@@ -5,29 +5,203 @@ Note: This file refers to the source tarball. Things described here may differ

 ## 0.102.0

-ClamAV 0.102.0 is in development.

-

-### Notable changes in 0.102

-

-- The documentation has moved.

+Welcome to the beta for the 0.102 feature release.

+

+ClamAV 0.102.0 includes an assortment improvements and a couple of significant

+changes.

+

+### Major changes

+

+- The On-Access Scanning feature has been migrated out of `clamd` and into

+  a brand new utility named `clamonacc`. This utility is similar to

+  `clamdscan` and `clamav-milter` in that it acts as a client to `clamd`.

+  This separation from `clamd` means that `clamd` no longer needs to run

+  with root privileges while scanning potentially malicious files. Instead,

+  `clamd` may drop privileges to run under an account that does not have

+  super-user. In addition to improving the security posture of running

+  `clamd` with On-Access enabled, this update fixed a few outstanding defects:

+  - On-Access scanning for created and moved files (Extra-Scanning) is fixed.

+  - VirusEvent for On-Access scans is fixed.

+  - With `clamonacc`, it is now possible to copy, move, or remove a file if the

+    scan triggered an alert, just like with `clamdscan`.

+  For details on how to use the new `clamonacc` On-Access scanner, please

+  refer to the user manual on [ClamAV.net](http://www.clamav.net/documents/),

+  and keep an eye out for a new blog post on the topic

+- The `freshclam` database update utility has undergone a significant update.

+  This includes:

+  - Added support for HTTPS.

+  - Support for database mirrors hosted on ports other than 80.

+  - Removal of the mirror management feature (mirrors.dat).

+  - An all new libfreshclam library API.

+

+### Notable changes

+

+- Added support for extracting ESTsoft .egg archives.

+  This feature is new code developed from scratch using ESTsoft's Egg-archive

+  specification and without referencing the UnEgg library provided by ESTsoft.

+  This was necessary because the UnEgg library's license includes restrictions

+  limiting the commercial use of the UnEgg library.

+- The documentation has moved!

   - Users should navigate to [ClamAV.net](http://www.clamav.net/documents/)

-    to view the documentation.

+    to view the documentation online.

   - The documentation will continue to be provided in HTML format with each

     release for offline viewing in the `docs/html` directory.

   - The new home for the documentation markdown is in our

     [ClamAV FAQ Github repository](https://github.com/Cisco-Talos/clamav-faq)

-### Additional minor bug fixes

+### Other improvements

+

+- Improved Windows executable Authenticode handling, enabling both whitelisting

+  and blacklisting of files based on code-signing certificates. Additional

+  improvements to Windows executable (PE file) parsing.

+  Work courtesy of Andrew Williams.

+- Added support for creating bytecode signatures for Mach-O and

+  ELF executable unpacking. Work courtesy of Jonas Zaddach.

+- Re-formatted the entire ClamAV code-base using `clang-format` in conjunction

+  with our new ClamAV code style specification. See the

+  [clamav.net blog post](https://blog.clamav.net/2019/02/clamav-adopts-clang-format.html)

+  for details.

+- Integrated ClamAV with Google's [OSS-Fuzz](https://github.com/google/oss-fuzz)

+  automated fuzzing service with the help of Alex Gaynor. This work has already

+  proven beneficial, enabling us to identify and fix subtle bugs in both legacy

+  code and newly developed code.

+- The `clamsubmit` tool is now available on Windows.

+- The `clamscan` metadata feature (`--gen-json`) is now available on Windows.

+- Significantly reduced number of warnings generated when compiling ClamAV with

+  "-Wall" and "-Wextra" compiler flags and made many subtle improvements to the

+  consistency of variable types throughout the code.

+- Updated the majority of third-party dependencies for ClamAV on Windows.

+  The source code for each has been removed from the clamav-devel repository.

+  This means that these dependencies have to be compiled independently of ClamAV.

+  The added build process complexity is offset by significantly reducing the

+  difficulty of releasing ClamAV with newer versions of those dependencies.

+- During the 0.102 development period, we've also improved our Continuous

+  Integration (CI) processes. Most recently, we added a CI pipeline definition

+  to the ClamAV Git repository. This chains together our build and quality

+  assurance test suites and enables automatic testing of all proposed changes

+  to ClamAV, with customizable parameters to suit the testing needs of any

+  given code change.

