Seite drucken - ClamWin/ClamAV .......

PC-Ecke => # Security Center => Software (PC-Sicherheit) => Thema gestartet von: SiLæncer am 18 November, 2006, 13:22

Titel: ClamWin/ClamAV .......
Beitrag von: SiLæncer am 18 November, 2006, 13:22

Ein Virenscanner, der auch Makros und Dateianhänge von MS Officeprogrammen sowie Archive auf Infektionen prüft. Zunächst müssen Sie die aktuelle Virendatenbank mit einem Klick auf den Button 'Starts Internet Update' downloaden. Die Virendatenbank wird von den Programmautoren regelmäßig aktualisiert und von ClamWin automatisch übernommen. Spätere Versionen werden einen Hintergrundwächter sowie das On-Access-Scanning bieten, also das Scannen von Dateien, auf die gerade zugegriffen wird.

http://de.clamwin.com/

Titel: Neu : ClamWin 0.95.1
Beitrag von: SiLæncer am 15 April, 2009, 15:36

Important changes:

- better ZIP archive handling
- fixed possible false positive detection
- a lot of other bug fixes fixes and improvements

Full changelog from ClamAV team:
http://freshmeat.net/urls/da648e61a906edb2d5916c5c712779b8

http://de.clamwin.com

Titel: ClamWin Free Antivirus 0.95.2 erschienen
Beitrag von: SiLæncer am 12 Juni, 2009, 17:05

We are pleased to announce 0.95.2 release which updates ClamAV engine to version 0.95.2

Important changes by ClamAV team:
* Added malware detection in archives hidden inside other files (eg. images)
* Improved scanning of RAR and CAB archives
* Other scanning enhancements

Full changelog from ClamAV team:
http://freshmeat.net/urls/da648e61a906edb2d5916c5c712779b8 (http://freshmeat.net/urls/da648e61a906edb2d5916c5c712779b8)

http://de.clamwin.com (http://de.clamwin.com)

Titel: Entwickler planen Zwangsabschaltung des freien Virenscanners ClamAV
Beitrag von: SiLæncer am 08 Oktober, 2009, 16:49

Installationen des freien Antivirenscanners ClamAV, deren Version älter als 0.95 ist, werden voraussichtlich am 15. April 2010 deaktiviert. Dazu verteilen die Entwickler von ClamAV eine spezielle Signatur, die ältere Scanner lahmlegt. Der Grund für die einschneidende Maßnahme ist nach Angaben von Luca Gibelli von ClamAV ein Fehler im Update-Dienst Freshclam, der in Versionen vor 0.95 über inkrementelle Updates mit mehr als 980 Bytes strauchelt. Dies verhindere die Verteilung komplexer Signaturen und führe aufgrund der vollständigen Updates zu einer Überlastung der Server. Zudem könnten Anwender von 0.95 bislang nicht von den verbesserten Scan-Funktionen profitieren.

Mit der Zwangsaktivierung wolle man Anwender dazu bringen, auf eine aktuelle Version upzugraden. Die Entwickler raten aber Anwendern, jetzt schon auf Version 0.95.x zu wechseln – aktuell ist derzeit Version 0.95.2. Ab Mai 2010 wolle man dann mit der Verteilung der längeren und komplexeren inkrementellen Signatur-Update beginnen. Bis dahin soll die Ankündigung der Abschaltung alle zwei Monate auf der ClamAV-Mailingliste wiederholt erscheinen.

Unter Umständen ist es für Anwender aber gar nicht so einfach, auf eine neue Version zu wechseln. Beispielsweise ist in Ubuntu 8.04 LTS noch ClamAV 0.94 enthalten. Unter Umständen müssen Anwender dann das Backport-Repository aktivieren und eine aktuelle Version installieren. Unklar ist allerdings, wie ein Anwender erfahren soll, dass sein Virenscanner nicht mehr arbeitet.

Das ClamAV-Projekt gehört seit 2007 zu Sourcefire, einem kommerziellen Anbieter von Sicherheitslösungen. Auch das Intrusion-Detection-System Snort gehört zu Sourcefire.

Quelle : www.heise.de

Titel: ClamWin Free Antivirus 0.95.3
Beitrag von: SiLæncer am 10 November, 2009, 11:08

This release updates ClamAV scanning engine and brings the following improvements:

* Improved virus signature handling
* Improved scanning speed for large executables
* Fixed detection of encrypted zip files embedded into other files
* Improved loading speed of compressed virus signature databases
* Other scanning enhancements

http://www.clamwin.com/

Titel: ClamAV 0.96: Neuere Engine und schlauere Heuristik
Beitrag von: SiLæncer am 01 April, 2010, 16:11

Zu den vom Projekt hervorgehobenen Neuerungen zählt der Bytecode Interpreter der LibclamAV, mittels dem Signatur-Entwickler komplexe Routinen einpflegen können. Angenommen hat sich das Team auch der Heuristik des Scanners. Damit sollen sich Schädlinge entdecken lassen, die sich mittels bekannter Icons als Windows-Programme tarnen und einschleichen.

ClamAV kann in der neuen Ausgabe auch einige neue Archiv-Typen transparent entpacken und untersuchen: 7zip, Installshield und CPIO zählen dazu. Neben der allgemeinen Leistungsverbesserung, unter anderem durch optimierte Speichernutzung, hat ClamAV nun eine bessere Windows-Unterstützung zu bieten und lässt sich nativ unter Visual Studio bauen. Anwendungsentwickler können so die LibclamAV in ihre Windows Anwendungen integrieren.

Die Release Notes (https://wiki.clamav.net/Main/UpgradeNotes096) zählen alle Änderungen auf.

http://www.clamav.net/lang/de/

Titel: ClamAV - Zwangsabschaltung steht kurz bevor
Beitrag von: SiLæncer am 08 April, 2010, 10:04

Am 15. April 2010 werden alte Versionen des freien Virenscanners ClamAV zwangsweise abgeschaltet. Damit wollen die Entwickler ihre Nutzer wie im Oktober 2009 angekündigt zum Update zwingen.

Die ClamAV-Entwickler weisen nochmals auf eine einschneidende Änderung hin: Ab Mitte April 2010 werden inkrementelle Signaturupdates für ClamAV in größeren Paketen verschickt als bisher. Um Anwender zu einem Upgrade zu zwingen, wollen Entwickler am 15. April 2010 eine spezielle Signaturdatei verschicken, die alle älteren Versionen deaktiviert. Lediglich diejenigen, die bereits auf die Version 0.95 oder höher aufgerüstet haben, bleiben von der Zwangsabschaltung verschont.

Grund für die Abschaltung soll ein Bug im Updatemodul Freshclam sein, der inkrementelle Backups auf 980 Bytes beschränkt. Da die ClamAV-Macher aber künftig Signaturupdates in größeren Dateien nur über inkrementelle Updates verteilen wollen, haben sie sich zu diesem Schritt entschlossen. Anfragen nach vollständigen Signaturdateien in großer Zahl würden die ClamAV-Server überlasten.

Angekündigt wurde die Abschaltung alter ClamAV-Versionen bereits im Oktober 2009. Nun steht die Umstellung kurz bevor.

Quelle : www.golem.de

Titel: ClamWin Free Antivirus 0.96
Beitrag von: SiLæncer am 12 April, 2010, 11:34

ClamWin is a Free Antivirus for Microsoft Windows 98/Me/2000/XP/2003. It provides a graphical user interface to the Clam AntiVirus engine.ClamWin Free Antivirus comes with an easy installer and open source code at no cost. It features:

* Scanning Scheduler;
* Automatic Virus Database Updates. ClamAV team updates Virus Databases on a regular basis and almost immediately after a new virus/variant is out;
* Standalone Virus Scanner;
* Context Menu Integration to Microsoft Windows Explorer;
* Addin to Microsoft Outlook.

Download: ClamWin Free Antivirus 0.96 (http://prdownloads.sourceforge.net/clamwin/clamwin-0.96-setup.exe) (30.5 MB)

http://www.clamwin.com/

Titel: Re: ClamWin Free Antivirus 0.96
Beitrag von: Snoop am 12 April, 2010, 14:44

Hm ... schade,

ClamAV bietet inzwischen 64-bit und "Cloud-Anschluss", aber hat keinen on-demand-Scanner.
Bei ClamAV blicke ich aber auch nicht so ganz durch: Scannt das Dingens jetzt in realtime meine Festplattenzugriffe oder was sind die "installierten Files", mit denen der so um sich wirft?

Titel: Re: ClamWin Free Antivirus 0.96
Beitrag von: SiLæncer am 12 April, 2010, 17:09

Von der Website:

Zitat

Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.

Also kein ´on-demand-Scanner´

Titel: Re: ClamWin/ClamAV .......
Beitrag von: Snoop am 12 April, 2010, 17:27

Jaja, ich sprach ja auch von ClamAV ;)

Der meldet bei mir gerade immer so zweideutige Sachen wie wenn ein on-demand-scanner dabei wäre (Wenn man das Icon doppelklickt, dann kommt so eine Meldung, wie viele Dateien heute erfolgreich "installiert" wurden.) Auf der HP kann man lesen:

Zitat

The new ClamAV for Windows is the result of a partnership between Immunet Corporation (http://www.immunet.com) and Sourcefire, Inc. (http://www.sourcefire.com). It is designed to provide the ClamAV community with a free Windows-specific Anti-Virus (AV) solution using an advanced Cloud-based protection mechanism.
You can use ClamAV For Windows as a stand-alone, host-based AV solution, or in conjunction with your pre-installed AV solution to provide enhanced detection for the latest malware threats.

Say goodbye to the days of watching AV software drain your memory and processing speed. Immunet’s unique Cloud-based technologies allow the ClamAV application to leverage the power of the Cloud to drive the AV engine. When you use ClamAV for Windows, you save system resources for the tasks they really want to run, like games and business applications.
Detailed Description

ClamAV for Windows utilizes advanced Cloud-based and community-based detection methods. Developed by Immunet, these detection methods leverage the computers of your friends, family and a worldwide global community to harness their collective knowledge for securing your PC. Every time someone in this collective community encounters a threat, everyone else in the community gains protection from that same threat in real time. You no longer have to rely on the isolated security of your current Anti-Virus vendor. You are able to protect your friends and family while being better protected yourself. This is exactly what we designed ClamAV for Windows to do. By providing a fast and light layer of virus detection, and linking everyone in a global community, we harness a security sum that is far greater than its individual parts, we call this Collective Immunity.

Immunet placed ClamAV into their Cloud infrastructure alongside their Ethos detection engine, and several other detection technologies. By combining all these technologies, and utilizing the power of community-based detection, we feel we have the most effective Anti-Virus technology on the market. And it only gets better with every user that installs and utilizes our technology.

Titel: Re: ClamWin/ClamAV .......
Beitrag von: SiLæncer am 12 April, 2010, 17:38

Von der ClamAV Website :

Zitat

Clam AntiVirus ist ein Antivirus Toolkit für Unix das unter der GPL Lizenz steht. Es wurde speziell für das scannen von EMails auf Mailgateways designt. Das Paket stellt eine Reihe von Hilfsmittel zur Verfügung: einen flexiblen und skalierbaren Multi-Threaded Daemon, einen Kommandozeilen Scanner und ein komplexes Programm zur automatischen Aktualisierung über das Internet bereit. Das Herzstück des Paketes ist ein Antivirus-Einheit in Form einer gemeinsam genutzten Bibliothek.

Hier ist eine Liste mit den wichtigsten Funktionen:
# Kommandozeilen Scanner
# performanter Multi-Threaded Daemon mit der Unterstützung von on-access scannen
# Milter-Schnittstellen für Sendmail
# Komplexes Update-Programm für die Datenbank mit Unterstützung für scripted Updates und digitale Signaturen
# Virus Scanner Bibliothek in C
# On-Access Scanning (Linux® and FreeBSD®)
# Mehrmals tägliche Updates der Virusdatenbank (siehe Homepage für die gesamte Anzahl von Signaturen)
# Eingebaute Unterstützung für verschieden Archiv-Formate wie Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS und andere
# Eingebaute Unterstützung für nahezu alle Mail Dateien Formate
# Eingebaute Unterstützung für ELF executables und Portable Executable Dateien komprimiert mit UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack und verschleiert mit SUE, Y0da Cryptor und anderen

* Eingebaute Unterstützung für populäre Dokumentenformate wie MS Office und MacOffice Dateien, HTML, RTF und PDF

Weitere Details findest Du in der Dokumentation (http://www.clamav.net/doc/latest).

Titel: ClamWin Free Antivirus 0.96.01
Beitrag von: SiLæncer am 13 April, 2010, 16:41

kein Changelog verfügbar ...

Download: ClamWin Free Antivirus 0.96.01 (http://prdownloads.sourceforge.net/clamwin/clamwin-0.96.0.1-setup.exe) (30.5 MB)

http://www.clamwin.com/

Titel: ClamWin Free Antivirus 0.96.1
Beitrag von: SiLæncer am 24 Mai, 2010, 15:33

This release updates ClamAV scanning engine and brings the following improvements:

* Better and faster loading of the virus signature database
* Improvements in 7zip archive scanning
* Improvements in bytecode signatures

http://www.clamwin.com/

Titel: ClamWin Antivirus 0.96.2
Beitrag von: SiLæncer am 18 August, 2010, 11:32

This bug-fix release updates ClamAV scanning engine and brings the following improvements:

* Faster database loading time
* Improvements in false positive elimination
* Improvements in bytecode scanning

http://www.clamwin.com/

Titel: ClamWin Antivirus 0.96.2.1
Beitrag von: SiLæncer am 23 August, 2010, 18:05

Latest Changes

- Faster database loading time
- Improvements in false positive elimination
- Improvements in bytecode scanning

http://www.clamwin.com/

Titel: ClamAV 0.96.3
Beitrag von: SiLæncer am 21 September, 2010, 22:45

Code: [Auswählen]

Mon Sep 20 17:09:37 CEST 2010 (tk)
----------------------------------
 * V 0.96.3

Mon Sep 20 14:16:59 CEST 2010 (acab)
------------------------------------
 * libclamav/nsis/bzlib.cld sys: port upstream fixes for CVE-2010-0405,
				 check for buggy bzip2 (bb#2230, bb#2231)

Mon Sep 20 14:50:34 EEST 2010 (edwin)
-------------------------------------
 * libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226)

Thu Sep 16 14:37:15 CEST 2010 (tk)
----------------------------------
 * clamconf: print information about 3rd party databases

Wed Sep 15 19:00:15 CEST 2010 (tk)
----------------------------------
 * sigtool/sigtool.c: print db names in --find-sigs

Wed Sep 15 13:19:12 EEST 2010 (edwin)
-------------------------------------
 * libclamav/c++/bytecode2llvm.cpp: workaround crash due to gcc stack alignment requirements (bb #2270)

Fri Sep 10 22:10:33 EEST 2010 (edwin)
-------------------------------------
 * libclamav/pdf.c, pe.c, bytecode*: Fix bytecode virusname reporting (bb #2255)

Fri Sep 10 10:52:45 CEST 2010 (acab)
------------------------------------
 * clamav-milter/netcode.c: fix error path fd leak when connection succeeds
			    but ping fails (bb#2259)

Thu Sep  9 22:07:13 EEST 2010 (edwin)
-------------------------------------
 * libclamav/c++/bytecode2llvm.cpp: fix __bzero call on darwin 10.

Thu Sep  9 12:30:34 EEST 2010 (edwin)
-------------------------------------
 * libclamav/bytecode.c: properly skip bytecodes with long lines.

Wed Sep  8 00:00:18 CEST 2010 (acab)
------------------------------------
 * unit_tests: add VI unit tests

Tue Sep  7 16:55:43 CEST 2010 (tk)
----------------------------------
 * libclamav: versioninfo hashset was not properly cached (bb#2065)

Thu Sep  2 21:21:58 EEST 2010 (edwin)
-------------------------------------
 * libclamav/c++/bytecode2llvm.cpp: fix hung clamd on FreeBSD (bb #2235)

Thu Sep  2 15:38:22 EEST 2010 (edwin)
-------------------------------------
 * libclamav/pe.c: add BC_PE_ALL hook (bb #2237)

Wed Sep  1 10:03:26 EEST 2010 (edwin)
-------------------------------------
 * libclamav/c++/{bytecode2llvm,ClamBCRTChecks}.cpp: avoid false 'Verification error' messages (bb #2239)

Tue Aug 31 16:11:30 CEST 2010 (tk)
----------------------------------
 * freshclam/freshclam.c: fix handling of relative paths with --datadir (bb#2240)

Tue Aug 31 15:10:29 EEST 2010 (edwin)
-------------------------------------
 * clamd/clamd.c: limit RLIMIT_DATA to 2GB on 32-bit processes (bb #1941).

Tue Aug 31 11:13:44 EEST 2010 (edwin)
-------------------------------------
 * libclamav/regex/regexec.c: fix regex when sizeof(void*) != sizeof(long) (bb #2232).
 Thanks to Martin Olsen <martypal2005*gmail.com>

Tue Aug 31 10:53:06 EEST 2010 (edwin)
-------------------------------------
 * libclamav/pdf.c: improve handling of pdf objects (bb #2216).

