189
|
|
- - Improved fidelity of the "data loss prevention" heuristic
|
190
|
|
- algorithm. Code supplied by Bill Parker.
|
191
|
|
- - Support for LZMA decompression within Adobe Flash files.
|
192
|
|
- - Support for MSO attachments within Microsoft Office 2003 XML files.
|
193
|
|
- - A new sigtool option(--ascii-normalize) allowing signature authors
|
194
|
|
- to more easily generate normalized versions of ascii files.
|
195
|
|
- - Windows installation directories changed from \Program Files\Sourcefire\
|
196
|
|
- ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.
|
|
173
|
+- Processing of YARA rules(some limitations- see signatures.pdf).
|
|
174
|
+- Support in ClamAV logical signatures for many of the features
|
|
175
|
+ added for YARA, such as Perl Compatible Regular Expressions,
|
|
176
|
+ alternate strings, and YARA string attributes. See signatures.pdf
|
|
177
|
+ for full details.
|
|
178
|
+- New and improved on-access scanning for Linux. See the recent blog
|
|
179
|
+ post and clamdoc.pdf for details on the new on-access capabilities.
|
|
180
|
+- A new ClamAV API callback function that is invoked when a virus
|
|
181
|
+ is found. This is intended primarily for applications running in
|
|
182
|
+ all-match mode. Any applications using all-match mode must use
|
|
183
|
+ the new callback function to record and report detected viruses.
|
|
184
|
+- Configurable default password list to attempt zip file decryption.
|
|
185
|
+- TIFF file support.
|
|
186
|
+- Upgrade Windows pthread library to 2.9.1.
|
|
187
|
+- A new signature target type for designating signatures to run
|
|
188
|
+ against files with unknown file types.
|
|
189
|
+- Improved fidelity of the "data loss prevention" heuristic
|
|
190
|
+ algorithm. Code supplied by Bill Parker.
|
|
191
|
+- Support for LZMA decompression within Adobe Flash files.
|
|
192
|
+- Support for MSO attachments within Microsoft Office 2003 XML files.
|
|
193
|
+- A new sigtool option(--ascii-normalize) allowing signature authors
|
|
194
|
+ to more easily generate normalized versions of ascii files.
|
|
195
|
+- Windows installation directories changed from \Program Files\Sourcefire\
|
|
196
|
+ ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.
|
197
|
197
|
|
198
|
198
|
PLEASE NOTE: If you are using clamd on-access scanning or have applications
|
199
|
199
|
using all-match mode, you will want to review the changes and make any necessary
|
...
|
...
|
@@ -204,48 +230,47 @@ aware of the change of installation directories.
|
204
|
204
|
Thank you to the ClamAV community members who sent patches and bug reports
|
205
|
205
|
included for ClamAV 0.99:
|
206
|
206
|
|
207
|
|
-Steve Basford
|
208
|
|
-Sebastian Andrzej Siewior
|
209
|
|
-Bill Parker
|
210
|
|
-Andreas Schulze
|
211
|
|
-Yann E. Morin
|
212
|
|
-Andreas Cadhalpun
|
213
|
|
-Dmitry Marakasov
|
214
|
|
-Michael Pelletier
|
215
|
|
-Felix Groebert
|
216
|
|
-Stephen Welker
|
|
207
|
+- Steve Basford
|
|
208
|
+- Sebastian Andrzej Siewior
|
|
209
|
+- Bill Parker
|
|
210
|
+- Andreas Schulze
|
|
211
|
+- Yann E. Morin
|
|
212
|
+- Andreas Cadhalpun
|
|
213
|
+- Dmitry Marakasov
|
|
214
|
+- Michael Pelletier
|
|
215
|
+- Felix Groebert
|
|
216
|
+- Stephen Welker
|
217
|
217
|
|
218
|
|
-0.98.7
|
|
218
|
+## 0.98.7
|
219
|
219
|
|
220
|
220
|
ClamAV 0.98.7 is here! This release contains new scanning features
|
221
|
221
|
and bug fixes.
|
222
|
222
|
|
223
|
|
- - Improvements to PDF processing: decryption, escape sequence
|
224
|
|
- handling, and file property collection.
|
225
|
|
- - Scanning/analysis of additional Microsoft Office 2003 XML format.
|
226
|
|
- - Fix infinite loop condition on crafted y0da cryptor file. Identified
|
227
|
|
- and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
|
228
|
|
- - Fix crash on crafted petite packed file. Reported and patch
|
229
|
|
- supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
|
230
|
|
- - Fix false negatives on files within iso9660 containers. This issue
|
231
|
|
- was reported by Minzhuan Gong.
|
232
|
|
- - Fix a couple crashes on crafted upack packed file. Identified and
|
233
|
|
- patches supplied by Sebastian Andrzej Siewior.
|
234
|
|
- - Fix a crash during algorithmic detection on crafted PE file.
|
235
|
|
- Identified and patch supplied by Sebastian Andrzej Siewior.
|
236
|
|
- - Fix an infinite loop condition on a crafted "xz" archive file.
|
237
|
|
- This was reported by Dimitri Kirchner and Goulven Guiheux.
|
238
|
|
- CVE-2015-2668.
|
239
|
|
- - Fix compilation error after ./configure --disable-pthreads.
|
240
|
|
- Reported and fix suggested by John E. Krokes.
|
241
|
|
- - Apply upstream patch for possible heap overflow in Henry Spencer's
|
242
|
|
- regex library. CVE-2015-2305.
|
243
|
|
- - Fix crash in upx decoder with crafted file. Discovered and patch
|
244
|
|
- supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
|
245
|
|
- - Fix segfault scanning certain HTML files. Reported with sample by
|
246
|
|
- Kai Risku.
|
247
|
|
- - Improve detections within xar/pkg files.
|
|
223
|
+- Improvements to PDF processing: decryption, escape sequence
|
|
224
|
+ handling, and file property collection.
|
|
225
|
+- Scanning/analysis of additional Microsoft Office 2003 XML format.
|
|
226
|
+- Fix infinite loop condition on crafted y0da cryptor file. Identified
|
|
227
|
+ and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
|
|
228
|
+- Fix crash on crafted petite packed file. Reported and patch
|
|
229
|
+ supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
|
|
230
|
+- Fix false negatives on files within iso9660 containers. This issue
|
|
231
|
+ was reported by Minzhuan Gong.
|
|
232
|
+- Fix a couple crashes on crafted upack packed file. Identified and
|
|
233
|
+ patches supplied by Sebastian Andrzej Siewior.
|
|
234
|
+- Fix a crash during algorithmic detection on crafted PE file.
|
|
235
|
+ Identified and patch supplied by Sebastian Andrzej Siewior.
|
|
236
|
+- Fix an infinite loop condition on a crafted "xz" archive file.
|
|
237
|
+ This was reported by Dimitri Kirchner and Goulven Guiheux.
|
|
238
|
+ CVE-2015-2668.
|
|
239
|
+- Fix compilation error after ./configure --disable-pthreads.
|
|
240
|
+ Reported and fix suggested by John E. Krokes.
|
|
241
|
+- Apply upstream patch for possible heap overflow in Henry Spencer's
|
|
242
|
+ regex library. CVE-2015-2305.
|
|
243
|
+- Fix crash in upx decoder with crafted file. Discovered and patch
|
|
244
|
+ supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
|
|
245
|
+- Fix segfault scanning certain HTML files. Reported with sample by
|
|
246
|
+ Kai Risku.
|
|
247
|
+- Improve detections within xar/pkg files.
|
248
|
248
|
|
249
|
249
|
As always, we appreciate contributions of bug reports, code fixes,
|
250
|
250
|
and sample submission from the ClamAV community members:
|
...
|
...
|
@@ -257,30 +282,29 @@ Goulven Guiheux
|
257
|
257
|
John E. Krokes
|
258
|
258
|
Kai Risku
|
259
|
259
|
|
260
|
|
-0.98.6
|
|
260
|
+## 0.98.6
|
261
|
261
|
|
262
|
262
|
ClamAV 0.98.6 is a bug fix release correcting the following:
|
263
|
263
|
|
264
|
|
- - library shared object revisions.
|
265
|
|
- - installation issues on some Mac OS X and FreeBSD platforms.
|
266
|
|
- - includes a patch from Sebastian Andrzej Siewior making
|
267
|
|
- ClamAV pid files compatible with systemd.
|
268
|
|
- - Fix a heap out of bounds condition with crafted Yoda's
|
269
|
|
- crypter files. This issue was discovered by Felix Groebert
|
270
|
|
- of the Google Security Team.
|
271
|
|
- - Fix a heap out of bounds condition with crafted mew packer
|
272
|
|
- files. This issue was discovered by Felix Groebert of the
|
273
|
|
- Google Security Team.
|
274
|
|
- - Fix a heap out of bounds condition with crafted upx packer
|
275
|
|
- files. This issue was discovered by Kevin Szkudlapski of
|
276
|
|
- Quarkslab.
|
277
|
|
- - Fix a heap out of bounds condition with crafted upack packer
|
278
|
|
- files. This issue was discovered by Sebastian Andrzej Siewior.
|
279
|
|
- CVE-2014-9328.
|
280
|
|
- - Compensate a crash due to incorrect compiler optimization when
|
281
|
|
- handling crafted petite packer files. This issue was discovered
|
282
|
|
- by Sebastian Andrzej Siewior.
|
|
264
|
+- library shared object revisions.
|
|
265
|
+- installation issues on some Mac OS X and FreeBSD platforms.
|
|
266
|
+- includes a patch from Sebastian Andrzej Siewior making
|
|
267
|
+ ClamAV pid files compatible with systemd.
|
|
268
|
+- Fix a heap out of bounds condition with crafted Yoda's
|
|
269
|
+ crypter files. This issue was discovered by Felix Groebert
|
|
270
|
+ of the Google Security Team.
|
|
271
|
+- Fix a heap out of bounds condition with crafted mew packer
|
|
272
|
+ files. This issue was discovered by Felix Groebert of the
|
|
273
|
+ Google Security Team.
|
|
274
|
+- Fix a heap out of bounds condition with crafted upx packer
|
|
275
|
+ files. This issue was discovered by Kevin Szkudlapski of
|
|
276
|
+ Quarkslab.
|
|
277
|
+- Fix a heap out of bounds condition with crafted upack packer
|
|
278
|
+ files. This issue was discovered by Sebastian Andrzej Siewior.
|
|
279
|
+ CVE-2014-9328.
|
|
280
|
+- Compensate a crash due to incorrect compiler optimization when
|
|
281
|
+ handling crafted petite packer files. This issue was discovered
|
|
282
|
+ by Sebastian Andrzej Siewior.
|
283
|
283
|
|
284
|
284
|
Thanks to the following ClamAV community members for code submissions
|
285
|
285
|
and bug reporting included in ClamAV 0.98.6:
|
...
|
...
|
@@ -291,8 +315,7 @@ Kevin Szkudlapski
|
291
|
291
|
Mark Pizzolato
|
292
|
292
|
Daniel J. Luke
|
293
|
293
|
|
294
|
|
-0.98.5
|
|
294
|
+## 0.98.5
|
295
|
295
|
|
296
|
296
|
Welcome to ClamAV 0.98.5! ClamAV 0.98.5 includes important new features
|
297
|
297
|
for collecting and analyzing file properties. Software developers and
|
...
|
...
|
@@ -307,27 +330,27 @@ properties.
|
307
|
307
|
|
308
|
308
|
ClamAV 0.98.5 also includes these new features and bug fixes:
|
309
|
309
|
|
310
|
|
- - Support for the XDP file format and extracting, decoding, and
|
311
|
|
- scanning PDF files within XDP files.
|
312
|
|
- - Addition of shared library support for LLVM versions 3.1 - 3.5
|
313
|
|
- for the purpose of just-in-time(JIT) compilation of ClamAV
|
314
|
|
- bytecode signatures. Andreas Cadhalpun submitted the patch
|
315
|
|
- implementing this support.
|
316
|
|
- - Enhancements to the clambc command line utility to assist
|
317
|
|
- ClamAV bytecode signature authors by providing introspection
|
318
|
|
- into compiled bytecode programs.
|
319
|
|
- - Resolution of many of the warning messages from ClamAV compilation.
|
320
|
|
- - Improved detection of malicious PE files.
|
321
|
|
- - Security fix for ClamAV crash when using 'clamscan -a'. This issue
|
322
|
|
- was identified by Kurt Siefried of Red Hat.
|
323
|
|
- - Security fix for ClamAV crash when scanning maliciously crafted
|
324
|
|
- yoda's crypter files. This issue, as well as several other bugs
|
325
|
|
- fixed in this release, were identified by Damien Millescamp of
|
326
|
|
- Oppida.
|
327
|
|
- - ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode.
|
328
|
|
- Thanks to Reinhard Max for supplying the patch.
|
329
|
|
- - Bug fixes and other feature enhancements. See Changelog or
|
330
|
|
- git log for details.
|
|
310
|
+- Support for the XDP file format and extracting, decoding, and
|
|
311
|
+ scanning PDF files within XDP files.
|
|
312
|
+- Addition of shared library support for LLVM versions 3.1 - 3.5
|
|
313
|
+ for the purpose of just-in-time(JIT) compilation of ClamAV
|
|
314
|
+ bytecode signatures. Andreas Cadhalpun submitted the patch
|
|
315
|
+ implementing this support.
|
|
316
|
+- Enhancements to the clambc command line utility to assist
|
|
317
|
+ ClamAV bytecode signature authors by providing introspection
|
|
318
|
+ into compiled bytecode programs.
|
|
319
|
+- Resolution of many of the warning messages from ClamAV compilation.
|
|
320
|
+- Improved detection of malicious PE files.
|
|
321
|
+- Security fix for ClamAV crash when using 'clamscan -a'. This issue
|
|
322
|
+ was identified by Kurt Siefried of Red Hat.
|
|
323
|
+- Security fix for ClamAV crash when scanning maliciously crafted
|
|
324
|
+ yoda's crypter files. This issue, as well as several other bugs
|
|
325
|
+ fixed in this release, were identified by Damien Millescamp of
|
|
326
|
+ Oppida.
|
|
327
|
+- ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode.
|
|
328
|
+ Thanks to Reinhard Max for supplying the patch.
|
|
329
|
+- Bug fixes and other feature enhancements. See Changelog or
|
|
330
|
+ git log for details.
|
331
|
331
|
|
332
|
332
|
Thanks to the following ClamAV community members for code submissions
|
333
|
333
|
and bug reporting included in ClamAV 0.98.5:
|
...
|
...
|
@@ -338,25 +361,18 @@ Damien Millescamp
|
338
|
338
|
Reinhard Max
|
339
|
339
|
Kurt Seifried
|
340
|
340
|
|
341
|
|
-0.98.4
|
|
341
|
+## 0.98.4
|
342
|
342
|
|
343
|
343
|
ClamAV 0.98.4 is a bug fix release. The following issues are now resolved:
|
344
|
344
|
|
345
|
|
- - Various build problems on Solaris, OpenBSD, AIX.
|
346
|
|
-
|
347
|
|
- - Crashes of clamd on Windows and Mac OS X platforms when reloading
|
348
|
|
- the virus signature database.
|
349
|
|
-
|
350
|
|
- - Infinite loop in clamdscan when clamd is not running.
|
351
|
|
-
|
352
|
|
- - Freshclam failure on Solaris 10.
|
353
|
|
-
|
354
|
|
- - Buffer underruns when handling multi-part MIME email attachments.
|
355
|
|
-
|
356
|
|
- - Configuration of OpenSSL on various platforms.
|
357
|
|
-
|
358
|
|
- - Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1.
|
|
345
|
+- Various build problems on Solaris, OpenBSD, AIX.
|
|
346
|
+- Crashes of clamd on Windows and Mac OS X platforms when reloading
|
|
347
|
+ the virus signature database.
|
|
348
|
+- Infinite loop in clamdscan when clamd is not running.
|
|
349
|
+- Freshclam failure on Solaris 10.
|
|
350
|
+- Buffer underruns when handling multi-part MIME email attachments.
|
|
351
|
+- Configuration of OpenSSL on various platforms.
|
|
352
|
+- Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1.
|
359
|
353
|
|
360
|
354
|
Thanks to the following individuals for testing, writing patches, and
|
361
|
355
|
initiating quality improvements in this release:
|
...
|
...
|
@@ -374,52 +390,41 @@ Larry Rosenbaum
|
374
|
374
|
Dave Simonson
|
375
|
375
|
Sebastian Andrzej Siewior
|
376
|
376
|
|
377
|
|
-0.98.2
|
|
377
|
+## 0.98.2
|
378
|
378
|
|
379
|
379
|
Here are the new features and improvements in ClamAV 0.98.2:
|
380
|
380
|
|
381
|
|
- - Support for common raw disk image formats using 512 byte sectors,
|
382
|
|
- specifically GPT, APM, and MBR partitioning.
|
383
|
|
-
|
384
|
|
- - Experimental support of OpenIOC files. ClamAV will now extract file
|
385
|
|
- hashes from OpenIOC files residing in the signature database location,
|
386
|
|
- and generate ClamAV hash signatures. ClamAV uses no other OpenIOC
|
387
|
|
- features at this time. No OpenIOC files will be delivered through
|
388
|
|
- freshclam. See openioc.org and iocbucket.com for additional information
|
389
|
|
- about OpenIOC.
|
390
|
|
-
|
391
|
|
- - All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)
|
392
|
|
- now support IPV6 addresses and configuration parameters.
|
393
|
|
-
|
394
|
|
- - Use OpenSSL file hash functions for improved performance. OpenSSL
|
395
|
|
- is now prerequisite software for ClamAV 0.98.2.
|
396
|
|
-
|
397
|
|
- - Improved detection of malware scripts within image files. Issue reported
|
398
|
|
- by Maarten Broekman.
|
399
|
|
-
|
400
|
|
- - Change to circumvent possible denial of service when processing icons within
|
401
|
|
- specially crafted PE files. Icon limits are now in place with corresponding
|
402
|
|
- clamd and clamscan configuration parameters. This issue was reported by
|
403
|
|
- Joxean Koret.
|
404
|
|
-
|
405
|
|
- - Improvements to the fidelity of the ClamAV pattern matcher, an issue
|
406
|
|
- reported by Christian Blichmann.
|
407
|
|
-
|
408
|
|
- - Opt-in collection of statistics. Statistics collected are: sizes and MD5
|
409
|
|
- hashes of files, PE file section counts and section MD5 hashes, and names
|
410
|
|
- and counts of detected viruses. Enable statistics collection with the
|
411
|
|
- --enable-stats clamscan flag or StatsEnabled clamd configuration
|
412
|
|
- parameter.
|
413
|
|
-
|
414
|
|
- - Improvements to ClamAV build process, unit tests, and platform support with
|
415
|
|
- assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,
|
416
|
|
- and Dave Simonson.
|
417
|
|
-
|
418
|
|
- - Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.
|
419
|
|
-
|
420
|
|
- - ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation
|
421
|
|
- improvements.
|
|
381
|
+- Support for common raw disk image formats using 512 byte sectors,
|
|
382
|
+ specifically GPT, APM, and MBR partitioning.
|
|
383
|
+- Experimental support of OpenIOC files. ClamAV will now extract file
|
|
384
|
+ hashes from OpenIOC files residing in the signature database location,
|
|
385
|
+ and generate ClamAV hash signatures. ClamAV uses no other OpenIOC
|
|
386
|
+ features at this time. No OpenIOC files will be delivered through
|
|
387
|
+ freshclam. See openioc.org and iocbucket.com for additional information
|
|
388
|
+ about OpenIOC.
|
|
389
|
+- All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)
|
|
390
|
+ now support IPV6 addresses and configuration parameters.
|
|
391
|
+- Use OpenSSL file hash functions for improved performance. OpenSSL
|
|
392
|
+ is now prerequisite software for ClamAV 0.98.2.
|
|
393
|
+- Improved detection of malware scripts within image files. Issue reported
|
|
394
|
+ by Maarten Broekman.
|
|
395
|
+- Change to circumvent possible denial of service when processing icons within
|
|
396
|
+ specially crafted PE files. Icon limits are now in place with corresponding
|
|
397
|
+ clamd and clamscan configuration parameters. This issue was reported by
|
|
398
|
+ Joxean Koret.
|
|
399
|
+- Improvements to the fidelity of the ClamAV pattern matcher, an issue
|
|
400
|
+ reported by Christian Blichmann.
|
|
401
|
+- Opt-in collection of statistics. Statistics collected are: sizes and MD5
|
|
402
|
+ hashes of files, PE file section counts and section MD5 hashes, and names
|
|
403
|
+ and counts of detected viruses. Enable statistics collection with the
|
|
404
|
+ --enable-stats clamscan flag or StatsEnabled clamd configuration
|
|
405
|
+ parameter.
|
|
406
|
+- Improvements to ClamAV build process, unit tests, and platform support with
|
|
407
|
+ assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,
|
|
408
|
+ and Dave Simonson.
|
|
409
|
+- Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.
|
|
410
|
+- ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation
|
|
411
|
+ improvements.
|
422
|
412
|
|
423
|
413
|
Thanks to the following ClamAV community members for sending patches or reporting
|
424
|
414
|
bugs and issues that are addressed in ClamAV 0.98.2:
|
...
|
...
|
@@ -430,7 +435,7 @@ Joxean Koret
|
430
|
430
|
Arkadiusz Miskiewicz
|
431
|
431
|
Dave Simonson
|
432
|
432
|
Maarten Broekman
|
433
|
|
-Christian Blichmann
|
|
433
|
+Christian Blichmann
|
434
|
434
|
|
435
|
435
|
--
|
436
|
436
|
|
...
|
...
|
@@ -450,88 +455,87 @@ do not wish to do so, delete this exception statement from your
|
450
|
450
|
version. If you delete this exception statement from all source
|
451
|
451
|
files in the program, then also delete it here.
|
452
|
452
|
|
453
|
|
-0.98.1
|
|
453
|
+## 0.98.1
|
|
454
|
+
|
454
|
455
|
ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and
|
455
|
456
|
quality improvements. These include:
|
456
|
457
|
|
457
|
|
- - Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.
|
|
458
|
+- Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.
|
458
|
459
|
|
459
|
|
- - Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
|
460
|
|
- XAR format is commonly used for software packaging, such as PKG and RPM, as well as
|
461
|
|
- general archival.
|
|
460
|
+- Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
|
|
461
|
+ XAR format is commonly used for software packaging, such as PKG and RPM, as well as
|
|
462
|
+ general archival.
|
462
|
463
|
|
463
|
|
- - Decompression and scanning of files in "Xz" compression format.
|
|
464
|
+- Decompression and scanning of files in "Xz" compression format.
|
464
|
465
|
|
465
|
|
- - Recognition of Open Office XML formats.
|
|
466
|
+- Recognition of Open Office XML formats.
|
466
|
467
|
|
467
|
|
- - Improvements and fixes to extraction and scanning of ole formats.
|
|
468
|
+- Improvements and fixes to extraction and scanning of ole formats.
|
468
|
469
|
|
469
|
|
- - Option to force all scanned data to disk. This impacts only a few file types where
|
470
|
|
- some embedded content is normally scanned in memory. Enabling this option
|
471
|
|
- ensures that a file descriptor exists when callback functions are used, at a small
|
472
|
|
- performance cost. This should only be needed when callback functions are used
|
473
|
|
- that need file access.
|
|
470
|
+- Option to force all scanned data to disk. This impacts only a few file types where
|
|
471
|
+ some embedded content is normally scanned in memory. Enabling this option
|
|
472
|
+ ensures that a file descriptor exists when callback functions are used, at a small
|
|
473
|
+ performance cost. This should only be needed when callback functions are used
|
|
474
|
+ that need file access.
|
474
|
475
|
|
475
|
|
- - Various improvements to ClamAV configuration, support of third party libraries,
|
476
|
|
- and unit tests.
|
|
476
|
+- Various improvements to ClamAV configuration, support of third party libraries,
|
|
477
|
+ and unit tests.
|
477
|
478
|
|
478
|
|
-0.98
|
|
479
|
+## 0.98
|
479
|
480
|
|
480
|
481
|
ClamAV 0.98 includes many new features, across all the different components
|
481
|
482
|
of ClamAV. There are new scanning options, extensions to the libclamav API,
|
482
|
483
|
support for additional filetypes, and internal upgrades.
|
483
|
484
|
|
484
|
|
- - Signature improvements: New signature targets have been added for
|
485
|
|
- PDF files, Flash files and Java class files. (NOTE: Java archive files
|
486
|
|
- (JAR) are not part of the Java target.) Hash signatures can now specify
|
487
|
|
- a '*' (wildcard) size if the size is unknown. Using wildcard size
|
488
|
|
- requires setting the minimum engine FLEVEL to avoid backwards
|
489
|
|
- compatibility issues. For more details read the ClamAV Signatures
|
490
|
|
- guide.
|
491
|
|
-
|
492
|
|
- - Scanning enhancements: New filetypes can be unpacked and scanned,
|
493
|
|
- including ISO9660, Flash, and self-extracting 7z files. PDF
|
494
|
|
- handling is now more robust and better handles encrypted PDF files.
|
495
|
|
-
|
496
|
|
- - Authenticode: ClamAV is now aware of the certificate chains when
|
497
|
|
- scanning signed PE files. When the database contains signatures for
|
498
|
|
- trusted root certificate authorities, the engine can whitelist
|
499
|
|
- PE files with a valid signature. The same database file can also
|
500
|
|
- include known compromised certificates to be rejected! This
|
501
|
|
- feature can also be disabled in clamd.conf (DisableCertCheck) or
|
502
|
|
- the command-line (nocerts).
|
503
|
|
-
|
504
|
|
- - New options: Several new options for clamscan and clamd have been
|
505
|
|
- added. For example, ClamAV can be set to print infected files and
|
506
|
|
- error files, and suppress printing OK results. This can be helpful
|
507
|
|
- when scanning large numbers of files. This new option is "-o" for
|
508
|
|
- clamscan and "LogClean" for clamd. Check clamd.conf or the clamscan
|
509
|
|
- help message for specific details.
|
510
|
|
-
|
511
|
|
- - New callbacks added to the API: The libclamav API has additional hooks
|
512
|
|
- for developers to use when wrapping ClamAV scanning. These function
|
513
|
|
- types are prefixed with "clcb_" and allow developers to add logic at
|
514
|
|
- certain steps of the scanning process without directly modifying the
|
515
|
|
- library. For more details refer to the clamav.h file.