+

+### Bug fixes

 - Fix to prevent a possible crash when loading LDB type signature databases

   and PCRE is not available. Patch courtesy of Tomasz Kojm.

+- Fixes to the PDF parser that will improve PDF malware detection efficacy.

+  Patch courtesy of Clement Lecigne.

+- Fix for regular expression phishing signatures (PDB R-type signatures).

+- Various other bug fixes.

+

+### New Requirements

+

+- Libcurl has become a hard-dependency. Libcurl enables HTTPS support for

+  `freshclam` and `clamsubmit` as well as communication between `clamonacc`

+  and `clamd`.

+- Libcurl version >= 7.45 is required when building ClamAV from source with

+  the new On-Access Scanning application (`clamonacc`). Users on Linux operating

+  systems that package older versions of libcurl (e.g. all versions of CentOS

+  and Debian versions <= 8) have a number of options:

+

+  1. Wait for your package maintainer to provide a newer version of libcurl.

+  2. Install a newer version of libcurl [from source](https://curl.haxx.se/download.html).

+  3. Disable installation of `clamonacc` and On-Access Scanning capabilities

+    with the `./configure` flag `--disable-clamonacc`.

+

+  Non-Linux users will need to take no actions as they are unaffected by this

+  new requirement.

 ### Acknowledgements

 The ClamAV team thanks the following individuals for their code submissions:

+- Alex Gaynor

+- Andrew Williams

+- Carlo Landmeter

+- Chips

+- Clement Lecigne

+- Paul Arthur

+- Jonas Zaddach

+- Ørjan Malde

+- Rick Wang

+- Rosen Penev

+- Thomas Jarosch

 - Tomasz Kojm

+Finally, we'd like to thank Joe McGrath for building our quality assurance test suite

+and for working diligently to ensure knowledge transfer up until his last day

+on the team. Working with you was a pleasure, Joe, and we wish you the best

+of luck in your next adventure!

+

+## 0.101.2

+

+ClamAV 0.101.2 is a patch release to address a handful of security related bugs.

+

+This patch release is being released alongside the 0.100.3 patch so that users

+who are unable to upgrade to 0.101 due to libclamav API changes are protected.

+

+This release includes 3 extra security related bug fixes that do not apply to

+prior versions.  In addition, it includes a number of minor bug fixes and

+improvements.

+

+- Fixes for the following vulnerabilities affecting 0.101.1 and prior:

+  - [CVE-2019-1787](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1787):

+    An out-of-bounds heap read condition may occur when scanning PDF

+    documents. The defect is a failure to correctly keep track of the number

+    of bytes remaining in a buffer when indexing file data.

+  - [CVE-2019-1789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1789):

+    An out-of-bounds heap read condition may occur when scanning PE files

+    (i.e. Windows EXE and DLL files) that have been packed using Aspack as a

+    result of inadequate bound-checking.

+  - [CVE-2019-1788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788):

+    An out-of-bounds heap write condition may occur when scanning OLE2 files

+    such as Microsoft Office 97-2003 documents. The invalid write happens when

+    an invalid pointer is mistakenly used to initialize a 32bit integer to

+    zero. This is likely to crash the application.

+

+- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:

+  - [CVE-2019-1786](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1786):

+    An out-of-bounds heap read condition may occur when scanning malformed PDF

+    documents as a result of improper bounds-checking.

+  - [CVE-2019-1785](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1785):

+    A path-traversal write condition may occur as a result of improper input

+    validation when scanning RAR archives. Issue reported by aCaB.

+  - [CVE-2019-1798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1798):

+    A use-after-free condition may occur as a result of improper error

+    handling when scanning nested RAR archives. Issue reported by David L.

+

+- Fixes for the following assorted bugs:

+  - Added checks to prevent shifts from causing undefined behavior in HTML

+    normalizer, UPX unpacker, ARJ extractor, CPIO extractor, OLE2 parser,

+    LZW decompressor used in the PDF parser, Xz decompressor, and UTF-16 to

+    ASCII transcoder.

+  - Added checks to prevent integer overflow in UPX unpacker.