Tue Aug 31 01:39:11 CEST 2010 (acab)
------------------------------------
 * libclamav/pe_icons.c: support special case where icon is encoded as 32bpp but it really
			 carries alpha as a mask... well go figure. (bb#2221)

Thu Aug 26 14:06:55 CEST 2010 (tk)
----------------------------------
 * libclamav/mpool.c: permanently disable debug mode (bb#2222)

Tue Aug 24 12:27:16 CEST 2010 (tk)
----------------------------------
 * libclamav: allow logical sigs to be used as file type sigs (bb#2228)

Wed Aug 18 11:01:10 EEST 2010 (edwin)
-------------------------------------
 * libclamav/c++/detect.cpp: don't warn on x86_64 vs i386 mismatches (bb #2214).

Tue Aug 17 13:10:00 CEST 2010 (tk)
----------------------------------
 * sigtool/sigtool.c: fix EOL matching in --find-sigs (bb#2164)

Sat Aug 14 16:29:32 EEST 2010 (edwin)
-------------------------------------
 * libclamav/c++/llvm/test: XFAIL a test that fails on i686-apple-darwin8 (bb #2206).

Sat Aug 14 15:18:03 EEST 2010 (edwin)
-------------------------------------
 * libclamav/bytecode_detect.c: fix warning on FreeBSD (bb #2201).

Fri Aug 13 13:57:04 EEST 2010 (edwin)
--------------------------------------
 * libclamav/bytecode_detect.c: prevent fclose(NULL) on SELinux (bb #2200)

http://www.clamav.net/

Titel: ClamAV 0.96.4
Beitrag von: SiLæncer am 26 Oktober, 2010, 18:02

Code: [Auswählen]

Mon Oct 25 18:02:56 CEST 2010 (tk)
----------------------------------
 * V 0.96.4

Mon Oct 18 20:01:46 CEST 2010 (tk)
----------------------------------
 * clamd: be more verbose about config errors (bb#2252)

Mon Oct 18 15:52:47 CEST 2010 (tk)
----------------------------------
 * libclamav/matcher.c: fix stack smash with HandlerType (bb#2298)

Mon Oct 18 13:23:42 CEST 2010 (acab)
------------------------------------
 * libclamav/scanners.c: mark embpes as unreliable (bb#2307)

Mon Oct 18 14:16:11 EEST 2010 (edwin)
-------------------------------------
 * clamconf/clamconf.c, libclamav/others.c: warn about zlib version mismatches (bb #2072)

Mon Oct 18 13:55:17 EEST 2010 (edwin)
-------------------------------------
 * libclamav/pdf.c: bb #2295

Mon Oct 18 13:46:59 EEST 2010 (edwin)
-------------------------------------
 * libclamav/builtin_bytecodes.h: disable JIT on CPUs without CMOV (bb #2327).

Mon Oct 18 12:52:25 EEST 2010 (edwin)
-------------------------------------
 * libclamav/pdf.c: keep parsing after %%EOF (bb #2264).

Mon Oct 18 11:30:01 CEST 2010 (tk)
----------------------------------
 * clamdscan: fix name parsing in normal mode (bb#2328)

Mon Oct 18 11:10:14 CEST 2010 (tk)
----------------------------------
 * libclamav/others.h: bump f-level

Mon Oct 18 11:27:16 EEST 2010 (edwin)
-------------------------------------
 * configure: fix bytecode and autoit for Apple-style universal builds (bb #2030)

Mon Oct 18 10:46:25 EEST 2010 (edwin)
-------------------------------------
 * libclamav: test mode for bytecode (bb #2101)

Sat Oct 16 18:23:17 CEST 2010 (acab)
------------------------------------
 * clamav-milter: send FILDES early (bb#2321)

Fri Oct 15 17:48:00 CEST 2010 (acab)
------------------------------------
 * libclamav/pe_icons.c: make sure all ref points are initted (bb#2291)

Fri Oct 15 16:13:27 CEST 2010 (tk)
----------------------------------
 * freshclam/manager.c: don't mix IPv4 and IPv6 addresses while randomizing (bb#2319)

Thu Oct 14 19:43:09 CEST 2010 (acab)
------------------------------------
 * libclamav: add pool based hastabs so we don't frag on md5 sizes (bb#2185)

Thu Oct 14 16:14:01 CEST 2010 (acab)
------------------------------------
 * libclamav/fmap.c: properly check for pread errors (bb#2306)

Thu Oct 14 16:06:06 CEST 2010 (acab)
------------------------------------
 * clamd: properly terminate zSTATS (bb#2286)

Thu Oct 14 15:36:06 CEST 2010 (acab)
------------------------------------
 * freshclam: undefine qcompare if HAVE_GETADDRINFO is unset (bb#2289)

Mon Oct 11 13:49:29 CEST 2010 (tk)
----------------------------------
 * clamdscan: fix parsing of virus names in extended mode (bb#2311)

Fri Oct  8 15:38:56 CEST 2010 (tk)
----------------------------------
 * clamscan/manager.c: return errors for stdin scan failures (bb#2317)

Fri Oct  8 15:22:22 CEST 2010 (tk)
----------------------------------
 * libclamav/elf.c: shutdown error message (bb#2318)

Fri Oct  8 14:23:24 CEST 2010 (tk)
----------------------------------
 * libclamav/readdb.c: fix handling of Engine attrib (bb#2297)

Tue Oct  5 18:14:59 EEST 2010 (edwin)
-------------------------------------
 * libclamav/pdf.c: Fix 'Unknown error code ERROR'(bb #2296).

Tue Oct  5 17:03:43 EEST 2010 (edwin)
-------------------------------------
 * libclamav/pdf.c: Fix crash on 64-bit Solaris Intel (bb #2314).

Tue Sep 28 16:25:03 EEST 2010 (edwin)
-------------------------------------
 * libclamav/c++: allow building with external LLVM 2.8rc2.

Tue Sep 28 13:05:53 EEST 2010 (edwin)
-------------------------------------
 * libclamav/bytecode.c: fix memory leak in runlsig (bb #2291)

Tue Sep 28 13:01:19 EEST 2010 (edwin)
-------------------------------------
 * libclamav/scanners.c: fix VI memory leak (bb #2291)

Tue Sep 28 12:42:01 EEST 2010 (edwin)
-------------------------------------
 * libclamav/pdf.c: fix mmap failed(2) on 32-bit FreeBSD (bb #2300).

Thu Sep 23 17:59:26 CEST 2010 (acab)
------------------------------------
 * m4/acinclude: add alarm(10) to the CVE-2010-0405 check so we don't
		 infloop on SUSE libbz2 1.0.5

Tue Sep 21 20:19:41 EEST 2010 (edwin)
-------------------------------------
 * libclamav/c++: improve bytecode load time, and optimization (bb #2278)

Tue Sep 21 16:32:22 CEST 2010 (tk)
----------------------------------
 * sigtool/sigtool.c: don't use of sizeof() for malloc'ed buffer (bb#2283)

Tue Sep 21 16:19:41 CEST 2010 (tk)
----------------------------------
 * clamdscan/proto.c: fix error path memleak (bb#2282)

Tue Sep 21 16:13:27 CEST 2010 (tk)
----------------------------------
 * shared/cdiff.c, sigtool/sigtool.c: fix error path double frees
				      (bb#2280, bb#2281)

Mon Sep 20 17:09:37 CEST 2010 (tk)
----------------------------------

http://www.clamav.net/

Titel: ClamWin Free Antivirus 0.96.4
Beitrag von: SiLæncer am 19 November, 2010, 17:35

This release updates ClamAV scanning engine and fixes a few important issues:

* Fixed an issue with false positive detection
* Improvements in signature database loading time

www.clamwin.com

Titel: ClamWin Free Antivirus 0.96.5
Beitrag von: SiLæncer am 08 Dezember, 2010, 09:32

This maintenance release updates ClamAV scanning engine and fixes a few bugs:

* Improved byte code signature loading
* Fixed detection of embedded executables
* Other bugfixes

http://www.clamwin.com/

Titel: ClamWin Free Antivirus 0.97
Beitrag von: SiLæncer am 16 Februar, 2011, 13:22

This release updates ClamAV scanning engine and introduces the following new features:

* Quarantine Browser with an option to restore quarantined files
* Digital signature verification method to minimize false positive detections
* Other bugfixes and improvements

www.clamwin.com

Titel: ClamWin Free Antivirus 0.97.1
Beitrag von: SiLæncer am 16 Juni, 2011, 09:30

This maintenance release updates ClamAV scanning engine and fixes these issues:

Better detection for encrypted PDF documents
Improved handling of bytecode signatures
Other bugfixes and improvements

www.clamwin.com

Titel: ClamAV 0.97.2 schließt Schwachstelle
Beitrag von: SiLæncer am 27 Juli, 2011, 11:51

Die Sicherheitslücke in Clam AntiVirus ist als kritisch eingestuft und lässt sich für DoS-Angriffe ausnutzen (Denial of Service). Schuld ist ein Fehler in der Funktion cli_hm_scan() in der Datei libclamav/matcher-hash.c. Mit zum Beispiel einer speziell manipulierten E-Mail könnte sich der clamd-Daemon zum Absturz bringen lassen. Bestätigt ist die Sicherheitslücke für Versionen vor 0.97.2.

Sie können die neueste Version im Download-Bereich (http://www.clamav.net/lang/de/download/) der Projektseite herunterladen.

Quelle : www.tecchannel.de

Titel: ClamWin Free Antivirus 0.97.2
Beitrag von: SiLæncer am 10 August, 2011, 18:15

Zitat

This maintenance release updates ClamAV scanning engine and fixes these issues:

fixed problems with the bytecode engine
Improved hash matching
Other bugfixes and improvements

www.clamwin.com

Titel: ClamAV Optimized Builds 0.97.133
Beitrag von: SiLæncer am 13 September, 2011, 16:46

Zitat

I am building ClamAV from the original sources, to make freely available my optimized compiles. I am not modifying original code, but applying a different build chain to gather a better executables, in terms of native x64 support as well as regular x86; faster execution speed; smaller executable size; and lower memory footprint. Of course, the rest of features, should be exactly the same as in official ClamAV.

To prevent any possible confusion, my releases are groupped under the ClamAVOpt name, as an acronym of "ClamAV x86/x64 Optimized Builds".

Latest Changes

- /Oy: Omit frame pointers
- /GT: Enable fiber safe optimizations
- Compiled with /GF to pool common strings making executable smaller
- Compiled with /Zp16 to get faster code when accesing data structures specially on newer CPU
- /arch:SSE2: Enable SSE2 instruction set in x86 targets
- /GS-: Disable buffer security check
- Compiled with /fp:fast to increase floating-point operations performance at the cost of some precision loss not noticeable on ClamAVOpt
- ZIP package created with KZIP 14/04/2007 to reduce distribution size
- Executables compressed with MPRESS 2.18
- Using Profile Guided Optimizations (PGO) for all builds builds making libclamav.dll about 17% smaller and marginally faster
- Based on latest ClamAV 0.97-133-gde8d667 (2011-08-02) sources

http://guti.isgreat.org/static.php?page=ClamAVOpt

Titel: ClamAV 0.97.3
Beitrag von: SiLæncer am 18 Oktober, 2011, 16:38

Code: [Auswählen]

Just released is version 0.97.3 of ClamAV.  The following changes are noted in the ChangeLog distributed with the package:


Mon Oct 10 14:41:48 CEST 2011 (tk)
----------------------------------
freshclam/manager.c: fix error when compiling without DNS support (bb#3056)

Sat Oct 8 12:19:49 EEST 2011 (edwin)
-------------------------------------
libclamav/pdf.c: flag and dump PDF objects with /Launch (bb #3514)

Sat Oct 8 12:10:13 EEST 2011 (edwin)
-------------------------------------
libclamav/bytecode.c,bytecode_api.c: fix recursion level crash (bb #3706).

Tue Aug 2 17:03:33 CEST 2011 (tk)
----------------------------------
docs: clarify behavior of <del>-scan</del><strong>/Scan</strong> options (bb#3134)

Mon Jul 25 16:09:19 EEST 2011 (edwin)
-------------------------------------
libclamav/bytecode_vm.c: fix opcode 20 error (bb #3100)

Thu Sep 15 14:44:11 CEST 2011 (tk)
----------------------------------
freshclam: fix pidfile removal (bb#3499)

Sun Aug 21 17:05:24 EEST 2011 (edwin)
-------------------------------------
libclamav/pdf.c: fix incorrect blocking of some encrypted PDF with empty user passwords. (bb #3364)

Wed Aug 3 15:41:28 CEST 2011 (tk)
----------------------------------
sigtool/sigtool.c: fix calculation of max signature length

http://www.clamav.net/

Titel: ClamWin Free Antivirus 0.97.3
Beitrag von: SiLæncer am 01 November, 2011, 13:41

This maintenance release updates ClamAV scanning engine and fixes these issues:

Improved bytecode signature matching
Other bugfixes and improvements

http://www.clamwin.com/

Titel: ClamAV 0.97.4
Beitrag von: SiLæncer am 16 März, 2012, 06:00

Code: [Auswählen]

---------------------------------
 * V 0.97.4

Wed Feb 29 18:35:45 CET 2012 (acab)
-----------------------------------
 * libclamav/bytecode.c: reset to BYTECODE_AUTO mode at db reload so that
			 we don't fail to re-enable or re-disable it again
			 (bb#3789)

Tue Jan 17 11:15:57 CET 2012 (acab)
-----------------------------------
 * misc: performance improvement for HP-UX PA-RISC - patch from 
	 Michael Pelletier <michael.v.pelletier*raytheon.com> (bb#3926)

Fri Nov  4 00:52:21 CET 2011 (acab)
-----------------------------------
 * libclamav/pe.c: parse vinfo where varfileinfo occours before stringfileinfo
		   (bb#3062)

Fri Mar  2 19:48:36 CET 2012 (tk)
---------------------------------
 * clamd: add support for on-access scanning on OS X with ClamAuth (beta)

Wed Feb 29 17:02:18 EET 2012 (edwin)
------------------------------------
 * libclamav/bytecode_api*: Fix Sparc crash (bb #4324)

Tue Feb  7 23:23:48 CET 2012 (tk)
---------------------------------
 * libclamav: fix bytecode whitelisting

Wed Jan 25 18:56:44 CET 2012 (tk)
---------------------------------
 * libclamav: fix macro detection in OLE2BlockMacros (bb#4269)

Thu Dec  1 15:07:49 CET 2011 (tk)
---------------------------------
 * libclamav/readdb.c: allow comments in all db files (bb#3930)

Fri Nov 18 15:23:50 CET 2011 (tk)
---------------------------------
 * libclamav/scanners.c: use lsigs when scanning vba data (bb#3922)

Fri Nov 18 15:48:59 EET 2011 (edwin)
-----------------------------------
 * libclamav/matcher-hash.c: Fix SIGBUS on PA-RISC (big-endian) architectures (bb #3894).

Mon Oct 17 18:04:30 CEST 2011 (tk)

http://www.clamav.net/lang/en/

Titel: ClamWin 0.97.4
Beitrag von: SiLæncer am 03 April, 2012, 18:30

Whats new: >>

- Improved Macrovirus detection
- Various performance improvements

http://www.clamwin.com/

Titel: Clam Sentinel V1.19
Beitrag von: SiLæncer am 06 Mai, 2012, 07:00

(http://www.portablefreeware.com/screenshots/scrlZ5c0A.gif)

Clam Sentinel is a real-time malware scanner using ClamWin Antivirus as its engine. The program also has its own system monitor that scans for unknown malware that does not yet have a ClamWin signature. It also detects new drives and monitors these units until the program is closed or until the device is disconnected.

License: Freeware/GPL

http://clamsentinel.sourceforge.net/

Titel: Re: Clam Sentinel V1.19
Beitrag von: Snoop am 06 Mai, 2012, 12:10

Hey - Real Time Scanning mit Clam ... jetzt wird es interessant.
Wobei die Engine ja nicht gerade im Ruf steht, schnell zu arbeiten ...

Titel: ClamAV 0.97.5
Beitrag von: SiLæncer am 14 Juni, 2012, 20:00

Zitat

0.97.5
------

ClamAV 0.97.5 addresses possible evasion cases in some archive formats (CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability issues in portions of the bytecode engine. This release is recommended for all users.

http://www.clamav.net/lang/en/

Titel: ClamWin Free Antivirus 0.97.5
Beitrag von: SiLæncer am 06 Juli, 2012, 13:46

This maintenance release updates ClamAV scanning engine and brings the following improvements:

   Improved bytecode signature loading
   Improved handling of tar archives and chm files
   Various performance improvements

http://www.clamwin.com/

Titel: Clam Sentinel V1.20
Beitrag von: SiLæncer am 29 September, 2012, 21:00

(http://www.portablefreeware.com/screenshots/scrlZ5c0A.gif)

Titel: ClamWin Free Antivirus 0.97.6
Beitrag von: SiLæncer am 06 Oktober, 2012, 11:00

Zitat

This maintenance release updates ClamAV scanning engine and provides the following improvements:

Scanning code optimizations

http://www.clamwin.com/

Titel: ClamAV 0.97.7
Beitrag von: SiLæncer am 16 März, 2013, 11:00

Changelog:

Code: [Auswählen]

---------------------------------
 * Bug reported by Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the
 Google Security Team.

