...
|
...
|
@@ -5,29 +5,203 @@ Note: This file refers to the source tarball. Things described here may differ
|
5
|
5
|
|
6
|
6
|
## 0.102.0
|
7
|
7
|
|
8
|
|
-ClamAV 0.102.0 is in development.
|
9
|
|
-
|
10
|
|
-### Notable changes in 0.102
|
11
|
|
-
|
12
|
|
-- The documentation has moved.
|
|
8
|
+Welcome to the beta for the 0.102 feature release.
|
|
9
|
+
|
|
10
|
+ClamAV 0.102.0 includes an assortment improvements and a couple of significant
|
|
11
|
+changes.
|
|
12
|
+
|
|
13
|
+### Major changes
|
|
14
|
+
|
|
15
|
+- The On-Access Scanning feature has been migrated out of `clamd` and into
|
|
16
|
+ a brand new utility named `clamonacc`. This utility is similar to
|
|
17
|
+ `clamdscan` and `clamav-milter` in that it acts as a client to `clamd`.
|
|
18
|
+ This separation from `clamd` means that `clamd` no longer needs to run
|
|
19
|
+ with root privileges while scanning potentially malicious files. Instead,
|
|
20
|
+ `clamd` may drop privileges to run under an account that does not have
|
|
21
|
+ super-user. In addition to improving the security posture of running
|
|
22
|
+ `clamd` with On-Access enabled, this update fixed a few outstanding defects:
|
|
23
|
+ - On-Access scanning for created and moved files (Extra-Scanning) is fixed.
|
|
24
|
+ - VirusEvent for On-Access scans is fixed.
|
|
25
|
+ - With `clamonacc`, it is now possible to copy, move, or remove a file if the
|
|
26
|
+ scan triggered an alert, just like with `clamdscan`.
|
|
27
|
+ For details on how to use the new `clamonacc` On-Access scanner, please
|
|
28
|
+ refer to the user manual on [ClamAV.net](http://www.clamav.net/documents/),
|
|
29
|
+ and keep an eye out for a new blog post on the topic
|
|
30
|
+- The `freshclam` database update utility has undergone a significant update.
|
|
31
|
+ This includes:
|
|
32
|
+ - Added support for HTTPS.
|
|
33
|
+ - Support for database mirrors hosted on ports other than 80.
|
|
34
|
+ - Removal of the mirror management feature (mirrors.dat).
|
|
35
|
+ - An all new libfreshclam library API.
|
|
36
|
+
|
|
37
|
+### Notable changes
|
|
38
|
+
|
|
39
|
+- Added support for extracting ESTsoft .egg archives.
|
|
40
|
+ This feature is new code developed from scratch using ESTsoft's Egg-archive
|
|
41
|
+ specification and without referencing the UnEgg library provided by ESTsoft.
|
|
42
|
+ This was necessary because the UnEgg library's license includes restrictions
|
|
43
|
+ limiting the commercial use of the UnEgg library.
|
|
44
|
+- The documentation has moved!
|
13
|
45
|
- Users should navigate to [ClamAV.net](http://www.clamav.net/documents/)
|
14
|
|
- to view the documentation.
|
|
46
|
+ to view the documentation online.
|
15
|
47
|
- The documentation will continue to be provided in HTML format with each
|
16
|
48
|
release for offline viewing in the `docs/html` directory.
|
17
|
49
|
- The new home for the documentation markdown is in our
|
18
|
50
|
[ClamAV FAQ Github repository](https://github.com/Cisco-Talos/clamav-faq)
|
19
|
51
|
|
20
|
|
-### Additional minor bug fixes
|
|
52
|
+### Other improvements
|
|
53
|
+
|
|
54
|
+- Improved Windows executable Authenticode handling, enabling both whitelisting
|
|
55
|
+ and blacklisting of files based on code-signing certificates. Additional
|
|
56
|
+ improvements to Windows executable (PE file) parsing.
|
|
57
|
+ Work courtesy of Andrew Williams.
|
|
58
|
+- Added support for creating bytecode signatures for Mach-O and
|
|
59
|
+ ELF executable unpacking. Work courtesy of Jonas Zaddach.
|
|
60
|
+- Re-formatted the entire ClamAV code-base using `clang-format` in conjunction
|
|
61
|
+ with our new ClamAV code style specification. See the
|
|
62
|
+ [clamav.net blog post](https://blog.clamav.net/2019/02/clamav-adopts-clang-format.html)
|
|
63
|
+ for details.