+  - Fix for minor memory leak in OLE2 parser.

+  - Fix to speed up PDF parser when handling truncated (or malformed) PDFs.

+  - Fix for memory leak in ARJ decoder failure condition.

+  - Fix for potential memory and file descriptor leak in HTML normalization code.

+

+- Removed use of problematic feature that converted file descriptors to

+  file paths. The feature was intended to improve performance when scanning

+  file types, notably RAR archives, for which the API requires a file path.

+  This feature caused issues in environments where the ClamAV engine is run

+  in a low-permissions or sandboxed process. RAR archives are still supported

+  with this change, but performance may suffer slightly if the file path is not

+  provided in calls to `cl_scandesc_callback()`.

+  - Added filename and tempfile names to scandesc calls in clamd.

+  - Added general scan option `CL_SCAN_GENERAL_UNPRIVILEGED` to treat the scan

+    engine as unprivileged, meaning that the scan engine will not have read

+    access to the file. Provided file paths are for logging purposes only.

+  - Added ability to create a temp file when scanning RAR archives when the

+    process does not have read access to the file path provided (i.e.

+    unprivileged is set, or an access check fails).

+

+Thank you to the Google OSS-Fuzz project for identifying and reporting many of

+the bugs patched in this release.

+

+Additional thanks to the following community members for submitting bug reports:

+

+- aCaB

+- David L.

+

 ## 0.101.1

 ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0

@@ -462,7 +636,7 @@ ClamAV 0.99.4 is a hotfix release to patch a set of vulnerabilities.

   a handful of other important bugs, including patches to support g++ 6, C++11.

 Thank you to the following ClamAV community members for your code

-submissions and bug reports! 

+submissions and bug reports!

 Alberto Garcia

 Bernhard Vogel

@@ -504,7 +678,7 @@ ClamAV 0.99.2 is a release of bug fixes and minor enhancements.

 - fix ups improving the reliability of several ClamAV file parsers.

 - sigtool now decodes file type signatures (e.g., daily.ftm CVD file).

 - now supporting libpcre2 in addition to libpcre.

-- systemd support for clamd and freshclam. Patch provided by 

+- systemd support for clamd and freshclam. Patch provided by

   Andreas Cadhalpun.

 - fixed builds on Mac OS X 10.10 & 10.11.

 - improved debug info for certificate metadata.

@@ -546,7 +720,7 @@ ClamAV 0.99.1:

 ## 0.99

-ClamAV 0.99 contains major new features and changes. YARA rules, 

+ClamAV 0.99 contains major new features and changes. YARA rules,

 Perl Compatible Regular Expressions, revamped on-access scanning

 for Linux, and other new features join the many great features of ClamAV:

@@ -557,10 +731,10 @@ for Linux, and other new features join the many great features of ClamAV:

   for full details.

 - New and improved on-access scanning for Linux. See the recent blog

   post and clamdoc.pdf for details on the new on-access capabilities.

-- A new ClamAV API callback function that is invoked when a virus 

-  is found. This is intended primarily for applications running in 

-  all-match mode. Any applications using all-match mode must use 

-  the new callback function to record and report detected viruses.    

+- A new ClamAV API callback function that is invoked when a virus

+  is found. This is intended primarily for applications running in

+  all-match mode. Any applications using all-match mode must use

+  the new callback function to record and report detected viruses.

 - Configurable default password list to attempt zip file decryption.

 - TIFF file support.

 - Upgrade Windows pthread library to 2.9.1.

@@ -597,7 +771,7 @@ included for ClamAV 0.99:

 ## 0.98.7

 ClamAV 0.98.7 is here! This release contains new scanning features

-and bug fixes. 

+and bug fixes.

 - Improvements to PDF processing: decryption, escape sequence

   handling, and file property collection.

@@ -617,7 +791,7 @@ and bug fixes.

   CVE-2015-2668.

 - Fix compilation error after ./configure --disable-pthreads.

   Reported and fix suggested by John E. Krokes.

-- Apply upstream patch for possible heap overflow in Henry Spencer's 

+- Apply upstream patch for possible heap overflow in Henry Spencer's

   regex library. CVE-2015-2305.