Mon Sep 6 12:32:00 EDT 2012 (dar)
---------------------------------
 * libclamav: bb#5751 - cl_scansis() may returan a file descriptor instead
              of a valid return code

Mon Jul 2 10:40:50 EDT 2012 (dar)
----------------------------------
 * libclamav: bb#5252 - update #4, CL_EUNPACK and caching

Fri Jun 29 14:43:43 EDT 2012 (dar)
----------------------------------
 * libclamav: bb#5252 - update #3, more return code tweaks

Tue Jun 26 12:23:44 EDT 2012 (dar)
----------------------------------
 * libclamav: bb#5252 - Limit exits on scanraw return codes

Fri Jun 22 16:58:21 EDT 2012 (dar)
----------------------------------
 * libclamav: bb#5325 - Quiet Minix warning

Mon Jun 18 17:51:49 EDT 2012 (dar)
----------------------------------
 * libclamav: bb#5252 - Update magic_scandesc filtering of scanraw return codes

Thu Jun 14 16:05:53 EDT 2012 (judge)
----------------------------------
 * win32: Add MSI projects.

Wed Jun 13 12:00:55 EDT 2012 (olney)
----------------------------------

http://www.clamav.net/lang/en/

Titel: ClamWin 0.97.7
Beitrag von: SiLæncer am 09 April, 2013, 13:45

Whats new: >>

- Several potential security bugs have been fixed

http://www.clamwin.com/

Titel: ClamWin Free Antivirus 0.97.8
Beitrag von: SiLæncer am 28 April, 2013, 20:00

Whats new: >>

This maintenance release updates ClamAV scanning engine and patches more security vulnerabilities.

Download :

ClamWin Free Antivirus 0.97.8 x86 (http://sourceforge.net/projects/clamav/files/clamav/win32/0.97.8/x86/Setup-x86.msi/download)
ClamWin Free Antivirus 0.97.8 x64 (http://sourceforge.net/projects/clamav/files/clamav/win32/0.97.8/x64/Setup-x64.msi/download)

http://www.clamwin.com/

Titel: Re: ClamWin Free Antivirus 0.97.8
Beitrag von: SiLæncer am 29 April, 2013, 13:03

Hier noch die Info was neu ist ->

Zitat

This maintenance release updates ClamAV scanning engine and patches more security vulnerabilities.

Titel: ClamAV 0.98
Beitrag von: SiLæncer am 20 September, 2013, 12:31

Code: [Auswählen]

ClamAV 0.98 includes many new features, across many different components
of ClamAV. There are new scanning options, extensions to the libclamav API,
support for additional filetypes, and internal upgrades.

    – Signature improvements: New signature targets have been added for
    PDF files, Flash files and Java class files. (NOTE: Java archive files
    (JAR) are not part of the Java target.) Hash signatures can now specify
    a ’*’ (wildcard) size if the size is unknown. Using wildcard size
    requires setting the minimum engine FLEVEL to avoid backwards
    compatibility issues. For more details read the ClamAV Signatures
    guide.


    – Scanning enhancements: New filetypes can be unpacked and scanned,
    including ISO9660, Flash, and self-extracting 7z files. PDF
    handling is now more robust and better handles encrypted PDF files. 


    – Authenticode: ClamAV is now aware of the certificate chains when
    scanning signed PE files. When the database contains signatures for
    trusted root certificate authorities, the engine can whitelist
    PE files with a valid signature. The same database file can also
    include known compromised certificates to be rejected! This
    feature can also be disabled in clamd.conf (DisableCertCheck) or
    the command-line (nocerts). 


    – New options: Several new options for clamscan and clamd have been
    added. For example, ClamAV can be set to print infected files and
    error files, and suppress printing OK results. This can be helpful
    when scanning large numbers of files. This new option is ”-o” for
    clamscan and “LogClean” for clamd. Check clamd.conf or the clamscan
    help message for specific details. 


    – New callbacks added to the API: The libclamav API has additional hooks
    for developers to use when wrapping ClamAV scanning. These function
    types are prefixed with “clcb_” and allow developers to add logic at
    certain steps of the scanning process without directly modifying the
    library. For more details refer to the clamav.h file. 


    – More configurable limits: Several hardcoded values are now configurable
    parameters, providing more options for tuning the engine to match your
    needs. Check clamd.conf or the clamscan help message for specific
    details. 


    – Performance improvements: This release furthers the use of memory maps
    during scanning and unpacking, continuing the conversion started in
    prior releases. Complex math functions have been switched from
    libtommath to tomsfastmath functions. The A/C matcher code has also
    been optimized to provide a speed boost. 


    – Support for on-access scanning using Clamuko/Dazuko has been replaced
    with fanotify. Accordingly, clamd.conf settings related to on-access
    scanning have had Clamuko removed from the name. Clamuko-specific
    configuration items have been marked deprecated and should no longer
    be used.



There are also fixes for other minor issues and code quality changes. Please
see the ChangeLog file for details.

http://www.clamav.net/lang/en/

Titel: ClamWin Free Antivirus 0.98
Beitrag von: SiLæncer am 26 Oktober, 2013, 10:00

Zitat

This release updates ClamAV scanning engine and brings a number of significant improvements:

New virus signature targets enable detection of PDF, Flash, and Java class files.
New filetypes supported in the scanner include ISO9660, Flash and 7-zip self-extracting archives.
Performance and memory management improvements.

http://www.clamwin.com/

Titel: Clam Sentinel v1.21
Beitrag von: SiLæncer am 16 November, 2013, 18:03

(http://www.portablefreeware.com/screenshots/scrlZ5c0A.gif)

Titel: ClamAV 0.98.1
Beitrag von: SiLæncer am 15 Januar, 2014, 13:30

Whats new: >>

Improvements to OLE2 extraction and scanning
Add ForceToDisk option for clamd and force-to-disk arg for clamscan
bb #9222: make fmap_unneed respect nested maps
libclamav: bb #9154 - ELF handling re-write
libclamav: bb #8696 - Bug reported by NIW Solutions
bb #9072: clamscan message separator fix
xz file type support
bb #1570: Support ADC compression in DMG
bb #9053: ClamAV 0.98 can't be compiled on FreeBSD 7
bb #9017: tomsfastmath warning with zLinux on s390x
win32: Import libxml2 2.9.1 components into windows builds for xmlReader support.
libclamav: Add support for scanning xar/pkg archive files.

http://www.clamwin.com/

Titel: ClamWin Free Antivirus 0.98.1
Beitrag von: SiLæncer am 02 Februar, 2014, 11:00

Hier wäre dann auch die Windows-Version -> Klick (http://sourceforge.net/projects/clamwin/files/clamwin/0.98.1/clamwin-0.98.1-setup.exe/download)

Titel: ClamAV 0.98.3
Beitrag von: SiLæncer am 08 Mai, 2014, 12:20

Whats new: >>

Support for common raw disk image formats using 512 byte sectors, specifically GPT, APM, and MBR partitioning.
Experimental support of OpenIOC files. ClamAV will now extract file hashes from OpenIOC files residing in the signature database location, and generate ClamAV hash signatures. ClamAV uses no other OpenIOC features at this time. No OpenIOC files will be delivered through freshclam. See openioc.org and iocbucket.com for additional information about OpenIOC.
All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop) now support IPV6 addresses and configuration parameters.
Use OpenSSL file hash functions for improved performance. OpenSSL is now prerequisite software for ClamAV 0.98.2.
Improved detection of malware scripts within image files.
Change to circumvent possible denial of service when processing icons within specially crafted PE files. Icon limits are now in place with corresponding clamd and clamscan configuration parameters.
Improvements to the fidelity of the ClamAV pattern matcher.
Opt-in collection of statistics. Statistics collected are: sizes and MD5 hashes of files, PE file section counts and section MD5 hashes, and names and counts of detected viruses. Enable statistics collection with the --enable-stats clamscan flag or StatsEnabled clamd configuration parameter.
Improvements to ClamAV build process, unit tests, and platform support.
Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.
ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation improvements.

http://www.clamwin.com/

Titel: ClamAV 0.98.4 RC 1
Beitrag von: SiLæncer am 16 Mai, 2014, 09:15

Whats new: >>

fix buffer underruns in mbox.c
Configuration of OpenSSL fails on Solaris w/ClamAV 0.98.3
Add header if we have it for stats
Add to stats.c missing #if HAVE_SYSCTLBYNAME
fixed stats overwrite on settings transfer
Bug in stats HostID code
clamdscan infinite loop
Fix build on Solaris 10

http://www.clamwin.com/

Titel: Fireclam 0.7.1
Beitrag von: SiLæncer am 30 Mai, 2014, 06:30

(http://images.six.betanews.com/screenshots/scaled/1401392961-1.jpg)

Fireclam will use ClamAV to scan Firefox downloads for viruses. Every download will automatically be scanned in the background. An alert message is shown if a virus is found.

License: Open Source

https://addons.mozilla.org/en-US/firefox/addon/fireclam/

Titel: ClamAV 0.98.4
Beitrag von: SiLæncer am 17 Juni, 2014, 13:30

Whats new: >>

Crashes of clamd on Windows and Mac OS X platforms when reloading
the virus signature database.
Infinite loop in clamdscan when clamd is not running.
Buffer underruns when handling multi-part MIME email attachments.
Configuration of OpenSSL on various platforms.
Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1.
Linking issues with libclamunrar

http://www.clamwin.com/

Titel: ClamAV 0.98.5 Beta 1
Beitrag von: SiLæncer am 09 Juli, 2014, 14:00

Whats new: >>

This version includes important new features for collecting and analyzing file properties. Software developers and analysts may collect file properties using the ClamAV API and then analyze them with ClamAV bytecode programs. Using the new features will require that libjson-c is installed, but otherwise libjson-c will be optional.

http://www.clamwin.com/

Titel: Clam Sentinel v1.22
Beitrag von: SiLæncer am 18 Juli, 2014, 21:00

(http://www.portablefreeware.com/screenshots/scrlZ5c0A.gif)

Titel: ClamWin Free Antivirus 0.98.4
Beitrag von: SiLæncer am 04 August, 2014, 09:11

Whats new: >>

This release updates ClamAV scanning engine to the latest version and brings following improvements:

Added support for Office Open XML files
Bug fixes and stability improvements

http://www.clamwin.com/

Titel: ClamWin Free Antivirus 0.98.4.1
Beitrag von: SiLæncer am 11 August, 2014, 17:00

Whats new: >>

Added support for Office Open XML files
Fixed a bug in Outlook scanning module introduced in 0.98.4 release
Other bug fixes and stability improvements

http://www.clamwin.com/

Titel: ClamAV 0.98.5 RC 1
Beitrag von: SiLæncer am 14 Oktober, 2014, 13:30

Whats new: >>

support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files.
Addition of shared library support for LLVM verions 3.1 - 3.4 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. Andreas Cadhalpun submitted the patch implementing this support.
Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs.
Resolution of many of the warning messages from ClamAV compilation.
Bug fixes and other feature enhancements. See Changelog or git log for details.

http://www.clamwin.com/

Titel: ClamAV 0.98.5
Beitrag von: SiLæncer am 19 November, 2014, 13:45

Whats new:>>

Improved detection of malicious PE files.
Security fix for ClamAV crash when using 'clamscan -a'.
Security fix for ClamAV crash when scanning maliciously crafted yoda's crypter files.
ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode.
Bug fixes and other feature enhancements

http://www.clamwin.com/

Titel: ClamWin Free Antivirus 0.98.5
Beitrag von: SiLæncer am 08 Dezember, 2014, 13:30

Whats new:>>

Support for the XDP file format including embedded PDF files
Improved detection of malicious PE files
Other bug fixes and feature improvements

http://www.clamwin.com/

Titel: Fireclam 0.8
Beitrag von: SiLæncer am 09 Januar, 2015, 22:00

Whats new:>>

Fireclam 0.8 allows you to specify additional parameters for clamscan in the Fireclam preferences.
For example, you can enter "--move=/tmp" of "--remove" if you wish to move or delete infected files, or you can specify "--scan-pdf=no" if you do not wish to have PDF files scanned.

https://addons.mozilla.org/en-US/firefox/addon/fireclam/

Titel: ClamAV 0.98.6
Beitrag von: SiLæncer am 29 Januar, 2015, 19:00

Changelog

ClamAV 0.98.6 is a bug fix release correcting the following:

- library shared object revisions.
- installation issues on some Mac OS X and FreeBSD platforms.
- includes a patch from Sebastian Andrzej Siewior making
ClamAV pid files compatible with systemd.
- Fix a heap out of bounds condition with crafted Yoda's
crypter files. This issue was discovered by Felix Groebert
of the Google Security Team.
- Fix a heap out of bounds condition with crafted mew packer
files. This issue was discovered by Felix Groebert of the
Google Security Team.
- Fix a heap out of bounds condition with crafted upx packer
files. This issue was discovered by Kevin Szkudlapski of
Quarkslab.
- Fix a heap out of bounds condition with crafted upack packer
files. This issue was discovered by Sebastian Andrzej Siewior.
CVE-2014-9328.
- Compensate a crash due to incorrect compiler optimization when
handling crafted petite packer files. This issue was discovered
by Sebastian Andrzej Siewior.

[close]

http://www.clamwin.com/

Titel: ClamWin Free Antivirus 0.98.6
Beitrag von: SiLæncer am 01 März, 2015, 10:00

Whats new:>>

Bug fixes in detection of files produced by upx, upack and mew packagers
Other bug fixes and feature improvements

http://www.clamwin.com/

Titel: ClamAV 0.98.7
Beitrag von: SiLæncer am 29 April, 2015, 12:30

Changelog

Improvements to PDF processing: decryption, escape sequence handling, and file property collection.
Scanning/analysis of additional Microsoft Office 2003 XML format.
Fix infinite loop condition on crafted y0da cryptor file.
Fix crash on crafted petite packed file.
Fix false negatives on files within iso9660 containers.
Fix a couple crashes on crafted upack packed file.
Fix a crash during algorithmic detection on crafted PE file.
Fix an infinite loop condition on a crafted "xz" archive file.
Fix compilation error after ./configure --disable-pthreads.
Apply upstream patch for possible heap overflow in regex library.
Fix crash in upx decoder with crafted file.
Fix segfault scanning certain HTML files.
Improve detections within xar/pkg files.

[close]

http://www.clamwin.com/

Titel: ClamWin Free Antivirus 0.98.7
Beitrag von: SiLæncer am 16 Mai, 2015, 10:30

Whats new:>>

PDF processing improvements
Improvements in detection and processing of packed executables
Improved handling of iso9660 files
Other important bug fixes

http://www.clamwin.com/

Titel: ClamAV 0.99 RC 1
Beitrag von: SiLæncer am 20 Oktober, 2015, 06:00

Changelog

Improved support for YARA rules including private rules, referencing other rules, and YARA "include" files.
Configurable default password list to attempt zip file decryption.
TIFF support. ./configure options for YARA. upgrade Windows pthread library to 2.9.1. a new signature target type for uncategorized files.
ClamAV 0.99 contains major new features and changes. Particularly, if you are using clamd on-access scanning or have applications using all-match mode, you will want to review the changes and make any necessary
adjustments before using ClamAV 0.99.
Processing of YARA rules(some limitations- see signatures.pdf).
Support in ClamAV logical signatures for many of the features added for YARA, such as Perl compatible Regular Expressions, alternate strings, and YARA string attributes. See signatures.pdf for full details.
post and clamdoc.pdf for details on the new on-access capabilities.
A new ClamAV API callback function that is invoked when a virus is found. This is intended primarily for applications running in all-match mode. Any applications using all-match mode must use the new callback function to record and report detected viruses.
Configurable default password list to attempt zip file decryption.
TIFF file support.
Upgrade Windows pthread library to 2.9.1.
A new signature target type for designating signatures to run against files with unknown file types.
Improved fidelity of the "data loss prevention" heuristic algorithm. Code supplied by Bill Parker.
Support for LZMA decompression within Adobe Flash files.
Support for MSO attachments within Microsoft Office 2003 XML files.
A new sigtool option(--ascii-normalize) allowing signature authors to more easily generate normalized versions of ascii files.

[close]

http://www.clamwin.com/

Titel: ClamAV 0.99 RC 2
Beitrag von: SiLæncer am 18 November, 2015, 06:00

Changelog

bb11420 - fix preclass/cache interaction.
bb11419 - fix valgrind-detected uninitialized value when caching is disabled.
bb11418 - fix clamdscan segfault when using stream(stdin) input.
bb#11421 - CUD digital signature verification and empty files
change unknown database default to skip from .db
use pkg-config to determine CHECK_LIBS
bb#11015(2) - refactor automated pwdb target assignment for tdb
fix error reporting for pwdb signature loading
fix crash in clamd scan callback function.
fix for openssl build with specific openssl location
onas: adding better feedback for users attempting to use fanotify prevention on kernels with unsupported configurations.
onas: adding throttling to notifications when handling fanotify errors on large files.
onas: adding optional extra scanning for inotify events
onas: improving handling of fanotify read errors for large files.