|
516
|
|
-
|
517
|
|
- - More configurable limits: Several hardcoded values are now configurable
|
518
|
|
- parameters, providing more options for tuning the engine to match your
|
519
|
|
- needs. Check clamd.conf or the clamscan help message for specific
|
520
|
|
- details.
|
521
|
|
-
|
522
|
|
- - Performance improvements: This release furthers the use of memory maps
|
523
|
|
- during scanning and unpacking, continuing the conversion started in
|
524
|
|
- prior releases. Complex math functions have been switched from
|
525
|
|
- libtommath to tomsfastmath functions. The A/C matcher code has also
|
526
|
|
- been optimized to provide a speed boost.
|
527
|
|
-
|
528
|
|
- - Support for on-access scanning using Clamuko/Dazuko has been replaced
|
529
|
|
- with fanotify. Accordingly, clamd.conf settings related to on-access
|
530
|
|
- scanning have had Clamuko removed from the name. Clamuko-specific
|
531
|
|
- configuration items have been marked deprecated and should no longer
|
532
|
|
- be used.
|
|
485
|
+- Signature improvements: New signature targets have been added for
|
|
486
|
+ PDF files, Flash files and Java class files. (NOTE: Java archive files
|
|
487
|
+ (JAR) are not part of the Java target.) Hash signatures can now specify
|
|
488
|
+ a '*' (wildcard) size if the size is unknown. Using wildcard size
|
|
489
|
+ requires setting the minimum engine FLEVEL to avoid backwards
|
|
490
|
+ compatibility issues. For more details read the ClamAV Signatures
|
|
491
|
+ guide.
|
|
492
|
+
|
|
493
|
+- Scanning enhancements: New filetypes can be unpacked and scanned,
|
|
494
|
+ including ISO9660, Flash, and self-extracting 7z files. PDF
|
|
495
|
+ handling is now more robust and better handles encrypted PDF files.
|
|
496
|
+
|
|
497
|
+- Authenticode: ClamAV is now aware of the certificate chains when
|
|
498
|
+ scanning signed PE files. When the database contains signatures for
|
|
499
|
+ trusted root certificate authorities, the engine can whitelist
|
|
500
|
+ PE files with a valid signature. The same database file can also
|
|
501
|
+ include known compromised certificates to be rejected! This
|
|
502
|
+ feature can also be disabled in clamd.conf (DisableCertCheck) or
|
|
503
|
+ the command-line (nocerts).
|
|
504
|
+
|
|
505
|
+- New options: Several new options for clamscan and clamd have been
|
|
506
|
+ added. For example, ClamAV can be set to print infected files and
|
|
507
|
+ error files, and suppress printing OK results. This can be helpful
|
|
508
|
+ when scanning large numbers of files. This new option is "-o" for
|
|
509
|
+ clamscan and "LogClean" for clamd. Check clamd.conf or the clamscan
|
|
510
|
+ help message for specific details.
|
|
511
|
+
|
|
512
|
+- New callbacks added to the API: The libclamav API has additional hooks
|
|
513
|
+ for developers to use when wrapping ClamAV scanning. These function
|
|
514
|
+ types are prefixed with "clcb_" and allow developers to add logic at
|
|
515
|
+ certain steps of the scanning process without directly modifying the
|
|
516
|
+ library. For more details refer to the clamav.h file.
|
|
517
|
+
|
|
518
|
+- More configurable limits: Several hardcoded values are now configurable
|
|
519
|
+ parameters, providing more options for tuning the engine to match your
|
|
520
|
+ needs. Check clamd.conf or the clamscan help message for specific
|
|
521
|
+ details.
|
|
522
|
+
|
|
523
|
+- Performance improvements: This release furthers the use of memory maps
|
|
524
|
+ during scanning and unpacking, continuing the conversion started in
|
|
525
|
+ prior releases. Complex math functions have been switched from
|
|
526
|
+ libtommath to tomsfastmath functions. The A/C matcher code has also
|
|
527
|
+ been optimized to provide a speed boost.
|
|
528
|
+
|
|
529
|
+- Support for on-access scanning using Clamuko/Dazuko has been replaced
|
|
530
|
+ with fanotify. Accordingly, clamd.conf settings related to on-access
|
|
531
|
+ scanning have had Clamuko removed from the name. Clamuko-specific
|
|
532
|
+ configuration items have been marked deprecated and should no longer
|
|
533
|
+ be used.
|
533
|
534
|
|
534
|
535
|
There are also fixes for other minor issues and code quality changes. Please
|
535
|
536
|
see the ChangeLog file for details.
|
...
|
...
|
@@ -539,57 +543,49 @@ see the ChangeLog file for details.
|
539
|
539
|
--
|
540
|
540
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
541
|
541
|
|
542
|
|
-0.97.8
|
|
542
|
+## 0.97.8
|
543
|
543
|
|
544
|
544
|
ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to
|
545
|
545
|
Felix Groebert of the Google Security Team for finding and reporting these
|
546
|
546
|
issues.
|
547
|
547
|
|
548
|
|
-0.97.7
|
|
548
|
+## 0.97.7
|
549
|
549
|
|
550
|
550
|
ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to
|
551
|
551
|
Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security
|
552
|
552
|
Team for finding and reporting these issues.
|
553
|
553
|
|
554
|
|
-0.97.6
|
|
554
|
+## 0.97.6
|
555
|
555
|
|
556
|
556
|
ClamAV 0.97.6 includes minor bug fixes and detection improvements.
|
557
|
557
|
ClamAV 0.97.6 corrects bug 5252 "CL_EFORMAT: Bad format or broken data ERROR
|
558
|
558
|
reported as scan result."
|
559
|
559
|
|
560
|
|
-0.97.5
|
|
560
|
+## 0.97.5
|
561
|
561
|
|
562
|
562
|
ClamAV 0.97.5 addresses possible evasion cases in some archive formats
|
563
|
563
|
(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability
|
564
|
564
|
issues in portions of the bytecode engine. This release is recommended for
|
565
|
565
|
all users.
|
566
|
566
|
|
567
|
|
-0.97.4
|
|
567
|
+## 0.97.4
|
568
|
568
|
|
569
|
569
|
ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial
|
570
|
570
|
support for on-access scanning under Mac OS X (see contrib/ClamAuth).
|
571
|
571
|
This update is recommended for all users.
|
572
|
572
|
|
573
|
|
-0.97.3
|
|
573
|
+## 0.97.3
|
574
|
574
|
|
575
|
575
|
ClamAV 0.97.3 is a minor bugfix release and is recommended for all
|
576
|
576
|
users. Please refer to the ChangeLog file for details.
|
577
|
577
|
|
578
|
|
-0.97.2
|
|
578
|
+## 0.97.2
|
579
|
579
|
|
580
|
580
|
ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing detection,
|
581
|
581
|
hash matcher, and other minor issues. Please see the ChangeLog file for
|
582
|
582
|
details.
|
583
|
583
|
|
584
|
|
-0.97.1
|
|
584
|
+## 0.97.1
|
585
|
585
|
|
586
|
586
|
This is a bugfix release recommended for all users. Please refer to the
|
587
|
587
|
ChangeLog file for details.
|
...
|
...
|
@@ -597,9 +593,7 @@ ChangeLog file for details.
|
597
|
597
|
--
|
598
|
598
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
599
|
599
|
|
600
|
|
-
|
601
|
|
-0.97
|
|
600
|
+## 0.97
|
602
|
601
|
|
603
|
602
|
ClamAV 0.97 brings many improvements, including complete Windows support
|
604
|
603
|
(all major components compile out-of-box under Visual Studio), support for
|
...
|
...
|
@@ -618,13 +612,10 @@ powered by ClamAV. If you run Windows systems in your environment and
|
618
|
618
|
need an AV solution to protect them, give Immunet 3.0, powered by ClamAV
|
619
|
619
|
a try; you can download it from https://www.clamav.net/download.html#otherversions
|
620
|
620
|
|
621
|
|
-
|
622
|
621
|
--
|
623
|
622
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
624
|
623
|
|
625
|
|
-
|
626
|
|
-0.96.5
|
|
624
|
+## 0.96.5
|
627
|
625
|
|
628
|
626
|
ClamAV 0.96.5 includes bugfixes and minor feature enhancements, such as
|
629
|
627
|
improved handling of detection statistics, better file logging,
|
...
|
...
|
@@ -634,17 +625,14 @@ ChangeLog for details.
|
634
|
634
|
--
|
635
|
635
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
636
|
636
|
|
637
|
|
-
|
638
|
|
-0.96.4
|
|
637
|
+## 0.96.4
|
639
|
638
|
|
640
|
639
|
ClamAV 0.96.4 is a bugfix release recommended for all users.
|
641
|
640
|
|
642
|
641
|
--
|
643
|
642
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
644
|
643
|
|
645
|
|
-0.96.3
|
|
644
|
+## 0.96.3
|
646
|
645
|
|
647
|
646
|
This release fixes problems with the PDF parser and the internal bzip2
|
648
|
647
|
library. A complete list of changes is available in the Changelog file.
|
...
|
...
|
@@ -652,15 +640,13 @@ library. A complete list of changes is available in the Changelog file.
|
652
|
652
|
--
|
653
|
653
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
654
|
654
|
|
655
|
|
-0.96.2
|
|
655
|
+## 0.96.2
|
656
|
656
|
|
657
|
657
|
ClamAV 0.96.2 brings a new PDF parser, performance and memory improvements,
|
658
|
658
|
and a number of bugfixes and minor enhancements. This upgrade is recommended
|
659
|
659
|
for all users.
|
660
|
660
|
|
661
|
|
-0.96.1
|
|
661
|
+## 0.96.1
|
662
|
662
|
|
663
|
663
|
This is a bugfix release, please refer to the ChangeLog for the complete
|
664
|
664
|
list of changes.
|
...
|
...
|
@@ -668,40 +654,39 @@ list of changes.
|
668
|
668
|
--
|
669
|
669
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
670
|
670
|
|
671
|
|
-0.96
|
|
671
|
+## 0.96
|
672
|
672
|
|
673
|
673
|
This release of ClamAV introduces new malware detection mechanisms and other
|
674
|
674
|
significant improvements to the scan engine. The key features include:
|
675
|
675
|
|
676
|
|
- - The Bytecode Interpreter: the interpreter built into LibClamAV allows
|
677
|
|
- the signature writers to create and distribute very complex detection
|
678
|
|
- routines and remotely enhance the scanner's functionality
|
|
676
|
+- The Bytecode Interpreter: the interpreter built into LibClamAV allows
|
|
677
|
+ the signature writers to create and distribute very complex detection
|
|
678
|
+ routines and remotely enhance the scanner's functionality
|
679
|
679
|
|
680
|
|
- - Heuristic improvements: improve the PE heuristics detection engine by
|
681
|
|
- adding support of bogus icons and fake PE header information. In a
|
682
|
|
- nutshell, ClamAV can now detect malware that tries to disguise itself
|
683
|
|
- as a harmless application by using the most common Windows program icons.
|
|
680
|
+- Heuristic improvements: improve the PE heuristics detection engine by
|
|
681
|
+ adding support of bogus icons and fake PE header information. In a
|
|
682
|
+ nutshell, ClamAV can now detect malware that tries to disguise itself
|
|
683
|
+ as a harmless application by using the most common Windows program icons.
|
684
|
684
|
|
685
|
|
- - Signature Improvements: logical signature improvements to allow more
|
686
|
|
- detailed matching and referencing groups of signatures. Additionally,
|
687
|
|
- improvements to wildcard matching on word boundaries and newlines.
|
|
685
|
+- Signature Improvements: logical signature improvements to allow more
|
|
686
|
+ detailed matching and referencing groups of signatures. Additionally,
|
|
687
|
+ improvements to wildcard matching on word boundaries and newlines.
|
688
|
688
|
|
689
|
|
- - Support for new archives: 7zip, InstallShield and CPIO. LibClamAV
|
690
|
|
- can now transparently unpack and inspect their contents.
|
|
689
|
+- Support for new archives: 7zip, InstallShield and CPIO. LibClamAV
|
|
690
|
+ can now transparently unpack and inspect their contents.
|
691
|
691
|
|
692
|
|
- - Support for new executable file formats: 64-bit ELF files and OS X
|
693
|
|
- Universal Binaries with Mach-O files. Additionally, the PE module
|
694
|
|
- can now decompress and inspect executables packed with UPX 3.0.
|
|
692
|
+- Support for new executable file formats: 64-bit ELF files and OS X
|
|
693
|
+ Universal Binaries with Mach-O files. Additionally, the PE module
|
|
694
|
+ can now decompress and inspect executables packed with UPX 3.0.
|
695
|
695
|
|
696
|
|
- - Support for DazukoFS in clamd
|
|
696
|
+- Support for DazukoFS in clamd
|
697
|
697
|
|
698
|
|
- - Performance improvements: overall performance improvements and memory
|
699
|
|
- optimizations for a better overall resource utilization experience.
|
|
698
|
+- Performance improvements: overall performance improvements and memory
|
|
699
|
+ optimizations for a better overall resource utilization experience.
|
700
|
700
|
|
701
|
|
- - Native Windows Support: ClamAV will now build natively under Visual
|
702
|
|
- Studio. This will allow 3rd Party application developers on Windows
|
703
|
|
- to easily integrate LibClamAV into their applications.
|
|
701
|
+- Native Windows Support: ClamAV will now build natively under Visual
|
|
702
|
+ Studio. This will allow 3rd Party application developers on Windows
|
|
703
|
+ to easily integrate LibClamAV into their applications.
|
704
|
704
|
|
705
|
705
|
The complete list of changes is available in the ChangeLog file. For upgrade
|
706
|
706
|
notes and tips please see: https://wiki.clamav.net/Main/UpgradeNotes096
|
...
|
...
|
@@ -709,8 +694,7 @@ notes and tips please see: https://wiki.clamav.net/Main/UpgradeNotes096
|
709
|
709
|
--
|
710
|
710
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
711
|
711
|
|
712
|
|
-0.95.3
|
|
712
|
+## 0.95.3
|
713
|
713
|
|
714
|
714
|
ClamAV 0.95.3 is a bugfix release recommended for all users.
|
715
|
715
|
Please refer to the ChangeLog included in the source distribution
|
...
|
...
|
@@ -719,8 +703,7 @@ for the list of changes.
|
719
|
719
|
--
|
720
|
720
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
721
|
721
|
|
722
|
|
-0.95.2
|
|
722
|
+## 0.95.2
|
723
|
723
|
|
724
|
724
|
This version improves handling of archives, adds support for --file-list
|
725
|
725
|
in clamscan and clamdscan, and fixes various issues found in previous
|
...
|
...
|
@@ -729,16 +712,14 @@ releases.
|
729
|
729
|
--
|
730
|
730
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
731
|
731
|
|
732
|
|
-0.95.1
|
|
732
|
+## 0.95.1
|
733
|
733
|
|
734
|
734
|
This is a bugfix release only, please see the ChangeLog for details.
|
735
|
735
|
|
736
|
736
|
--
|
737
|
737
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
738
|
738
|
|
739
|
|
-0.95
|
|
739
|
+## 0.95
|
740
|
740
|
|
741
|
741
|
ClamAV 0.95 introduces many bugfixes, improvements and additions. To make
|
742
|
742
|
the transition easier, we put various tips and upgrade notes on this page:
|
...
|
...
|
@@ -747,57 +728,55 @@ and bugfixes, please see the ChangeLog.
|
747
|
747
|
|
748
|
748
|
The following are the key features of this release:
|
749
|
749
|
|
750
|
|
- - Google Safe Browsing support: in addition to the heuristic and signature
|
751
|
|
- based phishing detection mechanisms already available in ClamAV, the
|
752
|
|
- scanner can now make use of the Google's blacklists of suspected
|
753
|
|
- phishing and malware sites. The ClamAV Project distributes a constantly
|
754
|
|
- updated Safe Browsing database, which can be automatically fetched by
|
755
|
|
- freshclam. For more information, please see freshclam.conf(5) and
|
756
|
|
- https://www.clamav.net/documents/safebrowsing.
|
757
|
|
-
|
758
|
|
- - New clamav-milter: The program has been redesigned and rewritten from
|
759
|
|
- scratch. The most notable difference is that the internal mode has been
|
760
|
|
- dropped which means that now a working clamd companion is required.
|
761
|
|
- The milter now also has its own configuration file.
|
762
|
|
-
|
763
|
|
- - Clamd extensions: The protocol has been extended to lighten the load
|
764
|
|
- that clamd puts on the system, solve limitations of the old protocol,
|
765
|
|
- and reduce latency when signature updates are received. For more
|
766
|
|
- information about the new extensions please see the official
|
767
|
|
- documentation and the upgrade notes.
|
768
|
|
-
|
769
|
|
- - Improved API: The API used to program ClamAV's engine (libclamav) has
|
770
|
|
- been redesigned to use modern object-oriented techniques and solves
|
771
|
|
- various API/ABI compatibility issues between old and new releases.
|
772
|
|
- You can find more information in Section 6 of clamdoc.pdf and in
|
773
|
|
- the upgrade notes.
|
774
|
|
-
|
775
|
|
- - ClamdTOP: This is a new program that allows system administrators to
|
776
|
|
- monitor clamd. It provides information about the items in the clamd's
|
777
|
|
- queue, clamd's memory usage, and the version of the signature database,
|
778
|
|
- all in real-time and in nice curses-based interface.
|
779
|
|
-
|
780
|
|
- - Memory Pool Allocator: Libclamav now includes its own memory pool
|
781
|
|
- allocator based on memory mapping. This new solution replaces the
|
782
|
|
- traditional malloc/free system for the copy of the signatures that
|
783
|
|
- is kept in memory. As a result, clamd requires much less memory,
|
784
|
|
- particularly when signature updates are received and the database is
|
785
|
|
- loaded into memory.
|
786
|
|
-
|
787
|
|
- - Unified Option Parser: Prior to version 0.95 each program in ClamAV's
|
788
|
|
- suite of programs had its own set of runtime options. The new general
|
789
|
|
- parser brings consistency of use and validation to these options across
|
790
|
|
- the suite. Some command line switches of clamscan have been renamed
|
791
|
|
- (the old ones will still be accepted but will have no effect and will
|
792
|
|
- result in warnings), please see clamscan(1) and clamscan --help for
|
793
|
|
- the details.
|
|
750
|
+- Google Safe Browsing support: in addition to the heuristic and signature
|
|
751
|
+ based phishing detection mechanisms already available in ClamAV, the
|
|
752
|
+ scanner can now make use of the Google's blacklists of suspected
|
|
753
|
+ phishing and malware sites. The ClamAV Project distributes a constantly
|
|
754
|
+ updated Safe Browsing database, which can be automatically fetched by
|
|
755
|
+ freshclam. For more information, please see freshclam.conf(5) and
|
|
756
|
+ https://www.clamav.net/documents/safebrowsing.
|
|
757
|
+
|
|
758
|
+- New clamav-milter: The program has been redesigned and rewritten from
|
|
759
|
+ scratch. The most notable difference is that the internal mode has been
|
|
760
|
+ dropped which means that now a working clamd companion is required.
|
|
761
|
+ The milter now also has its own configuration file.
|
|
762
|
+
|
|
763
|
+- Clamd extensions: The protocol has been extended to lighten the load
|
|
764
|
+ that clamd puts on the system, solve limitations of the old protocol,
|
|
765
|
+ and reduce latency when signature updates are received. For more
|
|
766
|
+ information about the new extensions please see the official
|
|
767
|
+ documentation and the upgrade notes.
|
|
768
|
+
|
|
769
|
+- Improved API: The API used to program ClamAV's engine (libclamav) has
|
|
770
|
+ been redesigned to use modern object-oriented techniques and solves
|
|
771
|
+ various API/ABI compatibility issues between old and new releases.
|
|
772
|
+ You can find more information in Section 6 of clamdoc.pdf and in
|
|
773
|
+ the upgrade notes.
|
|
774
|
+
|
|
775
|
+- ClamdTOP: This is a new program that allows system administrators to
|
|
776
|
+ monitor clamd. It provides information about the items in the clamd's
|
|
777
|
+ queue, clamd's memory usage, and the version of the signature database,
|
|
778
|
+ all in real-time and in nice curses-based interface.
|
|
779
|
+
|
|
780
|
+- Memory Pool Allocator: Libclamav now includes its own memory pool
|
|
781
|
+ allocator based on memory mapping. This new solution replaces the
|
|
782
|
+ traditional malloc/free system for the copy of the signatures that
|
|
783
|
+ is kept in memory. As a result, clamd requires much less memory,
|
|
784
|
+ particularly when signature updates are received and the database is
|
|
785
|
+ loaded into memory.
|
|
786
|
+
|
|
787
|
+- Unified Option Parser: Prior to version 0.95 each program in ClamAV's
|
|
788
|
+ suite of programs had its own set of runtime options. The new general
|
|
789
|
+ parser brings consistency of use and validation to these options across
|
|
790
|
+ the suite. Some command line switches of clamscan have been renamed
|
|
791
|
+ (the old ones will still be accepted but will have no effect and will
|
|
792
|
+ result in warnings), please see clamscan(1) and clamscan --help for
|
|
793
|
+ the details.
|
794
|
794
|
|
795
|
795
|
--
|
796
|
796
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
797
|
797
|
|
798
|
|
-
|
799
|
|
-0.94.2
|
|
798
|
+## 0.94.2
|
800
|
799
|
|
801
|
800
|
This is a bugfix release, please refer to the ChangeLog for a complete
|
802
|
801
|
list of changes.
|
...
|
...
|
@@ -805,9 +784,7 @@ list of changes.
|
805
|
805
|
--
|
806
|
806
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
807
|
807
|
|
808
|
|
-
|
809
|
|
-0.94.1
|
|
808
|
+## 0.94.1
|
810
|
809
|
|
811
|
810
|
ClamAV 0.94.1 fixes some issues that were found in previous releases and
|
812
|
811
|
includes one new feature, "Malware Statistics Gathering." This is an optional
|
...
|
...
|
@@ -820,50 +797,47 @@ by enabling SubmitDetectionStats in freshclam.conf.
|
820
|
820
|
|
821
|
821
|
For more details, please refer to the ChangeLog
|
822
|
822
|
|
823
|
|
-
|
824
|
823
|
--
|
825
|
824
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
826
|
825
|
|
827
|
|
-
|
828
|
|
-0.94
|
|
826
|
+## 0.94
|
829
|
827
|
|
830
|
828
|
Sourcefire and the ClamAV team are pleased to announce the release of
|
831
|
829
|
ClamAV 0.94. The following are the key features and improvements of this
|
832
|
830
|
version:
|
833
|
831
|
|
834
|
|
- - Logical Signatures: The logical signature technology uses operators
|
835
|
|
- such as AND, OR and NOT to allow the combination of more than one
|
836
|
|
- signature into one entry in the signature database resulting in
|
837
|
|
- more detailed and flexible pattern matching.
|
|
832
|
+- Logical Signatures: The logical signature technology uses operators
|
|
833
|
+ such as AND, OR and NOT to allow the combination of more than one
|
|
834
|
+ signature into one entry in the signature database resulting in
|
|
835
|
+ more detailed and flexible pattern matching.
|
838
|
836
|
|
839
|
|
- - Anti-phishing Technology: Users can now change the priority and reporting
|
840
|
|
- of ClamAV's heuristic anti-phishing scanner within the detection engine
|
841
|
|
- process. They can choose whether, when scanning a suspicious file, ClamAV
|
842
|
|
- should stop scanning and report the phish, or continue to scan in case the
|
843
|
|
- file contains other malware (clamd: HeuristicScanPrecedence,
|
844
|
|
- clamscan: --heuristic-scan-precedence)
|
|
837
|
+- Anti-phishing Technology: Users can now change the priority and reporting
|
|
838
|
+ of ClamAV's heuristic anti-phishing scanner within the detection engine
|
|
839
|
+ process. They can choose whether, when scanning a suspicious file, ClamAV
|
|
840
|
+ should stop scanning and report the phish, or continue to scan in case the
|
|
841
|
+ file contains other malware (clamd: HeuristicScanPrecedence,
|
|
842
|
+ clamscan: --heuristic-scan-precedence)
|
845
|
843
|
|
846
|
|
- - Disassembly Engine: The initial version of the disassembly engine improves
|
847
|
|
- ClamAV's detection abilities.
|
|
844
|
+- Disassembly Engine: The initial version of the disassembly engine improves
|
|
845
|
+ ClamAV's detection abilities.
|
848
|
846
|
|
849
|
|
- - PUA Detection: Users can now decide which PUA signatures should be loaded
|
850
|
|
- (clamd: ExcludePUA, IncludePUA; clamscan: --exclude-pua, --include-pua)
|
|
847
|
+- PUA Detection: Users can now decide which PUA signatures should be loaded
|
|
848
|
+ (clamd: ExcludePUA, IncludePUA; clamscan: --exclude-pua, --include-pua)
|
851
|
849
|
|
852
|
|
- - Data Loss Prevention (DLP): This version includes a new module that, when
|
853
|
|
- enabled, scans data for the inclusion of US formated Social Security
|
854
|
|
- Numbers and credit card numbers (clamd: StructuredDataDetection,
|
855
|
|
- clamscan: --detect-structured; additional fine-tuning options are available)
|
|
850
|
+- Data Loss Prevention (DLP): This version includes a new module that, when
|
|
851
|
+ enabled, scans data for the inclusion of US formated Social Security
|
|
852
|
+ Numbers and credit card numbers (clamd: StructuredDataDetection,
|
|
853
|
+ clamscan: --detect-structured; additional fine-tuning options are available)
|
856
|
854
|
|
857
|
|
- - IPv6 Support: Freshclam now supports IPv6
|
|
855
|
+- IPv6 Support: Freshclam now supports IPv6
|
858
|
856
|
|
859
|
|
- - Improved Scanning of Scripts: The normalization of scripts now covers
|
860
|
|
- JavaScript
|
|
857
|
+- Improved Scanning of Scripts: The normalization of scripts now covers
|
|
858
|
+ JavaScript
|
861
|
859
|
|
862
|
|
- - Improved QA and Unit Testing: The improved QA process now includes
|
863
|
|
- API testing and new library of test files in various formats that are
|
864
|
|
- tested on a wide variety of systems (try running 'make check' in the source
|
865
|
|
- directory)
|
|
860
|
+- Improved QA and Unit Testing: The improved QA process now includes
|
|
861
|
+ API testing and new library of test files in various formats that are
|
|
862
|
+ tested on a wide variety of systems (try running 'make check' in the source
|
|
863
|
+ directory)
|
866
|
864
|
|
867
|
865
|
You may need to run 'ldconfig' after installing this version.