|
|
64
|
+- Integrated ClamAV with Google's [OSS-Fuzz](https://github.com/google/oss-fuzz)
|
|
65
|
+ automated fuzzing service with the help of Alex Gaynor. This work has already
|
|
66
|
+ proven beneficial, enabling us to identify and fix subtle bugs in both legacy
|
|
67
|
+ code and newly developed code.
|
|
68
|
+- The `clamsubmit` tool is now available on Windows.
|
|
69
|
+- The `clamscan` metadata feature (`--gen-json`) is now available on Windows.
|
|
70
|
+- Significantly reduced number of warnings generated when compiling ClamAV with
|
|
71
|
+ "-Wall" and "-Wextra" compiler flags and made many subtle improvements to the
|
|
72
|
+ consistency of variable types throughout the code.
|
|
73
|
+- Updated the majority of third-party dependencies for ClamAV on Windows.
|
|
74
|
+ The source code for each has been removed from the clamav-devel repository.
|
|
75
|
+ This means that these dependencies have to be compiled independently of ClamAV.
|
|
76
|
+ The added build process complexity is offset by significantly reducing the
|
|
77
|
+ difficulty of releasing ClamAV with newer versions of those dependencies.
|
|
78
|
+- During the 0.102 development period, we've also improved our Continuous
|
|
79
|
+ Integration (CI) processes. Most recently, we added a CI pipeline definition
|
|
80
|
+ to the ClamAV Git repository. This chains together our build and quality
|
|
81
|
+ assurance test suites and enables automatic testing of all proposed changes
|
|
82
|
+ to ClamAV, with customizable parameters to suit the testing needs of any
|
|
83
|
+ given code change.
|
|
84
|
+
|
|
85
|
+### Bug fixes
|
21
|
86
|
|
22
|
87
|
- Fix to prevent a possible crash when loading LDB type signature databases
|
23
|
88
|
and PCRE is not available. Patch courtesy of Tomasz Kojm.
|
|
89
|
+- Fixes to the PDF parser that will improve PDF malware detection efficacy.
|
|
90
|
+ Patch courtesy of Clement Lecigne.
|
|
91
|
+- Fix for regular expression phishing signatures (PDB R-type signatures).
|
|
92
|
+- Various other bug fixes.
|
|
93
|
+
|
|
94
|
+### New Requirements
|
|
95
|
+
|
|
96
|
+- Libcurl has become a hard-dependency. Libcurl enables HTTPS support for
|
|
97
|
+ `freshclam` and `clamsubmit` as well as communication between `clamonacc`
|
|
98
|
+ and `clamd`.
|
|
99
|
+- Libcurl version >= 7.45 is required when building ClamAV from source with
|
|
100
|
+ the new On-Access Scanning application (`clamonacc`). Users on Linux operating
|
|
101
|
+ systems that package older versions of libcurl (e.g. all versions of CentOS
|
|
102
|
+ and Debian versions <= 8) have a number of options:
|
|
103
|
+
|
|
104
|
+ 1. Wait for your package maintainer to provide a newer version of libcurl.
|
|
105
|
+ 2. Install a newer version of libcurl [from source](https://curl.haxx.se/download.html).
|
|
106
|
+ 3. Disable installation of `clamonacc` and On-Access Scanning capabilities
|
|
107
|
+ with the `./configure` flag `--disable-clamonacc`.
|
|
108
|
+
|
|
109
|
+ Non-Linux users will need to take no actions as they are unaffected by this
|
|
110
|
+ new requirement.
|
24
|
111
|
|
25
|
112
|
### Acknowledgements
|
26
|
113
|
|
27
|
114
|
The ClamAV team thanks the following individuals for their code submissions:
|
28
|
115
|
|
|
116
|
+- Alex Gaynor
|
|
117
|
+- Andrew Williams
|
|
118
|
+- Carlo Landmeter
|
|
119
|
+- Chips
|
|
120
|
+- Clement Lecigne
|
|
121
|
+- Paul Arthur
|
|
122
|
+- Jonas Zaddach
|
|
123
|
+- Ørjan Malde
|
|
124
|
+- Rick Wang
|
|
125
|
+- Rosen Penev
|
|
126
|
+- Thomas Jarosch
|
29
|
127
|
- Tomasz Kojm
|
30
|
128
|
|
|
129
|
+Finally, we'd like to thank Joe McGrath for building our quality assurance test suite
|
|
130
|
+and for working diligently to ensure knowledge transfer up until his last day
|
|
131
|
+on the team. Working with you was a pleasure, Joe, and we wish you the best
|
|
132
|
+of luck in your next adventure!
|
|
133
|
+
|
|
134
|
+## 0.101.2
|
|
135
|
+
|
|
136
|
+ClamAV 0.101.2 is a patch release to address a handful of security related bugs.