[close]

http://www.clamwin.com/

Titel: ClamAV 0.99 Final
Beitrag von: SiLæncer am 01 Dezember, 2015, 22:00

Changelog

ClamAV 0.99 contains major new features and changes. YARA rules, Perl Compatible Regular Expressions, revamped on-access scanning for Linux, and other new features join the many great features of ClamAV:

Processing of YARA rules(some limitations- see signatures.pdf).
Support in ClamAV logical signatures for many of the features added for YARA, such as Perl Compatible Regular Expressions, alternate strings, and YARA string attributes. See signatures.pdf for full details.
New and improved on-access scanning for Linux. See the recent blog post and clamdoc.pdf for details on the new on-access capabilities
A new ClamAV API callback function that is invoked when a virus is found. This is intended primarily for applications running in all-match mode. Any applications using all-match mode must use the new callback function to record and report detected viruses.
Configurable default password list to attempt zip file decryption.
TIFF file support.
Upgrade Windows pthread library to 2.9.1.
A new signature target type for designating signatures to run against files with unknown file types.
Improved fidelity of the "data loss prevention" heuristic algorithm. Code supplied by Bill Parker.
Support for LZMA decompression within Adobe Flash files.
Support for MSO attachments within Microsoft Office 2003 XML files.
A new sigtool option(--ascii-normalize) allowing signature authors to more easily generate normalized versions of ascii files.

[close]

http://www.clamwin.com/

Titel: ClamWin Free Antivirus 0.99
Beitrag von: SiLæncer am 17 Januar, 2016, 11:00

Whats new:>>

This release updates ClamAV scanning engine to the latest version and brings important improvements:

Heuristic detection improvements
Improvements in detection and processing of archived files
Other important bug fixes

http://www.clamwin.com/

Titel: ClamAV 0.99.1 Beta 1
Beitrag von: SiLæncer am 05 Februar, 2016, 12:00

Whats new:>>

add scanning options for scanning xml-based documents (MSXML, OOXML, HWPML) and HWP3
add dconfs for XDP, MBR, GPT, APM, OOXML, MSXML, and HWP formats (09:29:32) (IS) Iulia Ivan: sau 0.99.1
ClamAV 0.99.1 contains a new feature for parsing Hancom Office files including extracting and scanning embedded objects. ClamAV 0.99.1 also contains important bug fixes. Please see ChangeLog for details.

Download hier : http://sourceforge.net/projects/clamav/files/beta/0.99.1-beta1/

http://www.clamwin.com/

Titel: ClamAV 0.99.1 Final
Beitrag von: SiLæncer am 03 März, 2016, 19:00

Whats new:>>

hwp5.x: fix for streams without names
libclamav: yara: avoid unaliged access to 64bit variable
bb11455 - patch to add show-progress option to freshclam.
added 'CustomXML' as trigger for likely OOXML

Download hier : https://sourceforge.net/projects/clamav/files/clamav/

http://www.clamwin.com/

Titel: ClamWin Free Antivirus 0.99.1
Beitrag von: SiLæncer am 16 April, 2016, 18:00

Zitat

This release updates ClamAV scanning engine to the latest version and brings important improvements:

Heuristic detection improvements
Improvements in detection and processing of archived files
Other important bug fixes

http://www.clamwin.com/

Titel: ClamAV 0.99.2
Beitrag von: SiLæncer am 04 Mai, 2016, 18:00

Changelog

Note: As previously discussed for the last three releases, we are no longer uploading ClamAV to SourceForge for release. 0.99.2 is the first release that is ONLY released on ClamAV.net

Below are the notes from the ChangeLog since 0.99.1:

Thu, 22 Apr 2016 12:45:00 -0500 (Steven Morgan)
------------------------------------------
* ClamAV 0.99.2 release.

Thu, 31 Mar 2016 17:07:39 -0400 (Kevin Lin)
------------------------------------------
* 7z: fix for FolderStartPackStreamIndex array index heck

Tue, 29 Mar 2016 16:18:51 -0400 (Steven Morgan)
------------------------------------------
* bb11547 - print all CDBNAME entries for a zip file when using the
-z flag.

Tue, 2 Sep 2014 22:44:41 +0200 (Sebastian Andrzej Siewior)
------------------------------------------
* try to minimize the err cleanup path

Tue, 2 Sep 2014 22:44:14 +0200 (Sebastian Andrzej Siewior)
------------------------------------------
* clamunrar: notice if unpacking comment failed

Wed, 23 Mar 2016 16:39:52 -0400 (Steven Morgan)
------------------------------------------
* bb9042 - signature manual update.

Wed, 23 Mar 2016 16:14:42 -0400 (Kevin Lin)
------------------------------------------
* bb#11396 - use temp var for realloc to prevent pointer loss. Patch by
Bill Parker.

Wed, 23 Mar 2016 15:49:56 -0400 (Kevin Lin)
------------------------------------------
* bb#11397 - fix debug VI hex truncation

Wed, 23 Mar 2016 15:38:21 -0400 (Kevin Lin)
------------------------------------------
* bb#11398 - freshclam: avoid random data in mirrors.dat. Patch by
Tomasz Kojm.

Wed, 23 Mar 2016 15:28:51 -0400 (Kevin Lin)
------------------------------------------
* libclamav: print raw certificate metadata

Wed, 23 Mar 2016 14:16:00 -0400 (Kevin Lin)
------------------------------------------
* bb#11529 - freshclam manager check return code of strdup. Patch by
Sebastian A. Siewior.

Tue, 22 Mar 2016 16:21:59 -0400 (Kevin Lin)
------------------------------------------
* bb#11261 - additional suppress IP notification when using proxy

Tue, 22 Mar 2016 12:54:52 -0400 (Kevin Lin)
------------------------------------------
* bb#10983 - fix download and verification of *.cld through PrivateMirrors

Mon, 21 Mar 2016 11:21:08 -0400 (Kevin Lin)
------------------------------------------
* bb#11261 - suppress IP notification when using proxy

Mon, 21 Mar 2016 11:20:01 -0400 (Kevin Lin)
------------------------------------------
* bb#11543 - remove redundant mempool assignment

Thu, 17 Mar 2016 11:49:26 -0400 (Kevin Lin)
------------------------------------------
* bb#11003 - divide out dumpcerts output for better readability

Wed, 16 Mar 2016 15:42:35 -0400 (Kevin Lin)
------------------------------------------
* bb#11003 - fix dconf and option handling for nocert and dumpcert

Mon, 14 Mar 2016 16:07:45 -0400 (Mickey Sola)
------------------------------------------
* bb11463 - patch by Jim Morris to increase clamd's soft file descriptor to
its potential maximum on 64-bit systems

Mon, 14 Mar 2016 17:12:20 -0400 (Steven Morgan)
------------------------------------------
* Move libfreshclam config to m4/reorganization.

Fri, 11 Mar 2016 13:32:31 -0700 (andrey mirtchovski)
------------------------------------------
* adding libfreshclam

Sun, 13 Mar 2016 23:27:23 -0400 (Tom Judge)
------------------------------------------
* Add 'cdb' datafile to sigtools list of datafile types.

Fri, 11 Mar 2016 16:02:22 -0500 (Steven Morgan)
------------------------------------------
* bb11526 - NULL pointer check. Patch by Bill Parker.

Fri, 11 Mar 2016 15:48:01 -0500 (Steven Morgan)
------------------------------------------
* bb11524 - malloc() NULL pointer check. Patch by Bill Parker.

Thu, 10 Mar 2016 18:26:33 -0500 (Steven Morgan)
------------------------------------------
* bb1436 - clamscan 'block-macros' option. Patch by Kai Risku.

Wed, 9 Mar 2016 17:07:06 -0500 (Kevin Lin)
------------------------------------------
* bb#11514 - initialize cpio name buffer

Wed, 9 Mar 2016 16:43:03 -0500 (Kevin Lin)
------------------------------------------
* bb#11514 - initialize mspack decompression buffers

Wed, 9 Mar 2016 12:15:16 -0500 (Kevin Lin)
------------------------------------------
* bb#11514 - prevent memory allocations on used pointers (folder objects)

Tue, 8 Mar 2016 16:04:21 -0500 (Kevin Lin)
------------------------------------------
* bb#11514 - prevent memory allocations on used pointers (boolvectors)

Tue, 8 Mar 2016 14:37:20 -0500 (Kevin Lin)
------------------------------------------
* bb#11514 - initialize ARJ metadata structures

Tue, 8 Mar 2016 14:37:01 -0500 (Kevin Lin)
------------------------------------------
* bb#11514 - change cli_malloc with cli_calloc

Mon, 7 Mar 2016 16:25:10 -0500 (Kevin Lin)
------------------------------------------
* bb#11514 - check packSizes prior to dereference

Mon, 7 Mar 2016 16:10:09 -0500 (Kevin Lin)
------------------------------------------
* bb#11514 - fixed inconsistent folder state on failure

Mon, 7 Mar 2016 15:11:08 -0500 (Kevin Lin)
------------------------------------------
* bb#11514 - pre-check on (*unpackSizes) dereference

Mon, 7 Mar 2016 13:56:42 -0500 (Kevin Lin)
------------------------------------------
* bb11514 - fix on pre-checks on dereferenced array

Fri, 4 Mar 2016 16:57:14 -0500 (Kevin Lin)
------------------------------------------
* bb11514 - pre-checks on dereferenced array size values (not =0)

Wed, 2 Mar 2016 13:57:03 -0500 (Mickey Sola)
------------------------------------------
* bb-11514 - adding sanity checks to 7z header parsing

Tue, 1 Mar 2016 12:43:01 -0500 (Kevin Lin)
------------------------------------------
* bb#11514 - fixed mew source read issue

Fri, 4 Mar 2016 17:05:01 -0500 (Steven Morgan)
------------------------------------------
* bb11188 - Upgrade to use libtool 2.4.6 for ClamAV building: fixes issues
with MacOSX 10.10 and 10.11.

Tue, 1 Mar 2016 12:34:48 -0500 (Kevin Lin)
------------------------------------------
* bb#11513 - documentation update on targets

Mon, 29 Feb 2016 16:58:19 -0500 (Kevin Lin)
------------------------------------------
* filetype consistency

Mon, 29 Feb 2016 11:34:25 -0500 (Kevin Lin)
------------------------------------------
* move llvm option flag handling to new m4 file

Wed, 24 Feb 2016 13:29:42 -0500 (Kevin Lin)
------------------------------------------
* hwp5.x: fix for streams without names

[close]

http://www.clamav.net

Titel: ClamAV 0.99.3 Beta 1
Beitrag von: SiLæncer am 24 August, 2017, 13:00

Release Notes

In this release, we have included many code submissions from the ClamAV community:

Interfaces to the Prelude SIEM open source package for collecting ClamAV virus events.
Visual Studio 2015 for building Microsoft Windows binaries.
Support libmspack internal code or as a shared object library. The internal library is the default and contains additional integrity checks.
Linking with openssl 1.1.0.
Numerous code patches, typos, and compiler warning fixes.

Additionally, we have introduced important changes and new features in ClamAV 0.99.3, including:

Deprecating internal LLVM code support. The configure script has changed to search the system for an installed instance of the LLVM development libraries, and to otherwise use the bytecode interpreter for ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for executing bytecode signatures, please ensure that the LLVM development package at version 3.6 or lower is installed. Using the deprecated LLVM code is possible with the command: ./configure --with-system-llvm=no', but it no longer compile on all platforms
Compute and check PE import table hash (a.k.a. "imphash") signatures
Support file property collection and analysis for MHTML files
Raw scanning of PostScript files
Fix clamsubmit to use the new virus and false positive submission web interface
Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when size limitations are exceeded
Improve decoders for PDF files

[close]

http://www.clamav.net

Titel: ClamAV 0.99.3 Beta 2
Beitrag von: SiLæncer am 18 Dezember, 2017, 21:00

Changelog

Interfaces to the Prelude SIEM open source package for collecting ClamAV virus events.
Visual Studio 2015 for building Microsoft Windows binaries.
Support libmspack internal code or as a shared object library. The internal library is the default and contains additional integrity checks.
Linking with openssl 1.1.0.
Numerous code patches, typos, and compiler warning fixes.

[close]

http://www.clamav.net

Titel: ClamAV 0.99.3 Final
Beitrag von: SiLæncer am 26 Januar, 2018, 14:00

Changelog

CVE-2017-12374
1. ClamAV UAF (use-after-free) Vulnerabilities
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations. If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
https://bugzilla.clamav.net/show_bug.cgi?id=11939
CVE-2017-12375
2. ClamAV Buffer Overflow Vulnerability
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L
https://bugzilla.clamav.net/show_bug.cgi?id=11940
CVE-2017-12376
3. ClamAV Buffer Overflow in handle_pdfname Vulnerability
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.
https://bugzilla.clamav.net/show_bug.cgi?id=11942
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2017-12377
4. ClamAV Mew Packet Heap Overflow Vulnerability
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap overflow condition when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.
https://bugzilla.clamav.net/show_bug.cgi?id=11943
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L
CVE-2017-12378
5. ClamAV Buffer Over Read Vulnerability
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.
https://bugzilla.clamav.net/show_bug.cgi?id=11946
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L
CVE-2017-12379
6. ClamAV Buffer Overflow in messageAddArgument Vulnerability
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.
https://bugzilla.clamav.net/show_bug.cgi?id=11944
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L
CVE-2017-12380
7. ClamAV Null Dereference Vulnerability
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to improper input validation checking mechanisms during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.
https://bugzilla.clamav.net/show_bug.cgi?id=11945
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Also included are 2 minor fixes to properly detect openssl install locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1# version numbers.

[close]

http://www.clamav.net

Titel: ClamAV 0.99.4
Beitrag von: SiLæncer am 02 März, 2018, 21:00

Changelog

0.99.4 is a security patch release, quick on the heels of the 0.99.3 security patch release. This is a renewal of our commitment to the ClamAV community for timely fixes to critical issues. 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for:

CVE-2012-6706
CVE-2017-6419
CVE-2017-11423
CVE-2018-1000085

There are also a few bug fixes that were not assigned CVE’s, but were important enough to address while we had the chance. One of these was the notorious file descriptor exhaustion bug that caused outages late last January.

[close]

http://www.clamav.net

Titel: ClamWin Free Antivirus 0.99.4
Beitrag von: SiLæncer am 16 März, 2018, 06:00

Whats new:>>

This security patch release updates ClamAV scanning engine to the latest version and addresses the following issues:

ClamAV UAF Vulnerabilities
ClamAV Buffer Overflow Vulnerabilities
ClamAV Null Dereference Vulnerability
A number of other outstanding vulnerability bugs

http://www.clamwin.com/

Titel: ClamAV 0.100.0
Beitrag von: SiLæncer am 10 April, 2018, 09:15

Changelog

Some of the more prominent submissions include:

Interfaces to the Prelude SIEM open source package for collecting ClamAV virus events.
Support for Visual Studio 2015 for Windows builds. Please note that we have deprecated support for Windows XP, and while Vista may still work, we no longer test ClamAV on Windows XP or Vista.
Support libmspack internal code or as a shared object library. The internal library is the default and includes modifications to enable parsing of CAB files that do not entirely adhere to the CAB file format.
Linking with OpenSSL 1.1.0.
Deprecation of the AllowSupplementaryGroups parameter statement in clamd, clamav-milter, and freshclam. Use of supplementary is now in effect by default.
Numerous bug fixes, typo corrections, and compiler warning fixes.

Additionally, we have introduced important changes and new features in ClamAV 0.100, including but not limited to:

Deprecating internal LLVM code support. The configure script has changed to search the system for an installed instance of the LLVM development libraries, and to otherwise use the bytecode interpreter for ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for executing bytecode signatures, please ensure that the LLVM development package at version 3.6 or lower is installed. Using the deprecated LLVM code is possible with the command: ./configure --with-system-llvm=no, but it no longer compiles on all platforms.
Compute and check PE import table hash (a.k.a. "imphash") signatures.
Support file property collection and analysis for MHTML files.
Raw scanning of PostScript files.
Fix clamsubmit to use the new virus and false positive submission web interface.
Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when size limitations are exceeded.
Improved decoders for PDF files.
Reduced number of compile time warnings.
Improved support for C++11.
Improved detection of system installed libraries.
Fixes to ClamAV's Container system and the introduction of Intermediates for more descriptive signatures.

[close]

http://www.clamav.net

Titel: ClamAV 0.100.1
Beitrag von: SiLæncer am 10 Juli, 2018, 05:00

Changelog

HTTPS support for clamsubmit.
Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only.

Fixes for the following CVE's:

CVE-2017-16932: Vulnerability in libxml2 dependency (affects ClamAV on Windows only). (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932)
CVE-2018-0360: HWP integer overflow, infinite loop vulnerability. Reported by Secunia Research at Flexera. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0360)
CVE-2018-0361: ClamAV PDF object length check, unreasonably long time to parse relatively small file. Reported by aCaB. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0361)

Fixes for a few additional bugs:

Buffer over-read in unRAR code due to missing max value checks in table initialization. Reported by Rui Reis.
Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck.
PDF parser bugs reported by Alex Gaynor.
Buffer length checks when reading integers from non-NULL terminated strings.
Buffer length tracking when reading strings from dictionary objects.

[close]

http://www.clamav.net

Titel: ClamAV 0.100.2
Beitrag von: SiLæncer am 04 Oktober, 2018, 17:00

Changelog

ClamAV 0.100.2 is a patch release to address a set of vulnerabilities.