|
868
|
866
|
|
...
|
...
|
@@ -875,24 +849,19 @@ You may need to run 'ldconfig' after installing this version.
|
875
|
875
|
--
|
876
|
876
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
877
|
877
|
|
878
|
|
-
|
879
|
|
-0.93.3
|
|
878
|
+## 0.93.3
|
880
|
879
|
|
881
|
880
|
This release fixes a problem in handling of .cld files introduced in 0.93.2.
|
882
|
881
|
|
883
|
882
|
--
|
884
|
883
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
885
|
884
|
|
886
|
|
-0.93.2
|
|
885
|
+## 0.93.2
|
887
|
886
|
|
888
|
887
|
This release fixes and re-enables the Petite unpacker, improves database
|
889
|
888
|
loading and solves some other minor issues.
|
890
|
889
|
|
891
|
|
-
|
892
|
|
-0.93.1
|
|
890
|
+## 0.93.1
|
893
|
891
|
|
894
|
892
|
This version improves handling of PDF, CAB, RTF, OLE2 and HTML files
|
895
|
893
|
and includes various bugfixes for 0.93 issues.
|
...
|
...
|
@@ -900,9 +869,7 @@ and includes various bugfixes for 0.93 issues.
|
900
|
900
|
--
|
901
|
901
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
902
|
902
|
|
903
|
|
-
|
904
|
|
-0.93
|
|
903
|
+## 0.93
|
905
|
904
|
|
906
|
905
|
This release introduces many new features and engine enhancements, please
|
907
|
906
|
see the notes below for the list of major changes. The most visible one
|
...
|
...
|
@@ -912,40 +879,38 @@ and the example config file for more information on the new options.
|
912
|
912
|
|
913
|
913
|
Most important changes include:
|
914
|
914
|
|
915
|
|
- * libclamav:
|
916
|
|
- - New logic in scan limits: provides much more efficient protection against
|
917
|
|
- DoS attacks but also results in different command line and config options
|
918
|
|
- to clamscan and clamd (see below)
|
919
|
|
- - New/improved modules: unzip, SIS, cabinet, CHM, SZDD, text normalisator,
|
920
|
|
- entity converter
|
921
|
|
- - Improved filetype detection; filetype definitions can be remotely updated
|
922
|
|
- - Support for .cld containers (which replace .inc directories)
|
923
|
|
- - Improved pattern matcher and signature formats
|
924
|
|
- - More efficient scanning of HTML files
|
925
|
|
- - Many other improvements
|
926
|
|
-
|
927
|
|
- * clamd:
|
928
|
|
- - NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion, MaxFiles
|
929
|
|
- - ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: MailMaxRecursion,
|
930
|
|
- ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles,
|
931
|
|
- ArchiveMaxCompressionRatio, ArchiveBlockMax
|
932
|
|
-
|
933
|
|
- * clamscan:
|
934
|
|
- - NEW CMDLINE OPTIONS: --max-filesize, --max-scansize
|
935
|
|
- - REMOVED OPTIONS: --block-max, --max-space, --max-ratio
|
936
|
|
-
|
937
|
|
- * freshclam:
|
938
|
|
- - NEW CONFIG OPTION CompressLocalDatabase
|
939
|
|
- - NEW CMDLINE SWITCH --no-warnings
|
940
|
|
- - main.inc and daily.inc directories are no longer used by ClamAV; please
|
941
|
|
- remove them manually from your database directory
|
|
915
|
+- libclamav:
|
|
916
|
+ - New logic in scan limits: provides much more efficient protection against
|
|
917
|
+ DoS attacks but also results in different command line and config options
|
|
918
|
+ to clamscan and clamd (see below)
|
|
919
|
+ - New/improved modules: unzip, SIS, cabinet, CHM, SZDD, text normalisator,
|
|
920
|
+ entity converter
|
|
921
|
+ - Improved filetype detection; filetype definitions can be remotely updated
|
|
922
|
+ - Support for .cld containers (which replace .inc directories)
|
|
923
|
+ - Improved pattern matcher and signature formats
|
|
924
|
+ - More efficient scanning of HTML files
|
|
925
|
+ - Many other improvements
|
|
926
|
+
|
|
927
|
+- clamd:
|
|
928
|
+ - NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion, MaxFiles
|
|
929
|
+ - ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: MailMaxRecursion,
|
|
930
|
+ ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles,
|
|
931
|
+ ArchiveMaxCompressionRatio, ArchiveBlockMax
|
|
932
|
+
|
|
933
|
+- clamscan:
|
|
934
|
+ - NEW CMDLINE OPTIONS: --max-filesize, --max-scansize
|
|
935
|
+ - REMOVED OPTIONS: --block-max, --max-space, --max-ratio
|
|
936
|
+
|
|
937
|
+- freshclam:
|
|
938
|
+ - NEW CONFIG OPTION CompressLocalDatabase
|
|
939
|
+ - NEW CMDLINE SWITCH --no-warnings
|
|
940
|
+ - main.inc and daily.inc directories are no longer used by ClamAV; please
|
|
941
|
+ remove them manually from your database directory
|
942
|
942
|
|
943
|
943
|
--
|
944
|
944
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
945
|
945
|
|
946
|
|
-
|
947
|
|
-0.92.1
|
|
946
|
+## 0.92.1
|
948
|
947
|
|
949
|
948
|
This is a bugfix release, please refer to the ChangeLog for a complete
|
950
|
949
|
list of changes.
|
...
|
...
|
@@ -953,9 +918,7 @@ list of changes.
|
953
|
953
|
--
|
954
|
954
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
955
|
955
|
|
956
|
|
-
|
957
|
|
-0.92
|
|
956
|
+## 0.92
|
958
|
957
|
|
959
|
958
|
This release provides various bugfixes, optimizations and improvements
|
960
|
959
|
to the scanning engine. The new features include support for ARJ and
|
...
|
...
|
@@ -967,9 +930,7 @@ libclamav now includes the regex library from OpenBSD.
|
967
|
967
|
--
|
968
|
968
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
969
|
969
|
|
970
|
|
-
|
971
|
|
-0.91.2
|
|
970
|
+## 0.91.2
|
972
|
971
|
|
973
|
972
|
This release fixes various bugs in libclamav, freshclam and clamav-milter,
|
974
|
973
|
and adds support for PUA (Potentially Unwanted Application) signatures
|
...
|
...
|
@@ -1007,44 +968,38 @@ ClamAV engine and the signature database will remain under GPL.
|
1007
|
1007
|
--
|
1008
|
1008
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1009
|
1009
|
|
1010
|
|
-
|
1011
|
|
-0.91.1
|
|
1010
|
+## 0.91.1
|
1012
|
1011
|
|
1013
|
1012
|
This release fixes stability and other issues of 0.91.
|
1014
|
1013
|
|
1015
|
1014
|
--
|
1016
|
1015
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1017
|
1016
|
|
1018
|
|
-
|
1019
|
|
-0.91
|
|
1017
|
+## 0.91
|
1020
|
1018
|
|
1021
|
1019
|
ClamAV 0.91 is the first release to enable the anti-phishing technology
|
1022
|
1020
|
in default builds. This technology combines heuristics with special
|
1023
|
1021
|
signatures and provides effective protection against phishing threats.
|
1024
|
1022
|
Other important changes and add-ons in this version include:
|
1025
|
1023
|
|
1026
|
|
- - unpacker for NSIS (Nullsoft Scriptable Install System) self-extracting
|
1027
|
|
- archives
|
1028
|
|
- - unpacker for ASPack 2.12
|
1029
|
|
- - new implementation of the Aho-Corasick pattern matcher providing
|
1030
|
|
- better detection for wildcard enabled signatures
|
1031
|
|
- - support for nibble matching and floating offsets
|
1032
|
|
- - improved handling of .mdb files (fixes long startup times)
|
1033
|
|
- - extraction of PE files embedded into other executables
|
1034
|
|
- - better handling of PE & UPX
|
1035
|
|
- - removed dependency on libcurl (improves stability)
|
1036
|
|
- - libclamav.dll available under Windows
|
1037
|
|
- - IPv6 support in clamav-milter
|
1038
|
|
- - many other improvements and bugfixes
|
|
1024
|
+- unpacker for NSIS (Nullsoft Scriptable Install System) self-extracting
|
|
1025
|
+ archives
|
|
1026
|
+- unpacker for ASPack 2.12
|
|
1027
|
+- new implementation of the Aho-Corasick pattern matcher providing
|
|
1028
|
+ better detection for wildcard enabled signatures
|
|
1029
|
+- support for nibble matching and floating offsets
|
|
1030
|
+- improved handling of .mdb files (fixes long startup times)
|
|
1031
|
+- extraction of PE files embedded into other executables
|
|
1032
|
+- better handling of PE & UPX
|
|
1033
|
+- removed dependency on libcurl (improves stability)
|
|
1034
|
+- libclamav.dll available under Windows
|
|
1035
|
+- IPv6 support in clamav-milter
|
|
1036
|
+- many other improvements and bugfixes
|
1039
|
1037
|
|
1040
|
1038
|
--
|
1041
|
1039
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1042
|
1040
|
|
1043
|
|
-
|
1044
|
|
-0.90.3
|
|
1041
|
+## 0.90.3
|
1045
|
1042
|
|
1046
|
1043
|
This release fixes some security bugs in libclamav and improves stability
|
1047
|
1044
|
under Solaris. Please see ChangeLog for complete list of changes.
|
...
|
...
|
@@ -1056,17 +1011,14 @@ after 0.90.3.
|
1056
|
1056
|
--
|
1057
|
1057
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1058
|
1058
|
|
1059
|
|
-
|
1060
|
|
-0.90.2
|
|
1059
|
+## 0.90.2
|
1061
|
1060
|
|
1062
|
1061
|
This release fixes many problems in libclamav and freshclam.
|
1063
|
1062
|
|
1064
|
1063
|
--
|
1065
|
1064
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1066
|
1065
|
|
1067
|
|
-0.90.1
|
|
1066
|
+## 0.90.1
|
1068
|
1067
|
|
1069
|
1068
|
This release includes various bugfixes and code enhancements. Please
|
1070
|
1069
|
see ChangeLog for complete list of changes.
|
...
|
...
|
@@ -1076,9 +1028,7 @@ see ChangeLog for complete list of changes.
|
1076
|
1076
|
--
|
1077
|
1077
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1078
|
1078
|
|
1079
|
|
-
|
1080
|
|
-0.90
|
|
1079
|
+## 0.90
|
1081
|
1080
|
|
1082
|
1081
|
The ClamAV team is proud to announce the long awaited ClamAV 0.90.
|
1083
|
1082
|
This version introduces lots of new interesting features and marks
|
...
|
...
|
@@ -1130,11 +1080,11 @@ NodalCore cards.
|
1130
|
1130
|
|
1131
|
1131
|
Detailed list of changes:
|
1132
|
1132
|
|
1133
|
|
--) libclamav:
|
1134
|
|
- + New unpacker for RAR3, RAR2 and RAR1
|
1135
|
|
- + Rewritten unpackers for Zip and CAB files
|
1136
|
|
- + Support for RAR-SFX, Zip-SFX and CAB-SFX archives
|
1137
|
|
- + New PE parsing model:
|
|
1133
|
+- libclamav:
|
|
1134
|
+ - New unpacker for RAR3, RAR2 and RAR1
|
|
1135
|
+ - Rewritten unpackers for Zip and CAB files
|
|
1136
|
+ - Support for RAR-SFX, Zip-SFX and CAB-SFX archives
|
|
1137
|
+ - New PE parsing model:
|
1138
|
1138
|
- Accurate virtual and raw size and offset calculations
|
1139
|
1139
|
- Proper parsing of executables with weird/handcrafted/uncommon headers
|
1140
|
1140
|
- Proper handling (or skipping) of ghost sections at various places in the
|
...
|
...
|
@@ -1144,98 +1094,94 @@ Detailed list of changes:
|
1144
|
1144
|
- Proper handling of out of sections offsets
|
1145
|
1145
|
- Broken exe detection now mimics the XPSP2 loader
|
1146
|
1146
|
- Lots of misc improvements and fixes
|
1147
|
|
- + Support for PE32+ (64-bit) executables
|
1148
|
|
- + Support for MD5 signatures based on PE sections (.mdb)
|
1149
|
|
- + ELF file parser
|
1150
|
|
- + Support for Sensory Networks' NodalCore hardware acceleration technology
|
1151
|
|
- + Advanced phishing detection module (experimental)
|
1152
|
|
- + Signatures are stored in separate trees depending on their target type
|
1153
|
|
- + Algorithmic detection can be controlled with CL_SCAN_ALGORITHMIC
|
1154
|
|
- + Support for new obfuscators: SUE, Y0da Cryptor, CryptFF
|
1155
|
|
- + Support for new packers: NsPack, wwpack32, MEW, Upack
|
1156
|
|
- + Support for SIS files (SymbianOS packages)
|
1157
|
|
- + Support for PDF and RTF files
|
1158
|
|
- + New encoding and entity normalizer (experimental)
|
1159
|
|
-
|
1160
|
|
--) clamd:
|
1161
|
|
- + New config file parser:
|
1162
|
|
- * all options require arguments (options without args must be now followed
|
|
1147
|
+ - Support for PE32+ (64-bit) executables
|
|
1148
|
+ - Support for MD5 signatures based on PE sections (.mdb)
|
|
1149
|
+ - ELF file parser
|
|
1150
|
+ - Support for Sensory Networks' NodalCore hardware acceleration technology
|
|
1151
|
+ - Advanced phishing detection module (experimental)
|
|
1152
|
+ - Signatures are stored in separate trees depending on their target type
|
|
1153
|
+ - Algorithmic detection can be controlled with CL_SCAN_ALGORITHMIC
|
|
1154
|
+ - Support for new obfuscators: SUE, Y0da Cryptor, CryptFF
|
|
1155
|
+ - Support for new packers: NsPack, wwpack32, MEW, Upack
|
|
1156
|
+ - Support for SIS files (SymbianOS packages)
|
|
1157
|
+ - Support for PDF and RTF files
|
|
1158
|
+ - New encoding and entity normalizer (experimental)
|
|
1159
|
+
|
|
1160
|
+- clamd:
|
|
1161
|
+ - New config file parser:
|
|
1162
|
+ - all options require arguments (options without args must be now followed
|
1163
|
1163
|
by boolean values: (yes, no), (1, 0), or (true, false)
|
1164
|
|
- * optional arguments (as in NotifyClamd) are no longer supported
|
1165
|
|
- * removed "DisableDefaultScanOptions" option (scan options can be
|
|
1164
|
+ - optional arguments (as in NotifyClamd) are no longer supported
|
|
1165
|
+ - removed "DisableDefaultScanOptions" option (scan options can be
|
1166
|
1166
|
configured individually)
|
1167
|
|
- + TCP and local sockets can be operated simultaneously
|
1168
|
|
- + New command: MULTISCAN (scan directory with multiple threads)
|
1169
|
|
- + New option AlgorithmicDetection
|
1170
|
|
- + New option ScanELF
|
1171
|
|
- + New option NodalCoreAcceleration (requires hardware accelerator)
|
1172
|
|
- + New option PhishingSignatures
|
1173
|
|
- + New options to control the phishing module:
|
|
1167
|
+ - TCP and local sockets can be operated simultaneously
|
|
1168
|
+ - New command: MULTISCAN (scan directory with multiple threads)
|
|
1169
|
+ - New option AlgorithmicDetection
|
|
1170
|
+ - New option ScanELF
|
|
1171
|
+ - New option NodalCoreAcceleration (requires hardware accelerator)
|
|
1172
|
+ - New option PhishingSignatures
|
|
1173
|
+ - New options to control the phishing module:
|
1174
|
1174
|
- PhishingRestrictedScan
|
1175
|
1175
|
- PhishingScanURLs
|
1176
|
1176
|
- PhishingAlwaysBlockSSLMismatch
|
1177
|
1177
|
- PhishingAlwaysBlockCloak
|
1178
|
1178
|
|
1179
|
|
--) clamav-milter:
|
1180
|
|
- + Black list mode: optionally black lists an IP for a configurable amount
|
|
1179
|
+- clamav-milter:
|
|
1180
|
+ - Black list mode: optionally black lists an IP for a configurable amount
|
1181
|
1181
|
of time
|
1182
|
|
- + Black hole mode: detects emails that will be discarded and refrains from
|
|
1182
|
+ - Black hole mode: detects emails that will be discarded and refrains from
|
1183
|
1183
|
scanning them
|
1184
|
|
- + Reporting: ability to report phishing attempts to anti-phishing
|
|
1184
|
+ - Reporting: ability to report phishing attempts to anti-phishing
|
1185
|
1185
|
organisations to help close the sites
|
1186
|
|
- + Improved load balancing for scanning with clusters
|
1187
|
|
- + Removed -b option (enable BOUNCE compile time option to re-enable the
|
|
1186
|
+ - Improved load balancing for scanning with clusters
|
|
1187
|
+ - Removed -b option (enable BOUNCE compile time option to re-enable the
|
1188
|
1188
|
option)
|
1189
|
1189
|
|
1190
|
|
--) clamscan:
|
1191
|
|
- + New options: --no-phishing-sigs, --no-algorithmic (disable phishing and
|
|
1190
|
+- clamscan:
|
|
1191
|
+ - New options: --no-phishing-sigs, --no-algorithmic (disable phishing and
|
1192
|
1192
|
algorithmic detection respectively)
|
1193
|
|
- + New options to control the phishing module: --no-phishing-scan-urls,
|
|
1193
|
+ - New options to control the phishing module: --no-phishing-scan-urls,
|
1194
|
1194
|
--no-phishing-restrictedscan, --phishing-ssl, --phishing-cloak
|
1195
|
|
- + New option: --ncore (requires hardware accelerator)
|
1196
|
|
- + New option: --no-elf
|
1197
|
|
- + New option: --copy
|
1198
|
|
-
|
1199
|
|
--) freshclam:
|
1200
|
|
- + Interpreter for .cdiff files (scripted updates)
|
1201
|
|
- + Initial version of mirror manager
|
1202
|
|
- + New option: --list-mirrors (list details on mirrors accessed by the mirror
|
|
1195
|
+ - New option: --ncore (requires hardware accelerator)
|
|
1196
|
+ - New option: --no-elf
|
|
1197
|
+ - New option: --copy
|
|
1198
|
+
|
|
1199
|
+- freshclam:
|
|
1200
|
+ - Interpreter for .cdiff files (scripted updates)
|
|
1201
|
+ - Initial version of mirror manager
|
|
1202
|
+ - New option: --list-mirrors (list details on mirrors accessed by the mirror
|
1203
|
1203
|
manager)
|
1204
|
|
- + New option HTTPUserAgent to force different User-Agent header
|
|
1204
|
+ - New option HTTPUserAgent to force different User-Agent header
|
1205
|
1205
|
|
1206
|
|
--) sigtool:
|
1207
|
|
- + New option: --utf16-decode (decode UTF16 encoded files)
|
1208
|
|
- + New options: --diff, --run-cdiff, --verify-cdiff (update script management)
|
1209
|
|
- + New option: --mdb (generated .mdb compatible signatures)
|
|
1206
|
+- sigtool:
|
|
1207
|
+ - New option: --utf16-decode (decode UTF16 encoded files)
|
|
1208
|
+ - New options: --diff, --run-cdiff, --verify-cdiff (update script management)
|
|
1209
|
+ - New option: --mdb (generated .mdb compatible signatures)
|
1210
|
1210
|
|
1211
|
|
--) clamconf: initial version of configuration utility for clamd and freshclam
|
|
1211
|
+- clamconf: initial version of configuration utility for clamd and freshclam
|
1212
|
1212
|
|
1213
|
1213
|
We are happy to announce new interesting software with support for ClamAV:
|
1214
|
1214
|
|
1215
|
|
- + AqMail - a POP3 client with additional filtering
|
1216
|
|
- + ClamFS - a FUSE-based file system with on-access anti-virus scanning
|
1217
|
|
- + c-icap - an ICAP server coded in C with support for ClamAV
|
1218
|
|
- + MailCleaner - a complete email filtering gateway
|
1219
|
|
- + mod_streamav - a ClamAV based antivirus filter for Apache 2
|
1220
|
|
- + pyClamd - a python interface to Clamd
|
|
1215
|
+- AqMail - a POP3 client with additional filtering
|
|
1216
|
+- ClamFS - a FUSE-based file system with on-access anti-virus scanning
|
|
1217
|
+- c-icap - an ICAP server coded in C with support for ClamAV
|
|
1218
|
+- MailCleaner - a complete email filtering gateway
|
|
1219
|
+- mod_streamav - a ClamAV based antivirus filter for Apache 2
|
|
1220
|
+- pyClamd - a python interface to Clamd
|
1221
|
1221
|
|
1222
|
1222
|
More information at https://www.clamav.net/download.html#tools
|
1223
|
1223
|
|
1224
|
1224
|
--
|
1225
|
1225
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1226
|
1226
|
|
1227
|
|
-
|
1228
|
|
-0.88.7
|
|
1227
|
+## 0.88.7
|
1229
|
1228
|
|
1230
|
1229
|
This version improves scanning of mail and tar files.
|
1231
|
1230
|
|
1232
|
1231
|
--
|
1233
|
1232
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1234
|
1233
|
|
1235
|
|
-
|
1236
|
|
-0.88.6
|
|
1234
|
+## 0.88.6
|
1237
|
1235
|
|
1238
|
1236
|
Changes in this release include better handling of network problems in
|
1239
|
1237
|
freshclam and other minor bugfixes.
|
...
|
...
|
@@ -1246,9 +1192,7 @@ beta version of 0.90!
|
1246
|
1246
|
--
|
1247
|
1247
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1248
|
1248
|
|
1249
|
|
-
|
1250
|
|
-0.88.5
|
|
1249
|
+## 0.88.5
|
1251
|
1250
|
|
1252
|
1251
|
This version fixes a crash in the CHM unpacker and a heap overflow in the
|
1253
|
1252
|
function rebuilding PE files after unpacking.
|
...
|
...
|
@@ -1256,17 +1200,14 @@ function rebuilding PE files after unpacking.
|
1256
|
1256
|
--
|
1257
|
1257
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1258
|
1258
|
|
1259
|
|
-
|
1260
|
|
-0.88.4
|
|
1259
|
+## 0.88.4
|
1261
|
1260
|
|
1262
|
1261
|
This release fixes a possible heap overflow in the UPX code.
|
1263
|
1262
|
|
1264
|
1263
|
--
|
1265
|
1264
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1266
|
1265
|
|
1267
|
|
-0.88.3
|
|
1266
|
+## 0.88.3
|
1268
|
1267
|
|
1269
|
1268
|
This version fixes handling of large binhex files and multiple alternatives in
|
1270
|
1269
|
virus signatures.
|
...
|
...
|
@@ -1274,9 +1215,7 @@ virus signatures.
|
1274
|
1274
|
--
|
1275
|
1275
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1276
|
1276
|
|
1277
|
|
-
|
1278
|
|
-0.88.2
|
|
1277
|
+## 0.88.2
|
1279
|
1278
|
|
1280
|
1279
|
This release improves virus detection, fixes zip handling on 64-bit
|
1281
|
1280
|
architectures and possible security problem in freshclam.
|
...
|
...
|
@@ -1286,13 +1225,10 @@ published incorrect information on security problems of 0.88. To avoid
|
1286
|
1286
|
such incidents in the future, every new ClamAV package will be released
|
1287
|
1287
|
together with detailed information about security bugs it fixes.
|
1288
|
1288
|
|
1289
|
|
-
|
1290
|
1289
|
--
|
1291
|
1290
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1292
|
1291
|
|
1293
|
|
-
|
1294
|
|
-0.88.1
|
|
1292
|
+## 0.88.1
|
1295
|
1293
|
|
1296
|
1294
|
This version fixes a number of minor bugs and provides code updates
|
1297
|
1295
|
to improve virus detection.
|
...
|
...
|
@@ -1300,9 +1236,7 @@ to improve virus detection.
|
1300
|
1300
|
--
|
1301
|
1301
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1302
|
1302
|
|
1303
|
|
-
|
1304
|
|
-0.88
|
|
1303
|
+## 0.88
|
1305
|
1304
|
|
1306
|
1305
|
A possible heap overflow in the UPX code has been fixed. General improvements
|
1307
|
1306
|
include better zip and mail processing, and support for a self-protection mode.
|
...
|
...
|
@@ -1311,8 +1245,7 @@ The security of the UPX, FSG and Petite modules has been improved, too.
|
1311
|
1311
|
--
|
1312
|
1312
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1313
|
1313
|
|
1314
|
|
-0.87.1
|
|
1314
|
+## 0.87.1
|
1315
|
1315
|
|
1316
|
1316
|
This release includes major bugfixes for problems with handling TNEF
|
1317
|
1317
|
attachments, cabinet files and FSG compressed executables.
|
...
|
...
|
@@ -1320,8 +1253,7 @@ attachments, cabinet files and FSG compressed executables.
|
1320
|
1320
|
--
|
1321
|
1321
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1322
|
1322
|
|
1323
|
|
-0.87
|
|
1323
|
+## 0.87
|
1324
|
1324
|
|
1325
|
1325
|
This version fixes vulnerabilities in handling of UPX and FSG compressed
|
1326
|
1326
|
executables. Support for PE files, Zip and Cabinet archives has been improved
|
...
|
...
|
@@ -1331,9 +1263,7 @@ allows freshclam to run a command when system reports a new engine version.
|
1331
|
1331
|
--
|
1332
|
1332
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1333
|
1333
|
|
1334
|
|
-
|
1335
|
|
-0.86.2
|
|
1334
|
+## 0.86.2
|
1336
|
1335
|
|
1337
|
1336
|
Changes in this release include fixes for three possible integer overflows
|
1338
|
1337
|
in libclamav, improved scanning of Cabinet and FSG compressed files, better
|
...