|
|
137
|
+
|
|
138
|
+This patch release is being released alongside the 0.100.3 patch so that users
|
|
139
|
+who are unable to upgrade to 0.101 due to libclamav API changes are protected.
|
|
140
|
+
|
|
141
|
+This release includes 3 extra security related bug fixes that do not apply to
|
|
142
|
+prior versions. In addition, it includes a number of minor bug fixes and
|
|
143
|
+improvements.
|
|
144
|
+
|
|
145
|
+- Fixes for the following vulnerabilities affecting 0.101.1 and prior:
|
|
146
|
+ - [CVE-2019-1787](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1787):
|
|
147
|
+ An out-of-bounds heap read condition may occur when scanning PDF
|
|
148
|
+ documents. The defect is a failure to correctly keep track of the number
|
|
149
|
+ of bytes remaining in a buffer when indexing file data.
|
|
150
|
+ - [CVE-2019-1789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1789):
|
|
151
|
+ An out-of-bounds heap read condition may occur when scanning PE files
|
|
152
|
+ (i.e. Windows EXE and DLL files) that have been packed using Aspack as a
|
|
153
|
+ result of inadequate bound-checking.
|
|
154
|
+ - [CVE-2019-1788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788):
|
|
155
|
+ An out-of-bounds heap write condition may occur when scanning OLE2 files
|
|
156
|
+ such as Microsoft Office 97-2003 documents. The invalid write happens when
|
|
157
|
+ an invalid pointer is mistakenly used to initialize a 32bit integer to
|
|
158
|
+ zero. This is likely to crash the application.
|
|
159
|
+
|
|
160
|
+- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:
|
|
161
|
+ - [CVE-2019-1786](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1786):
|
|
162
|
+ An out-of-bounds heap read condition may occur when scanning malformed PDF
|
|
163
|
+ documents as a result of improper bounds-checking.
|
|
164
|
+ - [CVE-2019-1785](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1785):
|
|
165
|
+ A path-traversal write condition may occur as a result of improper input
|
|
166
|
+ validation when scanning RAR archives. Issue reported by aCaB.
|
|
167
|
+ - [CVE-2019-1798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1798):
|
|
168
|
+ A use-after-free condition may occur as a result of improper error
|
|
169
|
+ handling when scanning nested RAR archives. Issue reported by David L.
|
|
170
|
+
|
|
171
|
+- Fixes for the following assorted bugs:
|
|
172
|
+ - Added checks to prevent shifts from causing undefined behavior in HTML
|
|
173
|
+ normalizer, UPX unpacker, ARJ extractor, CPIO extractor, OLE2 parser,
|
|
174
|
+ LZW decompressor used in the PDF parser, Xz decompressor, and UTF-16 to
|
|
175
|
+ ASCII transcoder.
|
|
176
|
+ - Added checks to prevent integer overflow in UPX unpacker.
|
|
177
|
+ - Fix for minor memory leak in OLE2 parser.
|
|
178
|
+ - Fix to speed up PDF parser when handling truncated (or malformed) PDFs.
|
|
179
|
+ - Fix for memory leak in ARJ decoder failure condition.
|
|
180
|
+ - Fix for potential memory and file descriptor leak in HTML normalization code.
|
|
181
|
+
|
|
182
|
+- Removed use of problematic feature that converted file descriptors to
|
|
183
|
+ file paths. The feature was intended to improve performance when scanning
|
|
184
|
+ file types, notably RAR archives, for which the API requires a file path.
|
|
185
|
+ This feature caused issues in environments where the ClamAV engine is run
|
|
186
|
+ in a low-permissions or sandboxed process. RAR archives are still supported
|
|
187
|
+ with this change, but performance may suffer slightly if the file path is not
|
|
188
|
+ provided in calls to `cl_scandesc_callback()`.
|
|
189
|
+ - Added filename and tempfile names to scandesc calls in clamd.
|
|
190
|
+ - Added general scan option `CL_SCAN_GENERAL_UNPRIVILEGED` to treat the scan
|
|
191
|
+ engine as unprivileged, meaning that the scan engine will not have read
|
|
192
|
+ access to the file. Provided file paths are for logging purposes only.
|
|
193
|
+ - Added ability to create a temp file when scanning RAR archives when the
|
|
194
|
+ process does not have read access to the file path provided (i.e.
|
|
195
|
+ unprivileged is set, or an access check fails).
|
|
196
|
+
|
|
197
|
+Thank you to the Google OSS-Fuzz project for identifying and reporting many of
|
|
198
|
+the bugs patched in this release.
|
|
199
|
+
|
|
200
|
+Additional thanks to the following community members for submitting bug reports:
|
|
201
|
+
|
|
202
|
+- aCaB
|
|
203
|
+- David L.