- Fixes for the following ClamAV vulnerabilities:
- [CVE-2018-15378](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15378):
Vulnerability in ClamAV's MEW unpacking feature that could allow an
unauthenticated, remote attacker to cause a denial of service (DoS)
condition on an affected device.
Reported by Secunia Research at Flexera.
- Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing code.
Reported by Alex Gaynor.
- Fixes for the following vulnerabilities in bundled third-party libraries:
- [CVE-2018-14680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680):
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It
does not reject blank CHM filenames.
- [CVE-2018-14681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681):
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in
libmspack before 0.7alpha. Bad KWAJ file header extensions could cause
a one or two byte overwrite.
- [CVE-2018-14682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682):
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha.
There is an off-by-one error in the TOLOWER() macro for CHM decompression.
- Additionally, 0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and applied
libmspack's version of the fix in its place.
- Other changes:
- Some users have reported freshclam signature update failures as a result of
a delay between the time the new signature database content is announced and
the time that the content-delivery-network has the content available for
download. To mitigate these errors, this patch release includes some
modifications to freshclam to make it more lenient, and to reduce the time
that freshclam will ignore a mirror when it detects an issue.
- On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on
Linux systems, has been disabled due to a known issue with resource cleanup.
OnAccessExtraScanning will be re-enabled in a future release when the issue
is resolved. In the mean-time, users who enabled the feature in clamd.conf
will see a warning informing them that the feature is not active.
For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048

Thank you to the following ClamAV community members for your code submissions
and bug reports!

- Alex Gaynor
- Hiroya Ito
- Laurent Delosieres, Secunia Research at Flexera

[close]

http://www.clamav.net

Titel: ClamAV 0.101.0 RC
Beitrag von: SiLæncer am 04 Dezember, 2018, 19:00

Release Notes

ClamAV 0.101.0 is a feature release with an assortment of improvements that
we've cooked up over the past 6 months.

### Some of the more obvious changes

- Our user manual has been converted from latex/pdf/html into **Markdown**!
Markdown is easier to read & edit than latex, and is easier to contribute
to as it eliminates the need to generate documents (the PDF, HTML).
Find the user manual under docs/UserManual[.md].
[Check it out!](https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/docs/UserManual.md)
- Support for RAR v5 archive extraction! We replaced the legacy C-based unrar
implementation with RarLabs UnRAR 5.6.5 library. Licensing is the same as
before, although our `libclamunrar_iface` supporting library has changed from
LGPL to the BSD 3-Clause license.
- Libclamav API changes:
- The following scanning functions now require a filename argument.
This will enable ClamAV to report more details warning and error
information in the future, and will also allow for more sensible temp
file names. The filename argument may be `NULL` if a filename is not
available.
- `cl_scandesc`
- `cl_scandesc_callback`
- `cl_scanmap_callback`
- Scanning options have been converted from a single flag bit-field into
a structure of multiple categorized flag bit-fields. This change enabled
us to add new scanning options requested by the community. In addition,
the name of each scan option has changed a little.
As a result, the API changes will require libclamav users to modify
how they initialize and pass scan options into calls such as `cl_scandesc()`.
For details:
- [example code](https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/examples/ex1.c#L89)
- [documentation](https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/docs/UserManual/libclamav.md#data-scan-functions)
- With our move to openssl versions >1.0.1, the `cl_cleanup_crypto()` function
has been deprecated. This is because cleanup of open-ssl init functions is
now handled by an auto-deinit procedure within the openssl library, meaning
the call to `EVP_cleanup()` may cause problems to processes external to Clam.
- `CL_SCAN_HEURISTIC_ENCRYPTED` scan option was replaced by 2 new scan options:
- `CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE`
- `CL_SCAN_HEURISTIC_ENCRYPTED_DOC`
- `clamd.conf` and command line interface (CLI) changes:
- As in 0.100.2, the clamd.conf `OnAccessExtraScanning` has been temporarily
disabled in order to prevent resource cleanup issues from impacting clamd
stability. As noted below, `OnAccessExtraScanning` is an opt-in minor
feature of on-access scanning on Linux systems and its loss does not
significantly impact the effectiveness of on-access scanning.
The option still exists, but the feature will not be enabled and a warning
will show if `LogVerbose` is enabled.
For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048
- "Heuristic Alerts" (aka "Algorithmic Detection") options have been changed
to make the names more consistent. The original options are deprecated in
0.101, and will be removed in a future feature release.
- In addition, _two new scan options_ were added to alert specifically on
encrypted archives or encrypted docs. Previous functionality did both, even
though it claimed to be specific to archives:
- Scan option details:

| Old `clamd.conf` option | *New* `clamd.conf` option |
| -------------------------------- | ---------------------------- |
| `AlgorithmicDetection` | `HeuristicAlerts` |
| `DetectBrokenExecutables` | `AlertBrokenExecutables` |
| `PhishingAlwaysBlockCloak` | `AlertPhishingCloak` |
| `PhishingAlwaysBlockSSLMismatch` | `AlertPhishingSSLMismatch` |
| `PartitionIntersection` | `AlertPartitionIntersection` |
| `BlockMax` | `AlertExceedsMax` |
| `OLE2BlockMacros` | `AlertOLE2Macros` |
| `ArchiveBlockEncrypted` | `AlertEncrypted` |
| | `AlertEncryptedArchive` |
| | `AlertEncryptedDoc` |

| Old `clamscan` option | *New* `clamscan` option |
| ---------------------------- | -------------------------------- |
| `--algorithmic-detection` | `--heuristic-alerts` |
| `--detect-broken` | `--alert-broken` |
| `--phishing-cloak` | `--alert-phishing-cloak` |
| `--phishing-ssl` | `--alert-phishing-ssl` |
| `--partition-intersection` | `--alert-partition-intersection` |
| `--block-max` | `--alert-exceeds-max` |
| `--block-macros` | `--alert-macros` |
| `--block-encrypted` | `--alert-encrypted` |
| | `--alert-encrypted-archive` |
| | `--alert-encrypted-doc` |

### Some more subtle improvements

- Logical signatures have been extended with a new subsignature type which
allows for numerical byte sequence comparison. For those familiar with
Snort, this byte comparison feature works similarly to the byte_extract
and byte_test feature, in that it allows signature writers to extract and
compare a specified number of bytes (offset from a match) against another
numeric value. You can read more about this feature, see how it works, and
look over examples in [our documentation](docs/UserManual/Signatures.md).
- Backwards compatibility improvements for detecting the OpenSSL dependency.
- Freshclam updated to match exit codes defined in the freshclam.1 man page.
- Upgrade from libmspack 0.5alpha to libmspack 0.7.1alpha. As a reminder, we
support system-installed versions of libmspack. _However_, at this time the
ClamAV-provided version of libmspack provides additional abilities to parse
broken or non-standard CAB files beyond what the stock libmspack 0.7.1alpha
provides. We are working with the upstream project to incorporate our
modifications, and hopefully these changes will appear in a future release
of libmspack.
- Updated the bundled 3rd party library libxml2 included for Windows builds to
version 2.9.8.
- Updated the bundled 3rd party library pcre included for Windows builds to
pcre2 version 10.31.
- Upgraded Aspack PE unpacking capability with support up to version 2.42.
- Improvements to PDF parsing capability.
- Replaced the Windows installer with a new installer built using InnoSetup 5.
- Improved `curl-config` detection logic.
GitHub pull-request by Thomas Petazzoni.
- Added file type `CL_TYPE_LNK` to more easily identify Windows Shortcut files
when writing signatures.
- Improved parsing of Windows executable (PE) Authenticode signatures. Pull-
request by Andrew Williams.
- Added support for Authenticode signature properties commonly used by
Windows system files. These files are now much more likely to be
whitelisted correctly.
- Signature parsing now works correctly on big endian systems.

- Some simplification to freshclam mirror management code, including changes
to reduce timeout on ignoring mirrors after errors, and to make freshclam
more tolerant when there is a delay between the time the new signature
database content is announced and the time that the content-delivery-network
has the content available for download.
- Email MIME Header parsing changes to accept argument values with unbalanced
quotes. Improvement should improve detection of attachments on malformed
emails.
GitHub pull-request by monnerat.
- Included the config filename when reporting errors parsing ClamAV configs.
GitHub pull-request by Josh Soref.
- Improvement to build scripts for clamav-milter.
GitHub pull-request by Renato Botelho.

### Other changes

- Removed option handler for `AllowSupplementaryGroups` from libfreshclam.
This option was previously deprecated from freshclam in ClamAV 0.100.0 but
remained in libfreshclam by mistake.
- In older versions of pcre2 and in pcre, a higher `PCRERecMatchLimit` may
cause `clamd` to crash on select files. We have lowered the default
`PCRERecMatchLimit` to 2000 to reduce the likelihood of a crash and have
added warnings to recommend using pcre2 v10.30 or higher to eliminate
the issue.

[close]

http://www.clamav.net

Titel: ClamAV 0.101.1
Beitrag von: SiLæncer am 07 Januar, 2019, 22:00

Release Notes

ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0 specifically for developers that depend on libclamav. The issue in 0.101.0 is that clamav.h required supporting headers that were not provided on make install. To address this issue, the internal cltypes.h header has been replaced by a clamav-types.h that is generated on ./configure and will be installed alongside clamav.h.

Other changes

Increased the default CommandReadTimeout to reduce the chance of mail loss if using clamav-milter with the TCP socket. Contribution by Scott Kitterman. Fixes for --with-libjson and --with-libcurl to correctly accept library install path arguments.

Acknowledgements

The ClamAV team thanks the following individuals for their code submissions: Scott Kitterman

Known Issues

Some users have observed crashes the first time running freshclam after upgrading from 0.100 to 0.101. We haven't yet tracked down the source of the issue, but have found that the issue resolves itself and that subsequent calls to freshclam work as expected.

[close]

http://www.clamav.net

Titel: ClamAV 0.101.2
Beitrag von: SiLæncer am 27 März, 2019, 09:04

Changelog

- Fixes for the following vulnerabilities affecting 0.101.1 and prior:

- CVE-2019-1787:

An out-of-bounds heap read condition may occur when scanning PDF
documents. The defect is a failure to correctly keep track of the number
of bytes remaining in a buffer when indexing file data.

- CVE-2019-1789:

An out-of-bounds heap read condition may occur when scanning PE files
(i.e. Windows EXE and DLL files) that have been packed using Aspack as a
result of inadequate bound-checking.

- CVE-2019-1788:

An out-of-bounds heap write condition may occur when scanning OLE2 files
such as Microsoft Office 97-2003 documents. The invalid write happens when
an invalid pointer is mistakenly used to initialize a 32bit integer to
zero. This is likely to crash the application.

- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:

- CVE-2019-1786:

An out-of-bounds heap read condition may occur when scanning malformed PDF
documents as a result of improper bounds-checking.

- CVE-2019-1785:

A path-traversal write condition may occur as a result of improper input
validation when scanning RAR archives. Issue reported by aCaB.

- CVE-2019-1798:

A use-after-free condition may occur as a result of improper error
handling when scanning nested RAR archives. Issue reported by David L.

- Fixes for the following assorted bugs:

- Added checks to prevent shifts from causing undefined behavior in HTML
normalizer, UPX unpacker, ARJ extractor, CPIO extractor, OLE2 parser,
LZW decompressor used in the PDF parser, Xz decompressor, and UTF-16 to
ASCII transcoder.
- Added checks to prevent integer overflow in UPX unpacker.
- Fix for minor memory leak in OLE2 parser.
- Fix to speed up PDF parser when handling truncated (or malformed) PDFs.
- Fix for memory leak in ARJ decoder failure condition.
- Fix for potential memory and file descriptor leak in HTML normalization code.
- Removed use of problematic feature that converted file descriptors to
file paths. The feature was intended to improve performance when scanning
file types, notably RAR archives, for which the API requires a file path.
This feature caused issues in environments where the ClamAV engine is run
in a low-permissions or sandboxed process. RAR archives are still supported
with this change, but performance may suffer slightly if the file path is not
provided in calls to `cl_scandesc_callback()`.
- Added filename and tempfile names to scandesc calls in clamd.
- Added general scan option `CL_SCAN_GENERAL_UNPRIVILEGED` to treat the scan
engine as unprivileged, meaning that the scan engine will not have read
access to the file. Provided file paths are for logging purposes only.
- Added ability to create a temp file when scanning RAR archives when the
process does not have read access to the file path provided (i.e.
unprivileged is set, or an access check fails).

[close]

http://www.clamav.net

Titel: ClamAV 0.101.3
Beitrag von: SiLæncer am 07 August, 2019, 21:00

Changelog

ClamAV 0.101.3 is a patch release to address a vulnerability to non-recursive
zip bombs.

A Denial-of-Service (DoS) vulnerability may occur when scanning a zip bomb as a
result of excessively long scan times. The issue is resolved by detecting the
overlapping local file headers which characterize the non-recursive zip bomb
described by David Fifield,
[here](https://www.bamsoftware.com/hacks/zipbomb/).

Thank you to Hanno Böck for reporting the issue as it relates to ClamAV,
[here](https://bugzilla.clamav.net/show_bug.cgi?id=12356).

Also included in 0.101.3:

- Update of bundled the libmspack library from 0.8alpha to 0.10alpha, to
address a buffer overflow vulnerability in libmspack < 0.9.1α.

[close]

http://www.clamav.net

Titel: ClamAV 0.102.0
Beitrag von: SiLæncer am 03 Oktober, 2019, 11:00

Changelog

Major changes:

The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects:

On-Access scanning for created and moved files (Extra-Scanning) is fixed.
VirusEvent for On-Access scans is fixed.
With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan.
For details on how to use the new clamonacc On-Access scanner, please refer to the user manual on ClamAV.net, and please read our blog post entitled "Understanding and transitioning to ClamAV's new On-Access scanner."

The freshclam database update utility has undergone a significant update. This includes:

Added support for HTTPS.
Support for database mirrors hosted on ports other than 80.
Removal of the mirror management feature (mirrors.dat).
An all new libfreshclam library API.

Notable changes:

Added support for extracting ESTsoft .egg archives. This feature is new code developed from scratch using ESTsoft's Egg-archive specification and without referencing the UnEgg library provided by ESTsoft. This was necessary because the UnEgg library's license includes restrictions limiting the commercial use of the UnEgg library.
The documentation has moved!
Users should navigate to ClamAV.net to view the documentation online.
The documentation will continue to be provided in HTML format with each release for offline viewing in the docs/html directory.
The new home for the documentation markdown is in our ClamAV FAQ Github repository.
To remediate future denial of service conditions caused by excessive scan times, we introduced a scan time limit. The default value is 2 minutes (120000 milliseconds).

To customize the time limit:

use the clamscan --max-scantime option
use the clamd MaxScanTime config option

Libclamav users may customize the time limit using the cl_engine_set_num function. For example:

cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, time_limit_milliseconds)

Other improvements:

Improved Windows executable Authenticode handling, enabling both whitelisting and blacklisting of files based on code-signing certificates. Additional improvements to Windows executable (PE file) parsing. Work courtesy of Andrew Williams.
Added support for creating bytecode signatures for Mach-O and ELF executable unpacking. Work courtesy of Jonas Zaddach.
Re-formatted the entire ClamAV code-base using clang-format in conjunction with our new ClamAV code style specification. See the clamav.net blog post for details.
Integrated ClamAV with Google's OSS-Fuzz automated fuzzing service with the help of Alex Gaynor. This work has already proven beneficial, enabling us to identify and fix subtle bugs in both legacy code and newly developed code.
The clamsubmit tool is now available on Windows.
The clamscan metadata feature (--gen-json) is now available on Windows.
Significantly reduced number of warnings generated when compiling ClamAV with "-Wall" and "-Wextra" compiler flags and made many subtle improvements to the consistency of variable types throughout the code.
Updated the majority of third-party dependencies for ClamAV on Windows. The source code for each has been removed from the clamav-devel repository. This means that these dependencies have to be compiled independently of ClamAV. The added build process complexity is offset by significantly reducing the difficulty of releasing ClamAV with newer versions of those dependencies.
During the 0.102 development period, we've also improved our Continuous Integration (CI) processes. Most recently, we added a CI pipeline definition to the ClamAV Git repository. This chains together our build and quality assurance test suites and enables automatic testing of all proposed changes to ClamAV, with customizable parameters to suit the testing needs of any given code change.
Added a new clamav-version.h generated header to provide version number macros in text and numerical format for ClamAV, libclamav, and libfreshclam.
Improved cross-platform buildability of libxml2. Work courtesy of Eneas U de Queiroz with supporting ideas pulled from the work of Jim Klimov.

Bug fixes:

Fix to prevent a possible crash when loading LDB type signature databases and PCRE is not available. Patch courtesy of Tomasz Kojm.
Fixes to the PDF parser that will improve PDF malware detection efficacy. Patch courtesy of Clement Lecigne.
Fix for regular expression phishing signatures (PDB R-type signatures).
Various other bug fixes.

New Requirements:

Libcurl has become a hard-dependency. Libcurl enables HTTPS support for freshclam and clamsubmit as well as communication between clamonacc and clamd.

Libcurl version >= 7.45 is required when building ClamAV from source with the new On-Access Scanning application (clamonacc). Users on Linux operating systems that package older versions of libcurl (e.g. all versions of CentOS and Debian versions <= 8) have a number of options:

Wait for your package maintainer to provide a newer version of libcurl.
Install a newer version of libcurl from source.
Disable installation of clamonacc and On-Access Scanning capabilities with the ./configure flag --disable-clamonacc.
Non-Linux users will need to take no actions as they are unaffected by this new requirement.