|
...
|
@@ -1342,16 +1272,14 @@ database handling in clamav-milter, and others.
|
1342
|
1342
|
--
|
1343
|
1343
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1344
|
1344
|
|
1345
|
|
-0.86.1
|
|
1345
|
+## 0.86.1
|
1346
|
1346
|
|
1347
|
1347
|
A possible crash in the libmspack's Quantum decompressor has been fixed.
|
1348
|
1348
|
|
1349
|
1349
|
--
|
1350
|
1350
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1351
|
1351
|
|
1352
|
|
-0.86
|
|
1352
|
+## 0.86
|
1353
|
1353
|
|
1354
|
1354
|
This release introduces a number of bugfixes and cleanups. Possible descriptor
|
1355
|
1355
|
leaks in archive unpackers and mishandling of fast track uuencoded files have
|
...
|
...
|
@@ -1360,8 +1288,7 @@ been fixed in libclamav. Database reloading in clamav-milter has been improved.
|
1360
|
1360
|
--
|
1361
|
1361
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1362
|
1362
|
|
1363
|
|
-0.85.1
|
|
1363
|
+## 0.85.1
|
1364
|
1364
|
|
1365
|
1365
|
A problem where an email with more than one content-disposition type line,
|
1366
|
1366
|
one or more of which was empty, could crash libclamav has been fixed. Other
|
...
|
...
|
@@ -1370,8 +1297,7 @@ minor bugfixes have been made.
|
1370
|
1370
|
--
|
1371
|
1371
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1372
|
1372
|
|
1373
|
|
-0.85
|
|
1373
|
+## 0.85
|
1374
|
1374
|
|
1375
|
1375
|
Bugfixes in this release include correct signature offset calculation in large
|
1376
|
1376
|
files, proper handling of encrypted zip archives, and others.
|
...
|
...
|
@@ -1379,53 +1305,51 @@ files, proper handling of encrypted zip archives, and others.
|
1379
|
1379
|
--
|
1380
|
1380
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1381
|
1381
|
|
1382
|
|
-0.84
|
|
1382
|
+## 0.84
|
1383
|
1383
|
|
1384
|
1384
|
This version improves detection of JPEG (MS04-028) based exploits, introduces
|
1385
|
1385
|
support for TNEF files and new detection mechanisms. Various bugfixes
|
1386
|
1386
|
(including problems with scanning of digest mail files) and improvements
|
1387
|
1387
|
have been made.
|
1388
|
1388
|
|
1389
|
|
-
|
1390
|
|
--) libclamav:
|
1391
|
|
- + JPEG exploit detector now also checks embedded Photoshop thumbnail images
|
1392
|
|
- + archive meta-data scanner (improves malware detection within encrypted
|
1393
|
|
- archives)
|
1394
|
|
- + support for TNEF (winmail.dat) decoding
|
1395
|
|
- + support for all tar archive formats
|
1396
|
|
- + MD5 implementation replaced with a slightly faster one
|
1397
|
|
- + improved database reloading with reference counter
|
1398
|
|
- + database updateable false positive eliminator
|
1399
|
|
- + speed improvements
|
1400
|
|
- + various bugfixes
|
1401
|
|
-
|
1402
|
|
--) clamd:
|
1403
|
|
- + VirusEvent now sets CLAM_VIRUSEVENT_FILENAME and CLAM_VIRUSEVENT_VIRUSNAME
|
1404
|
|
- environment variables
|
1405
|
|
-
|
1406
|
|
--) clamav-milter:
|
1407
|
|
- + improved database update detection when not --external
|
1408
|
|
-
|
1409
|
|
--) clamscan:
|
1410
|
|
- + new options --include-dir and exclude-dir
|
1411
|
|
- + new option --max-dir-recursion
|
1412
|
|
-
|
1413
|
|
--) freshclam:
|
1414
|
|
- + new directive LocalIPAddress
|
1415
|
|
-
|
1416
|
|
--) contrib:
|
1417
|
|
- + clamdmon 1.0 - clamdwatch replacement written in C
|
1418
|
|
-
|
1419
|
|
--) 3rd party software:
|
1420
|
|
- + hMailServer - open source e-mail server for Microsoft Window
|
1421
|
|
- + pop3.proxy - proxy server for the POP3 protocol
|
1422
|
|
- + HTTP Anti Virus Proxy
|
1423
|
|
- + SmarterMail Filter - ClamAV based plugin for SmarterMail Mail Server
|
1424
|
|
- + smf-clamd - small & fast virus filter for Sendmail
|
1425
|
|
- + Squidclam - replacement for SquidClamAV-Redirector.py written in C
|
1426
|
|
- + QtClamAVclient - remote clamd client based on the Qt Toolkit
|
1427
|
|
- + qpsmtp - flexible smtpd daemon written in Perl
|
|
1389
|
+- libclamav:
|
|
1390
|
+ - JPEG exploit detector now also checks embedded Photoshop thumbnail images
|
|
1391
|
+ - archive meta-data scanner (improves malware detection within encrypted
|
|
1392
|
+ archives)
|
|
1393
|
+ - support for TNEF (winmail.dat) decoding
|
|
1394
|
+ - support for all tar archive formats
|
|
1395
|
+ - MD5 implementation replaced with a slightly faster one
|
|
1396
|
+ - improved database reloading with reference counter
|
|
1397
|
+ - database updateable false positive eliminator
|
|
1398
|
+ - speed improvements
|
|
1399
|
+ - various bugfixes
|
|
1400
|
+
|
|
1401
|
+- clamd:
|
|
1402
|
+ - VirusEvent now sets CLAM_VIRUSEVENT_FILENAME and CLAM_VIRUSEVENT_VIRUSNAME
|
|
1403
|
+ environment variables
|
|
1404
|
+
|
|
1405
|
+- clamav-milter:
|
|
1406
|
+ - improved database update detection when not --external
|
|
1407
|
+
|
|
1408
|
+- clamscan:
|
|
1409
|
+ - new options --include-dir and exclude-dir
|
|
1410
|
+ - new option --max-dir-recursion
|
|
1411
|
+
|
|
1412
|
+- freshclam:
|
|
1413
|
+ - new directive LocalIPAddress
|
|
1414
|
+
|
|
1415
|
+- contrib:
|
|
1416
|
+ - clamdmon 1.0 - clamdwatch replacement written in C
|
|
1417
|
+
|
|
1418
|
+- 3rd party software:
|
|
1419
|
+ - hMailServer - open source e-mail server for Microsoft Window
|
|
1420
|
+ - pop3.proxy - proxy server for the POP3 protocol
|
|
1421
|
+ - HTTP Anti Virus Proxy
|
|
1422
|
+ - SmarterMail Filter - ClamAV based plugin for SmarterMail Mail Server
|
|
1423
|
+ - smf-clamd - small & fast virus filter for Sendmail
|
|
1424
|
+ - Squidclam - replacement for SquidClamAV-Redirector.py written in C
|
|
1425
|
+ - QtClamAVclient - remote clamd client based on the Qt Toolkit
|
|
1426
|
+ - qpsmtp - flexible smtpd daemon written in Perl
|
1428
|
1427
|
|
1429
|
1428
|
News:
|
1430
|
1429
|
|
...
|
...
|
@@ -1439,7 +1363,6 @@ available in version 0.90 of the software suite in Q3 2005. For more
|
1439
|
1439
|
information please visit:
|
1440
|
1440
|
http://www.sensorynetworks.com/
|
1441
|
1441
|
|
1442
|
|
-
|
1443
|
1442
|
The ClamAV project announces the opening of the official merchandise store:
|
1444
|
1443
|
|
1445
|
1444
|
http://www.cafepress.com/clamav/
|
...
|
...
|
@@ -1460,9 +1383,7 @@ By purchasing our merchandise, you contribute to the development of ClamAV.
|
1460
|
1460
|
--
|
1461
|
1461
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1462
|
1462
|
|
1463
|
|
-
|
1464
|
|
-0.83
|
|
1463
|
+## 0.83
|
1465
|
1464
|
|
1466
|
1465
|
Due to a high number of bad files produced by broken software, the MS05-002
|
1467
|
1466
|
exploit detector now only checks specific RIFF files. This version also fixes
|
...
|
...
|
@@ -1471,8 +1392,7 @@ a stability problem of clamav-milter/clamd and improves e-mail scanning.
|
1471
|
1471
|
--
|
1472
|
1472
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1473
|
1473
|
|
1474
|
|
-0.82
|
|
1474
|
+## 0.82
|
1475
|
1475
|
|
1476
|
1476
|
This release adds generic detection of MS05-002 ("Vulnerability in Cursor and
|
1477
|
1477
|
Icon Format Handling Could Allow Remote Code Execution") based exploits.
|
...
|
...
|
@@ -1484,9 +1404,7 @@ in freshclam, and speed improvements.
|
1484
|
1484
|
--
|
1485
|
1485
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1486
|
1486
|
|
1487
|
|
-
|
1488
|
|
-0.81
|
|
1487
|
+## 0.81
|
1489
|
1488
|
|
1490
|
1489
|
Scan engine improvements were made. The internal mail scanner now supports
|
1491
|
1490
|
multipart/partial messages, and support for decoding non-standard mail files
|
...
|
...
|
@@ -1499,100 +1417,96 @@ executables was improved.
|
1499
|
1499
|
Important note to clamdwatch users: please upgrade to the latest version
|
1500
|
1500
|
(contrib/clamdwatch) as soon as possible.
|
1501
|
1501
|
|
1502
|
|
--) libclamav:
|
1503
|
|
- + major improvements in the mail scanning engine:
|
1504
|
|
- o support for multipart/partial messages
|
1505
|
|
- o improved support for non-standard quoted-printable attachments
|
1506
|
|
- o in some situations it will try to guess a correct mode (e.g.
|
1507
|
|
- a good type for an incorrect content-type, a best guess for an
|
1508
|
|
- unknown encoding type, etc.)
|
1509
|
|
- o handling of RFC822 comments in the commands (e.g.: Co(foo)ntent-Type:
|
1510
|
|
- text/plain)
|
1511
|
|
- o better recovery if memory softlimit is hit
|
1512
|
|
- o new test code that decodes emails without parsing them first (must
|
1513
|
|
- be enabled manually before compilation)
|
1514
|
|
-
|
1515
|
|
- + support for extracting RFC2397 encoded data within HTML documents
|
1516
|
|
- + blocking of zip archives with modified information in local header
|
1517
|
|
- + improved PE structure rebuilding from compressed executables
|
1518
|
|
- + improved support for zip archives
|
1519
|
|
- + support for Mac's HQX file format
|
1520
|
|
- + stability and (minor) security fixes
|
1521
|
|
- + a lot of minor improvements, including support for new platforms
|
1522
|
|
-
|
1523
|
|
--) clamd:
|
1524
|
|
- + new directive ExitOnOOM (stop the deamon when libclamav reports an out of
|
1525
|
|
- memory condition)
|
1526
|
|
- + new directives StreamMinPort and StreamMaxPort (port range specification
|
1527
|
|
- for a stream mode)
|
1528
|
|
- + support for passing of file descriptors
|
1529
|
|
-
|
1530
|
|
--) clamdscan:
|
1531
|
|
- + added support for --move and --remove
|
1532
|
|
-
|
1533
|
|
--) clamav-milter:
|
1534
|
|
- + by default uses libclamav to scan e-mails
|
1535
|
|
- + new option --external (enables the use of clamd)
|
1536
|
|
- + various optimizations
|
1537
|
|
-
|
1538
|
|
--) freshclam:
|
1539
|
|
- + the DNS mode is now enabled by default (no need for DNSDatabaseInfo in
|
1540
|
|
- freshclam.conf)
|
1541
|
|
- + --no-dns uses a If-Modified-Since method instead of a range GET
|
1542
|
|
- + added support for AllowSupplementaryGroups
|
1543
|
|
-
|
1544
|
|
--) sigtool:
|
1545
|
|
- + new options --vba and --vba-hex (extract VBA/Word6 macros and optionally
|
1546
|
|
- display the corresponding hex values; Word6 binary code will be
|
1547
|
|
- disassembled)
|
1548
|
|
-
|
1549
|
|
--) The list of third party programs with support for ClamAV is growing
|
1550
|
|
- rapidly. Here are the latest additions (see clamdoc.pdf for details):
|
1551
|
|
-
|
1552
|
|
- + AVScan - a libclamav based GUI a-v scanner for Unix
|
1553
|
|
- + clamailfilter - a Python script that provides a-v scanning via procmailrc
|
1554
|
|
- + ClamAVPlugin - A ClamAV plugin for SpamAssassin 3.x
|
1555
|
|
- + ClamCour - an e-mail filter for Courier
|
1556
|
|
- + clamfilter - a small, secure, and efficient content filter for Postfix
|
1557
|
|
- + ClamMail - an anti-virus POP3 proxy for Windows
|
1558
|
|
- + ClamShell - a Java GUI for clamscan
|
1559
|
|
- + ClamTk - a perl-tk GUI for ClamAV
|
1560
|
|
- + clapf - a virus scanning and antispam content filter for Postfix
|
1561
|
|
- + D bindings for ClamAV - ClamAV bindings for the D programming language
|
1562
|
|
- + Frox - a transparent FTP proxy
|
1563
|
|
- + KMail - a fully-featured email client now supports ClamAV out of box
|
1564
|
|
- + Mail Avenger - a highly-configurable SMTP server with a-v support
|
1565
|
|
- + Mailnees - a mail content filter for Sendmail and Postfix
|
1566
|
|
- + Maverix - anti-spam and anti-virus solution for AOLServer
|
1567
|
|
- + Moodle - scan files submitted by students for viruses!
|
1568
|
|
- + php-clamav - scan files from within PHP
|
1569
|
|
- + pymavis - a powerful email parser, similar to the old amavis-perl
|
1570
|
|
- + QClam - a simple program to plug ClamAV to a qmail mailbox
|
1571
|
|
- + qmailmrtg7 - display graphs of viruses found by ClamAV
|
1572
|
|
- + qSheff - an e-mail filter for qmail
|
1573
|
|
- + SafeSquid - a feature rich content filtering internet proxy
|
1574
|
|
- + Scrubber - a server-side daemon for filtering mail content
|
1575
|
|
- + simscan - an e-mail and spam filter for qmail
|
1576
|
|
- + smtpfilter - scan SMTP session for viruses
|
1577
|
|
- + snort-inline - scan your network traffic for viruses with ClamAV
|
1578
|
|
- + SquidClamAV Redirector - a Squid helper script which adds virus scanning
|
1579
|
|
- + WRAVLib - a library for a-v integration with Mono/.NET applications
|
|
1502
|
+- libclamav:
|
|
1503
|
+ - major improvements in the mail scanning engine:
|
|
1504
|
+ - support for multipart/partial messages
|
|
1505
|
+ - improved support for non-standard quoted-printable attachments
|
|
1506
|
+ - in some situations it will try to guess a correct mode (e.g.
|
|
1507
|
+ a good type for an incorrect content-type, a best guess for an
|
|
1508
|
+ unknown encoding type, etc.)
|
|
1509
|
+ - handling of RFC822 comments in the commands (e.g.: Co(foo)ntent-Type:
|
|
1510
|
+ text/plain)
|
|
1511
|
+ - better recovery if memory softlimit is hit
|
|
1512
|
+ - new test code that decodes emails without parsing them first (must
|
|
1513
|
+ be enabled manually before compilation)
|
|
1514
|
+
|
|
1515
|
+ - support for extracting RFC2397 encoded data within HTML documents
|
|
1516
|
+ - blocking of zip archives with modified information in local header
|
|
1517
|
+ - improved PE structure rebuilding from compressed executables
|
|
1518
|
+ - improved support for zip archives
|
|
1519
|
+ - support for Mac's HQX file format
|
|
1520
|
+ - stability and (minor) security fixes
|
|
1521
|
+ - a lot of minor improvements, including support for new platforms
|
|
1522
|
+
|
|
1523
|
+- clamd:
|
|
1524
|
+ - new directive ExitOnOOM (stop the deamon when libclamav reports an out of
|
|
1525
|
+ memory condition)
|
|
1526
|
+ - new directives StreamMinPort and StreamMaxPort (port range specification
|
|
1527
|
+ for a stream mode)
|
|
1528
|
+ - support for passing of file descriptors
|
|
1529
|
+
|
|
1530
|
+- clamdscan:
|
|
1531
|
+ - added support for --move and --remove
|
|
1532
|
+
|
|
1533
|
+- clamav-milter:
|
|
1534
|
+ - by default uses libclamav to scan e-mails
|
|
1535
|
+ - new option --external (enables the use of clamd)
|
|
1536
|
+ - various optimizations
|
|
1537
|
+
|
|
1538
|
+- freshclam:
|
|
1539
|
+ - the DNS mode is now enabled by default (no need for DNSDatabaseInfo in
|
|
1540
|
+ freshclam.conf)
|
|
1541
|
+ - --no-dns uses a If-Modified-Since method instead of a range GET
|
|
1542
|
+ - added support for AllowSupplementaryGroups
|
|
1543
|
+
|
|
1544
|
+- sigtool:
|
|
1545
|
+ - new options --vba and --vba-hex (extract VBA/Word6 macros and optionally
|
|
1546
|
+ display the corresponding hex values; Word6 binary code will be
|
|
1547
|
+ disassembled)
|
|
1548
|
+
|
|
1549
|
+- The list of third party programs with support for ClamAV is growing
|
|
1550
|
+ rapidly. Here are the latest additions (see clamdoc.pdf for details):
|
|
1551
|
+
|
|
1552
|
+ - AVScan - a libclamav based GUI a-v scanner for Unix
|
|
1553
|
+ - clamailfilter - a Python script that provides a-v scanning via procmailrc
|
|
1554
|
+ - ClamAVPlugin - A ClamAV plugin for SpamAssassin 3.x
|
|
1555
|
+ - ClamCour - an e-mail filter for Courier
|
|
1556
|
+ - clamfilter - a small, secure, and efficient content filter for Postfix
|
|
1557
|
+ - ClamMail - an anti-virus POP3 proxy for Windows
|
|
1558
|
+ - ClamShell - a Java GUI for clamscan
|
|
1559
|
+ - ClamTk - a perl-tk GUI for ClamAV
|
|
1560
|
+ - clapf - a virus scanning and antispam content filter for Postfix
|
|
1561
|
+ - D bindings for ClamAV - ClamAV bindings for the D programming language
|
|
1562
|
+ - Frox - a transparent FTP proxy
|
|
1563
|
+ - KMail - a fully-featured email client now supports ClamAV out of box
|
|
1564
|
+ - Mail Avenger - a highly-configurable SMTP server with a-v support
|
|
1565
|
+ - Mailnees - a mail content filter for Sendmail and Postfix
|
|
1566
|
+ - Maverix - anti-spam and anti-virus solution for AOLServer
|
|
1567
|
+ - Moodle - scan files submitted by students for viruses!
|
|
1568
|
+ - php-clamav - scan files from within PHP
|
|
1569
|
+ - pymavis - a powerful email parser, similar to the old amavis-perl
|
|
1570
|
+ - QClam - a simple program to plug ClamAV to a qmail mailbox
|
|
1571
|
+ - qmailmrtg7 - display graphs of viruses found by ClamAV
|
|
1572
|
+ - qSheff - an e-mail filter for qmail
|
|
1573
|
+ - SafeSquid - a feature rich content filtering internet proxy
|
|
1574
|
+ - Scrubber - a server-side daemon for filtering mail content
|
|
1575
|
+ - simscan - an e-mail and spam filter for qmail
|
|
1576
|
+ - smtpfilter - scan SMTP session for viruses
|
|
1577
|
+ - snort-inline - scan your network traffic for viruses with ClamAV
|
|
1578
|
+ - SquidClamAV Redirector - a Squid helper script which adds virus scanning
|
|
1579
|
+ - WRAVLib - a library for a-v integration with Mono/.NET applications
|
1580
|
1580
|
|
1581
|
1581
|
--
|
1582
|
1582
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1583
|
1583
|
|
1584
|
|
-
|
1585
|
|
-0.80
|
|
1584
|
+## 0.80
|
1586
|
1585
|
|
1587
|
1586
|
Stable version. Please read the release notes for the candidate versions below.
|
1588
|
1587
|
|
1589
|
1588
|
--
|
1590
|
1589
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1591
|
1590
|
|
1592
|
|
-
|
1593
|
|
-0.80rc4
|
|
1591
|
+## 0.80rc4
|
1594
|
1592
|
|
1595
|
1593
|
Improvements in this release include better JPEG exploit verification,
|
1596
|
1594
|
faster base64 decoding, support for GNU tar files, updated on-access scanner,
|
...
|
...
|
@@ -1601,8 +1515,7 @@ and others.
|
1601
|
1601
|
--
|
1602
|
1602
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1603
|
1603
|
|
1604
|
|
-0.80rc3
|
|
1604
|
+## 0.80rc3
|
1605
|
1605
|
|
1606
|
1606
|
This release candidate eliminates possible false positive alerts in UPX/FSG
|
1607
|
1607
|
compressed files and clarifies behaviour of default actions in clamd and
|
...
|
...
|
@@ -1622,15 +1535,11 @@ DNSDatabaseInfo enables database and software version verification through
|
1622
|
1622
|
DNS TXT records, and the second database mirror acts as a fallback in case
|
1623
|
1623
|
a connection to the first mirror fails for some reason.
|
1624
|
1624
|
|
1625
|
|
-
|
1626
|
|
-0.80rc2
|
|
1625
|
+## 0.80rc2
|
1627
|
1626
|
|
1628
|
1627
|
This update fixes a serious bug in e-mail scanner.
|
1629
|
1628
|
|
1630
|
|
-
|
1631
|
|
-0.80rc
|
|
1629
|
+## 0.80rc
|
1632
|
1630
|
|
1633
|
1631
|
The development version of ClamAV is ready for general testing! New mechanisms
|
1634
|
1632
|
have already proved very nasty to Internet worms successfully protecting
|
...
|
...
|
@@ -1641,95 +1550,95 @@ the new version of ClamAV have detected and blocked 100% of Mydoom attacks!
|
1641
|
1641
|
|
1642
|
1642
|
New features in this release include:
|
1643
|
1643
|
|
1644
|
|
--) libclamav
|
1645
|
|
- + Portable Executable analyser (CL_SCAN_PE) featuring:
|
1646
|
|
- o UPX decompression (all versions)
|
1647
|
|
- o Petite decompression (2.x)
|
1648
|
|
- o FSG decompression (1.3, 1.31, 1.33)
|
1649
|
|
- o detection of broken executables (CL_SCAN_BLOCKBROKEN)
|
1650
|
|
- + new, memory efficient, pattern matching algorithm (multipattern variant
|
1651
|
|
- of Boyer-Moore) - it's now primary matcher and Aho-Corasick is only used
|
1652
|
|
- for regular expression extended signatures
|
1653
|
|
- + new signature format with advanced target type and offset specification
|
1654
|
|
- + support for MD5 based signatures
|
1655
|
|
- + extended regular expression scanner
|
1656
|
|
- + added support for MS cabinet files
|
1657
|
|
- + added support for CHM files
|
1658
|
|
- + added support for POSIX tar archives
|
1659
|
|
- + scanning inside PowerPoint documents
|
1660
|
|
- + HTML normaliser with support for decoding of MS Script Encoder code
|
1661
|
|
- + great improvements in e-mail scanner (now handles even more worm tricks)
|
1662
|
|
- + new method of mail files detection
|
1663
|
|
- + all e-mail attachments are now scanned (previously only the first ten
|
1664
|
|
- attachments were scanned)
|
1665
|
|
- + added support for scanning URLs in e-mails (CL_SCAN_MAILURL)
|
1666
|
|
- + detection of Worm.Mydoom.M.log
|
1667
|
|
- + updated API (still backward compatible but please consult clamdoc.pdf
|
1668
|
|
- (Section 6) and adapt your software)
|
1669
|
|
-
|
1670
|
|
--) clamd
|
1671
|
|
- + new directive ScanHTML (enables HTML normalisator and ScrEnc decoder)
|
1672
|
|
- + new directive ScanPE (win32 executable analyser and decompressor)
|
1673
|
|
- + new directive DetectBrokenExecutables (try to detect broken executables
|
1674
|
|
- and mark them as Broken.Executable)
|
1675
|
|
- + new directive MailFollowURLs (try to download and scan files from URLs
|
1676
|
|
- in mails. BE CAREFUL! DO NOT ENABLE IT ON LOADED MAIL SERVERS)
|
1677
|
|
- + new directive ArchiveBlockMax (archives that exceed limits will be
|
1678
|
|
- marked as viruses)
|
1679
|
|
- + clamav.conf was renamed clamd.conf
|
1680
|
|
-
|
1681
|
|
--) clamscan
|
1682
|
|
- + mail files are scanned by default, use --no-mail to disable it
|
1683
|
|
- + new option --no-html (disables HTML normalisator)
|
1684
|
|
- + new option --no-pe (disables PE analyser)
|
1685
|
|
- + new option --detect-broken
|
1686
|
|
- + new option --block-max
|
1687
|
|
- + new option --mail-follow-urls (download and scan files from URLs in mails)
|
1688
|
|
-
|
1689
|
|
--) clamdscan
|
1690
|
|
- + now prints warnings if some activated command line options are only
|
1691
|
|
- supported by clamscan
|
1692
|
|
- + added support for archive scanning in stdin mode
|
1693
|
|
-
|
1694
|
|
--) clamav-milter
|
1695
|
|
- + improved template file format
|
1696
|
|
- + quarantined file names now contain virus names
|
1697
|
|
- + initial support for SESSION mode of clamd
|
1698
|
|
-
|
1699
|
|
--) freshclam:
|
1700
|
|
- + new directive DNSDatabaseInfo that enables ultra lightweight version
|
1701
|
|
- verification method through DNS (using TXT records). Based on idea by
|
1702
|
|
- Christopher X. Candreva and enabled by default.