|
|
204
|
+
|
31
|
205
|
## 0.101.1
|
32
|
206
|
|
33
|
207
|
ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0
|
...
|
...
|
@@ -462,7 +636,7 @@ ClamAV 0.99.4 is a hotfix release to patch a set of vulnerabilities.
|
462
|
462
|
a handful of other important bugs, including patches to support g++ 6, C++11.
|
463
|
463
|
|
464
|
464
|
Thank you to the following ClamAV community members for your code
|
465
|
|
-submissions and bug reports!
|
|
465
|
+submissions and bug reports!
|
466
|
466
|
|
467
|
467
|
Alberto Garcia
|
468
|
468
|
Bernhard Vogel
|
...
|
...
|
@@ -504,7 +678,7 @@ ClamAV 0.99.2 is a release of bug fixes and minor enhancements.
|
504
|
504
|
- fix ups improving the reliability of several ClamAV file parsers.
|
505
|
505
|
- sigtool now decodes file type signatures (e.g., daily.ftm CVD file).
|
506
|
506
|
- now supporting libpcre2 in addition to libpcre.
|
507
|
|
-- systemd support for clamd and freshclam. Patch provided by
|
|
507
|
+- systemd support for clamd and freshclam. Patch provided by
|
508
|
508
|
Andreas Cadhalpun.
|
509
|
509
|
- fixed builds on Mac OS X 10.10 & 10.11.
|
510
|
510
|
- improved debug info for certificate metadata.
|
...
|
...
|
@@ -546,7 +720,7 @@ ClamAV 0.99.1:
|
546
|
546
|
|
547
|
547
|
## 0.99
|
548
|
548
|
|
549
|
|
-ClamAV 0.99 contains major new features and changes. YARA rules,
|
|
549
|
+ClamAV 0.99 contains major new features and changes. YARA rules,
|
550
|
550
|
Perl Compatible Regular Expressions, revamped on-access scanning
|
551
|
551
|
for Linux, and other new features join the many great features of ClamAV:
|
552
|
552
|
|
...
|
...
|
@@ -557,10 +731,10 @@ for Linux, and other new features join the many great features of ClamAV:
|
557
|
557
|
for full details.
|
558
|
558
|
- New and improved on-access scanning for Linux. See the recent blog
|
559
|
559
|
post and clamdoc.pdf for details on the new on-access capabilities.
|
560
|
|
-- A new ClamAV API callback function that is invoked when a virus
|
561
|
|
- is found. This is intended primarily for applications running in
|
562
|
|
- all-match mode. Any applications using all-match mode must use
|
563
|
|
- the new callback function to record and report detected viruses.
|
|
560
|
+- A new ClamAV API callback function that is invoked when a virus
|
|
561
|
+ is found. This is intended primarily for applications running in
|
|
562
|
+ all-match mode. Any applications using all-match mode must use
|
|
563
|
+ the new callback function to record and report detected viruses.
|
564
|
564
|
- Configurable default password list to attempt zip file decryption.
|
565
|
565
|
- TIFF file support.
|
566
|
566
|
- Upgrade Windows pthread library to 2.9.1.
|
...
|
...
|
@@ -597,7 +771,7 @@ included for ClamAV 0.99:
|
597
|
597
|
## 0.98.7
|
598
|
598
|
|
599
|
599
|
ClamAV 0.98.7 is here! This release contains new scanning features
|
600
|
|
-and bug fixes.
|
|
600
|
+and bug fixes.
|
601
|
601
|
|
602
|
602
|
- Improvements to PDF processing: decryption, escape sequence
|
603
|
603
|
handling, and file property collection.
|
...
|
...
|
@@ -617,7 +791,7 @@ and bug fixes.
|
617
|
617
|
CVE-2015-2668.
|
618
|
618
|
- Fix compilation error after ./configure --disable-pthreads.
|
619
|
619
|
Reported and fix suggested by John E. Krokes.
|
620
|
|
-- Apply upstream patch for possible heap overflow in Henry Spencer's
|
|
620
|
+- Apply upstream patch for possible heap overflow in Henry Spencer's
|
621
|
621
|
regex library. CVE-2015-2305.
|
622
|
622
|
- Fix crash in upx decoder with crafted file. Discovered and patch
|
623
|
623
|
supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
|
...
|
...
|
@@ -658,7 +832,7 @@ ClamAV 0.98.6 is a bug fix release correcting the following:
|
658
|
658
|
- Compensate a crash due to incorrect compiler optimization when
|
659
|
659
|
handling crafted petite packer files. This issue was discovered
|
660
|
660
|
by Sebastian Andrzej Siewior.