[close]

http://www.clamav.net

Titel: ClamAV 0.102.1
Beitrag von: SiLæncer am 21 November, 2019, 06:00

Changelog

Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:

CVE-2019-15961:

A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation.
Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support.
Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu.
Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library.
Null-dereference fix in email parser when using the --gen-json metadata option.

[close]

http://www.clamav.net

Titel: ClamAV 0.102.2
Beitrag von: SiLæncer am 06 Februar, 2020, 05:00

Changelog

ClamAV 0.102.2 is a security patch release to address the following issues:

CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash.
Significantly improved the scan speed of PDF files on Windows.
Re-applied a fix to alleviate file access issues when scanning RAR files in downstream projects that use libclamav where the scanning engine is operating in a low-privilege process. This bug was originally fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0.
Fixed an issue where freshclam failed to update if the database version downloaded is one version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file.
Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The ReceiveTimeout had caused needless database update failures for users with slower internet connections.
Correctly display the number of kilobytes (KiB) in progress bar and reduced the size of the progress bar to accommodate 80-character width terminals.
Fixed an issue where running freshclam manually causes a daemonized freshclam process to fail when it updates because the manual instance deletes the temporary download directory. The freshclam temporary files will now download to a unique directory created at the time of an update instead of using a hardcoded directory created/destroyed at the program start/exit.
Fix for freshclam's OnOutdatedExecute config option.
Fixes a memory leak in the error condition handling for the email parser.
Improved bound checking and error handling in ARJ archive parser.
Improved error handling in PDF parser.
Fix for memory leak in byte-compare signature handler.
Updates to the unit test suite to support libcheck 0.13.
Updates to support autoconf 2.69 and automake 1.15.

[close]

http://www.clamav.net

Titel: ClamAV 0.102.3
Beitrag von: SiLæncer am 12 Mai, 2020, 19:30

Changelog

ClamAV 0.102.3 is a bug patch release to address the following issues.

- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper bounds checking of
an unsigned variable results in an out-of-bounds read which causes a crash.

Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ
parsing vulnerability.

- [CVE-2020-3341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341):
Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper size checking of
a buffer used to initialize AES decryption routines results in an out-of-
bounds read which may cause a crash. Bug found by OSS-Fuzz.

- Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.

- Fix a couple of minor memory leaks.

- Updated libclamunrar to UnRAR 5.9.2.

[close]

http://www.clamav.net

Titel: ClamAV 0.102.4
Beitrag von: SiLæncer am 16 Juli, 2020, 21:30

Changelog

ClamAV 0.102.4 is a bug patch release to address the following issues.

- [CVE-2020-3350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350):
Fix a vulnerability wherein a malicious user could replace a scan target's
directory with a symlink to another path to trick clamscan, clamdscan, or
clamonacc into removing or moving a different file (eg. a critical system
file). The issue would affect users that use the --move or --remove options
for clamscan, clamdscan, and clamonacc.

For more information about AV quarantine attacks using links, see the
[RACK911 Lab's report](https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software).

- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that
could cause a Denial-of-Service (DoS) condition. Improper bounds checking
results in an out-of-bounds read which could cause a crash.
The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly
resolves the issue.

- [CVE-2020-3481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481):
Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3
could cause a Denial-of-Service (DoS) condition. Improper error handling
may result in a crash due to a NULL pointer dereference.
This vulnerability is mitigated for those using the official ClamAV
signature databases because the file type signatures in daily.cvd
will not enable the EGG archive parser in versions affected by the
vulnerability.

[close]

http://www.clamav.net

Titel: ClamAV 0.103.0 RC
Beitrag von: SiLæncer am 19 August, 2020, 12:00

Changelog

Major changes:

clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort.
Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume 2x as much memory. For this purpose we have added a new clamd config option ConcurrentDatabaseReload which may be set to no.

Notable changes:

The DLP module has been enhanced with additional credit card ranges and a new engine option which allows ClamAV to alert only on credit cards (and not, for instance, gift cards) when scannning with the DLP module. This feature enhancement was made by John Schember, with input from Alexander Sulfrian.
Support for Adobe Reader X PDF encryption, an overhaul of PNG scanning to detect PNG specific exploits, and a major change to GIF parsing which makes it more tolerant to problematic files and adds the ability to scan overlays, all thanks to work and patches submitted by Aldo Mazzeo.
clamdtop.exe now available for Windows users. Functionality is somewhat limited when compared with clamdtop on Linux. PDCurses is required to build clamdtop.exe for ClamAV on Windows.
The phishing detection module will now print "Suspicious link found!" along with the "Real URL" and "Display URL" each time phishing is detected. In a future version, we would like to print out alert-related metadata like this at the end of a scan, but for now this detail will help users understand why a given file is being flagged as phishing.
Added new *experimental* CMake build tooling. CMake is not yet recommended for production builds. Our team would appreciate any assistance improving the CMake build tooling so we can one day deprecate Autotools and remove the Visual Studio solutions.
Please see the new CMake installation instructions found in INSTALL.cmake.md for detailed instructions on how to build ClamAV with CMake.
Added --ping and --wait options to the clamdscan and clamonacc client applications.
The --ping (-p) command will attempt to ping clamd up to a specified maximum number of attempts at an optional interval. If the interval isn't specified, a default 1-second interval is used. It will exit with status code `0` when it receives a PONG from clamd or status code `21` if the timeout expires before it receives a response.
Other improvements
Added ability for freshclam and clamsubmit to override default use of OpenSSL CA bundle with a custom CA bundle. On Linux/Unix platforms (excluding macOS), users may specify a custom CA bundle by setting the CURL_CA_BUNDLE environment variable. On macOS and Windows, users are expected to add CA certificates to their respective system's keychain/certificate store. Patch courtesy of Sebastian A. Siewior
clamscan and clamdscan now print the scan start and end dates in the scan summary.
The clamonacc on-access scanning daemon for Linux now installs to sbin instead of bin.
Improvements to the freshclam progress bar so the width of the text does not shift around as information changes and will not spill exceed 80-characters even on very slow connections. Time is now displayed in Xm XXs (or Xh XXm) for values of 60 seconds or more. Bytes display now changes units at the proper 1024 B/KiB instead of 2048 B/KiB. Patch courtesy of Zachary Murden.
Improve column alignment and line wrap rendering for clamdtop. Also fixed an issue on Windows where clamdtop would occasionally disconnect from clamd and fail to reconnect. Patch courtesy of Zachary Murden.
Improvements to the AutoIT parser.
Loosened the curl version requirements in order to build and use clamonacc. You may now build ClamAV with any version of libcurl. However clamonacc's file descriptor-passing (FD-passing) capability will only be available with libcurl 7.40 or newer. FD-passing is ordinarily the default way to perform scans with clamonacc as it is significantly faster than streaming.
Added LZMA and BZip2 decompression routines to the bytecode signature API.
Disabled embedded type recognition for specific archive and disk image file types. This change reduces file type misclassification and improves scan time performance by reducing duplicated file scanning.

Bug fixes:

Fixed issue scanning directories on Windows with clamdscan.exe that was introduced when mitigating against symlink quarantine attacks.
Fixed behavior of freshclam --quiet option. Patch courtesy of Reio Remma.
Fixed behavior of freshclam's OnUpdateExecute, OnErrorExecute, and OnOutdatedExecute config options on Windows when in daemon-mode so it can handle multiple arguments. Patch courtesy of Zachary Murden.
Fixed an error in the heuristic alert mechanism that would cause a single detection within an archive to alert once for every subsequent file scanned, potentially resulting in thousands of alerts for a single scan.
Fixed clamd, clamav-milter, and freshclam to create PID files before dropping privileges, to avoid the possibility of an unprivileged user from changing the PID file so that a service manager will kill a different process. This change does make the services unable to clean up the PID file on exit.
Fixed the false positive (.fp) signature feature. In prior versions, the hash in a false positive signature would be checked only against the current layer of a file being scanned. In 0.103, every file layer is hashed, and the hashes for each in the scan recursion list are checked. This ensures that .fp signatures containing a hash for any layer in the scan leading up to the alert will negate the alert.
As an example, a hash for a zip containing the file which alerts would not prevent the detection in prior versions. Only the hash of the embedded file would work. For some file types where the outermost is always an archive, eg. docx files, this made .fp signatures next to useless. For certain file types where the scanned content was a normalized version of the original content, eg. HTML, the normalized version was never hashed and this meant that .fp signatures never worked.
Fixed Trusted & Revoked Windows executable (PE) file signature rules (.crb) maximum functionality level (FLEVEL) which had been being treated as the minimum FLEVEL. These signatures enable ClamAV to trust executables that are digitally signed by trusted publishers, or to alert on executables signed with compromised signing-certificates. The minimum and maximum FLEVELS enable or disable signatures at load time depending on the current ClamAV version.
Fixed a bug wherein you could not build ClamAV with --enable-libclamav-only if curl was not installed on the system.
Various other bug fixes, improvements, and documentation improvements.

New Requirements:

Autotools (automake, autoconf, m4, pkg-config, libtool) are now required in order to build from a Git clone because the files generated by these tools have been removed from the Git repository. To generate theses files before you compile ClamAV, run autogen.sh. Users building with Autotools from the release tarball should be unaffected.
Flex and Bison are now required in order to build from a Git clone. Flex and Bison are also required to build with CMake. Users building with Autotools from the release tarball should be unaffected.

[close]

http://www.clamav.net

Titel: ClamAV 0.103.0 RC 2
Beitrag von: SiLæncer am 02 September, 2020, 06:00

Changelog

Fixed clamd and clamav-milter service/daemon start issue when starting as root and switching users. This issue discussed in the mailing list and reported on bugzilla.
Fixed a build issue when libcheck is not installed. This issue reported on bugzilla.
Fixed a Windows issue using the clamscan.exe & clamdscan.exe's --remove option. This issue reported on bugzilla.
Added pkg-config support for finding pcre2 and ncurses when using the Autotools build system. pcre2 pkg-config support contributed by Michael Orlitzky via GitHub.com.
Reverted the change require Bison & Flex when building from a Git clone. Bison & Flex generated sources will remain in our Git repository. When building with CMake, they can be re-generated by enabling "maintainer mode".
Fixed bugs in the ARJ and XAR archive parsers.

[close]

http://www.clamav.net

Titel: ClamAV 0.103.0 Final
Beitrag von: SiLæncer am 14 September, 2020, 22:15

Changelog

With your feedback on the previous candidates, we've fixed these additional issues:

The freshclam PID file was not readable by other users in previous release candidates but is now readable by all.
An issue with how freshclam was linked with the autotools build system caused SysLog settings to be ignored.
The real-path checks introduced to clamscan and clamdscan in 0.102.4 broke scanning of some files with Unicode filenames and files on network shares for Windows users.
Thanks to the users for your help in fixing these bugs.

Major changes:

clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort.
Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads, as it will temporarily consume double the amount of memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no.

Notable changes:

The DLP module has been enhanced with additional credit card ranges and a new engine option that allows ClamAV to alert only on credit cards (and not, for instance, gift cards) when scanning with the DLP module. John Schember developed this feature, with input from Alexander Sulfrian.
We added support for Adobe Reader X PDF encryption and overhauled the PNG-scanning tool to detect PNG-specific exploits. We also made a major change to GIF parsing that now makes it more tolerant of problematic files and adds the ability to scan overlays, all thanks to work and patches submitted by Aldo Mazzeo.
clamdtop.exe is now available for Windows users. The functionality is somewhat limited when compared to clamdtop on Linux. PDCurses is required to build clamdtop.exe for ClamAV on Windows.
The phishing detection module will now print "Suspicious link found!" along with the "Real URL" and "Display URL" each time ClamAV detects phishing. In a future version, we would like to print out alert-related metadata like this at the end of a scan, but for now, this detail will help users understand why a given file is being flagged as phishing.
Added new *experimental* CMake build tooling. CMake is not yet recommended for production builds. Our team would appreciate any assistance improving the CMake build tooling so we can one day deprecate autotools and remove the Visual Studio solutions.
Please see the new CMake installation instructions found in INSTALL.cmake.md for detailed instructions on how to build ClamAV with CMake.
Added --ping and --wait options to the clamdscan and clamonacc client applications.
The --ping (-p) command will attempt to ping clamd up to a specified maximum number of attempts at an optional interval. If the interval isn't specified, a default one-second interval is used. It will exit with status code `0` when it receives a PONG from clamd or status code `21` if the timeout expires before it receives a response.
Added Excel 4.0 (XLM) macro detection and extraction support. Significantly improved VBA detection and extraction as well. Work courtesy of Jonas Zaddach.
This support not yet added to sigtool, as the VBA extraction feature in sigtool is separate from the one used for scanning and will still need to be updated or replaced in the future.
Improvements to the layout and legibility of temp files created during a scan. Improvements to legibility and content of the metadata JSON generated during a scan.

To review the scan temp files and metadata JSON, run:

clamscan --tempdir=<path> --leave-temps --gen-json <target>

Viewing the scan temp files and metadata.json file provides some insight into how ClamAV analyzes a given file and can also be useful to analysts for the initial triage of potentially malicious files.

Other improvements:

Added ability for freshclam and clamsubmit to override default use of OpenSSL CA bundle with a custom CA bundle. On Linux/Unix platforms (excluding macOS), users may specify a custom CA bundle by setting the CURL_CA_BUNDLE environment variable. On macOS and Windows, users are expected to add CA certificates to their respective system's keychain/certificate store. Patch courtesy of Sebastian A. Siewior.
clamscan and clamdscan now print the scan start and end dates in the scan summary.
The clamonacc on-access scanning daemon for Linux now installs to sbin instead of bin.
Improvements to the freshclam progress bar to ensure the text does not shift around as information changes. The bar will not exceed 80 characters, even on very slow connections. Time is now displayed in Xm XXs (or Xh XXm) for values of 60 seconds or longer. The bytes display now changes units at the proper 1024 B/KiB instead of 2048 B/KiB. Patch courtesy of Zachary Murden.
Improve column alignment and line wrap rendering for clamdtop. Also fixed an issue on Windows where clamdtop would occasionally disconnect from clamd and fail to reconnect. Patch courtesy of Zachary Murden.
Improvements to the AutoIT parser.
Loosened the curl version requirements in order to build and use clamonacc. You may now build ClamAV with any version of libcurl. However, clamonacc's file descriptor-passing (FD-passing) capability will only be available with libcurl 7.40 or newer. FD-passing is ordinarily the default way to perform scans with clamonacc, as it is significantly faster than streaming.
Added LZMA and BZip2 decompression routines to the bytecode signature API.
Disabled embedded type recognition for specific archive and disk image file types. This change reduces file type misclassification and improves scan time performance by reducing duplicated file scanning.
Use pkg-config to detect libpcre2-8 before resorting to pcre2-config or pcre-config.
Patch courtesy of Michael Orlitzky.

Bug fixes:

Fixed issue scanning directories on Windows with clamdscan.exe that was introduced when mitigating against symlink quarantine attacks.
Fixed behavior of freshclam --quiet option. Patch courtesy of Reio Remma.
Fixed behavior of freshclam's OnUpdateExecute, OnErrorExecute, and OnOutdatedExecute config options on Windows when in daemon-mode so it can handle multiple arguments. Patch courtesy of Zachary Murden.
Fixed an error in the heuristic alert mechanism that would cause a single detection within an archive to alert once for every subsequent file scanned, potentially resulting in thousands of alerts for a single scan.
Fixed clamd, clamav-milter, and freshclam to create PID files before dropping privileges, to avoid the possibility of an unprivileged user from changing the PID file so that a service manager will kill a different process. This change does make the services unable to clean up the PID file on exit.
Fixed the false positive (.fp) signature feature. In prior versions, the hash in a false positive signature would be checked only against the current layer of a file being scanned. In 0.103, every file layer is hashed, and the hashes for each in the scan recursion list are checked. This ensures that .fp signatures containing a hash for any layer in the scan leading up to the alert will negate the alert.
As an example, a hash for a zip containing the file which alerts would not prevent the detection in prior versions. Only the hash of the embedded file would work. For some file types where the outermost is always an archive, eg. docx files, this made .fp signatures next to useless. For certain file types where the scanned content was a normalized version of the original content, eg. HTML, the normalized version was never hashed and this meant that .fp signatures never worked.
Fixed Trusted & Revoked Windows executable (PE) file signature rules (.crb) maximum functionality level (FLEVEL) which had been being treated as the minimum FLEVEL. These signatures enable ClamAV to trust executables that are digitally signed by trusted publishers or to alert on executables signed with compromised signing-certificates. The minimum and maximum FLEVELS enable or disable signatures at load time depending on the current ClamAV version.
Fixed a bug wherein you could not build ClamAV with --enable-libclamav-only if curl was not installed on the system.
Various other bug fixes, improvements and documentation improvements.

New Requirements:

Autotools (automake, autoconf, m4, pkg-config, libtool) are now required to build from a Git clone because the files generated by these tools have been removed from the Git repository. To generate these files before you compile ClamAV, run autogen.sh. Users building with autotools from the release tarball should be unaffected.