|
1703
|
|
- (see http://www.gossamer-threads.com/lists/clamav/users/11102)
|
1704
|
|
- + new option --no-dns (quick option to disable DNS method without editing
|
1705
|
|
- freshclam.conf)
|
1706
|
|
-
|
1707
|
|
--) sigtool
|
1708
|
|
- + removed ability of automatic signature generation (use MD5 sums to
|
1709
|
|
- create your own signatures, see signatures.pdf for details)
|
1710
|
|
- + new option --md5
|
1711
|
|
- + new option --html-normalise (saves HTML normalisation and decryption
|
1712
|
|
- results in three html files in current directory)
|
1713
|
|
-
|
1714
|
|
--) configure:
|
1715
|
|
- + new option --disable-gethostbyname_r (try enabling it if clamav-milter
|
1716
|
|
- compilation fails)
|
1717
|
|
- + new option --disable-dns (try enabling it if freshclam compilation fails)
|
1718
|
|
- + extended regular expression scanner
|
1719
|
|
-
|
1720
|
|
--) documentation
|
1721
|
|
- + included new Mac OS X installation instructions
|
1722
|
|
- + official documentation rewritten and outdated docs removed
|
1723
|
|
-
|
1724
|
|
--) new 3rd party software with support for ClamAV:
|
1725
|
|
- + OdeiaVir - an e-mail filter for qmail and Exim
|
1726
|
|
- + ClamSMTP - a lightweight (written in C) and simple filter for Postfix
|
1727
|
|
- + Protea AntiVirus Tools - a virus filter for Lotus Domino
|
1728
|
|
- + PTSMail Utilities - an e-mail filter for Sendmail
|
1729
|
|
- + mxGuard for IMail - a mail filter for Ipswitch IMail (W32)
|
1730
|
|
- + Zabit - a content and attachment filter for qmail
|
1731
|
|
- + BeClam - ClamAV port for BeOS
|
1732
|
|
- + clamXav - a virus scanner with GUI for Mac OS X
|
|
1644
|
+- libclamav
|
|
1645
|
+ - Portable Executable analyser (CL_SCAN_PE) featuring:
|
|
1646
|
+ - UPX decompression (all versions)
|
|
1647
|
+ - Petite decompression (2.x)
|
|
1648
|
+ - FSG decompression (1.3, 1.31, 1.33)
|
|
1649
|
+ - detection of broken executables (CL_SCAN_BLOCKBROKEN)
|
|
1650
|
+ - new, memory efficient, pattern matching algorithm (multipattern variant
|
|
1651
|
+ of Boyer-Moore) - it's now primary matcher and Aho-Corasick is only used
|
|
1652
|
+ for regular expression extended signatures
|
|
1653
|
+ - new signature format with advanced target type and offset specification
|
|
1654
|
+ - support for MD5 based signatures
|
|
1655
|
+ - extended regular expression scanner
|
|
1656
|
+ - added support for MS cabinet files
|
|
1657
|
+ - added support for CHM files
|
|
1658
|
+ - added support for POSIX tar archives
|
|
1659
|
+ - scanning inside PowerPoint documents
|
|
1660
|
+ - HTML normaliser with support for decoding of MS Script Encoder code
|
|
1661
|
+ - great improvements in e-mail scanner (now handles even more worm tricks)
|
|
1662
|
+ - new method of mail files detection
|
|
1663
|
+ - all e-mail attachments are now scanned (previously only the first ten
|
|
1664
|
+ attachments were scanned)
|
|
1665
|
+ - added support for scanning URLs in e-mails (CL_SCAN_MAILURL)
|
|
1666
|
+ - detection of Worm.Mydoom.M.log
|
|
1667
|
+ - updated API (still backward compatible but please consult clamdoc.pdf
|
|
1668
|
+ (Section 6) and adapt your software)
|
|
1669
|
+
|
|
1670
|
+- clamd
|
|
1671
|
+ - new directive ScanHTML (enables HTML normalisator and ScrEnc decoder)
|
|
1672
|
+ - new directive ScanPE (win32 executable analyser and decompressor)
|
|
1673
|
+ - new directive DetectBrokenExecutables (try to detect broken executables
|
|
1674
|
+ and mark them as Broken.Executable)
|
|
1675
|
+ - new directive MailFollowURLs (try to download and scan files from URLs
|
|
1676
|
+ in mails. BE CAREFUL! DO NOT ENABLE IT ON LOADED MAIL SERVERS)
|
|
1677
|
+ - new directive ArchiveBlockMax (archives that exceed limits will be
|
|
1678
|
+ marked as viruses)
|
|
1679
|
+ - clamav.conf was renamed clamd.conf
|
|
1680
|
+
|
|
1681
|
+- clamscan
|
|
1682
|
+ - mail files are scanned by default, use --no-mail to disable it
|
|
1683
|
+ - new option --no-html (disables HTML normalisator)
|
|
1684
|
+ - new option --no-pe (disables PE analyser)
|
|
1685
|
+ - new option --detect-broken
|
|
1686
|
+ - new option --block-max
|
|
1687
|
+ - new option --mail-follow-urls (download and scan files from URLs in mails)
|
|
1688
|
+
|
|
1689
|
+- clamdscan
|
|
1690
|
+ - now prints warnings if some activated command line options are only
|
|
1691
|
+ supported by clamscan
|
|
1692
|
+ - added support for archive scanning in stdin mode
|
|
1693
|
+
|
|
1694
|
+- clamav-milter
|
|
1695
|
+ - improved template file format
|
|
1696
|
+ - quarantined file names now contain virus names
|
|
1697
|
+ - initial support for SESSION mode of clamd
|
|
1698
|
+
|
|
1699
|
+- freshclam:
|
|
1700
|
+ - new directive DNSDatabaseInfo that enables ultra lightweight version
|
|
1701
|
+ verification method through DNS (using TXT records). Based on idea by
|
|
1702
|
+ Christopher X. Candreva and enabled by default.
|
|
1703
|
+ (see http://www.gossamer-threads.com/lists/clamav/users/11102)
|
|
1704
|
+ - new option --no-dns (quick option to disable DNS method without editing
|
|
1705
|
+ freshclam.conf)
|
|
1706
|
+
|
|
1707
|
+- sigtool
|
|
1708
|
+ - removed ability of automatic signature generation (use MD5 sums to
|
|
1709
|
+ create your own signatures, see signatures.pdf for details)
|
|
1710
|
+ - new option --md5
|
|
1711
|
+ - new option --html-normalise (saves HTML normalisation and decryption
|
|
1712
|
+ results in three html files in current directory)
|
|
1713
|
+
|
|
1714
|
+- configure:
|
|
1715
|
+ - new option --disable-gethostbyname_r (try enabling it if clamav-milter
|
|
1716
|
+ compilation fails)
|
|
1717
|
+ - new option --disable-dns (try enabling it if freshclam compilation fails)
|
|
1718
|
+ - extended regular expression scanner
|
|
1719
|
+
|
|
1720
|
+- documentation
|
|
1721
|
+ - included new Mac OS X installation instructions
|
|
1722
|
+ - official documentation rewritten and outdated docs removed
|
|
1723
|
+
|
|
1724
|
+- new 3rd party software with support for ClamAV:
|
|
1725
|
+ - OdeiaVir - an e-mail filter for qmail and Exim
|
|
1726
|
+ - ClamSMTP - a lightweight (written in C) and simple filter for Postfix
|
|
1727
|
+ - Protea AntiVirus Tools - a virus filter for Lotus Domino
|
|
1728
|
+ - PTSMail Utilities - an e-mail filter for Sendmail
|
|
1729
|
+ - mxGuard for IMail - a mail filter for Ipswitch IMail (W32)
|
|
1730
|
+ - Zabit - a content and attachment filter for qmail
|
|
1731
|
+ - BeClam - ClamAV port for BeOS
|
|
1732
|
+ - clamXav - a virus scanner with GUI for Mac OS X
|
1733
|
1733
|
|
1734
|
1734
|
Special thanks to aCaB for his work on UPX, FSG and Petite decompressors.
|
1735
|
1735
|
|
...
|
...
|
@@ -1740,16 +1649,14 @@ and Linux admins on mailing lists report that database update times are keeping
|
1740
|
1740
|
up with or beating the proprietary alternatives." Thanks!
|
1741
|
1741
|
|
1742
|
1742
|
SourceWear.com is selling some very nice t-shirts and polo shirts powered by
|
1743
|
|
-ClamAV. Wear them and virus writers will stay away from you :-) A quarter out
|
|
1743
|
+ClamAV. Wear them and virus writers will stay away from you :- A quarter out
|
1744
|
1744
|
of every dollar profited from the sale of these shirts will go to the ClamAV
|
1745
|
1745
|
project. Visit http://www.sourcewear.com and click on ClamAV logo!
|
1746
|
1746
|
|
1747
|
|
-
|
1748
|
1747
|
--
|
1749
|
1748
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1750
|
1749
|
|
1751
|
|
-0.75
|
|
1750
|
+## 0.75
|
1752
|
1751
|
|
1753
|
1752
|
This release fixes detection of e-mails generated by Worm.Mydoom.I.
|
1754
|
1753
|
|
...
|
...
|
@@ -1777,36 +1684,30 @@ annoying e-mails with empty attachments generated by new Bagle variants.
|
1777
|
1777
|
--
|
1778
|
1778
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1779
|
1779
|
|
1780
|
|
-0.74
|
|
1780
|
+## 0.74
|
1781
|
1781
|
|
1782
|
1782
|
Bugfixes in this version include crashes with multipart/mixed messages
|
1783
|
1783
|
and corrupted OLE2 and Zip files. Improvements include various optimizations
|
1784
|
1784
|
of mail scanning and clamav-milter and clamdscan behaviour.
|
1785
|
1785
|
|
1786
|
|
-
|
1787
|
1786
|
New members of our "3rd party software" list:
|
1788
|
1787
|
|
1789
|
|
- + MyClamMailFilter an e-mail filter for procmail (written in C)
|
1790
|
|
- + clamaktion scan files from the right-click Konqueror menu
|
1791
|
|
- + QMVC Qmail Mail and Virus Control
|
1792
|
|
- + pyclamav Python binding for ClamAV
|
1793
|
|
- + FETCAV Front End To Clam AntiVirus based on Xdialog
|
1794
|
|
- + Famuko an on-access scanner working in a userspace
|
1795
|
|
- + SoftlabsAV a generic anti-virus filter for procmail
|
1796
|
|
-
|
|
1788
|
+ - MyClamMailFilter an e-mail filter for procmail (written in C)
|
|
1789
|
+ - clamaktion scan files from the right-click Konqueror menu
|
|
1790
|
+ - QMVC Qmail Mail and Virus Control
|
|
1791
|
+ - pyclamav Python binding for ClamAV
|
|
1792
|
+ - FETCAV Front End To Clam AntiVirus based on Xdialog
|
|
1793
|
+ - Famuko an on-access scanner working in a userspace
|
|
1794
|
+ - SoftlabsAV a generic anti-virus filter for procmail
|
1797
|
1795
|
|
1798
|
1796
|
Japanese users can take an advantage of the new ClamAV related site:
|
1799
|
1797
|
http://clamav-jp.sourceforge.jp/
|
1800
|
1798
|
and join the clamav-jp-users mailing list.
|
1801
|
1799
|
|
1802
|
|
-
|
1803
|
1800
|
--
|
1804
|
1801
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1805
|
1802
|
|
1806
|
|
-
|
1807
|
|
-0.73
|
|
1803
|
+## 0.73
|
1808
|
1804
|
|
1809
|
1805
|
This version fixes memory management problems in the OLE2 decoder and
|
1810
|
1806
|
improves mail scanning.
|
...
|
...
|
@@ -1816,8 +1717,7 @@ Thank you for using ClamAV !
|
1816
|
1816
|
--
|
1817
|
1817
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1818
|
1818
|
|
1819
|
|
-0.72
|
|
1819
|
+## 0.72
|
1820
|
1820
|
|
1821
|
1821
|
Major bugfixes in this release include crashes with corrupted BinHex messages
|
1822
|
1822
|
and some Excel documents. Protection against archive bombs (not fully
|
...
|
...
|
@@ -1827,105 +1727,98 @@ made.
|
1827
|
1827
|
--
|
1828
|
1828
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1829
|
1829
|
|
1830
|
|
-0.71
|
|
1830
|
+## 0.71
|
1831
|
1831
|
|
1832
|
1832
|
This release fixes all bugs found in 0.70 and introduces a few new features -
|
1833
|
1833
|
the noteworthy changes include:
|
1834
|
1834
|
|
1835
|
|
--) libclamav:
|
1836
|
|
- + support nested OLE2 files
|
1837
|
|
- + support Word6 macro code
|
1838
|
|
- + ignore popular file types (media, graphics)
|
1839
|
|
- + support compress.exe (SZDD) compression (test/test.msc)
|
1840
|
|
- + improve virus detection in e-mails
|
1841
|
|
-
|
1842
|
|
--) clamscan:
|
1843
|
|
- + automatically decide (by comparing daily.cvd version numbers) which
|
1844
|
|
- database directory (hardcoded or clamav.conf's one) to use
|
1845
|
|
- + support compression ratio feature (--max-ratio)
|
1846
|
|
- + allow regular expressions in --[in|ex]clude
|
1847
|
|
- + do not overwrite old files in a quarantine directory but add a numerical
|
1848
|
|
- extension to new files
|
1849
|
|
- + respect --tempdir in libclamav
|
1850
|
|
- + fix access problem when calling external unpackers in a superuser mode
|
1851
|
|
- + fix file permission corruption with --deb in a superuser mode
|
1852
|
|
-
|
1853
|
|
--) clamd
|
1854
|
|
- + support log facility specification in syslog's style (LogFacility)
|
1855
|
|
- + new directive LeaveTemporaryFiles (Debug no longer leaves temporary
|
1856
|
|
- files not removed)
|
1857
|
|
-
|
1858
|
|
--) clamav-milter:
|
1859
|
|
- + include the virus name in the 550 rejection
|
1860
|
|
- + support user defined template for virus notifications (--template-file)
|
1861
|
|
- + sort quarantine messages by date
|
1862
|
|
- + improve thread management
|
1863
|
|
- + add X-Virus-Scanned and X-Infected-Received-From: headers
|
1864
|
|
- + improve load balancing (when using remote servers with --server)
|
1865
|
|
- + send 554 after DATA received, not 550
|
1866
|
|
- + save PID (--pidfile)
|
1867
|
|
-
|
1868
|
|
--) documentation:
|
1869
|
|
- + German clamdoc.pdf translation (Rupert Roesler-Schmidt and Karina
|
1870
|
|
- Schwarz, uplink coherent solutions, http://www.uplink.at)
|
1871
|
|
- + new Japanese documentation (Masaki Ogawa)
|
1872
|
|
-
|
|
1835
|
+- libclamav:
|
|
1836
|
+ - support nested OLE2 files
|
|
1837
|
+ - support Word6 macro code
|
|
1838
|
+ - ignore popular file types (media, graphics)
|
|
1839
|
+ - support compress.exe (SZDD) compression (test/test.msc)
|
|
1840
|
+ - improve virus detection in e-mails
|
|
1841
|
+
|
|
1842
|
+- clamscan:
|
|
1843
|
+ - automatically decide (by comparing daily.cvd version numbers) which
|
|
1844
|
+ database directory (hardcoded or clamav.conf's one) to use
|
|
1845
|
+ - support compression ratio feature (--max-ratio)
|
|
1846
|
+ - allow regular expressions in --[in|ex]clude
|
|
1847
|
+ - do not overwrite old files in a quarantine directory but add a numerical
|
|
1848
|
+ extension to new files
|
|
1849
|
+ - respect --tempdir in libclamav
|
|
1850
|
+ - fix access problem when calling external unpackers in a superuser mode
|
|
1851
|
+ - fix file permission corruption with --deb in a superuser mode
|
|
1852
|
+
|
|
1853
|
+- clamd
|
|
1854
|
+ - support log facility specification in syslog's style (LogFacility)
|
|
1855
|
+ - new directive LeaveTemporaryFiles (Debug no longer leaves temporary
|
|
1856
|
+ files not removed)
|
|
1857
|
+
|
|
1858
|
+- clamav-milter:
|
|
1859
|
+ - include the virus name in the 550 rejection
|
|
1860
|
+ - support user defined template for virus notifications (--template-file)
|
|
1861
|
+ - sort quarantine messages by date
|
|
1862
|
+ - improve thread management
|
|
1863
|
+ - add X-Virus-Scanned and X-Infected-Received-From: headers
|
|
1864
|
+ - improve load balancing (when using remote servers with --server)
|
|
1865
|
+ - send 554 after DATA received, not 550
|
|
1866
|
+ - save PID (--pidfile)
|
|
1867
|
+
|
|
1868
|
+- documentation:
|
|
1869
|
+ - German clamdoc.pdf translation (Rupert Roesler-Schmidt and Karina
|
|
1870
|
+ Schwarz, uplink coherent solutions, http://www.uplink.at)
|
|
1871
|
+ - new Japanese documentation (Masaki Ogawa)
|
1873
|
1872
|
|
1874
|
1873
|
--
|
1875
|
1874
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1876
|
1875
|
|
1877
|
|
-
|
1878
|
|
-
|
1879
|
|
-0.70
|
|
1876
|
+## 0.70
|
1880
|
1877
|
|
1881
|
1878
|
The two major changes in this version are new thread manager in clamd
|
1882
|
1879
|
and support for decoding MS Office VBA macros. Both of them have been
|
1883
|
1880
|
implemented by Trog. Besides, there are many improvements and bugfixes
|
1884
|
1881
|
(all listed in ChangeLog), a short summary:
|
1885
|
1882
|
|
1886
|
|
--) clamd
|
1887
|
|
- + new thread manager (with better SMP support)
|
1888
|
|
- + on-access scanning now also available on FreeBSD (with Dazuko 2.0)
|
1889
|
|
- + new directive ArchiveBlockEncrypted
|
1890
|
|
- + new directive ReadTimeout (replaces ThreadTimeout)
|
1891
|
|
- + handle SIGHUP (re-open logfile) and SIGUSR2 (reload database)
|
1892
|
|
- + respect TCPAddr in stream scanner
|
1893
|
|
-
|
1894
|
|
--) clamav-milter:
|
1895
|
|
- + TCPWrappers support
|
1896
|
|
-
|
1897
|
|
--) libclamav:
|
1898
|
|
- + support MS Office documents (OLE2) and VBA macro decoding
|
1899
|
|
- + support encrypted archive detection
|
1900
|
|
- + new flags: CL_OLE2, CL_ENCRYPTED (see clamdoc.pdf, Section 6.1)
|
1901
|
|
- + improve virus detection in big files
|
1902
|
|
- + improve support for multipart, bounce and embedded RFC822 messages
|
1903
|
|
- + improve RAR support
|
1904
|
|
- + include backup snprintf implementation
|
1905
|
|
-
|
1906
|
|
--) clamscan:
|
1907
|
|
- + new option: --block-encrypted
|
1908
|
|
-
|
1909
|
|
--) freshclam
|
1910
|
|
- + new option: --pid, -p (write pid file if run as daemon)
|
1911
|
|
- + handle SIGHUP (re-open logfile), SIGTERM (terminate with log message),
|
1912
|
|
- SIGALRM and SIGUSR1 (wake up and check mirror)
|
1913
|
|
- + fix bug with -u and -c handling
|
1914
|
|
-
|
1915
|
|
--) contrib
|
1916
|
|
- + windows clamd client now available with source code
|
1917
|
|
-
|
1918
|
|
--) documentation:
|
1919
|
|
- + new Polish documentation on ClamAV and Samba integration
|
1920
|
|
- + official documentation updated
|
1921
|
|
-
|
|
1883
|
+- clamd
|
|
1884
|
+ - new thread manager (with better SMP support)
|
|
1885
|
+ - on-access scanning now also available on FreeBSD (with Dazuko 2.0)
|
|
1886
|
+ - new directive ArchiveBlockEncrypted
|
|
1887
|
+ - new directive ReadTimeout (replaces ThreadTimeout)
|
|
1888
|
+ - handle SIGHUP (re-open logfile) and SIGUSR2 (reload database)
|
|
1889
|
+ - respect TCPAddr in stream scanner
|
|
1890
|
+
|
|
1891
|
+- clamav-milter:
|
|
1892
|
+ - TCPWrappers support
|
|
1893
|
+
|
|
1894
|
+- libclamav:
|
|
1895
|
+ - support MS Office documents (OLE2) and VBA macro decoding
|
|
1896
|
+ - support encrypted archive detection
|
|
1897
|
+ - new flags: CL_OLE2, CL_ENCRYPTED (see clamdoc.pdf, Section 6.1)
|
|
1898
|
+ - improve virus detection in big files
|
|
1899
|
+ - improve support for multipart, bounce and embedded RFC822 messages
|
|
1900
|
+ - improve RAR support
|
|
1901
|
+ - include backup snprintf implementation
|
|
1902
|
+
|
|
1903
|
+- clamscan:
|
|
1904
|
+ - new option: --block-encrypted
|
|
1905
|
+
|
|
1906
|
+- freshclam
|
|
1907
|
+ - new option: --pid, -p (write pid file if run as daemon)
|
|
1908
|
+ - handle SIGHUP (re-open logfile), SIGTERM (terminate with log message),
|
|
1909
|
+ SIGALRM and SIGUSR1 (wake up and check mirror)
|
|
1910
|
+ - fix bug with -u and -c handling
|
|
1911
|
+
|
|
1912
|
+- contrib
|
|
1913
|
+ - windows clamd client now available with source code
|
|
1914
|
+
|
|
1915
|
+- documentation:
|
|
1916
|
+ - new Polish documentation on ClamAV and Samba integration
|
|
1917
|
+ - official documentation updated
|
1922
|
1918
|
|
1923
|
1919
|
Special thanks to Dirk Mueller <mueller*kde.org> for his code review,
|
1924
|
1920
|
many bugfixes and cleanups.
|
1925
|
1921
|
|
1926
|
|
-
|
1927
|
1922
|
Thanks to the help of many companies we have 49 very fast and reliable
|
1928
|
1923
|
virus database mirrors in 22 regions and the number is still growing.
|
1929
|
1924
|
As of March 2004 we attempt to redirect our users to the closest pool
|
...
|
...
|
@@ -1936,61 +1829,58 @@ db.other.clamav.net. Our advanced push-mirroring mechanism (maintained by
|
1936
|
1936
|
Luca Gibelli) allows database maintainers to update all the mirrors in less
|
1937
|
1937
|
than one minute !
|
1938
|
1938
|
|
1939
|
|
-
|
1940
|
1939
|
There will be no major feature enhancements in the 0.7x series. Our work
|
1941
|
1940
|
will be concentrated on a new scanning engine and preliminary heuristics -
|
1942
|
1941
|
please help us and test CVS snapshots from time to time.
|
1943
|
1942
|
|
1944
|
|
-
|
1945
|
1943
|
We are happy to announce new programs with support for ClamAV (all of them
|
1946
|
1944
|
have been reviewed by our team - more info in the documentation and
|
1947
|
1945
|
on our website: https://www.clamav.net/download.html#tools):
|
1948
|
1946
|
|
1949
|
|
- + ClamWin - a GUI for Windows (!)
|
1950
|
|
- + KlamAV - a collection of GUI tools for using ClamAV on KDE
|
1951
|
|
- + clamscan-procfilter - a Perl procmail filter
|
1952
|
|
- + j-chkmail - a powerful filter for sendmail
|
1953
|
|
- + qscanq - Virus Scanning for Qmail
|
1954
|
|
- + clamavr - a Ruby binding for ClamAV
|
1955
|
|
- + DansGuardian Anti-Virus Plugin
|
1956
|
|
- + Viralator - a Perl script that virus scans http downloads
|
1957
|
|
- + ClamAssassin - a filter for procmail
|
1958
|
|
- + Gadoyanvirus - a filter for Qmail
|
1959
|
|
- + OpenProtect - a complete e-mail protection solution
|
1960
|
|
- + RevolSys SMTP kit for Postfix - an antispam/antivirus tools installation
|
1961
|
|
- + POP3 Virus Scanner Daemon
|
1962
|
|
- + mailman-clamav - a virus filter for Mailman
|
1963
|
|
- + wbmclamav - a webmin module to manage ClamAV
|
1964
|
|
- + Scan Log Analyzer
|
1965
|
|
- + mailgraph - a RRDtool frontend for Postfix Statistics
|
1966
|
|
- + INSERT - a security toolkit on a credit card size CD
|
1967
|
|
- + Local Area Security - a Live CD Linux distribution
|
|
1947
|
+- ClamWin - a GUI for Windows (!)
|
|
1948
|
+- KlamAV - a collection of GUI tools for using ClamAV on KDE
|
|
1949
|
+- clamscan-procfilter - a Perl procmail filter
|
|
1950
|
+- j-chkmail - a powerful filter for sendmail
|
|
1951
|
+- qscanq - Virus Scanning for Qmail
|
|
1952
|
+- clamavr - a Ruby binding for ClamAV
|
|
1953
|
+- DansGuardian Anti-Virus Plugin
|
|
1954
|
+- Viralator - a Perl script that virus scans http downloads
|
|
1955
|
+- ClamAssassin - a filter for procmail
|
|
1956
|
+- Gadoyanvirus - a filter for Qmail
|
|
1957
|
+- OpenProtect - a complete e-mail protection solution
|
|
1958
|
+- RevolSys SMTP kit for Postfix - an antispam/antivirus tools installation
|
|
1959
|
+- POP3 Virus Scanner Daemon
|
|
1960
|
+- mailman-clamav - a virus filter for Mailman
|
|
1961
|
+- wbmclamav - a webmin module to manage ClamAV
|
|
1962
|
+- Scan Log Analyzer
|
|
1963
|
+- mailgraph - a RRDtool frontend for Postfix Statistics
|
|
1964
|
+- INSERT - a security toolkit on a credit card size CD
|
|
1965
|
+- Local Area Security - a Live CD Linux distribution
|
1968
|
1966
|
|
1969
|
1967
|
--
|
1970
|
1968
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
1971
|
1969
|
April 17, 2004
|
1972
|
1970
|
|
|
1971
|
+## 0.68-1
|
1973
|
1972
|
|
1974
|
|
-0.68-1
|
1975
|
1973
|
Fixed RAR support.
|
1976
|
1974
|
|
1977
|
|
-0.68
|
|
1975
|
+## 0.68
|
|
1976
|
+
|
1978
|
1977
|
This version fixes a crash with some RAR archives generated by the Bagle worm,
|
1979
|
1978
|
also a few important fixes have been backported from CVS.