|
661
|
|
-
|
|
661
|
+
|
662
|
662
|
Thanks to the following ClamAV community members for code submissions
|
663
|
663
|
and bug reporting included in ClamAV 0.98.6:
|
664
|
664
|
|
...
|
...
|
@@ -757,17 +931,17 @@ Here are the new features and improvements in ClamAV 0.98.2:
|
757
|
757
|
about OpenIOC.
|
758
|
758
|
- All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)
|
759
|
759
|
now support IPV6 addresses and configuration parameters.
|
760
|
|
-- Use OpenSSL file hash functions for improved performance. OpenSSL
|
|
760
|
+- Use OpenSSL file hash functions for improved performance. OpenSSL
|
761
|
761
|
is now prerequisite software for ClamAV 0.98.2.
|
762
|
762
|
- Improved detection of malware scripts within image files. Issue reported
|
763
|
763
|
by Maarten Broekman.
|
764
|
764
|
- Change to circumvent possible denial of service when processing icons within
|
765
|
765
|
specially crafted PE files. Icon limits are now in place with corresponding
|
766
|
|
- clamd and clamscan configuration parameters. This issue was reported by
|
|
766
|
+ clamd and clamscan configuration parameters. This issue was reported by
|
767
|
767
|
Joxean Koret.
|
768
|
768
|
- Improvements to the fidelity of the ClamAV pattern matcher, an issue
|
769
|
769
|
reported by Christian Blichmann.
|
770
|
|
-- Opt-in collection of statistics. Statistics collected are: sizes and MD5
|
|
770
|
+- Opt-in collection of statistics. Statistics collected are: sizes and MD5
|
771
|
771
|
hashes of files, PE file section counts and section MD5 hashes, and names
|
772
|
772
|
and counts of detected viruses. Enable statistics collection with the
|
773
|
773
|
--enable-stats clamscan flag or StatsEnabled clamd configuration
|
...
|
...
|
@@ -776,7 +950,7 @@ Here are the new features and improvements in ClamAV 0.98.2:
|
776
|
776
|
assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,
|
777
|
777
|
and Dave Simonson.
|
778
|
778
|
- Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.
|
779
|
|
-- ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation
|
|
779
|
+- ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation
|
780
|
780
|
improvements.
|
781
|
781
|
|
782
|
782
|
Thanks to the following ClamAV community members for sending patches or reporting
|
...
|
...
|
@@ -795,7 +969,7 @@ Christian Blichmann
|
795
|
795
|
REGARDING OPENSSL
|
796
|
796
|
|
797
|
797
|
In addition, as a special exception, the copyright holders give
|
798
|
|
-permission to link the code of portions of this program with the
|
|
798
|
+permission to link the code of portions of this program with the
|
799
|
799
|
OpenSSL library under certain conditions as described in each
|
800
|
800
|
individual source file, and distribute linked combinations
|
801
|
801
|
including the two.
|
...
|
...
|
@@ -803,20 +977,20 @@ including the two.
|
803
|
803
|
You must obey the GNU General Public License in all respects
|
804
|
804
|
for all of the code used other than OpenSSL. If you modify
|
805
|
805
|
file(s) with this exception, you may extend this exception to your
|
806
|
|
-version of the file(s), but you are not obligated to do so. If you
|
|
806
|
+version of the file(s), but you are not obligated to do so. If you
|
807
|
807
|
do not wish to do so, delete this exception statement from your
|
808
|
808
|
version. If you delete this exception statement from all source
|
809
|
809
|
files in the program, then also delete it here.
|
810
|
810
|
|
811
|
811
|
## 0.98.1
|
812
|
812
|
|
813
|
|
-ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and
|
|
813
|
+ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and
|
814
|
814
|
quality improvements. These include:
|
815
|
815
|
|
816
|
816
|
- Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.
|
817
|
817
|
|
818
|
818
|
- Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
|
819
|
|
- XAR format is commonly used for software packaging, such as PKG and RPM, as well as
|
|
819
|
+ XAR format is commonly used for software packaging, such as PKG and RPM, as well as
|
820
|
820
|
general archival.
|
821
|
821
|
|
822
|
822
|
- Decompression and scanning of files in "Xz" compression format.
|
...
|
...
|
@@ -831,7 +1005,7 @@ quality improvements. These include:
|
831
|
831
|
performance cost. This should only be needed when callback functions are used
|
832
|
832
|
that need file access.
|
833
|
833
|
|
834
|
|
-- Various improvements to ClamAV configuration, support of third party libraries,
|
|
834
|
+- Various improvements to ClamAV configuration, support of third party libraries,
|
835
|
835
|
and unit tests.