[close]

http://www.clamav.net

Titel: ClamPatrol 1.0.7741.47096
Beitrag von: SiLæncer am 25 März, 2021, 21:00

(https://i.postimg.cc/mDRHWFLq/screenshot-2950.png)

A flexible antivirus solution based on ClamAV's virus database, offering a good level of detection for possible threats within a minimalistic UI.

Freeware

https://www.aulap.my.id/softwares

Titel: ClamAV 0.103.2
Beitrag von: SiLæncer am 08 April, 2021, 13:00

Changelog

This is a security patch release with the following fixes:

CVE-2021-1386: Fix for UnRAR DLL load privilege escalation. Affects 0.103.1 and prior on Windows only.
CVE-2021-1252: Fix for Excel XLM parser infinite loop. Affects 0.103.0 and 0.103.1 only.
CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. Affects 0.103.0 and 0.103.1 only.
CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects 0.103.1 and prior.
Fix possible memory leak in PNG parser.
Fix ClamOnAcc scan on file-creation race condition so files are scanned after their contents are written.
FreshClam: Deprecate the SafeBrowsing config option. The SafeBrowsing option will no longer do anything. For more details, see our blog post from last year about the future of the ClamAV Safe Browsing database.
DatabaseCustomURL option in freshclam.conf to download it.
FreshClam: Improved HTTP 304, 403 and 429 handling.
FreshClam: Added the mirrors.dat file back to the database directory.

This new mirrors.dat file will store:

A randomly generated UUID for the FreshClam User-Agent.
A retry-after timestamp that so FreshClam won't try to update after having received an HTTP 429 response until the Retry-After timeout has expired.
FreshClam will now exit with a failure in daemon mode if an HTTP 403 (Forbidden) was received because the outcome won't change if it tries again later. The FreshClam user will have to take appropriate action to get unblocked.
Fix the FreshClam mirror-sync issue where a downloaded database is "older than the version advertised."

[close]

http://www.clamav.net

Titel: ClamWin Free Antivirus 0.103.2
Beitrag von: SiLæncer am 04 Mai, 2021, 12:00

Whats new:>>

This release updates ClamAV scannin engine to the supported version and delivers the following imporvements:

Virus database updates are working again
ClamAV engine updated to version 0.103.2

http://www.clamav.net

Titel: ClamWin Free Antivirus 0.103.2.1
Beitrag von: SiLæncer am 07 Juni, 2021, 19:00

Whats new:>>

Fixed Virus database updates
ClamAV engine updated to version 0.103.2r1

http://www.clamav.net

Titel: ClamAV 0.103.3
Beitrag von: SiLæncer am 22 Juni, 2021, 09:00

Changelog

Fixed a scan performance issue when ENGINE_OPTIONS_FORCE_TO_DISK is enabled. This issue did not affect most users, but for those affected, it caused every scanned file to be copied to the temp directory before the scan.
Fixed ClamDScan crashes when using the --fdpass --multiscan command-line options in combination with the ClamD ExcludePath config file options.
Fixed an issue where the mirrors.dat file is owned by root when starting as root (or with sudo) and using daemon-mode. File ownership will be set to the DatabaseOwner just before FreshClam switches to run as that user.
Renamed the mirrors.dat file to freshclam.dat.
Unfortunately, some users have FreshClam configured to automatically delete mirrors.dat if FreshClam failed. Renaming mirrors.dat to freshclam.dat should make it so those scripts don't delete important FreshClam data.
We used to recommend deleting mirrors.dat if FreshClam failed to update. This is because mirrors.dat used to keep track of offline mirrors and network interruptions were known to cause FreshClam to think that all mirrors were offline. ClamAV now uses a paid CDN instead of a mirror network, and the new FreshClam DAT file no longer stores that kind of information. The UUID used in ClamAV's HTTP User-Agent is stored in the FreshClam DAT file and we want the UUID to persist between runs, even if there was a failure.
Disabled the HTTPUserAgent config option if the DatabaseMirror uses clamav.net. This will prevent users from being inadvertently blocked and will ensure that we can keep better metrics on which ClamAV versions are being used.
This change effectively deprecates the HTTPUserAgent option for most users.
Moved the detection for Heuristics.PNG.CVE-2010-1205 behind the ClamScan --alert-broken-media option (ClamD AlertBrokenMedia yes) option. This type of PNG issue appears to be common enough to be an annoyance, and the CVE is old enough that no one should be vulnerable at this point.
Fixed ClamSubmit failures after changes to Cloudflare "__cfduid" cookies.

[close]

http://www.clamav.net

Titel: ClamAV 0.104.0 RC
Beitrag von: SiLæncer am 23 Juli, 2021, 11:00

Changelog

New Requirements:

As of ClamAV 0.104, CMake is required to build ClamAV.
We have added comprehensive build instructions for using CMake to the new INSTALL.md file. The online documentation will also be updated to include CMake build instructions.
The Autotools and the Visual Studio build systems have been removed.

Major changes:

The built-in LLVM for the bytecode runtime has been removed.
The bytecode interpreter is the default runtime for bytecode signatures just as it was in ClamAV 0.103.
We wished to add support for newer versions of LLVM, but ran out of time. If you're building ClamAV from source and you wish to use LLVM instead of the bytecode interpreter, you will need to supply the development libraries for LLVM version 3.6.2. See INSTALL.md to learn more.
There are now official ClamAV images on Docker Hub.
Note: Until ClamAV 0.104.0 is released, these images are limited to "unstable" versions, which are updated daily with the latest changes in the default branch on GitHub.
You can find the images on Docker Hub under clamav.

Docker Hub ClamAV tags:

clamav/clamav:<version>: A release preloaded with signature databases.
Using this container will save the ClamAV project some bandwidth. Use this if you will keep the image around so that you don't download the entire database set every time you start a new container. Updating with FreshClam from the existing databases set does not use much data.
clamav/clamav:<version>_base: A release with no signature databases.
Use this container only if you mount a volume in your container under /var/lib/clamav to persist your signature database databases. This method is the best option because it will reduce data costs for ClamAV and for the Docker registry, but it does require advanced familiarity with Linux and Docker.
Caution: Using this image without mounting an existing database directory will cause FreshClam to download the entire database set each time you start a new container.
You can use the unstable version (i.e. clamav/clamav:unstable or clamav/clamav:unstable_base) to try the latest from our development branch.
Please, be kind when using "free" bandwidth for the virus databases and Docker registry. Try not to download the entire database set or the larger ClamAV database images on a regular basis.
For more details, see the ClamAV Docker documentation.
Special thanks to Olliver Schinagl for his excellent work creating ClamAV's new Docker files, image database deployment tooling, and user documentation.
clamd and freshclam are now available as Windows services. To install and run them, use the --install-service option and net start [name] command.
Special thanks to Gianluigi Tiesi for his original work on this feature.

Notable changes:

We added these features in 0.103.1 but wanted to re-post them here, as patch versions do not generally introduce new options:

Added a new scan option to alert on broken media (graphics) file formats. This feature mitigates the risk of malformed media files intended to exploit vulnerabilities in other software. Currently, media validation exists for JPEG, TIFF, PNG, and GIF files. To enable this feature, set AlertBrokenMedia yes in clamd.conf, or use the --alert-broken-media option when using clamscan. These options are disabled by default in this patch, but may be enabled in a subsequent release. Application developers may enable this scan option by enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field.
Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF and PNG typing behavior. BMP and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS because ClamAV does not have BMP or JPEG 2000 format-checking capabilities.
Added progress callbacks to libclamav for:
database load: cl_engine_set_clcb_sigload_progress()
engine compile: cl_engine_set_clcb_engine_compile_progress()
engine free: cl_engine_set_clcb_engine_free_progress()
These new callbacks enable an application to monitor and estimate load, compile and unload progress. See clamav.h for API details.

Added progress bars to ClamScan for the signature load and engine compile steps before a scan begins. The startup progress bars won't be enabled if ClamScan isn't running in a terminal (i.e. if stdout is not a TTY), or if any of these options are used:

--debug
--quiet
--infected
--no-summary

Other improvements:

Added the %f format string option to the ClamD VirusEvent feature to insert the file path of the scan target when a virus event occurs. This supplements the VirusEvent %v option that prints the signature (virus) name. The ClamD VirusEvent feature also provides two environment variables, $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEVENT_VIRUSNAME for a similar effect. This fix comes courtesy of Vasile Papp.
Improvements to the AutoIt extraction module. Patch courtesy of cw2k.
Added support for extracting images from Excel *.xls (OLE2) documents.
Trusted SHA256-based Authenticode hashes can now be loaded in from *.cat files. See our Authenticode documentation for more info about using *.cat files with *.crb rules to trust signed Windows executables.

Bug fixes:

Fixed a memory leak affecting logical signatures that use the "byte compare" feature. Patch courtesy of Andrea De Pasquale.
Fixed bytecode match evaluation for PDF bytecode hooks in PDF file scans.
Other minor bug fixes.

[close]

http://www.clamav.net

Titel: ClamAV 0.104.0 RC 2
Beitrag von: SiLæncer am 20 August, 2021, 20:00

Changelog

What changed since the first release candidate:

First and foremost, we are listening to your concerns about the build system change from Autotools to CMake, and about changes coming in a future feature release when we add the Rust programming language toolchain into our build requirements. We can't bring back Autotools, but we hope that the following will help.
We are introducing a Long Term Support (LTS) program that will begin with the 0.103 feature release. Users will be required to stay up to date with the latest patch versions (e.g., 0.103.3) within the 0.103 feature series, but will have the peace-of-mind that the 0.103 feature release will receive critical patch versions with a stable ABI up until End-of-Life in September 2023. Stay tuned for a separate blog post introducing the full details of our LTS program. We will also add a version-support-matrix to our online documentation in tandem with the LTS blog post for easy reference.

In addition to the above, we've resolved the following issues identified during the first release candidate:

Increased the functionality level (FLEVEL) for the 0.104 release to make space for additional 0.103 (LTS) patch versions. See the Version & FLEVEL reference.
Improvements installation instructions in INSTALL.md and in the online documentation.
Fixed iconv / libiconv detection in the CMake configuration process when -Werror=return-type is enabled, such as in the openSUSE packaging environment. See PR-233.
Fixed broken CMake build when RAR support is intentionally disabled and test-support is enabled. See PR-237.
Fixed broken CMake build on systems that do not provide format string macros for standard integer types. See PR-231.
Improved long file path support on Windows. (Disclaimer: presently requires user to opt-in with a registry key change). See PR-229.
Fixed a segfault and socket file descriptor leak in ClamOnAcc. See PR-227.
Fixed an error reported by ClamD when scanning directories on Windows. See PR-230.
Fixed issue with Freshclam support for Universal Naming Convention (UNC) paths on Windows. See PR-226.
Added missing environment variable feature documentation to the manpages. See PR-254.
Fixed an assortment of issues identified by Coverity static analysis. See PR-221.
Tuned the Valgrind suppression rules for the public test suite to resolve a false positive that caused intermittent ClamD test failures. See PR-238.
Fixed the mspack library name to deconflict with system installed mspack packages. See PR-234.
Fixed a false positive in the ClamD tests, reported by Valgrind when compiling with Clang. See PR-236.

[close]

http://www.clamav.net

Titel: ClamAV 0.104.0
Beitrag von: SiLæncer am 31 Oktober, 2021, 11:00

Changelog

New Requirements

As of ClamAV 0.104, CMake is required to build ClamAV.
We have added comprehensive build instructions for using CMake to the new INSTALL.md file. The online documentation will also be updated to include CMake build instructions.
The Autotools and the Visual Studio build systems have been removed.

Major changes

The built-in LLVM for the bytecode runtime has been removed.
The bytecode interpreter is the default runtime for bytecode signatures just as it was in ClamAV 0.103.
We hoped to add support for newer versions of LLVM, but ran out of time. If you're building ClamAV from source and you wish to use LLVM instead of the bytecode interpreter, you will need to supply the development libraries for LLVM version 3.6.2. See the "bytecode runtime" section in INSTALL.md to learn more.
There are now official ClamAV images on Docker Hub.

Docker Hub ClamAV tags:

clamav/clamav:<version>: A release preloaded with signature databases.
Using this container will save the ClamAV project some bandwidth. Use this if you will keep the image around so that you don't download the entire database set every time you start a new container. Updating with FreshClam from the existing databases set does not use much data.
clamav/clamav:<version>_base: A release with no signature databases.
Use this container only if you mount a volume in your container under /var/lib/clamav to persist your signature database databases. This method is the best option because it will reduce data costs for ClamAV and for the Docker registry, but it does require advanced familiarity with Linux and Docker.
Caution: Using this image without mounting an existing database directory will cause FreshClam to download the entire database set each time you start a new container.
You can use the unstable version (i.e. clamav/clamav:unstable or clamav/clamav:unstable_base) to try the latest from our development branch.
Please, be kind when using 'free' bandwidth, both for the virus databases but also the Docker registry. Try not to download the entire database set or the larger ClamAV database images on a regular basis.
For more details, see the ClamAV Docker documentation.
Special thanks to Olliver Schinagl for his excellent work creating ClamAV's new Docker files, image database deployment tooling, and user documentation.
clamd and freshclam are now available as Windows services. To install and run them, use the --install-service option and net start [name] command.
Special thanks to Gianluigi Tiesi for his original work on this feature.

Notable changes:

The following was added in 0.103.1 and is repeated here for awareness, as patch versions do not generally introduce new options:

Added a new scan option to alert on broken media (graphics) file formats. This feature mitigates the risk of malformed media files intended to exploit vulnerabilities in other software. At present, media validation exists for JPEG, TIFF, PNG and GIF files. To enable this feature, set AlertBrokenMedia yes in clamd.conf, or use the --alert-broken-media option when using clamscan. These options are disabled by default in this patch release but may be enabled in a subsequent release. Application developers may enable this scan option by enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field.
Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing behavior. BMP and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG 2000 format checking capabilities.
Added progress callbacks to libclamav for:
database load: cl_engine_set_clcb_sigload_progress()
engine compile: cl_engine_set_clcb_engine_compile_progress()
engine free: cl_engine_set_clcb_engine_free_progress()
These new callbacks enable an application to monitor and estimate load, compile, and unload progress. See clamav.h for API details.

Added progress bars to ClamScan for the signature load and engine compile steps before a scan begins. The start-up progress bars won't be enabled if ClamScan isn't running in a terminal (i.e. stdout is not a TTY), or if any of these options are used:

--debug
--quiet
--infected
--no-summary

Other improvements:

Added the %f format string option to the ClamD VirusEvent feature to insert the file path of the scan target when a virus-event occurs. This supplements the VirusEvent %v option which prints the signature (virus) name. The ClamD VirusEvent feature also provides two environment variables, $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEVENT_VIRUSNAME for a similar effect. Patch courtesy of Vasile Papp.
Improvements to the AutoIt extraction module. Patch courtesy of cw2k.
Added support for extracting images from Excel *.xls (OLE2) documents.
Trusted SHA256-based Authenticode hashes can now be loaded in from *.cat files. For more information, visit our Authenticode documentation about using *.cat files with *.crb rules to trust signed Windows executables.

Bug fixes:

Fixed a memory leak affecting logical signatures that use the "byte compare" feature. Patch courtesy of Andrea De Pasquale.
Fixed bytecode match evaluation for PDF bytecode hooks in PDF file scans.
Other minor bug fixes.

[close]

http://www.clamav.net

Titel: ClamAV 0.104.1
Beitrag von: SiLæncer am 04 November, 2021, 11:00

Changelog

FreshClam:

Add a 24-hour cool-down for FreshClam clients that have received an HTTP 403 (Forbidden) response from the CDN. This is to reduce the volume of 403-response data served to blocked FreshClam clients that are configured with a tight update-loop.
Fixed a bug where FreshClam treats an empty CDIFF as an incremental update failure instead of as an intentional request to download the whole CVD.
ClamDScan: Fix a scan error when broken symlinks are encountered on macOS with "FollowDirectorySymlinks" and "FollowFileSymlinks" options disabled.
Overhauled the scan recursion / nested archive extraction logic and added new limits on embedded file-type recognition performed during the "raw" scan of each file. This limits embedded file-type misidentification and prevents detecting embedded file content that is found/extracted and scanned at other layers in the scanning process.
Fix an issue with the FMap module that failed to read from some nested files.
Fixed an issue where failing to load some rules from a Yara file containing multiple rules may cause a crash.
Fixed assorted compiler warnings.
Fixed assorted Coverity static code analysis issues.