 - Fix crash in upx decoder with crafted file. Discovered and patch

   supplied by Sebastian Andrzej Siewior. CVE-2015-2170.

@@ -658,7 +832,7 @@ ClamAV 0.98.6 is a bug fix release correcting the following:

 - Compensate a crash due to incorrect compiler optimization when

   handling crafted petite packer files. This issue was discovered

   by Sebastian Andrzej Siewior.

-      

+

 Thanks to the following ClamAV community members for code submissions

 and bug reporting included in ClamAV 0.98.6:

@@ -757,17 +931,17 @@ Here are the new features and improvements in ClamAV 0.98.2:

   about OpenIOC.

 - All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)

   now support IPV6 addresses and configuration parameters.

-- Use OpenSSL file hash functions for improved performance. OpenSSL 

+- Use OpenSSL file hash functions for improved performance. OpenSSL

   is now prerequisite software for ClamAV 0.98.2.

 - Improved detection of malware scripts within image files. Issue reported

   by Maarten Broekman.

 - Change to circumvent possible denial of service when processing icons within

   specially crafted PE files. Icon limits are now in place with corresponding

-  clamd and clamscan configuration parameters. This issue was reported by 

+  clamd and clamscan configuration parameters. This issue was reported by

   Joxean Koret.

 - Improvements to the fidelity of the ClamAV pattern matcher, an issue

   reported by Christian Blichmann.

-- Opt-in collection of statistics. Statistics collected are: sizes and MD5 

+- Opt-in collection of statistics. Statistics collected are: sizes and MD5

   hashes of files, PE file section counts and section MD5 hashes, and names

   and counts of detected viruses. Enable statistics collection with the

   --enable-stats clamscan flag or StatsEnabled clamd configuration

@@ -776,7 +950,7 @@ Here are the new features and improvements in ClamAV 0.98.2:

   assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,

   and Dave Simonson.

 - Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.

-- ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation 

+- ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation

   improvements.

 Thanks to the following ClamAV community members for sending patches or reporting

@@ -795,7 +969,7 @@ Christian Blichmann

 REGARDING OPENSSL

 In addition, as a special exception, the copyright holders give

-permission to link the code of portions of this program with the 

+permission to link the code of portions of this program with the

 OpenSSL library under certain conditions as described in each

 individual source file, and distribute linked combinations

 including the two.

@@ -803,20 +977,20 @@ including the two.

 You must obey the GNU General Public License in all respects

 for all of the code used other than OpenSSL.  If you modify

 file(s) with this exception, you may extend this exception to your

-version of the file(s), but you are not obligated to do so.  If you 

+version of the file(s), but you are not obligated to do so.  If you

 do not wish to do so, delete this exception statement from your

 version.  If you delete this exception statement from all source

 files in the program, then also delete it here.

 ## 0.98.1

-ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and 

+ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and

 quality improvements. These include:

 - Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.

 - Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.

-  XAR format is commonly used for software packaging, such as PKG and RPM, as well as 

+  XAR format is commonly used for software packaging, such as PKG and RPM, as well as

   general archival.

 - Decompression and scanning of files in "Xz" compression format.

@@ -831,7 +1005,7 @@ quality improvements. These include:

   performance cost. This should only be needed when callback functions are used

   that need file access.

-- Various improvements to ClamAV configuration, support of third party libraries, 

+- Various improvements to ClamAV configuration, support of third party libraries,

   and unit tests.

 ## 0.98

@@ -869,8 +1043,8 @@ support for additional filetypes, and internal upgrades.

 - New callbacks added to the API: The libclamav API has additional hooks

   for developers to use when wrapping ClamAV scanning. These function

-  types are prefixed with "clcb_" and allow developers to add logic at 

-  certain steps of the scanning process without directly modifying the 

+  types are prefixed with "clcb_" and allow developers to add logic at

+  certain steps of the scanning process without directly modifying the

   library. For more details refer to the clamav.h file.

 - More configurable limits: Several hardcoded values are now configurable

@@ -916,20 +1090,20 @@ reported as scan result."

 ## 0.97.5

-ClamAV 0.97.5 addresses possible evasion cases in some archive formats 

-(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability 

-issues in portions of the bytecode engine. This release is recommended for 

+ClamAV 0.97.5 addresses possible evasion cases in some archive formats

+(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability

+issues in portions of the bytecode engine. This release is recommended for

 all users.