|
836
|
836
|
|
837
|
837
|
## 0.98
|
...
|
...
|
@@ -869,8 +1043,8 @@ support for additional filetypes, and internal upgrades.
|
869
|
869
|
|
870
|
870
|
- New callbacks added to the API: The libclamav API has additional hooks
|
871
|
871
|
for developers to use when wrapping ClamAV scanning. These function
|
872
|
|
- types are prefixed with "clcb_" and allow developers to add logic at
|
873
|
|
- certain steps of the scanning process without directly modifying the
|
|
872
|
+ types are prefixed with "clcb_" and allow developers to add logic at
|
|
873
|
+ certain steps of the scanning process without directly modifying the
|
874
|
874
|
library. For more details refer to the clamav.h file.
|
875
|
875
|
|
876
|
876
|
- More configurable limits: Several hardcoded values are now configurable
|
...
|
...
|
@@ -916,20 +1090,20 @@ reported as scan result."
|
916
|
916
|
|
917
|
917
|
## 0.97.5
|
918
|
918
|
|
919
|
|
-ClamAV 0.97.5 addresses possible evasion cases in some archive formats
|
920
|
|
-(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability
|
921
|
|
-issues in portions of the bytecode engine. This release is recommended for
|
|
919
|
+ClamAV 0.97.5 addresses possible evasion cases in some archive formats
|
|
920
|
+(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability
|
|
921
|
+issues in portions of the bytecode engine. This release is recommended for
|
922
|
922
|
all users.
|
923
|
923
|
|
924
|
924
|
## 0.97.4
|
925
|
925
|
|
926
|
|
-ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial
|
927
|
|
-support for on-access scanning under Mac OS X (see contrib/ClamAuth).
|
|
926
|
+ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial
|
|
927
|
+support for on-access scanning under Mac OS X (see contrib/ClamAuth).
|
928
|
928
|
This update is recommended for all users.
|
929
|
929
|
|
930
|
930
|
## 0.97.3
|
931
|
931
|
|
932
|
|
-ClamAV 0.97.3 is a minor bugfix release and is recommended for all
|
|
932
|
+ClamAV 0.97.3 is a minor bugfix release and is recommended for all
|
933
|
933
|
users. Please refer to the ChangeLog file for details.
|
934
|
934
|
|
935
|
935
|
## 0.97.2
|
...
|
...
|
@@ -950,9 +1124,9 @@ The ClamAV team (https://www.clamav.net/about.html#credits)
|
950
|
950
|
|
951
|
951
|
ClamAV 0.97 brings many improvements, including complete Windows support
|
952
|
952
|
(all major components compile out-of-box under Visual Studio), support for
|
953
|
|
-signatures based on SHA1 and SHA256, better error detection, as well as
|
954
|
|
-speed and memory optimizations. The complete list of changes is available
|
955
|
|
-in the ChangeLog file. For upgrade notes and tips please see:
|
|
953
|
+signatures based on SHA1 and SHA256, better error detection, as well as
|
|
954
|
+speed and memory optimizations. The complete list of changes is available
|
|
955
|
+in the ChangeLog file. For upgrade notes and tips please see:
|
956
|
956
|
https://wiki.clamav.net/Main/UpgradeNotes097
|
957
|
957
|
|
958
|
958
|
With Sourcefire, Inc. acquisition of Immunet Corp., ClamAV for Windows
|
...
|
...
|
@@ -963,7 +1137,7 @@ the full power of the LibClamAV engine, all the ClamAV signatures,
|
963
|
963
|
and creation of custom signatures on any platform running Immunet 3.0,
|
964
|
964
|
powered by ClamAV. If you run Windows systems in your environment and
|
965
|
965
|
need an AV solution to protect them, give Immunet 3.0, powered by ClamAV
|
966
|
|
-a try; you can download it from https://www.clamav.net/download.html#otherversions
|
|
966
|
+a try; you can download it from https://www.clamav.net/download.html#otherversions
|
967
|
967
|
|
968
|
968
|
--
|
969
|
969
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
...
|
...
|
@@ -1355,7 +1529,7 @@ The ClamAV team (https://www.clamav.net/about.html#credits)
|
1355
|
1355
|
## 0.90.3
|
1356
|
1356
|
|
1357
|
1357
|
This release fixes some security bugs in libclamav and improves stability
|
1358
|
|
-under Solaris. Please see ChangeLog for complete list of changes.
|
|
1358
|
+under Solaris. Please see ChangeLog for complete list of changes.
|
1359
|
1359
|
|
1360
|
1360
|
If your system is suffering from long clamscan startup times, please
|
1361
|
1361
|
consider installing 0.91rc1 which is due to be released shortly
|
...