|
1980
|
1979
|
|
1981
|
1980
|
We strongly encourage users to install the 0.70-rc version (released today).
|
1982
|
1981
|
|
1983
|
|
-0.67
|
|
1982
|
+## 0.67
|
|
1983
|
+
|
1984
|
1984
|
This release fixes a memory management problem (platform dependent; can lead
|
1985
|
1985
|
to a DoS attack) with messages that only have attachments (reported by Oliver
|
1986
|
1986
|
Brandmueller). It also contains patches for a few problems found in 0.66 and
|
1987
|
1987
|
has better Cygwin support.
|
1988
|
1988
|
|
1989
|
|
-0.66
|
|
1989
|
+## 0.66
|
|
1990
|
+
|
1990
|
1991
|
This version is a response to the "clamav 0.65 remote DOS exploit" information
|
1991
|
1992
|
published on popular security-related mailing lists. Unfortunately we had
|
1992
|
1993
|
not been contacted by the author before he published that and had to release
|
...
|
...
|
@@ -1999,61 +1889,60 @@ was not vulnerable to the exploit). Untested code has been disabled also
|
1999
|
1999
|
the Dazuko support is temporarily not available (if you really need it please
|
2000
|
2000
|
use a CVS version or wait for a next stable release). Other noteworthy changes:
|
2001
|
2001
|
|
2002
|
|
--) clamd:
|
2003
|
|
- + fixed database timestamp handling (and a double reload problem reported
|
2004
|
|
- by Alex Pleiner and Ole Stanstrup)
|
2005
|
|
- + new directive: ArchiveMaxCompressionRatio
|
2006
|
|
- + new command: SESSION (starts a clamd session and allows to do multiple
|
2007
|
|
- commands per TCP session)
|
2008
|
|
- + new directives: TemporaryDirectory, LogClean (Andrey V. Malyshev)
|
2009
|
|
-
|
2010
|
|
--) clamav-milter: (Nigel Horne)
|
2011
|
|
- + added support for AllowSupplementaryGroups and ThreadTimeout
|
2012
|
|
- + added --quarantine-dir (thanks to Michael Dankov)
|
2013
|
|
- + added --noreject (thanks to Vijay Sarvepalli)
|
2014
|
|
- + added --headers (thanks Leonid Zeitlin)
|
2015
|
|
- + added --sign option
|
2016
|
|
-
|
2017
|
|
--) libclamav:
|
2018
|
|
- + detect Worm.SCO.A bounces (Nigel)
|
2019
|
|
- + prevent buffer overflow in broken uuencoded files (Nigel)
|
2020
|
|
- + scan multipart alternatives that have no boundaries (Nigel)
|
2021
|
|
- + better handling of encapsulated messages (Nigel)
|
2022
|
|
- + locate uuencoded viruses hidden in text portions of multipart/mixed
|
2023
|
|
- mime messages (Nigel)
|
2024
|
|
- + initial support for BinHex (Nigel)
|
2025
|
|
- + fixed a mail recursion loop (problem reported by Alex Kah and Kristof
|
2026
|
|
- Petr)
|
2027
|
|
- + fixed bzip2 memory limit (improper call suggested by the buggy libbz2
|
2028
|
|
- documentation, problem reported by Tomasz Klim)
|
2029
|
|
- + fixed on error descriptor leak in CVD unpacker (Thomas Lamy)
|
2030
|
|
- + fixed memory leak in digital signature verification code (Thomas Lamy)
|
2031
|
|
- + added maximal compression ratio limit (cl_limits->maxratio)
|
2032
|
|
-
|
2033
|
|
--) clamscan:
|
2034
|
|
- + support for multiple arguments on command line (Thomas Lamy)
|
2035
|
|
- + fixed buffer overflow in --move (Denis De Messemacker)
|
2036
|
|
- + removed support for sendfile() under Linux
|
2037
|
|
-
|
2038
|
|
--) freshclam:
|
2039
|
|
- + support for freshclam.conf (that may be optionally merged with
|
2040
|
|
- clamav.conf, command line options overwrite config settings)
|
2041
|
|
- + work-around for potential database downgrade (subtle problem
|
2042
|
|
- in r-r dns handling) - reported by Daniel Mario Vega and patched
|
2043
|
|
- by Luca Gibelli
|
2044
|
|
-
|
2045
|
|
--) sigtool:
|
2046
|
|
- + list virus names with --list-sigs (-l)
|
2047
|
|
-
|
2048
|
|
--) contrib:
|
2049
|
|
- + clamdwatch (by Mike Cathey)
|
2050
|
|
- + windows clamd client with drag&drop support (Nigel Horne)
|
2051
|
|
-
|
2052
|
|
--) documentation:
|
2053
|
|
- + complete clamdoc.pdf French translation by Stephane Jeannenot
|
2054
|
|
- + Polish how-to on ClamAV and Sendmail integration (with clamav-milter)
|
2055
|
|
- by Przemyslaw Holowczyc
|
2056
|
|
-
|
|
2002
|
+- clamd:
|
|
2003
|
+ - fixed database timestamp handling (and a double reload problem reported
|
|
2004
|
+ by Alex Pleiner and Ole Stanstrup)
|
|
2005
|
+ - new directive: ArchiveMaxCompressionRatio
|
|
2006
|
+ - new command: SESSION (starts a clamd session and allows to do multiple
|
|
2007
|
+ commands per TCP session)
|
|
2008
|
+ - new directives: TemporaryDirectory, LogClean (Andrey V. Malyshev)
|
|
2009
|
+
|
|
2010
|
+- clamav-milter: (Nigel Horne)
|
|
2011
|
+ - added support for AllowSupplementaryGroups and ThreadTimeout
|
|
2012
|
+ - added --quarantine-dir (thanks to Michael Dankov)
|
|
2013
|
+ - added --noreject (thanks to Vijay Sarvepalli)
|
|
2014
|
+ - added --headers (thanks Leonid Zeitlin)
|
|
2015
|
+ - added --sign option
|
|
2016
|
+
|
|
2017
|
+- libclamav:
|
|
2018
|
+ - detect Worm.SCO.A bounces (Nigel)
|
|
2019
|
+ - prevent buffer overflow in broken uuencoded files (Nigel)
|
|
2020
|
+ - scan multipart alternatives that have no boundaries (Nigel)
|
|
2021
|
+ - better handling of encapsulated messages (Nigel)
|
|
2022
|
+ - locate uuencoded viruses hidden in text portions of multipart/mixed
|
|
2023
|
+ mime messages (Nigel)
|
|
2024
|
+ - initial support for BinHex (Nigel)
|
|
2025
|
+ - fixed a mail recursion loop (problem reported by Alex Kah and Kristof
|
|
2026
|
+ Petr)
|
|
2027
|
+ - fixed bzip2 memory limit (improper call suggested by the buggy libbz2
|
|
2028
|
+ documentation, problem reported by Tomasz Klim)
|
|
2029
|
+ - fixed on error descriptor leak in CVD unpacker (Thomas Lamy)
|
|
2030
|
+ - fixed memory leak in digital signature verification code (Thomas Lamy)
|
|
2031
|
+ - added maximal compression ratio limit (cl_limits->maxratio)
|
|
2032
|
+
|
|
2033
|
+- clamscan:
|
|
2034
|
+ - support for multiple arguments on command line (Thomas Lamy)
|
|
2035
|
+ - fixed buffer overflow in --move (Denis De Messemacker)
|
|
2036
|
+ - removed support for sendfile() under Linux
|
|
2037
|
+
|
|
2038
|
+- freshclam:
|
|
2039
|
+ - support for freshclam.conf (that may be optionally merged with
|
|
2040
|
+ clamav.conf, command line options overwrite config settings)
|
|
2041
|
+ - work-around for potential database downgrade (subtle problem
|
|
2042
|
+ in r-r dns handling) - reported by Daniel Mario Vega and patched
|
|
2043
|
+ by Luca Gibelli
|
|
2044
|
+
|
|
2045
|
+- sigtool:
|
|
2046
|
+ - list virus names with --list-sigs (-l)
|
|
2047
|
+
|
|
2048
|
+- contrib:
|
|
2049
|
+ - clamdwatch (by Mike Cathey)
|
|
2050
|
+ - windows clamd client with drag&drop support (Nigel Horne)
|
|
2051
|
+
|
|
2052
|
+- documentation:
|
|
2053
|
+ - complete clamdoc.pdf French translation by Stephane Jeannenot
|
|
2054
|
+ - Polish how-to on ClamAV and Sendmail integration (with clamav-milter)
|
|
2055
|
+ by Przemyslaw Holowczyc
|
2057
|
2056
|
|
2058
|
2057
|
News:
|
2059
|
2058
|
|
...
|
...
|
@@ -2064,57 +1953,51 @@ vendors:
|
2064
|
2064
|
http://sourceforge.net/mailarchive/forum.php?thread_id=3764826&forum_id=34654
|
2065
|
2065
|
http://www.pcwelt.de/news/viren_bugs/37278/4.html
|
2066
|
2066
|
|
2067
|
|
-
|
2068
|
2067
|
clamav-devel is finally able to decode OLE2 (Microsoft Office) files and
|
2069
|
2068
|
decompress VBA streams ! The code is developed by Trog, official ClamAV
|
2070
|
2069
|
developer. Also we're testing new clamd implementation that will solve
|
2071
|
2070
|
several important problems (especially that "Time out" related). Please
|
2072
|
2071
|
help us and test the latest CVS version.
|
2073
|
2072
|
|
2074
|
|
-
|
2075
|
2073
|
The virus database now contains more than 20.000 signatures ! On January 8,
|
2076
|
2074
|
Denis De Messemacker (who joined our team 3 months ago) added signatures for
|
2077
|
2075
|
about 7700 new viruses. Also special thanks go to Tomasz Papszun for his
|
2078
|
2076
|
hard work on daily submissions and forcing us to keep ClamAV quality on
|
2079
|
2077
|
the highest possible level.
|
2080
|
2078
|
|
2081
|
|
-
|
2082
|
2079
|
New mirroring mechanisms. Luca Gibelli (ClamAV) and mirror administrators
|
2083
|
2080
|
(22 sites) are converting mirrors to new "push mirroring"
|
2084
|
2081
|
method. It uses advanced techniques to ensure all the mirrors are up to date.
|
2085
|
2082
|
More info: https://www.clamav.net/documents/introduction
|
2086
|
2083
|
|
2087
|
|
-
|
2088
|
2084
|
We would like to thank our donors:
|
2089
|
2085
|
|
2090
|
|
- * Jeremy Garcia (http://www.linuxquestions.org)
|
2091
|
|
- * Andries Filmer (http://www.netexpo.nl)
|
2092
|
|
- * David Eriksson (http://www.2good.nu)
|
2093
|
|
- * Dynamic Network Services, Inc (http://www.dyndns.org)
|
2094
|
|
- * epublica
|
2095
|
|
- * Invisik Corporation (http://www.invisik.com)
|
2096
|
|
- * Keith (http://www.textpad.com)
|
2097
|
|
- * Explido Software USA Inc. (http://www.explido.us)
|
2098
|
|
- * cheahch from Singapore
|
2099
|
|
- * Electric Embers
|
2100
|
|
- * Stephane Rault
|
2101
|
|
- * Brad Koehn
|
2102
|
|
- * David Farrick
|
2103
|
|
- * ActiveIntra.net Inc. (http://www.activeintra.net)
|
2104
|
|
- * An anonymous donor from Colorado, US
|
|
2086
|
+- Jeremy Garcia (http://www.linuxquestions.org)
|
|
2087
|
+- Andries Filmer (http://www.netexpo.nl)
|
|
2088
|
+- David Eriksson (http://www.2good.nu)
|
|
2089
|
+- Dynamic Network Services, Inc (http://www.dyndns.org)
|
|
2090
|
+- epublica
|
|
2091
|
+- Invisik Corporation (http://www.invisik.com)
|
|
2092
|
+- Keith (http://www.textpad.com)
|
|
2093
|
+- Explido Software USA Inc. (http://www.explido.us)
|
|
2094
|
+- cheahch from Singapore
|
|
2095
|
+- Electric Embers
|
|
2096
|
+- Stephane Rault
|
|
2097
|
+- Brad Koehn
|
|
2098
|
+- David Farrick
|
|
2099
|
+- ActiveIntra.net Inc. (http://www.activeintra.net)
|
|
2100
|
+- An anonymous donor from Colorado, US
|
2105
|
2101
|
|
2106
|
2102
|
--
|
2107
|
2103
|
Tomasz Kojm <tkojm*clamav.net>
|
2108
|
2104
|
February 10, 2004
|
2109
|
2105
|
|
|
2106
|
+## 0.65
|
2110
|
2107
|
|
2111
|
|
-0.65
|
2112
|
2108
|
IMPORTANT NOTE: The project has been moved into SourceForge. The only official
|
2113
|
|
- ClamAV's homepage is www.clamav.net (however clamav.elektrapro.
|
2114
|
|
- com still works). We would like to thank ElektraPro.com for
|
2115
|
|
- their support for the open-source community - THANKS !
|
2116
|
|
-
|
|
2109
|
+ClamAV's homepage is www.clamav.net (however clamav.elektrapro.
|
|
2110
|
+com still works). We would like to thank ElektraPro.com for
|
|
2111
|
+their support for the open-source community - THANKS !
|
2117
|
2112
|
|
2118
|
2113
|
ClamAV 0.65 introduces a new database container file format (called CVD) with
|
2119
|
2114
|
support for digital signatures and compression. Please remove the old
|
...
|
...
|
@@ -2127,60 +2010,60 @@ document and contact our administrator - Luca Gibelli <nervous*clamav.net>.
|
2127
|
2127
|
|
2128
|
2128
|
Noteworthy changes in this version:
|
2129
|
2129
|
|
2130
|
|
--) clamd:
|
2131
|
|
- + fixed a race condition in database reloading code (random crashes
|
2132
|
|
- under high load)
|
2133
|
|
- + fixed a race condition with the improperly initialized session start time
|
2134
|
|
- (thanks to Michael Dankov)
|
2135
|
|
- + fixed PidFile permissions (Magnus Ekdahl, bug reported by Tomasz Papszun)
|
2136
|
|
- + fixed LogFile permissions (Magnus Ekdahl)
|
2137
|
|
- + new directive ScanRAR (because RAR support is now disabled by default)
|
2138
|
|
- + new directive VirusEvent
|
2139
|
|
- + new directive FixStaleSocket (Thomas Lamy and Mark Mielke)
|
2140
|
|
- + new directive TCPAddr (Bernard Quatermass, fixed by Damien Curtain)
|
2141
|
|
- + new directive Debug
|
2142
|
|
-
|
2143
|
|
--) clamav-milter: (Nigel Horne <njh*clamav.net>)
|
2144
|
|
- + new --force-scan flag
|
2145
|
|
- + new -P and -q flags by Nicholas M. Kirsch
|
|
2130
|
+- clamd:
|
|
2131
|
+ - fixed a race condition in database reloading code (random crashes
|
|
2132
|
+ under high load)
|
|
2133
|
+ - fixed a race condition with the improperly initialized session start time
|
|
2134
|
+ (thanks to Michael Dankov)
|
|
2135
|
+ - fixed PidFile permissions (Magnus Ekdahl, bug reported by Tomasz Papszun)
|
|
2136
|
+ - fixed LogFile permissions (Magnus Ekdahl)
|
|
2137
|
+ - new directive ScanRAR (because RAR support is now disabled by default)
|
|
2138
|
+ - new directive VirusEvent
|
|
2139
|
+ - new directive FixStaleSocket (Thomas Lamy and Mark Mielke)
|
|
2140
|
+ - new directive TCPAddr (Bernard Quatermass, fixed by Damien Curtain)
|
|
2141
|
+ - new directive Debug
|
|
2142
|
+
|
|
2143
|
+- clamav-milter: (Nigel Horne <njh*clamav.net>)
|
|
2144
|
+ - new --force-scan flag
|
|
2145
|
+ - new -P and -q flags by Nicholas M. Kirsch
|
2146
|
2146
|
WARNING: clamav-milter and our mail scanner are still in high development
|
2147
|
|
- and may be unstable. You should always use the CVS version.
|
2148
|
|
-
|
2149
|
|
--) libclamav:
|
2150
|
|
- + support for a new database container format (CVD) - compressed and
|
2151
|
|
- digitally signed
|
2152
|
|
- + better protection against malformed zip archives (such as Mimail)
|
2153
|
|
- + mail decoder fixes (thanks to Rene Bellora, Bernd Kuhls, Thomas Lamy,
|
2154
|
|
- Tomasz Papszun) (Nigel Horne)
|
2155
|
|
- + memory leak fixes (Thomas Lamy)
|
2156
|
|
- + new scan option CL_DISABLERAR (disables built-in RAR unpacker)
|
2157
|
|
-
|
2158
|
|
--) freshclam:
|
2159
|
|
- + fixed --on-error-execute behaviour (David Woakes)
|
2160
|
|
- + new option --user (-u) USER - run as USER instead of the default user.
|
2161
|
|
- Patch by Damien Curtain.
|
2162
|
|
- + rewritten to use database.clamav.net and CVD
|
2163
|
|
-
|
2164
|
|
--) documentation:
|
2165
|
|
- + new Spanish documentation on ClamAV and Sendmail integration by
|
2166
|
|
- Erick Ivaan Lopez Carreon
|
2167
|
|
- + included clamdoc.pdf Turkish translation by yavuz kaya and �brahim erken
|
2168
|
|
- + included clamav-mirror-howto.pdf by Luca Gibelli
|
2169
|
|
- + included clamd+daemontools HOWTO by Jesse D. Guardiani
|
2170
|
|
- + included signatures.pdf
|
2171
|
|
- + man pages: updated
|
2172
|
|
- + clamdoc.pdf: rewritten
|
|
2147
|
+ and may be unstable. You should always use the CVS version.
|
|
2148
|
+
|
|
2149
|
+- libclamav:
|
|
2150
|
+ - support for a new database container format (CVD) - compressed and
|
|
2151
|
+ digitally signed
|
|
2152
|
+ - better protection against malformed zip archives (such as Mimail)
|
|
2153
|
+ - mail decoder fixes (thanks to Rene Bellora, Bernd Kuhls, Thomas Lamy,
|
|
2154
|
+ Tomasz Papszun) (Nigel Horne)
|
|
2155
|
+ - memory leak fixes (Thomas Lamy)
|
|
2156
|
+ - new scan option CL_DISABLERAR (disables built-in RAR unpacker)
|
|
2157
|
+
|
|
2158
|
+- freshclam:
|
|
2159
|
+ - fixed --on-error-execute behaviour (David Woakes)
|
|
2160
|
+ - new option --user (-u) USER - run as USER instead of the default user.
|
|
2161
|
+ Patch by Damien Curtain.
|
|
2162
|
+ - rewritten to use database.clamav.net and CVD
|
|
2163
|
+
|
|
2164
|
+- documentation:
|
|
2165
|
+ - new Spanish documentation on ClamAV and Sendmail integration by
|
|
2166
|
+ Erick Ivaan Lopez Carreon
|
|
2167
|
+ - included clamdoc.pdf Turkish translation by yavuz kaya and �brahim erken
|
|
2168
|
+ - included clamav-mirror-howto.pdf by Luca Gibelli
|
|
2169
|
+ - included clamd+daemontools HOWTO by Jesse D. Guardiani
|
|
2170
|
+ - included signatures.pdf
|
|
2171
|
+ - man pages: updated
|
|
2172
|
+ - clamdoc.pdf: rewritten
|
2173
|
2173
|
|
2174
|
2174
|
New members of our list of ClamAV certified software (see clamdoc.pdf for
|
2175
|
2175
|
details):
|
2176
|
|
- + cgpav
|
2177
|
|
- + smtp-vilter
|
2178
|
|
- + IVS Milter
|
2179
|
|
- + scanexi
|
2180
|
|
- + Mail::ClamAV
|
2181
|
|
- + OpenAntiVirus samba-vscan
|
2182
|
|
- + Sylpheed Claws
|
2183
|
|
- + nclamd
|
|
2176
|
+ - cgpav
|
|
2177
|
+ - smtp-vilter
|
|
2178
|
+ - IVS Milter
|
|
2179
|
+ - scanexi
|
|
2180
|
+ - Mail::ClamAV
|
|
2181
|
+ - OpenAntiVirus samba-vscan
|
|
2182
|
+ - Sylpheed Claws
|
|
2183
|
+ - nclamd
|
2184
|
2184
|
|
2185
|
2185
|
Thanks to Mia Kalenius and Sergei Pronin we have a new official logo !
|
2186
|
2186
|
|
...
|
...
|
@@ -2190,10 +2073,7 @@ Thank you for using ClamAV !
|
2190
|
2190
|
Tomasz Kojm <tkojm*clamav.net>
|
2191
|
2191
|
November 12, 2003
|
2192
|
2192
|
|
2193
|
|
-
|
2194
|
|
-
|
2195
|
|
-0.60
|
|
2193
|
+## 0.60
|
2196
|
2194
|
|
2197
|
2195
|
Hello again...
|
2198
|
2196
|
|
...
|
...
|
@@ -2205,21 +2085,19 @@ for Sendmail/milter written entirely in C, which uses clamd for virus scanning.
|
2205
|
2205
|
Clamav-milter and clamd duet is a powerful solution for systems where high
|
2206
|
2206
|
performance is required. Please check clamdoc for more detail.
|
2207
|
2207
|
|
2208
|
|
-
|
2209
|
2208
|
Many people get confused with ClamAV database status because of
|
2210
|
2209
|
the OpenAntiVirus update information at:
|
2211
|
|
- http://openantivirus.org/latest.php
|
|
2210
|
+ http://openantivirus.org/latest.php
|
2212
|
2211
|
(last update at 17 October, 2002). The ClamAV virus database contains
|
2213
|
2212
|
the OAV database (with some signatures fixed or removed) but we
|
2214
|
2213
|
develop it independently of the OAV project. Our database is updated
|
2215
|
2214
|
frequently (on average 4-5 times a week). You can help (or join) us -
|
2216
|
2215
|
will find some basic but useful instructions at
|
2217
|
|
- http://clamav.elektrapro.com/doc/signatures.pdf
|
2218
|
|
-
|
|
2216
|
+ http://clamav.elektrapro.com/doc/signatures.pdf
|
2219
|
2217
|
|
2220
|
2218
|
News from ClamAV world:
|
2221
|
2219
|
|
2222
|
|
--) New email address for virus submitting: virus@clamav.elektrapro.com
|
|
2220
|
+- New email address for virus submitting: virus@clamav.elektrapro.com
|
2223
|
2221
|
You don't need to encrypt a virus sample, but if your system doesn't allow
|
2224
|
2222
|
you to send infected files just put it into an encrypted zip archive
|
2225
|
2223
|
(password: virus)
|
...
|
...
|
@@ -2227,117 +2105,115 @@ News from ClamAV world:
|
2227
|
2227
|
Special thanks to Nicholas Chua, Diego D'Ambra, Hrvoje Habjanic, Nigel Kukard
|
2228
|
2228
|
and Chris van Meerendonk for a big number of samples submitted.
|
2229
|
2229
|
|
2230
|
|
--) New mailing list: virusdb@clamav.elektrapro.com
|
|
2230
|
+- New mailing list: virusdb@clamav.elektrapro.com
|
2231
|
2231
|
After each update an email with subject "[clamav-virusdb] Update" and a list
|
2232
|
2232
|
of viruses added is sent to it. You can set up a procmail rule for freshclam
|
2233
|
2233
|
to react on such a mails (and update the database just after an update).
|
2234
|
2234
|
|
2235
|
|
--) New official mirrors:
|
2236
|
|
- + clamav.ozforces.com: database mirror updated manually (thanks to
|
2237
|
|
- Andrew <andrew@ozforces.com>)
|
2238
|
|
- + clamav.essentkabel.com: full (automatic) mirror of clamav.elektrapro.com
|
2239
|
|
- (thanks to Chris van Meerendonk <cvm@castel.nl>)
|
2240
|
|
- + clamav.linux-sxs.org: database mirror - rsync from clamav.ozforces.com
|
2241
|
|
- (thanks to Douglas J Hunley <doug@hunley.homeip.net>)
|
|
2235
|
+- New official mirrors:
|
|
2236
|
+ - clamav.ozforces.com: database mirror updated manually (thanks to
|
|
2237
|
+ Andrew <andrew@ozforces.com>)
|
|
2238
|
+ - clamav.essentkabel.com: full (automatic) mirror of clamav.elektrapro.com
|
|
2239
|
+ (thanks to Chris van Meerendonk <cvm@castel.nl>)
|
|
2240
|
+ - clamav.linux-sxs.org: database mirror - rsync from clamav.ozforces.com
|
|
2241
|
+ (thanks to Douglas J Hunley <doug@hunley.homeip.net>)
|
2242
|
2242
|
|
2243
|
2243
|
Freshclam will automatically use them when the main server is not
|
2244
|
2244
|
accessible.
|
2245
|
2245
|
|
2246
|
|
--) Official port in FreeBSD available ! (maintained by Masahiro Teramoto
|
|
2246
|
+- Official port in FreeBSD available ! (maintained by Masahiro Teramoto
|
2247
|
2247
|
<markun@onohara.to>)
|
2248
|
2248
|
|
2249
|
|
--) Unofficial port for OpenBSD is available at:
|
|
2249
|
+- Unofficial port for OpenBSD is available at:
|
2250
|
2250
|
http://www.activeintra.net/openbsd/article.php?id=5
|
2251
|
|
- (maintained by Flinn Mueller <flinn@activeintra.net>)
|
|
2251
|
+ (maintained by Flinn Mueller <flinn@activeintra.net>)
|
2252
|
2252
|
|
2253
|
|
--) there are many new programs that use ClamAV, eg. mod_clamav (Apache
|
2254
|
|
- virus scanning filter), clamdmail or Sagator. You will find more
|
2255
|
|
- info in clamdoc.
|
|
2253
|
+- there are many new programs that use ClamAV, eg. mod_clamav (Apache
|
|
2254
|
+ virus scanning filter), clamdmail or Sagator. You will find more
|
|
2255
|
+ info in clamdoc.