 ## 0.97.4

-ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial 

-support for on-access scanning under Mac OS X (see contrib/ClamAuth). 

+ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial

+support for on-access scanning under Mac OS X (see contrib/ClamAuth).

 This update is recommended for all users.

 ## 0.97.3

-ClamAV 0.97.3 is a minor bugfix release and is recommended for all 

+ClamAV 0.97.3 is a minor bugfix release and is recommended for all

 users. Please refer to the ChangeLog file for details.

 ## 0.97.2

@@ -950,9 +1124,9 @@ The ClamAV team (https://www.clamav.net/about.html#credits)

 ClamAV 0.97 brings many improvements, including complete Windows support

 (all major components compile out-of-box under Visual Studio), support for

-signatures based on SHA1 and SHA256, better error detection, as well as 

-speed and memory optimizations. The complete list of changes is available 

-in the ChangeLog file. For upgrade notes and tips please see: 

+signatures based on SHA1 and SHA256, better error detection, as well as

+speed and memory optimizations. The complete list of changes is available

+in the ChangeLog file. For upgrade notes and tips please see:

 https://wiki.clamav.net/Main/UpgradeNotes097

 With Sourcefire, Inc. acquisition of Immunet Corp., ClamAV for Windows

@@ -963,7 +1137,7 @@ the full power of the LibClamAV engine, all the ClamAV signatures,

 and creation of custom signatures on any platform running Immunet 3.0,

 powered by ClamAV. If you run Windows systems in your environment and

 need an AV solution to protect them, give Immunet 3.0, powered by ClamAV

-a try; you can download it from https://www.clamav.net/download.html#otherversions 

+a try; you can download it from https://www.clamav.net/download.html#otherversions

 --

 The ClamAV team (https://www.clamav.net/about.html#credits)

@@ -1355,7 +1529,7 @@ The ClamAV team (https://www.clamav.net/about.html#credits)

 ## 0.90.3

 This release fixes some security bugs in libclamav and improves stability

-under Solaris. Please see ChangeLog for complete list of changes. 

+under Solaris. Please see ChangeLog for complete list of changes.

 If your system is suffering from long clamscan startup times, please

 consider installing 0.91rc1 which is due to be released shortly

@@ -1409,9 +1583,9 @@ systems yet. You are encouraged to pass the --enable-experimental flag to

 improvements in terms of detection rate and performances. If you find a bug,

 please take some time to report it on our bugzilla: https://bugzilla.clamav.net.

 Your help in testing the new code is really appreciated. The experimental code

-introduces many improvements in terms of detection rate and performances. 

+introduces many improvements in terms of detection rate and performances.

-RAR3, SIS and SFX archives support is finally available together with 

+RAR3, SIS and SFX archives support is finally available together with

 new unpackers and decryptors: pespin, sue, yc, wwpack32, nspack, mew, upack

 and others. Additionally, ClamAV now includes better mechanisms for scanning

 ELF, PDF and tar files. The email decoding has been improved to reduce both

@@ -1420,10 +1594,10 @@ the memory requirements and the time taken to process attachments.

 As part of the Google Summer of Code program, we have introduced support for

 a new phishing signatures format that has proved very effective in detecting

 phishing emails. The ClamAV phishing module allows better and more generic

-detection of phishing emails by searching for URLs in email messages, and 

-comparing the real site with the URL displayed to the user in the message. 

+detection of phishing emails by searching for URLs in email messages, and

+comparing the real site with the URL displayed to the user in the message.

-On the performance side, support for the MULTISCAN command has been 

+On the performance side, support for the MULTISCAN command has been

 implemented in clamd, allowing to scan multiple files simultaneously.

 Support for Sensory Networks' NodalCore acceleration technology

 (https://www.clamav.net/nodalcore/) is now available in ClamAV and will be

@@ -1522,7 +1696,7 @@ We are happy to announce new interesting software with support for ClamAV:

 - mod_streamav - a ClamAV based antivirus filter for Apache 2

 - pyClamd - a python interface to Clamd

-More information at https://www.clamav.net/download.html#tools 

+More information at https://www.clamav.net/download.html#tools

 --

 The ClamAV team (https://www.clamav.net/about.html#credits)

@@ -1576,7 +1750,7 @@ architectures and possible security problem in freshclam.