|
...
|
@@ -1409,9 +1583,9 @@ systems yet. You are encouraged to pass the --enable-experimental flag to
|
1409
|
1409
|
improvements in terms of detection rate and performances. If you find a bug,
|
1410
|
1410
|
please take some time to report it on our bugzilla: https://bugzilla.clamav.net.
|
1411
|
1411
|
Your help in testing the new code is really appreciated. The experimental code
|
1412
|
|
-introduces many improvements in terms of detection rate and performances.
|
|
1412
|
+introduces many improvements in terms of detection rate and performances.
|
1413
|
1413
|
|
1414
|
|
-RAR3, SIS and SFX archives support is finally available together with
|
|
1414
|
+RAR3, SIS and SFX archives support is finally available together with
|
1415
|
1415
|
new unpackers and decryptors: pespin, sue, yc, wwpack32, nspack, mew, upack
|
1416
|
1416
|
and others. Additionally, ClamAV now includes better mechanisms for scanning
|
1417
|
1417
|
ELF, PDF and tar files. The email decoding has been improved to reduce both
|
...
|
...
|
@@ -1420,10 +1594,10 @@ the memory requirements and the time taken to process attachments.
|
1420
|
1420
|
As part of the Google Summer of Code program, we have introduced support for
|
1421
|
1421
|
a new phishing signatures format that has proved very effective in detecting
|
1422
|
1422
|
phishing emails. The ClamAV phishing module allows better and more generic
|
1423
|
|
-detection of phishing emails by searching for URLs in email messages, and
|
1424
|
|
-comparing the real site with the URL displayed to the user in the message.
|
|
1423
|
+detection of phishing emails by searching for URLs in email messages, and
|
|
1424
|
+comparing the real site with the URL displayed to the user in the message.
|
1425
|
1425
|
|
1426
|
|
-On the performance side, support for the MULTISCAN command has been
|
|
1426
|
+On the performance side, support for the MULTISCAN command has been
|
1427
|
1427
|
implemented in clamd, allowing to scan multiple files simultaneously.
|
1428
|
1428
|
Support for Sensory Networks' NodalCore acceleration technology
|
1429
|
1429
|
(https://www.clamav.net/nodalcore/) is now available in ClamAV and will be
|
...
|
...
|
@@ -1522,7 +1696,7 @@ We are happy to announce new interesting software with support for ClamAV:
|
1522
|
1522
|
- mod_streamav - a ClamAV based antivirus filter for Apache 2
|
1523
|
1523
|
- pyClamd - a python interface to Clamd
|
1524
|
1524
|
|
1525
|
|
-More information at https://www.clamav.net/download.html#tools
|
|
1525
|
+More information at https://www.clamav.net/download.html#tools
|
1526
|
1526
|
|
1527
|
1527
|
--
|
1528
|
1528
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
...
|
...
|
@@ -1576,7 +1750,7 @@ architectures and possible security problem in freshclam.
|
1576
|
1576
|
Following the 0.88.1 release some portals and security related websites
|
1577
|
1577
|
published incorrect information on security problems of 0.88. To avoid
|
1578
|
1578
|
such incidents in the future, every new ClamAV package will be released
|
1579
|
|
-together with detailed information about security bugs it fixes.
|
|
1579
|
+together with detailed information about security bugs it fixes.
|
1580
|
1580
|
|
1581
|
1581
|
--
|
1582
|
1582
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
...
|
...
|
@@ -1846,7 +2020,7 @@ Important note to clamdwatch users: please upgrade to the latest version
|
1846
|
1846
|
- simscan - an e-mail and spam filter for qmail
|
1847
|
1847
|
- smtpfilter - scan SMTP session for viruses
|
1848
|
1848
|
- snort-inline - scan your network traffic for viruses with ClamAV
|
1849
|
|
- - SquidClamAV Redirector - a Squid helper script which adds virus scanning
|
|
1849
|
+ - SquidClamAV Redirector - a Squid helper script which adds virus scanning
|
1850
|
1850
|
- WRAVLib - a library for a-v integration with Mono/.NET applications
|
1851
|
1851
|
|
1852
|
1852
|
--
|
...
|
...
|
@@ -2004,7 +2178,7 @@ up with or beating the proprietary alternatives." Thanks!
|
2004
|
2004
|
SourceWear.com is selling some very nice t-shirts and polo shirts powered by
|
2005
|
2005
|
ClamAV. Wear them and virus writers will stay away from you :- A quarter out
|
2006
|
2006
|
of every dollar profited from the sale of these shirts will go to the ClamAV
|
2007
|
|
-project. Visit http://www.sourcewear.com and click on ClamAV logo!