|
2256
|
2256
|
|
2257
|
2257
|
Changes:
|
2258
|
2258
|
|
2259
|
|
--) libclamav:
|
2260
|
|
- + fixed buffer overflow in unrarlib (patch by Robbert Kouprie
|
2261
|
|
- <robbert@exx.nl>)
|
2262
|
|
-
|
2263
|
|
- + various mbox code updates (fixed memory leak; added support for decoding
|
2264
|
|
- viruses sent in message bodies, detection of viruses that put their
|
2265
|
|
- payloads after the end of message marker (thanks to Stephen White
|
2266
|
|
- <stephen@earth.li> for the bug report and useful CGI tools);
|
2267
|
|
-
|
2268
|
|
- + zziplib updated to 0.10.81 (some problems with older version were reported
|
2269
|
|
- by Martin Schitter)
|
2270
|
|
- + direct scanning of mbox/maildir files (new directive CL_MAIL)
|
2271
|
|
- + file scanner optimization (patch by Hendrik Muhs
|
2272
|
|
- <Hendrik.Muhs@student.uni-magdeburg.de>)
|
2273
|
|
- + bzip2 support
|
2274
|
|
- + faster detection of malformed Zip archives (eg. 'Zip of Death'), they are
|
2275
|
|
- reported as a viruses
|
2276
|
|
- + fixed strcasecmp() compile problem in zziplib on Free/NetBSD and others
|
2277
|
|
-
|
2278
|
|
-
|
2279
|
|
--) clamd:
|
2280
|
|
- + fixed descriptor leak in directory scanner - it was causing random
|
2281
|
|
- clamd crashes and locks, especially on highly loaded servers. Reported
|
2282
|
|
- by Kristof Petr <Kristof.P@fce.vutbr.cz>.
|
2283
|
|
-
|
2284
|
|
- + fixed crash with archive scanning on BSD (increased thread stack size)
|
2285
|
|
- (Nigel Horne)
|
2286
|
|
- + fixed CONTSCAN command (used by clamdscan) - it had archive support
|
2287
|
|
- disabled (hardcoded)
|
2288
|
|
- + fixed SelfCheck option (there was a logic bug, and the option was
|
2289
|
|
- disabled) it now checks a databases time stamps and reloads them
|
2290
|
|
- if needed.
|
2291
|
|
- + fixed possible writing to undefined descriptors (bug found by
|
2292
|
|
- Brian May <bam@debian.org>)
|
2293
|
|
- + new STREAM command (scanning data on socket) and directives:
|
2294
|
|
- StreamSaveToDisk (save stream to disk to allow scanning within archives),
|
2295
|
|
- StreamMaxLength. This option allows scanning data on socket (might be
|
2296
|
|
- sent from another host), currently only clamav-milter uses this.
|
2297
|
|
-
|
2298
|
|
- + new ScanMail directive for scanning into mbox/Maildir files
|
2299
|
|
- + new directive: ArchiveLimitMemoryUsage (limit memory usage with bzip2)
|
2300
|
|
- + new directive: AllowSupplementaryGroups (feature requested by Exiscan
|
2301
|
|
- users)
|
2302
|
|
- + syslog support (LogSyslog) (patch by Hrvoje Habjanic
|
2303
|
|
- <hrvoje.habjanic@zg.hinet.hr>)
|
2304
|
|
- + fixed parser segfault with extra space between option and argument
|
2305
|
|
- in config file (Magnus Ekdahl <magnus@debian.org>)
|
2306
|
|
-
|
2307
|
|
-
|
2308
|
|
--) clamscan:
|
2309
|
|
- + fixed --remove option (didn't work when the file was scanned with an
|
2310
|
|
- internal unpacker) (patch by Damien Curtain <damien@pagefault.org>)
|
2311
|
|
- + --move option for moving infected files into a specified directory
|
2312
|
|
- (by Damien Curtain <damien@pagefault.org>)
|
2313
|
|
- + --mbox enables a direct support for mbox files
|
2314
|
|
- (ex. clamscan --mbox /var/spool/mail)
|
2315
|
|
- + fixed --log (-l) option
|
2316
|
|
- + fixed -i option (patch by Magnus Ekdahl <magnus@debian.org>)
|
2317
|
|
- + enabled default archive limits (max-files = 500, max-size = 10M,
|
2318
|
|
- max-recursion = 5)
|
2319
|
|
- + use arj instead of non-free unarj (patch by Magnus Ekdahl)
|
2320
|
|
- + use unzoo instead of non-free zoo (patch by Magnus Ekdahl)
|
2321
|
|
- + removed thread support
|
|
2259
|
+- libclamav:
|
|
2260
|
+ - fixed buffer overflow in unrarlib (patch by Robbert Kouprie
|
|
2261
|
+ <robbert@exx.nl>)
|
|
2262
|
+
|
|
2263
|
+ - various mbox code updates (fixed memory leak; added support for decoding
|
|
2264
|
+ viruses sent in message bodies, detection of viruses that put their
|
|
2265
|
+ payloads after the end of message marker (thanks to Stephen White
|
|
2266
|
+ <stephen@earth.li> for the bug report and useful CGI tools);
|
|
2267
|
+
|
|
2268
|
+ - zziplib updated to 0.10.81 (some problems with older version were reported
|
|
2269
|
+ by Martin Schitter)
|
|
2270
|
+ - direct scanning of mbox/maildir files (new directive CL_MAIL)
|
|
2271
|
+ - file scanner optimization (patch by Hendrik Muhs
|
|
2272
|
+ <Hendrik.Muhs@student.uni-magdeburg.de>)
|
|
2273
|
+ - bzip2 support
|
|
2274
|
+ - faster detection of malformed Zip archives (eg. 'Zip of Death'), they are
|
|
2275
|
+ reported as a viruses
|
|
2276
|
+ - fixed strcasecmp() compile problem in zziplib on Free/NetBSD and others
|
|
2277
|
+
|
|
2278
|
+- clamd:
|
|
2279
|
+ - fixed descriptor leak in directory scanner - it was causing random
|
|
2280
|
+ clamd crashes and locks, especially on highly loaded servers. Reported
|
|
2281
|
+ by Kristof Petr <Kristof.P@fce.vutbr.cz>.
|
|
2282
|
+
|
|
2283
|
+ - fixed crash with archive scanning on BSD (increased thread stack size)
|
|
2284
|
+ (Nigel Horne)
|
|
2285
|
+ - fixed CONTSCAN command (used by clamdscan) - it had archive support
|
|
2286
|
+ disabled (hardcoded)
|
|
2287
|
+ - fixed SelfCheck option (there was a logic bug, and the option was
|
|
2288
|
+ disabled) it now checks a databases time stamps and reloads them
|
|
2289
|
+ if needed.
|
|
2290
|
+ - fixed possible writing to undefined descriptors (bug found by
|
|
2291
|
+ Brian May <bam@debian.org>)
|
|
2292
|
+ - new STREAM command (scanning data on socket) and directives:
|
|
2293
|
+ StreamSaveToDisk (save stream to disk to allow scanning within archives),
|
|
2294
|
+ StreamMaxLength. This option allows scanning data on socket (might be
|
|
2295
|
+ sent from another host), currently only clamav-milter uses this.
|
|
2296
|
+
|
|
2297
|
+ - new ScanMail directive for scanning into mbox/Maildir files
|
|
2298
|
+ - new directive: ArchiveLimitMemoryUsage (limit memory usage with bzip2)
|
|
2299
|
+ - new directive: AllowSupplementaryGroups (feature requested by Exiscan
|
|
2300
|
+ users)
|
|
2301
|
+ - syslog support (LogSyslog) (patch by Hrvoje Habjanic
|
|
2302
|
+ <hrvoje.habjanic@zg.hinet.hr>)
|
|
2303
|
+ - fixed parser segfault with extra space between option and argument
|
|
2304
|
+ in config file (Magnus Ekdahl <magnus@debian.org>)
|
|
2305
|
+
|
|
2306
|
+- clamscan:
|
|
2307
|
+ - fixed --remove option (didn't work when the file was scanned with an
|
|
2308
|
+ internal unpacker) (patch by Damien Curtain <damien@pagefault.org>)
|
|
2309
|
+ - --move option for moving infected files into a specified directory
|
|
2310
|
+ (by Damien Curtain <damien@pagefault.org>)
|
|
2311
|
+ - --mbox enables a direct support for mbox files
|
|
2312
|
+ (ex. clamscan --mbox /var/spool/mail)
|
|
2313
|
+ - fixed --log (-l) option
|
|
2314
|
+ - fixed -i option (patch by Magnus Ekdahl <magnus@debian.org>)
|
|
2315
|
+ - enabled default archive limits (max-files = 500, max-size = 10M,
|
|
2316
|
+ max-recursion = 5)
|
|
2317
|
+ - use arj instead of non-free unarj (patch by Magnus Ekdahl)
|
|
2318
|
+ - use unzoo instead of non-free zoo (patch by Magnus Ekdahl)
|
|
2319
|
+ - removed thread support
|
2322
|
2320
|
|
2323
|
2321
|
freshclam:
|
2324
|
|
- + mirror support (implemented by Damien Curtain <damien@pagefault.org>)
|
2325
|
|
- + --proxy-user: proxy authorization support (implemented by Gernot Tenchio
|
2326
|
|
- <g.tenchio@telco-tech.de>)
|
2327
|
|
- + new options --on-error-execute, --on-update-execute
|
2328
|
|
- (ex. freshclam -d -c 6 --on-error-execute "sendsms 23332243 Can't
|
2329
|
|
- update virus database"). Idea by Douglas J Hunley <doug@hunley.homeip.net>
|
|
2322
|
+ - mirror support (implemented by Damien Curtain <damien@pagefault.org>)
|
|
2323
|
+ - --proxy-user: proxy authorization support (implemented by Gernot Tenchio
|
|
2324
|
+ <g.tenchio@telco-tech.de>)
|
|
2325
|
+ - new options --on-error-execute, --on-update-execute
|
|
2326
|
+ (ex. freshclam -d -c 6 --on-error-execute "sendsms 23332243 Can't
|
|
2327
|
+ update virus database"). Idea by Douglas J Hunley <doug@hunley.homeip.net>
|
2330
|
2328
|
|
2331
|
2329
|
configure:
|
2332
|
|
- + --disable-cr (don't link with C reentrant library (needed on some newer
|
2333
|
|
- versions of OpenBSD))
|
|
2330
|
+ - --disable-cr (don't link with C reentrant library (needed on some newer
|
|
2331
|
+ versions of OpenBSD))
|
2334
|
2332
|
|
2335
|
|
--) Enhanced AIX (thanks to Mike Loewen <mloewen@sturgeon.cac.psu.edu>) and
|
|
2333
|
+- Enhanced AIX (thanks to Mike Loewen <mloewen@sturgeon.cac.psu.edu>) and
|
2336
|
2334
|
Tru64 support (thanks to Christophe Varoqui <ext.devoteam.varoqui@sncf.fr>)
|
2337
|
2335
|
|
2338
|
|
--) documentation:
|
2339
|
|
- + included how-to in Portugese by Alexandre de Jesus Marcolino
|
2340
|
|
- + clamdoc.pdf and system manual updates
|
|
2336
|
+- documentation:
|
|
2337
|
+ - included how-to in Portugese by Alexandre de Jesus Marcolino
|
|
2338
|
+ - clamdoc.pdf and system manual updates
|
2341
|
2339
|
|
2342
|
2340
|
Many thanks to Luca 'NERvOus' Gibelli from ElektraPro for his support,
|
2343
|
2341
|
to Ken McKittrick from USA DataNet for a fully accessible FreeBSD box and
|
...
|
...
|
@@ -2347,122 +2223,114 @@ to mailing list subscribers for a constructive discussions.
|
2347
|
2347
|
Tomasz Kojm
|
2348
|
2348
|
June 21, 2003
|
2349
|
2349
|
|
|
2350
|
+## 0.54
|
2350
|
2351
|
|
2351
|
|
-0.54
|
2352
|
2352
|
Many major changes this time...
|
2353
|
2353
|
|
2354
|
|
--) libclamav:
|
2355
|
|
- + fixed segfault with some strange zip archives (there is a bug in zziplib,
|
2356
|
|
- libclamav contains a work around for it) (the problem was reported by
|
2357
|
|
- Oliver Paukstadt <pstadt@stud.fh-heilbronn.de>)
|
2358
|
|
- + engine improvements (better support for a detection of new viruses,
|
2359
|
|
- limited memory usage (consumes ~ 5 Mb now))
|
2360
|
|
- + mbox code updated and moved into the library: fixed core dump when an
|
2361
|
|
- embedded message includes a mime header with the line Content-Type:
|
2362
|
|
- without specifying the type of content, fixed (theoretical) memory leak,
|
2363
|
|
- support for multipart/report messages, fixed bug causing some formats to
|
2364
|
|
- fail to scan) (Nigel)
|
2365
|
|
--) clamd:
|
2366
|
|
- + new commands: CONTSCAN (it doesn't stop scanning even when virus is
|
2367
|
|
- found), VERSION
|
2368
|
|
- + disable logging of a unnecessary time stamps with LogTime when
|
2369
|
|
- LogVerbose isn't used (patch by Ed Phillips <ed@UDel.Edu>)
|
2370
|
|
--) freshclam:
|
2371
|
|
- + "Cache-Control: no-cache" enabled by default
|
2372
|
|
- + Cygwin support fix
|
2373
|
|
--) clamdscan:
|
2374
|
|
- + initial version
|
2375
|
|
--) all tools:
|
2376
|
|
- + removed huge printf() in help() (there was a buffer overflow problem with
|
2377
|
|
- --help option under Windows and SCO Unix (reported by Wojciech Noworyta
|
2378
|
|
- <wnow@konarski.edu.pl> and Nigel respectively)
|
2379
|
|
--) configure:
|
2380
|
|
- + allow configuration of the clamav user and group with --with-user and
|
2381
|
|
- --with-group (patch by Patrick Bihan-Faou <patrick@mindstep.com>)
|
2382
|
|
- + --enable-id-check - it uses the check procedure from Jason Englander
|
2383
|
|
- <jason@englanders.cc>, currently it will fail on systems with getent
|
2384
|
|
- which doesn't detect clamav group.
|
2385
|
|
- + do not overwrite the existing config file
|
2386
|
|
-
|
|
2354
|
+- libclamav:
|
|
2355
|
+ - fixed segfault with some strange zip archives (there is a bug in zziplib,
|
|
2356
|
+ libclamav contains a work around for it) (the problem was reported by
|
|
2357
|
+ Oliver Paukstadt <pstadt@stud.fh-heilbronn.de>)
|
|
2358
|
+ - engine improvements (better support for a detection of new viruses,
|
|
2359
|
+ limited memory usage (consumes ~ 5 Mb now))
|
|
2360
|
+ - mbox code updated and moved into the library: fixed core dump when an
|
|
2361
|
+ embedded message includes a mime header with the line Content-Type:
|
|
2362
|
+ without specifying the type of content, fixed (theoretical) memory leak,
|
|
2363
|
+ support for multipart/report messages, fixed bug causing some formats to
|
|
2364
|
+ fail to scan) (Nigel)
|
|
2365
|
+- clamd:
|
|
2366
|
+ - new commands: CONTSCAN (it doesn't stop scanning even when virus is
|
|
2367
|
+ found), VERSION
|
|
2368
|
+ - disable logging of a unnecessary time stamps with LogTime when
|
|
2369
|
+ LogVerbose isn't used (patch by Ed Phillips <ed@UDel.Edu>)
|
|
2370
|
+- freshclam:
|
|
2371
|
+ - "Cache-Control: no-cache" enabled by default
|
|
2372
|
+ - Cygwin support fix
|
|
2373
|
+- clamdscan:
|
|
2374
|
+ - initial version
|
|
2375
|
+- all tools:
|
|
2376
|
+ - removed huge printf() in help() (there was a buffer overflow problem with
|
|
2377
|
+ --help option under Windows and SCO Unix (reported by Wojciech Noworyta
|
|
2378
|
+ <wnow@konarski.edu.pl> and Nigel respectively)
|
|
2379
|
+- configure:
|
|
2380
|
+ - allow configuration of the clamav user and group with --with-user and
|
|
2381
|
+ --with-group (patch by Patrick Bihan-Faou <patrick@mindstep.com>)
|
|
2382
|
+ - --enable-id-check - it uses the check procedure from Jason Englander
|
|
2383
|
+ <jason@englanders.cc>, currently it will fail on systems with getent
|
|
2384
|
+ which doesn't detect clamav group.
|
|
2385
|
+ - do not overwrite the existing config file
|
2387
|
2386
|
|
2388
|
2387
|
There are initial packages for Windows available at:
|
2389
|
2388
|
http://clamav.elektrapro.com/binary
|
2390
|
2389
|
|
2391
|
2390
|
--tk
|
2392
|
2391
|
|
|
2392
|
+## 0.53
|
2393
|
2393
|
|
2394
|
|
-0.53
|
2395
|
2394
|
This release has removed the limit for a file name length in clamscan. Some
|
2396
|
2395
|
viruses (eg. W32/Yaha.E) are using very long file names, and they were
|
2397
|
2396
|
ignored in mbox mode. Users of AMaViS-ng and other wrappers were not
|
2398
|
2397
|
vulnerable to this problem, because that programs don't use original
|
2399
|
2398
|
attachement file names.
|
2400
|
2399
|
|
2401
|
|
--) clamscan:
|
2402
|
|
- + removed limit for a file name length (thanks to Odhiambo Washington
|
2403
|
|
- <wash@wananchi.com> for the test files and extensive mbox testing)
|
2404
|
|
- + mbox: adapted to the new changes, enabled thread support (Nigel),
|
2405
|
|
- re-enabled temporary directory removing.
|
|
2400
|
+- clamscan:
|
|
2401
|
+ - removed limit for a file name length (thanks to Odhiambo Washington
|
|
2402
|
+ <wash@wananchi.com> for the test files and extensive mbox testing)
|
|
2403
|
+ - mbox: adapted to the new changes, enabled thread support (Nigel),
|
|
2404
|
+ re-enabled temporary directory removing.
|
2406
|
2405
|
|
2407
|
|
-0.52
|
|
2406
|
+## 0.52
|
2408
|
2407
|
|
2409
|
2408
|
This version contains a portability fixes - it should compile on OpenBSD,
|
2410
|
2409
|
MacOSX and NetBSD (support for them was broken in 0.51).
|
2411
|
2410
|
|
2412
|
|
--) clamd: various fixes:
|
2413
|
|
- + drop supplementary groups (suggested by Enrico Scholz
|
2414
|
|
- <enrico.scholz@informatik.tu-chemnitz.de>) (this has been implemented
|
2415
|
|
- in freshclam, too)
|
2416
|
|
- + work-around for the segmentation fault at QUIT under FreeBSD
|
2417
|
|
- + check timeouts when waiting for threads in RELOAD mode
|
2418
|
|
- + SelfCheck - internal integrity check (by default every 1 hour)
|
2419
|
|
- + fixed problem with directory scanning on non typical file systems
|
2420
|
|
- (bug reported by Jason Englander <jason@englanders.cc>)
|
2421
|
|
- + clamd is a system command (clamd.1 -> clamd.8, /usr/local/bin ->
|
2422
|
|
- /usr/local/sbin) (Magnus Ekdahl)
|
2423
|
|
--) clamscan:
|
2424
|
|
- + mbox code updates (Nigel Horne) - it fixes some problems on *BSD
|
2425
|
|
- systems (see mailing lists archives for the details)
|
2426
|
|
- + enable core dumping (Nigel Horne) [ with --enable-debug ]
|
2427
|
|
--) freshclam:
|
2428
|
|
- + applied http-proxy patch from http://bugs.debian.org/clamav (by
|
2429
|
|
- Martin Lesser <admin-debian@bettercom.de>)
|
2430
|
|
- + when configured with --disable-cache, freshclam forces 'no-cache'
|
2431
|
|
- option in proxy servers (patch by Ant La Porte <ant@dvere.net>)
|
2432
|
|
-
|
2433
|
|
--) HPUX (10.20/11.0 tested) support (thanks to Joe Oaks <joe.oaks@hp.com>)
|
2434
|
|
--) fixed support for SCO Unix and BeOS (Nigel Horne)
|
2435
|
|
--) support/mboxscan: new version with SpamAssassin support (Nigel Horne)
|
2436
|
|
--) re-included TrashScan 0.08 (by Trashware <trashware@gmx.de>) - the security
|
2437
|
|
- issue has been fixed.
|
2438
|
|
--) included "Installing qmail-scanner, Clam Antivirus and SpamAssassin under
|
2439
|
|
- FreeBSD" how-to by Paul Hoadley and Eric Parsonage
|
2440
|
|
-
|
2441
|
|
-
|
2442
|
|
-0.51
|
|
2411
|
+- clamd: various fixes:
|
|
2412
|
+ - drop supplementary groups (suggested by Enrico Scholz
|
|
2413
|
+ <enrico.scholz@informatik.tu-chemnitz.de>) (this has been implemented
|
|
2414
|
+ in freshclam, too)
|
|
2415
|
+ - work-around for the segmentation fault at QUIT under FreeBSD
|
|
2416
|
+ - check timeouts when waiting for threads in RELOAD mode
|
|
2417
|
+ - SelfCheck - internal integrity check (by default every 1 hour)
|
|
2418
|
+ - fixed problem with directory scanning on non typical file systems
|
|
2419
|
+ (bug reported by Jason Englander <jason@englanders.cc>)
|
|
2420
|
+ - clamd is a system command (clamd.1 -> clamd.8, /usr/local/bin ->
|
|
2421
|
+ /usr/local/sbin) (Magnus Ekdahl)
|
|
2422
|
+- clamscan:
|
|
2423
|
+ - mbox code updates (Nigel Horne) - it fixes some problems on *BSD
|
|
2424
|
+ systems (see mailing lists archives for the details)
|
|
2425
|
+ - enable core dumping (Nigel Horne) [ with --enable-debug ]
|
|
2426
|
+- freshclam:
|
|
2427
|
+ - applied http-proxy patch from http://bugs.debian.org/clamav (by
|
|
2428
|
+ Martin Lesser <admin-debian@bettercom.de>)
|
|
2429
|
+ - when configured with --disable-cache, freshclam forces 'no-cache'
|
|
2430
|
+ option in proxy servers (patch by Ant La Porte <ant@dvere.net>)
|
|
2431
|
+
|
|
2432
|
+- HPUX (10.20/11.0 tested) support (thanks to Joe Oaks <joe.oaks@hp.com>)
|
|
2433
|
+- fixed support for SCO Unix and BeOS (Nigel Horne)
|
|
2434
|
+- support/mboxscan: new version with SpamAssassin support (Nigel Horne)
|
|
2435
|
+- re-included TrashScan 0.08 (by Trashware <trashware@gmx.de>) - the security
|
|
2436
|
+ issue has been fixed.
|
|
2437
|
+- included "Installing qmail-scanner, Clam Antivirus and SpamAssassin under
|
|
2438
|
+ FreeBSD" how-to by Paul Hoadley and Eric Parsonage
|
|
2439
|
+
|
|
2440
|
+## 0.51
|
2443
|
2441
|
|
2444
|
2442
|
OAV database is up to date ! There was a problem with signature parsing,
|
2445
|
2443
|
because some hex strings were upper case. Anyway, I still recommend you
|
2446
|
2444
|
freshclam for a database updating.
|
2447
|
2445
|
|
2448
|
|
--) support for the genuine OAV database
|
2449
|
|
--) limited memory usage (at the cost of speed, increase CL_MIN_LENGTH in
|
2450
|
|
- libclamav/clamav.h to make it faster, it's safe to set it on 3-4 for
|
2451
|
|
- the OAV database)
|
2452
|
|
--) fixed compile problem on TurboLinux 6.5 (probably others, too), the bug
|
2453
|
|
- was reported by Henk Kuipers <henk@opensourcesolutions.nl>.
|
2454
|
|
--) clamd: fixed THREXIT (thanks to Piotr Gackiewicz <gacek@intertele.pl>)
|
2455
|
|
--) clamd: fixed serious bug with thread argument type
|
2456
|
|
--) clamscan: mbox: don't scan empty attachments (Nigel Horne)
|
2457
|
|
--) configure: --with-db1, --with-db2 (suggested by Magnus Ekdahl)
|
|
2446
|
+- support for the genuine OAV database
|
|
2447
|
+- limited memory usage (at the cost of speed, increase CL_MIN_LENGTH in
|
|
2448
|
+ libclamav/clamav.h to make it faster, it's safe to set it on 3-4 for
|
|
2449
|
+ the OAV database)
|
|
2450
|
+- fixed compile problem on TurboLinux 6.5 (probably others, too), the bug
|
|
2451
|
+ was reported by Henk Kuipers <henk@opensourcesolutions.nl>.
|
|
2452
|
+- clamd: fixed THREXIT (thanks to Piotr Gackiewicz <gacek@intertele.pl>)
|
|
2453
|
+- clamd: fixed serious bug with thread argument type
|
|
2454
|
+- clamscan: mbox: don't scan empty attachments (Nigel Horne)
|
|
2455
|
+- configure: --with-db1, --with-db2 (suggested by Magnus Ekdahl)
|
2458
|
2456
|
|
2459
|
|
-
|
2460
|
|
-0.50
|
|
2457
|
+## 0.50
|
2461
|
2458
|
|
2462
|
2459
|
Here it is...
|
2463
|
2460
|
Clam AntiVirus 0.50 contains an anti-virus library - libclamav, a fully
|
...
|
...
|
@@ -2472,84 +2340,82 @@ NERvOus <nervous@nervous.it> and ElektraPro, there are three mailing lists
|
2472
|
2472
|
available - you can subscribe via www at http://clamav.elektrapro.com/ml.
|
2473
|
2473
|
Please check the manual for more information.
|
2474
|
2474
|
|
2475
|
|
-
|
2476
|
2475
|
New software:
|
2477
|
2476
|
|
2478
|
|
--) libclamav with RAR, Zip and Gzip support built-in. The library is thread
|
2479
|
|
- safe and should be very secure, also. It uses UniquE RAR File
|
2480
|
|
- Library by Christian Scheurer and Johannes Winkelmann (RAR 2.0 support only)
|
2481
|
|
- and zziplib library by Guido Draheim and Tomi Ollila. Both of them are
|
2482
|
|
- included and slightly modified in the clamav sources. You need the zlib
|
2483
|
|
- library for the Zip/Gzip support, though. The API is described with
|
2484
|
|
- examples in the clamdoc.