 Following the 0.88.1 release some portals and security related websites

 published incorrect information on security problems of 0.88. To avoid

 such incidents in the future, every new ClamAV package will be released

-together with detailed information about security bugs it fixes. 

+together with detailed information about security bugs it fixes.

 --

 The ClamAV team (https://www.clamav.net/about.html#credits)

@@ -1846,7 +2020,7 @@ Important note to clamdwatch users: please upgrade to the latest version

   - simscan - an e-mail and spam filter for qmail

   - smtpfilter - scan SMTP session for viruses

   - snort-inline - scan your network traffic for viruses with ClamAV

-  - SquidClamAV Redirector - a Squid helper script which adds virus scanning 

+  - SquidClamAV Redirector - a Squid helper script which adds virus scanning

   - WRAVLib - a library for a-v integration with Mono/.NET applications

 --

@@ -2004,7 +2178,7 @@ up with or beating the proprietary alternatives." Thanks!

 SourceWear.com is selling some very nice t-shirts and polo shirts powered by

 ClamAV. Wear them and virus writers will stay away from you :- A quarter out

 of every dollar profited from the sale of these shirts will go to the ClamAV

-project. Visit http://www.sourcewear.com and click on ClamAV logo! 

+project. Visit http://www.sourcewear.com and click on ClamAV logo!

 --

 The ClamAV team (https://www.clamav.net/about.html#credits)

@@ -2025,7 +2199,7 @@ We have been distributing the database in both formats till now, but

 we plan to drop support for ClamAV 0.60 on September 1st.

 We encourage _all_ users to upgrade to the latest release available.

-People running an old version of ClamAV are missing many viruses and 

+People running an old version of ClamAV are missing many viruses and

 may experience stability problems.

 On non-production systems you can try the latest development version.

@@ -2063,7 +2237,7 @@ The ClamAV team (https://www.clamav.net/about.html#credits)

 ## 0.73

 This version fixes memory management problems in the OLE2 decoder and

-improves mail scanning. 

+improves mail scanning.

 Thank you for using ClamAV !

@@ -2086,7 +2260,7 @@ This release fixes all bugs found in 0.70 and introduces a few new features -

 the noteworthy changes include:

 - libclamav:

-  - support nested OLE2 files 

+  - support nested OLE2 files

   - support Word6 macro code

   - ignore popular file types (media, graphics)

   - support compress.exe (SZDD) compression (test/test.msc)

@@ -2321,7 +2495,7 @@ the highest possible level.

 New mirroring mechanisms. Luca Gibelli (ClamAV) and mirror administrators

 (22 sites) are converting mirrors to new "push mirroring"

 method. It uses advanced techniques to ensure all the mirrors are up to date.

-More info: https://www.clamav.net/documents/introduction 

+More info: https://www.clamav.net/documents/introduction

 We would like to thank our donors:

@@ -2494,7 +2668,7 @@ Changes:

   - various mbox code updates (fixed memory leak; added support for decoding

     viruses sent in message bodies, detection of viruses that put their

     payloads after the end of message marker (thanks to Stephen White

-    <stephen@earth.li> for the bug report and useful CGI tools); 

+    <stephen@earth.li> for the bug report and useful CGI tools);

   - zziplib updated to 0.10.81 (some problems with older version were reported

     by Martin Schitter)

@@ -2635,7 +2809,7 @@ attachement file names.

 ## 0.52

 This version contains a portability fixes - it should compile on OpenBSD,

-MacOSX and NetBSD (support for them was broken in 0.51). 

+MacOSX and NetBSD (support for them was broken in 0.51).

 - clamd: various fixes:

   - drop supplementary groups (suggested by Enrico Scholz

@@ -2705,7 +2879,7 @@ New software:

 - clamd: a modern anti-virus daemon. It uses configuration file clamav.conf

   described in the clamav.conf(5) manual. The program was written with

-  security as a goal. 

+  security as a goal.

 - clamuko: on-access scanning under Linux. It utilizes Dazuko kernel module

   (GPL, http://dazuko.org) and is clamd-based.