|
|
2007
|
+project. Visit http://www.sourcewear.com and click on ClamAV logo!
|
2008
|
2008
|
|
2009
|
2009
|
--
|
2010
|
2010
|
The ClamAV team (https://www.clamav.net/about.html#credits)
|
...
|
...
|
@@ -2025,7 +2199,7 @@ We have been distributing the database in both formats till now, but
|
2025
|
2025
|
we plan to drop support for ClamAV 0.60 on September 1st.
|
2026
|
2026
|
|
2027
|
2027
|
We encourage _all_ users to upgrade to the latest release available.
|
2028
|
|
-People running an old version of ClamAV are missing many viruses and
|
|
2028
|
+People running an old version of ClamAV are missing many viruses and
|
2029
|
2029
|
may experience stability problems.
|
2030
|
2030
|
|
2031
|
2031
|
On non-production systems you can try the latest development version.
|
...
|
...
|
@@ -2063,7 +2237,7 @@ The ClamAV team (https://www.clamav.net/about.html#credits)
|
2063
|
2063
|
## 0.73
|
2064
|
2064
|
|
2065
|
2065
|
This version fixes memory management problems in the OLE2 decoder and
|
2066
|
|
-improves mail scanning.
|
|
2066
|
+improves mail scanning.
|
2067
|
2067
|
|
2068
|
2068
|
Thank you for using ClamAV !
|
2069
|
2069
|
|
...
|
...
|
@@ -2086,7 +2260,7 @@ This release fixes all bugs found in 0.70 and introduces a few new features -
|
2086
|
2086
|
the noteworthy changes include:
|
2087
|
2087
|
|
2088
|
2088
|
- libclamav:
|
2089
|
|
- - support nested OLE2 files
|
|
2089
|
+ - support nested OLE2 files
|
2090
|
2090
|
- support Word6 macro code
|
2091
|
2091
|
- ignore popular file types (media, graphics)
|
2092
|
2092
|
- support compress.exe (SZDD) compression (test/test.msc)
|
...
|
...
|
@@ -2321,7 +2495,7 @@ the highest possible level.
|
2321
|
2321
|
New mirroring mechanisms. Luca Gibelli (ClamAV) and mirror administrators
|
2322
|
2322
|
(22 sites) are converting mirrors to new "push mirroring"
|
2323
|
2323
|
method. It uses advanced techniques to ensure all the mirrors are up to date.
|
2324
|
|
-More info: https://www.clamav.net/documents/introduction
|
|
2324
|
+More info: https://www.clamav.net/documents/introduction
|
2325
|
2325
|
|
2326
|
2326
|
We would like to thank our donors:
|
2327
|
2327
|
|
...
|
...
|
@@ -2494,7 +2668,7 @@ Changes:
|
2494
|
2494
|
- various mbox code updates (fixed memory leak; added support for decoding
|
2495
|
2495
|
viruses sent in message bodies, detection of viruses that put their
|
2496
|
2496
|
payloads after the end of message marker (thanks to Stephen White
|
2497
|
|
- <stephen@earth.li> for the bug report and useful CGI tools);
|
|
2497
|
+ <stephen@earth.li> for the bug report and useful CGI tools);
|
2498
|
2498
|
|
2499
|
2499
|
- zziplib updated to 0.10.81 (some problems with older version were reported
|
2500
|
2500
|
by Martin Schitter)
|
...
|
...
|
@@ -2635,7 +2809,7 @@ attachement file names.
|
2635
|
2635
|
## 0.52
|
2636
|
2636
|
|
2637
|
2637
|
This version contains a portability fixes - it should compile on OpenBSD,
|
2638
|
|
-MacOSX and NetBSD (support for them was broken in 0.51).
|
|
2638
|
+MacOSX and NetBSD (support for them was broken in 0.51).
|
2639
|
2639
|
|
2640
|
2640
|
- clamd: various fixes:
|
2641
|
2641
|
- drop supplementary groups (suggested by Enrico Scholz
|
...
|
...
|
@@ -2705,7 +2879,7 @@ New software:
|
2705
|
2705
|
|
2706
|
2706
|
- clamd: a modern anti-virus daemon. It uses configuration file clamav.conf
|
2707
|
2707
|
described in the clamav.conf(5) manual. The program was written with
|
2708
|
|
- security as a goal.
|
|
2708
|
+ security as a goal.
|
2709
|
2709
|
|
2710
|
2710
|
- clamuko: on-access scanning under Linux. It utilizes Dazuko kernel module
|
2711
|
2711
|
(GPL, http://dazuko.org) and is clamd-based.
|