|
|
2477
|
+- libclamav with RAR, Zip and Gzip support built-in. The library is thread
|
|
2478
|
+ safe and should be very secure, also. It uses UniquE RAR File
|
|
2479
|
+ Library by Christian Scheurer and Johannes Winkelmann (RAR 2.0 support only)
|
|
2480
|
+ and zziplib library by Guido Draheim and Tomi Ollila. Both of them are
|
|
2481
|
+ included and slightly modified in the clamav sources. You need the zlib
|
|
2482
|
+ library for the Zip/Gzip support, though. The API is described with
|
|
2483
|
+ examples in the clamdoc.
|
2485
|
2484
|
|
2486
|
|
--) clamd: a modern anti-virus daemon. It uses configuration file clamav.conf
|
2487
|
|
- described in the clamav.conf(5) manual. The program was written with
|
2488
|
|
- security as a goal.
|
|
2485
|
+- clamd: a modern anti-virus daemon. It uses configuration file clamav.conf
|
|
2486
|
+ described in the clamav.conf(5) manual. The program was written with
|
|
2487
|
+ security as a goal.
|
2489
|
2488
|
|
2490
|
|
--) clamuko: on-access scanning under Linux. It utilizes Dazuko kernel module
|
2491
|
|
- (GPL, http://dazuko.org) and is clamd-based.
|
|
2489
|
+- clamuko: on-access scanning under Linux. It utilizes Dazuko kernel module
|
|
2490
|
+ (GPL, http://dazuko.org) and is clamd-based.
|
2492
|
2491
|
|
2493
|
2492
|
New features / improvements:
|
2494
|
2493
|
|
2495
|
|
--) enhanced scanner engine (better detection of some complex polymorphic
|
2496
|
|
- viruses)
|
|
2494
|
+- enhanced scanner engine (better detection of some complex polymorphic
|
|
2495
|
+ viruses)
|
2497
|
2496
|
|
2498
|
|
--) clamscan: Nigel Horne <njh@bandsman.co.uk> has added the ability to scan
|
2499
|
|
- mail attachments in a filter. For example:
|
|
2497
|
+- clamscan: Nigel Horne <njh@bandsman.co.uk> has added the ability to scan
|
|
2498
|
+ mail attachments in a filter. For example:
|
2500
|
2499
|
|
2501
|
|
- $ clamscan -i --mbox - < /var/spool/mail/john
|
2502
|
|
- /tmp/aa6b9fc06bc477ae/setup.exe: Worm/Klez.H FOUND
|
|
2500
|
+ $ clamscan -i --mbox - < /var/spool/mail/john
|
|
2501
|
+ /tmp/aa6b9fc06bc477ae/setup.exe: Worm/Klez.H FOUND
|
2503
|
2502
|
|
2504
|
|
- Nigel is the author of the whole mbox code in clamscan. Currently it only
|
2505
|
|
- works in a filter mode, but there are plans to move the code into the
|
2506
|
|
- libclamav and allow clamd using it. Please check support/mboxscan, also.
|
|
2503
|
+ Nigel is the author of the whole mbox code in clamscan. Currently it only
|
|
2504
|
+ works in a filter mode, but there are plans to move the code into the
|
|
2505
|
+ libclamav and allow clamd using it. Please check support/mboxscan, also.
|
2507
|
2506
|
|
2508
|
|
--) clamscan: support for including and excluding multiple patterns with
|
2509
|
|
- --include and --exclude (patch by Alejandro Dubrovsky
|
2510
|
|
- <s328940@student.uq.edu.au>).
|
2511
|
|
- Example: clamscan --include .exe --include .obj --include .scr /mnt/windows
|
|
2507
|
+- clamscan: support for including and excluding multiple patterns with
|
|
2508
|
+ --include and --exclude (patch by Alejandro Dubrovsky
|
|
2509
|
+ <s328940@student.uq.edu.au>).
|
|
2510
|
+ Example: clamscan --include .exe --include .obj --include .scr /mnt/windows
|
2512
|
2511
|
|
2513
|
|
--) clamscan: don't scan /proc files (Linux, st_dev comparing). No more
|
2514
|
|
- /proc/kcore related mails :))
|
|
2512
|
+- clamscan: don't scan /proc files (Linux, st_dev comparing). No more
|
|
2513
|
+ /proc/kcore related mails :))
|
2515
|
2514
|
|
2516
|
|
--) clamscan: use libclamav's archive support by default (it's enabled by default
|
2517
|
|
- and may be disabled with --disable-archive) and switch to the external
|
2518
|
|
- unpackers (if specified) in the case of libclamav archive code error.
|
|
2515
|
+- clamscan: use libclamav's archive support by default (it's enabled by default
|
|
2516
|
+ and may be disabled with --disable-archive) and switch to the external
|
|
2517
|
+ unpackers (if specified) in the case of libclamav archive code error.
|
2519
|
2518
|
|
2520
|
|
--) freshclam: proxy support (via $http_proxy variable and --http-proxy).
|
2521
|
|
- I started implementing proxy support some time ago, but never finished.
|
2522
|
|
- Nigel Horne did the great job and has finished the proxy support !
|
|
2519
|
+- freshclam: proxy support (via $http_proxy variable and --http-proxy).
|
|
2520
|
+ I started implementing proxy support some time ago, but never finished.
|
|
2521
|
+ Nigel Horne did the great job and has finished the proxy support !
|
2523
|
2522
|
|
2524
|
|
--) freshclam: --daemon-notify. freshclam will send the RELOAD command to the
|
2525
|
|
- daemon after database update (supports both tcp and local sockets, it reads
|
2526
|
|
- clamav.conf to determine the socket type).
|
|
2523
|
+- freshclam: --daemon-notify. freshclam will send the RELOAD command to the
|
|
2524
|
+ daemon after database update (supports both tcp and local sockets, it reads
|
|
2525
|
+ clamav.conf to determine the socket type).
|
2527
|
2526
|
|
2528
|
|
--) freshclam: support for viruses.db2
|
|
2527
|
+- freshclam: support for viruses.db2
|
2529
|
2528
|
|
2530
|
2529
|
Bug fixes:
|
2531
|
2530
|
|
2532
|
|
--) freshclam: log 'Database updated' message (thanks to Jeffrey Moskot
|
2533
|
|
- <jef@math.miami.edu> for the bug report). It now prints a number
|
2534
|
|
- of signatures in a database, also.
|
|
2531
|
+- freshclam: log 'Database updated' message (thanks to Jeffrey Moskot
|
|
2532
|
+ <jef@math.miami.edu> for the bug report). It now prints a number
|
|
2533
|
+ of signatures in a database, also.
|
2535
|
2534
|
|
2536
|
|
--) clamscan: fixed compile problem on Solaris 8 and some other systems -
|
2537
|
|
- #include <signal.h> lack in others.c (thanks Mike Loewen
|
2538
|
|
- <mloewen@sturgeon.cac.psu.edu> for the bug report)
|
|
2535
|
+- clamscan: fixed compile problem on Solaris 8 and some other systems -
|
|
2536
|
+ #include <signal.h> lack in others.c (thanks Mike Loewen
|
|
2537
|
+ <mloewen@sturgeon.cac.psu.edu> for the bug report)
|
2539
|
2538
|
|
2540
|
2539
|
Documentation:
|
2541
|
2540
|
|
2542
|
|
--) included Japanese documentation by Masaki Ogawa <proc@mac.com>
|
|
2541
|
+- included Japanese documentation by Masaki Ogawa <proc@mac.com>
|
2543
|
2542
|
|
2544
|
|
--) updated Spanish "Sendmail + Amavis + ClamAv - Como" by Erick I. Lopez
|
|
2543
|
+- updated Spanish "Sendmail + Amavis + ClamAv - Como" by Erick I. Lopez
|
2545
|
2544
|
Carreon <elopezc@technitrade.com>
|
2546
|
2545
|
|
2547
|
|
--) rewritten clamdoc, included clamdoc-html, removed PostScript version (.ps)
|
|
2546
|
+- rewritten clamdoc, included clamdoc-html, removed PostScript version (.ps)
|
2548
|
2547
|
|
2549
|
|
--) Clam-Mutant ;) logo update by Michal Hajduczenia <michalis@mat.uni.torun.pl>
|
2550
|
|
-
|
2551
|
|
--) new man pages: clamd(1), clamav.conf(5); others updated
|
|
2548
|
+- Clam-Mutant ;) logo update by Michal Hajduczenia <michalis@mat.uni.torun.pl>
|
2552
|
2549
|
|
|
2550
|
+- new man pages: clamd(1), clamav.conf(5); others updated
|
2553
|
2551
|
|
2554
|
2552
|
!!!
|
2555
|
2553
|
Please don't use the oav-update script with this version. It doesn't
|
...
|
...
|
@@ -2570,23 +2436,21 @@ Enjoy !
|
2570
|
2570
|
Tomasz Kojm
|
2571
|
2571
|
October 5, 2002
|
2572
|
2572
|
|
2573
|
|
-
|
2574
|
|
-0.24
|
2575
|
|
-
|
2576
|
|
--) fixed threads deadlock in a critical error situation (bug found by David
|
2577
|
|
- Sanchez <dsanchez@veloxia.com>)
|
2578
|
|
--) fixed sigtool bug (negative seeking)
|
2579
|
|
--) fixed potential clamscan segfault in the case of memory allocation error
|
2580
|
|
--) unpacker execution error is no longer treated as critical - a few programs
|
2581
|
|
- (eg. Qmail-Scanner, TrashScan) have clamscan command hardcoded with all
|
2582
|
|
- archive options turned on. Now, if unpacker can't be executed, raw file is
|
2583
|
|
- scanned and scan process is continued.
|
2584
|
|
--) reverted to pthread.h detection
|
2585
|
|
--) TrashScan 0.07 (Trashware <trashware@gmx.net>)
|
2586
|
|
--) --exclude (regular expressions are not supported !)
|
2587
|
|
- [ex: clamscan --exclude="/proc/kcore" /], but please use it with care.
|
2588
|
|
--) included html documentation
|
|
2573
|
+## 0.24
|
|
2574
|
+
|
|
2575
|
+- fixed threads deadlock in a critical error situation (bug found by David
|
|
2576
|
+ Sanchez <dsanchez@veloxia.com>)
|
|
2577
|
+- fixed sigtool bug (negative seeking)
|
|
2578
|
+- fixed potential clamscan segfault in the case of memory allocation error
|
|
2579
|
+- unpacker execution error is no longer treated as critical - a few programs
|
|
2580
|
+ (eg. Qmail-Scanner, TrashScan) have clamscan command hardcoded with all
|
|
2581
|
+ archive options turned on. Now, if unpacker can't be executed, raw file is
|
|
2582
|
+ scanned and scan process is continued.
|
|
2583
|
+- reverted to pthread.h detection
|
|
2584
|
+- TrashScan 0.07 (Trashware <trashware@gmx.net>)
|
|
2585
|
+- --exclude (regular expressions are not supported !)
|
|
2586
|
+ [ex: clamscan --exclude="/proc/kcore" /], but please use it with care.
|
|
2587
|
+- included html documentation
|
2589
|
2588
|
|
2590
|
2589
|
IMPORTANT NOTE:
|
2591
|
2590
|
~~~~~~~~~~~~~~~
|
...
|
...
|
@@ -2607,20 +2471,19 @@ New ClamAV version is in a heavy development. It has currently built-in
|
2607
|
2607
|
support for RAR, Zip, Gzip and tar. The daemon will support only built-in
|
2608
|
2608
|
compression/archive support. Snapshot will be available for a few days.
|
2609
|
2609
|
|
2610
|
|
-0.23
|
2611
|
|
-
|
2612
|
|
--) fixed compile problem on FreeBSD (thanks to Wieslaw Glod <wkg@x2.pl> and
|
2613
|
|
- Ken McKittrick <klmac@usadatanet.com>)
|
2614
|
|
--) clamscan reads all .db files from data directory, so you can put your
|
2615
|
|
- own databases there and they won't be overwrited by the updaters. viruses.db
|
2616
|
|
- is still the main database file (if --database isn't used).
|
2617
|
|
--) --deb (debian binary packages scanning) by Magnus Ekdahl <magnus@debian.org>
|
2618
|
|
--) --remove option, but be careful with it !
|
2619
|
|
--) new clam logo ;) (GPL) by Michal Hajduczenia <michalis@mat.uni.torun.pl>.
|
2620
|
|
--) TrashScan 0.06 (by Trashware <trashware@gmx.net>) - a script for scanning
|
2621
|
|
- mail with procmail. I recommend it. (support/trashscan)
|
2622
|
|
--) documentation updates
|
|
2610
|
+## 0.23
|
|
2611
|
+
|
|
2612
|
+- fixed compile problem on FreeBSD (thanks to Wieslaw Glod <wkg@x2.pl> and
|
|
2613
|
+ Ken McKittrick <klmac@usadatanet.com>)
|
|
2614
|
+- clamscan reads all .db files from data directory, so you can put your
|
|
2615
|
+ own databases there and they won't be overwrited by the updaters. viruses.db
|
|
2616
|
+ is still the main database file (if --database isn't used).
|
|
2617
|
+- --deb (debian binary packages scanning) by Magnus Ekdahl <magnus@debian.org>
|
|
2618
|
+- --remove option, but be careful with it !
|
|
2619
|
+- new clam logo ;) (GPL) by Michal Hajduczenia <michalis@mat.uni.torun.pl>.
|
|
2620
|
+- TrashScan 0.06 (by Trashware <trashware@gmx.net>) - a script for scanning
|
|
2621
|
+ mail with procmail. I recommend it. (support/trashscan)
|
|
2622
|
+- documentation updates
|
2623
|
2623
|
|
2624
|
2624
|
0.30 release will contain a daemon and an anti-virus library (with simple API),
|
2625
|
2625
|
so you can use it directly in your projects. I want to build in zip and rar
|
...
|
...
|
@@ -2628,8 +2491,7 @@ support, also.
|
2628
|
2628
|
|
2629
|
2629
|
There are binary packages for AIX available. Please check the documentation.
|
2630
|
2630
|
|
2631
|
|
-0.22
|
|
2631
|
+## 0.22
|
2632
|
2632
|
|
2633
|
2633
|
This release fixes bug with scanning archives in unaccessible directories with
|
2634
|
2634
|
*superuser* priviledges (after dropping priviledges scanner wasn't able to
|
...
|
...
|
@@ -2640,34 +2502,30 @@ archives unaccessible directly by the clamav user are copied (with a respect to
|
2640
|
2640
|
|
2641
|
2641
|
Other fixes / improvements:
|
2642
|
2642
|
|
2643
|
|
--) better error handling, new error codes
|
2644
|
|
--) improved -i (--infected) option
|
2645
|
|
--) removed --strange-unzip option
|
2646
|
|
--) removed eicar test files and logos from the documentation due to the GPL
|
2647
|
|
- (thanks for Magnus Ekdahl <magnus@debian.org>), ClamAV-Test-Signature is
|
2648
|
|
- used instead
|
2649
|
|
--) removed Qmail-Scanner patch, ClamAV is supported by Q-S 1.13 (thanks guys!)
|
2650
|
|
--) code cleanups
|
|
2643
|
+- better error handling, new error codes
|
|
2644
|
+- improved -i (--infected) option
|
|
2645
|
+- removed --strange-unzip option
|
|
2646
|
+- removed eicar test files and logos from the documentation due to the GPL
|
|
2647
|
+ (thanks for Magnus Ekdahl <magnus@debian.org>), ClamAV-Test-Signature is
|
|
2648
|
+ used instead
|
|
2649
|
+- removed Qmail-Scanner patch, ClamAV is supported by Q-S 1.13 (thanks guys!)
|
|
2650
|
+- code cleanups
|
2651
|
2651
|
|
2652
|
|
-
|
2653
|
|
-0.21 Release
|
|
2652
|
+## 0.21 Release
|
2654
|
2653
|
|
2655
|
2654
|
It fixes following problems:
|
2656
|
2655
|
|
2657
|
|
--) database downloading in freshclam/0.20
|
2658
|
|
--) malformed amavis-perl patch from 0.20
|
2659
|
|
--) clamscan problems with some unzip versions, please try --strange-unzip
|
2660
|
|
- option
|
|
2656
|
+- database downloading in freshclam/0.20
|
|
2657
|
+- malformed amavis-perl patch from 0.20
|
|
2658
|
+- clamscan problems with some unzip versions, please try --strange-unzip
|
|
2659
|
+ option
|
2661
|
2660
|
|
2662
|
2661
|
ClamAV 0.21 source package contains initial support for NetBSD
|
2663
|
2662
|
(thanks to Marc Baudoin <babafou@babafou.eu.org>, Jean-Edouard BABIN
|
2664
|
2663
|
<Jeb@jeb.com.fr>), better support for Mac OS X (Masaki Ogawa <proc@mac.com>),
|
2665
|
2664
|
and clamdoc documentation corrected by Dennis Leeuw <dleeuw@made-it.com>.
|
2666
|
2665
|
|
2667
|
|
-
|
2668
|
|
-0.20 Release
|
|
2666
|
+## 0.20 Release
|
2669
|
2667
|
|
2670
|
2668
|
The most important change in this release is a new, linear pattern matching
|
2671
|
2669
|
algorithm. You will find more informations about it in clamscan/matcher.c -
|
...
|
...
|
@@ -2675,36 +2533,36 @@ in the sources and in clamdoc. Summary (since 0.15):
|
2675
|
2675
|
|
2676
|
2676
|
New features:
|
2677
|
2677
|
|
2678
|
|
--) fast pattern matching algorithm
|
2679
|
|
--) sigtool utility, check `man sigtool` and clamdoc
|
2680
|
|
--) Linux: threads autodetection on various architectures
|
2681
|
|
- (Magnus Ekdahl <magnus@debian.org>)
|
2682
|
|
--) -i, --infected: clamscan prints only infected files
|
2683
|
|
--) 'Data scanned' in summary, size in megabytes with 16 Kb precision
|
2684
|
|
--) configure: --with-dbdir sets the database location
|
2685
|
|
--) support/sigmake shell script by Dennis Leeuw <leeuw@stone-it.com>
|
2686
|
|
--) Spanish "Sendmail+Amavis+ClamAv installation how-to" by
|
2687
|
|
- Erick I. Lopez Carreon <elopezc@technitrade.com>
|
|
2678
|
+- fast pattern matching algorithm
|
|
2679
|
+- sigtool utility, check `man sigtool` and clamdoc
|
|
2680
|
+- Linux: threads autodetection on various architectures
|
|
2681
|
+ (Magnus Ekdahl <magnus@debian.org>)
|
|
2682
|
+- -i, --infected: clamscan prints only infected files
|
|
2683
|
+- 'Data scanned' in summary, size in megabytes with 16 Kb precision
|
|
2684
|
+- configure: --with-dbdir sets the database location
|
|
2685
|
+- support/sigmake shell script by Dennis Leeuw <leeuw@stone-it.com>
|
|
2686
|
+- Spanish "Sendmail+Amavis+ClamAv installation how-to" by
|
|
2687
|
+ Erick I. Lopez Carreon <elopezc@technitrade.com>
|
2688
|
2688
|
|
2689
|
2689
|
Updates:
|
2690
|
2690
|
|
2691
|
|
--) "Debian GNU/Linux Mail Server v. 0.2.0" by Dennis Leeuw <leeuw@stone-it.com>
|
2692
|
|
--) qmail-scanner patch from Kazuhiko <kazuhiko@fdiary.net>
|
2693
|
|
--) general documentation cleanups / updates
|
2694
|
|
--) freshclam / Internet database location
|
|
2691
|
+- "Debian GNU/Linux Mail Server v. 0.2.0" by Dennis Leeuw <leeuw@stone-it.com>
|
|
2692
|
+- qmail-scanner patch from Kazuhiko <kazuhiko@fdiary.net>
|
|
2693
|
+- general documentation cleanups / updates
|
|
2694
|
+- freshclam / Internet database location
|
2695
|
2695
|
|
2696
|
2696
|
Fixes:
|
2697
|
2697
|
|
2698
|
|
--) threads autodetection on not-x86 Linux systems
|
2699
|
|
--) gcc 3.x support (David Ford <david+cert@blue-labs.org>)
|
2700
|
|
--) data type fix on Mac OS X (Peter N Lewis <peter@stairways.com.au>)
|
2701
|
|
--) removed -w, --whole-file, now clamscan scans whole files by default
|
2702
|
|
- -w is still supported by internal getopt(), because it is used in
|
2703
|
|
- various patches
|
2704
|
|
--) removed --one-virus, still supported by getopt(); removed 'Found viruses'
|
2705
|
|
- from summary, clamscan stops file scanning after first virus
|
2706
|
|
--) fixed old problem with scanning stdin
|
2707
|
|
--) removed amavisd-patch - strange problems have been reported
|
|
2698
|
+- threads autodetection on not-x86 Linux systems
|
|
2699
|
+- gcc 3.x support (David Ford <david+cert@blue-labs.org>)
|
|
2700
|
+- data type fix on Mac OS X (Peter N Lewis <peter@stairways.com.au>)
|
|
2701
|
+- removed -w, --whole-file, now clamscan scans whole files by default
|
|
2702
|
+ -w is still supported by internal getopt(), because it is used in
|
|
2703
|
+ various patches
|
|
2704
|
+- removed --one-virus, still supported by getopt(); removed 'Found viruses'
|
|
2705
|
+ from summary, clamscan stops file scanning after first virus
|
|
2706
|
+- fixed old problem with scanning stdin
|
|
2707
|
+- removed amavisd-patch - strange problems have been reported
|
2708
|
2708
|
|
2709
|
2709
|
OpenAntiVirus Update is a great tool written by Matthew A. Grant
|
2710
|
2710
|
<grantma@anathoth.gen.nz> and it will be the primary updater for ClamAV
|
...
|
...
|
@@ -2712,30 +2570,27 @@ in the near future. In contrast to freshclam it has proxy support and many
|
2712
|
2712
|
specific features. Please check clamdoc for more informations and how to
|
2713
|
2713
|
obtain it.
|
2714
|
2714
|
|
2715
|
|
-
|
2716
|
|
-0.15 Notes
|
|
2715
|
+## 0.15 Notes
|
2717
|
2716
|
|
2718
|
2717
|
This version contains minor bugfixes only, such as:
|
2719
|
|
- -) multiple fixes in freshclam (it has problems, when one of the
|
2720
|
|
- hosts wasn't accessible), there were logic flaws in the code
|
2721
|
|
- -) fixed problem with password protected archives (unpackers were waiting
|
2722
|
|
- for password)
|
|
2718
|
+- multiple fixes in freshclam (it has problems, when one of the
|
|
2719
|
+ hosts wasn't accessible), there were logic flaws in the code
|
|
2720
|
+- fixed problem with password protected archives (unpackers were waiting
|
|
2721
|
+ for password)
|
2723
|
2722
|
|
2724
|
2723
|
New features:
|
2725
|
|
- -) OpenBSD support (thanks to Kamil Andrusz <wizz@mniam.net>)
|
2726
|
|
- -) added support for amavisd, qmail-scanner (see ./support)
|
|
2724
|
+- OpenBSD support (thanks to Kamil Andrusz <wizz@mniam.net>)
|
|
2725
|
+- added support for amavisd, qmail-scanner (see ./support)
|
2727
|
2726
|
|
2728
|
2727
|
There were no major bugs and I was very busy, that's why new version is
|
2729
|
2728
|
released just today. In the next 2 months, clamav development will be much
|
2730
|
2729
|
faster. Here are some of my plans:
|
2731
|
2730
|
|
2732
|
|
- ~ 0.20 : New pattern-matching algorithm
|
2733
|
|
- ~ 0.30 : clamlib; clamscan and the daemon based on it
|
|
2731
|
+~ 0.20 : New pattern-matching algorithm
|
|
2732
|
+~ 0.30 : clamlib; clamscan and the daemon based on it
|
2734
|
2733
|
|
2735
|
2734
|
There is a new homepage:
|
2736
|
|
-
|
2737
|
|
- http://clamav.elektrapro.com
|
|
2735
|
+- http://clamav.elektrapro.com
|
2738
|
2736
|
|
2739
|
2737
|
Thanks to ElektraPro.com for sponsoring this site (it's very fast).
|
2740
|
2738
|
Thanks to NERvOus <nervous@nervous.it>.
|
...
|
...
|
@@ -2743,8 +2598,7 @@ Thanks to NERvOus <nervous@nervous.it>.
|
2743
|
2743
|
If you are interested in current development versions, please check
|
2744
|
2744
|
snapshots link.
|
2745
|
2745
|
|
2746
|
|
-Resource usage limits in 0.14
|
|
2746
|
+### Resource usage limits in 0.14
|
2747
|
2747
|
|
2748
|
2748
|
Two new features: --max-files, --max-space have been implemented. If you have
|
2749
|
2749
|
enabled one of this options, clamscan monitors resource usage (number of
|
...
|
...
|
@@ -2754,22 +2608,18 @@ Denial of Service attacks. In the near future --max-levels (limit for
|
2754
|
2754
|
recursive archives extracting) and --max-time (spent on checking/extracting
|
2755
|
2755
|
files) will be implemented.
|
2756
|
2756
|
|
2757
|
|
-
|
2758
|
|
-FreeBSD: AMaViS compile problems
|
|
2757
|
+### FreeBSD: AMaViS compile problems
|
2759
|
2758
|
|
2760
|
2759
|
Please check FAQ.
|
2761
|
2760
|
|
2762
|
|
-!!! Strange signatures in VirusSignatures-2002.04.15.10.51.zip !!!
|
|
2761
|
+### !!! Strange signatures in VirusSignatures-2002.04.15.10.51.zip !!!
|
2763
|
2762
|
|
2764
|
2763
|
Last version of signatures was ~90 kb, this version is ~474 kb.
|
2765
|
2764
|
But I don't understand, why some signatures are mega-huge. When I decoded
|
2766
|
2765
|
them, they looked like regular files. In CA they were removed from the
|
2767
|
2766
|
database and I probably add them later, in normal sizes.
|
2768
|
2767
|
|
2769
|
|
-Installation :
|
|
2768
|
+### Installation :
|
2770
|
2769
|
|
2771
|
2770
|
Please view documentation in ./docs. There are several formats - pdf, ps
|
2772
|
2771
|
and plain latex, if you want to compile it yourself.
|