Scan limits:

Added virus-name suffixes to the alerts that trigger when a scan limit has been exceeded. Rather than simply Heuristics.Limits.Exceeded, you may now see limit-specific virus-names, to include:
Heuristics.Limits.Exceeded.MaxFileSize
Heuristics.Limits.Exceeded.MaxScanSize
Heuristics.Limits.Exceeded.MaxFiles
Heuristics.Limits.Exceeded.MaxRecursion
Heuristics.Limits.Exceeded.MaxScanTime

Renamed the Heuristics.Email.ExceedsMax.* alerts to align with the other limit alerts names. These alerts include:

Heuristics.Limits.Exceeded.EmailLineFoldcnt
Heuristics.Limits.Exceeded.EmailHeaderBytes
Heuristics.Limits.Exceeded.EmailHeaders
Heuristics.Limits.Exceeded.EmailMIMEPartsPerMessage
Heuristics.Limits.Exceeded.EmailMIMEArguments
Fixed an issue where the Email-related scan limits would alert even when the "AlertExceedsMax" (--alert-exceeds-max) scan option is not enabled.
Fixes an issue in the Zip parser where exceeding the "MaxFiles" limit or the "MaxFileSize" limit would abort the scan but would fail to alert. The Zip scan limit issues were independently identified and reported by Aaron Leliaert and Max Allan.
Fixed a leak in the Email parser when using the --gen-json scan option.
Fixed an issue where a failure to record metadata in the Email parser when using the --gen-json scan option could cause the Email parser to abort the scan early and fail to extract and scan additional content.
Fixed a file name memory leak in the Zip parser.
Fixed an issue where certain signature patterns may cause a crash or cause unintended matches on some systems when converting characters to uppercase if a UTF-8 unicode single-byte grapheme becomes a multi-byte grapheme. Patch courtesy of Andrea De Pasquale.

CMake:

Fix a packaging issue with the Windows *.msi installer so that it will include all of the required files.
Add support for developer code-signing on macOS during the build.
Fix an issue finding and linking with the tinfo library on systems where tinfo is separate from ncurses. Patch courtesy of Luca Barbato.
Tests: Improved the Freshclam incremental update tests to verify correct behavior when a zero-byte CDIFF is downloaded and the CVD served to FreshClam is older than advertised.
Docker: Remove the freshclam.dat file when building the Docker image with the databases-included so FreshClam agents running in the container will have a unique ID in the HTTP User-Agent.

[close]

http://www.clamav.net

Titel: ClamAV 0.104.2
Beitrag von: SiLæncer am 12 Januar, 2022, 21:00

Changelog

ClamAV 0.104.2 is a critical patch release with the following fixes:

- [CVE-2022-20698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698):
Fix for invalid pointer read that may cause a crash.
Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and
the `CL_SCAN_GENERAL_COLLECT_METADATA` scan option (the `clamscan --gen-json`
option) is enabled.

Cisco would like to thank Laurent Delosieres of ManoMano for reporting this
vulnerability.

- Fixed ability to disable the file size limit with libclamav C API, like this:
```c
cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);
```
This issue didn't impact ClamD or ClamScan which also can disable the limit by
setting it to zero using `MaxFileSize 0` in `clamd.conf` for ClamD, or
`clamscan --max-filesize=0` for ClamScan.

Note: Internally, the max file size is still set to 2 GiB. Disabling the limit
for a scan will fall back on the internal 2 GiB limitation.

- Increased the maximum line length for ClamAV config files from 512 bytes to
1024 bytes to allow for longer config option strings.

[close]

http://www.clamav.net

Titel: ClamAV 0.105.0 RC
Beitrag von: SiLæncer am 14 März, 2022, 22:00

Changelog

ClamAV 0.105.0 includes the following improvements and changes.

New Requirements

Starting with ClamAV v0.105, the Rust toolchain is required to compile ClamAV.

You can install the Rust toolchain for your development environment by following the instructions on the rustup website. Some binary package distributions do provide relatively up-to-date packages of the Rust toolchain, but many do not. Using rustup ensures that you have the most up-to-date Rust compiler at the time of installation. Keep your toolchain updated for new features and bug/security fixes by periodically executing:

rustup update

Building ClamAV requires, at a minimum, Rust compiler version 1.56, as it relies on features introduced in the Rust 2021 Edition.

ClamAV's third-party Rust library dependencies are vendored into the release tarball ( clamav-<version>.tar.gz) file that we publish on clamav.net/downloads . But, if you build from a Git clone or from an unofficial tarball taken from GitHub.com, you will need the internet to download the Rust libraries during the build.

Major changes

Increased the default limits for file-size and scan-size:
MaxScanSize: 100M -> 400M
MaxFileSize: 25M -> 100M
StreamMaxLength: 25M -> 100M
PCREMaxFileSize: 25M -> 100M
MaxEmbeddedPE: 10M -> 40M
MaxHTMLNormalize: 10M -> 40M
MaxScriptNormalize: 5M -> 20M
MaxHTMLNoTags: 2M -> 8M

Added image fuzzy hash subsignatures for logical signatures.

Image fuzzy hash subsignatures are a new feature for detecting images known to be used in phishing campaigns or otherwise used when distributing malware.

Image fuzzy hash subsignatures follow this format:

fuzzy_img#<hash>

For example:

logo.png;Engine:150-255,Target:0;0;fuzzy_img#af2ad01ed42993c7
logo.png-2;Engine:150-255,Target:0;0&1;49484452;fuzzy_img#af2ad01ed42993c7

This initial implementation does not support matching with a hamming distance. Support for matching with a hamming distance may be added in a future release.

ClamAV's image fuzzy hash is very close to, but not 100% identical to, the fuzzy hash generated by the Python imagehash package's phash() function. Note that these are only clean-room approximations of the pHash ™? algorithm. ClamAV's image fuzzy hashes are not expected to match the fuzzy hashes generated using other tools. Some images may match, while others do not.

To generate the image fuzzy hash you can run this command:

clamscan --gen-json --debug /path/to/file

The hash will appear in the JSON above the "SCAN SUMMARY" under the object named "ImageFuzzyHash".

ClamScan & ClamDScan (Windows-only):

Added a process memory scanning feature from ClamWin's ClamScan.

This adds three new options to ClamScan and ClamDScan on Windows:

--memory
--kill
--unload

Special thanks to:
Gianluigi Tiesi for allowing us to integrate the Windows process memory scanning feature from ClamWin into the ClamAV.
Grace Kang for integrating the ClamScan feature, and for extending it to work with ClamDScan in addition.

Notable changes

Updated the LLVM bytecode runtime support so that it can use LLVM versions 8 through 12 and removed support for earlier LLVM versions. Using LLVM JIT for the bytecode runtime may improve scan performance over the built-in bytecode interpreter runtime, which is the default. If you wish to build using LLVM, you must obtain a complete build of the LLVM libraries including the devopment headers and static libraries.

There are some known issues both compiling and running the test suite with some LLVM installations. We are working to further stabilize LLVM bytecode runtime support, and document specific edge cases. Your feedback is welcome.

For details about building ClamAV with the LLVM bytecode runtime, see the install reference documentation .

Added a GenerateMetadataJson option to ClamD. The functionality is equivalent to the clamscan --gen-json option. Scan metadata is useful for file analysis and for debugging scan behavior. If Debug is enabled, ClamD will print out the JSON after each scan. If LeaveTemporaryFiles is enabled, ClamD will drop a metadata.json file in the scan-temp directory. You can customize the scan-temp directory path using the TemporaryDirectoryoption.

The libclamunrar.so library's SO version now matches that of libclamav.so. The upstream UnRAR library does not have an SO version that we should match. This change is to prevent a possible collision when multiple ClamAV versions are installed.

CMake: Added support for using an external TomsFastMath library (libtfm).

To use an external TomsFastMath library, configure the build with the new option -D ENABLE_EXTERNAL_TOMSFASTMATH=ON. The following CMake variables may also be set as needed:

-D TomsFastMath_INCLUDE_DIR=<path> - The directory containing tfm.h.
-D TomsFastMath_LIBRARY=<path> - The path to the TomsFastMath library.

Also updated the vendored TomsFastMath code to version 0.13.1.

Other improvements

Freshclam:

Improve ReceiveTimeout behavior so that will abort a download attempt if the download is not making significant progress. Previously this limit was an absolute time limit for the download and could abort prematurely for those on a slower connection. Special thanks to Simon Arlott for this improvement.

Rewrote the ClamAV database archive incremental-update feature (CDIFF) from scratch in Rust. The new implementation was our first module to be rewritten in Rust. It is significantly faster at applying updates that remove large numbers of signatures from a database, such as when migrating signatures from daily.cvd to main.cvd.

Freshclam & ClamD:

Increased the maximum line-length for freshclam.conf and clamd.conf from 512-characters to 1024-characters. This change was by request to accommodate very long DatabaseMirror options when using access tokens in the URI.

Removed the Heuristics.PNG.CVE-2010-1205 detection. This alert had been placed behind the --alert-broken-media( SCAN_HEURISTIC_BROKEN_MEDIA) option in 0.103.3 and 0.104 because of excessive alerts on slightly malformed but non- malicious files. Now it is completely removed.

Added support for building ClamDTop using ncursesw if ncurses can not be found. Patch courtesy of Carlos Velasco.

Bug fixes

ClamOnAcc: Fixed a number of assorted stability issues and added niceties for debugging ClamOnAcc. Patches courtesy of Frank Fegert.

Fixed an issue causing byte-compare subsignatures to cause an alert when they match even if other conditions of the given logical signatures were not met.

Fixed an issue causing XLM macro false positives when scanning XLS documents containing images if the --alert-macros( AlertOLE2Macros) option was enabled.

Fixed an issue preventing multiple matches when scanning in all-match mode.

Docker:

Fixed an issue exposing the health check port. Patch courtesy of Sammy Chu.
Fixed an issue with health check failure false positives during container startup. Patch courtesy of Olliver Schinagl.
Set the default time zone to Etc/UTC. The --env parameter can be used to customize the time zone by setting TZ environment variable. Patch courtesy of Olliver Schinagl.

Added support for detecting the curses library dependency even when the associated pkg-config file is not present. This resolves a build issue on some BSD distributions. Patch courtesy of Stuart Henderson.

Assorted bug fixes and improvements.

[close]

http://www.clamav.net

Titel: ClamAV 0.105.0 Final
Beitrag von: SiLæncer am 04 Mai, 2022, 19:00

Changelog

New Requirements

Starting with ClamAV v0.105, the Rust toolchain is required to compile ClamAV.

You can install the Rust toolchain for your development environment by following the instructions on the rustup website. Some binary package distributions do provide relatively up-to-date packages of the Rust toolchain, but many do not. Using rustup ensures that you have the most up-to-date Rust compiler at the time of installation. Keep your toolchain updated for new features and bug/security fixes by periodically executing:

rustup update

Building ClamAV requires, at a minimum, Rust compiler version 1.56, as it relies on features introduced in the Rust 2021 Edition.

ClamAV's third-party Rust library dependencies are vendored into the release tarball (clamav-<version>.tar.gz) file that we publish on clamav.net/downloads. But, if you build from a Git clone or from an unofficial tarball taken from GitHub.com, you will need the internet to download the Rust libraries during the build.

Major changes

Increased the default limits for file and scan size:
MaxScanSize: 100M to 400M
MaxFileSize: 25M to 100M
StreamMaxLength: 25M to 100M
PCREMaxFileSize: 25M to 100M
MaxEmbeddedPE: 10M to 40M
MaxHTMLNormalize: 10M to 40M
MaxScriptNormalize: 5M to 20M
MaxHTMLNoTags: 2M to 8M

Added image fuzzy hash subsignatures for logical signatures.

Image fuzzy hash subsignatures are a new feature for detecting images known to be used in phishing campaigns or otherwise used when distributing malware.

Image fuzzy hash subsignatures follow this format:

fuzzy_img#<hash>

For example:

logo.png;Engine:150-255,Target:0;0;fuzzy_img#af2ad01ed42993c7
logo.png-2;Engine:150-255,Target:0;0&1;49484452;fuzzy_img#af2ad01ed42993c7

This initial implementation does not support matching with a hamming distance, but it may be added in the future.

ClamAV's image fuzzy hash is very close to, but not identical to, the fuzzy hash generated by the Python imagehash package's phash() function. These are only clean-room approximations of the pHash™? algorithm. ClamAV's image fuzzy hashes are not expected to match the fuzzy hashes generated using other tools.

To generate the image fuzzy hash, run this command:

sigtool --fuzzy-img FILE(S)

Or, you may generate it through clamscan like:

clamscan --gen-json --debug /path/to/file

The hash will appear in the JSON above the "SCAN SUMMARY" under the object named "ImageFuzzyHash".

ClamScan and ClamDScan (Windows only):

Added a process memory scanning feature from ClamWin's ClamScan.

This adds three new options to ClamScan and ClamDScan on Windows:
--memory
--kill
--unload

Special thanks to:
Gianluigi Tiesi for allowing us to integrate the Windows process memory scanning feature from ClamWin into ClamAV.
Grace Kang for integrating the ClamScan feature, and for extending it to work with ClamDScan in addition.

Notable changes

Updated the LLVM bytecode runtime support so that it can use LLVM versions 8 through 12 and removed support for earlier LLVM versions. Using LLVM JIT for the bytecode runtime may improve scan performance over the built-in bytecode interpreter runtime, which is the default. If you wish to build using LLVM, you must obtain a complete build of the LLVM libraries including the development headers and static libraries.

There are some known issues in compiling and running the test suite with some LLVM installations. We are working to further stabilize LLVM bytecode runtime support, and document specific edge cases. Your feedback is welcome.

For details about building ClamAV with the LLVM bytecode runtime, see the install reference documentation.

Added a GenerateMetadataJson option to ClamD. The functionality is equivalent to the clamscan --gen-json option. Scan metadata is useful for file analysis and for debugging scan behavior. If Debug is enabled, ClamD will print out the JSON after each scan. If LeaveTemporaryFiles is enabled, ClamD will drop a metadata.json file in the scan-temp directory. You can customize the scan-temp directory path using the TemporaryDirectory option.

The libclamunrar.so library's SO version now matches that of libclamav.so. The upstream UnRAR library does not have an SO version that we should match. This change is to prevent a possible collision when multiple ClamAV versions are installed.

CMake: Added support for using an external TomsFastMath library (libtfm).

To use an external TomsFastMath library, configure the build with the new option -D ENABLE_EXTERNAL_TOMSFASTMATH=ON. The following CMake variables may also be set as needed:
-D TomsFastMath_INCLUDE_DIR=<path> - The directory containing tfm.h.
-D TomsFastMath_LIBRARY=<path> - The path to the TomsFastMath library.

Also updated the vendored TomsFastMath code to version 0.13.1.

Other improvements

Freshclam:
Improve ReceiveTimeout behavior so that will abort a download attempt if the download is not making significant progress. Previously this limit was an absolute time limit for the download and could abort prematurely for those on a slower connection. Special thanks to Simon Arlott for this improvement.

Rewrote the ClamAV database archive incremental-update feature (CDIFF) from scratch in Rust. The new implementation was our first module to be rewritten in Rust. It is significantly faster at applying updates that remove large numbers of signatures from a database, such as when migrating signatures from daily.cvd to main.cvd.

Freshclam & ClamD:
Increased the maximum line-length for freshclam.conf and clamd.conf from 512-characters to 1024-characters. This change was by request to accommodate very long DatabaseMirror options when using access tokens in the URI.

Removed the Heuristics.PNG.CVE-2010-1205 detection. This alert had been placed behind the --alert-broken-media (SCAN_HEURISTIC_BROKEN_MEDIA) option in 0.103.3 and 0.104 because of excessive alerts on slightly malformed but non- malicious files. Now it is completely removed.

Added support for building ClamDTop using ncursesw if ncurses can not be found. Patch courtesy of Carlos Velasco.

Bug fixes

The CVE's fixes below are also addressed in versions 0.104.3 and 0.103.6.

CVE-2022-20803: Fixed a possible double-free vulnerability in the OLE2 file parser. Issue affects versions 0.104.0 through 0.104.2. Issue identified by OSS-Fuzz.

CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Micha? Dardas for reporting this issue.

CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check. Issue affects versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2. Thank you to Alexander Patrakov and Antoine Gatineau for reporting this issue.

CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. The issue only occurs if the "--alert-broken-media" ClamScan option is enabled. For ClamD, the affected option is "AlertBrokenMedia yes", and for libclamav it is the "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. Thank you to Micha? Dardas for reporting this issue.

CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Micha? Dardas for reporting this issue.

CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module. The fix was to update the vendored regex library to the latest version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Micha? Dardas for reporting this issue.

ClamOnAcc: Fixed a number of assorted stability issues and added niceties for debugging ClamOnAcc. Patches courtesy of Frank Fegert.

Fixed an issue causing byte-compare subsignatures to cause an alert when they match even if other conditions of the given logical signatures were not met.

Fixed an issue causing XLM macro false positives when scanning XLS documents containing images if the --alert-macros (AlertOLE2Macros) option was enabled.

Fixed an issue causing signature alerts for images in XLS files to be lost.

Fixed an issue preventing multiple matches when scanning in all-match mode.

Docker:
Fixed an issue exposing the health check port. Patch courtesy of Sammy Chu.
Fixed an issue with health check failure false positives during container startup. Patch courtesy of Olliver Schinagl.
Set the default time zone to Etc/UTC. The --env parameter can be used to customize the time zone by setting TZ environment variable. Patch courtesy of Olliver Schinagl.
Fixed an issue where ClamD would listen only for IPv4 connections in environments where IPv6 is preferred. ClamD will now listen to all addresses available (IPv4 and IPv6). This is the default behavior of ClamD. Patch courtesy of Andre Breiler.

Enable support for ncursesw, the wide-character / unicode version of ncurses.

Added support for detecting the curses library dependency even when the associated pkg-config file is not present. This resolves a build issue on some BSD distributions. Patch courtesy of Stuart Henderson.

Windows: Fix utf8 filepath issues affecting both scanning and log messages.

Assorted bug fixes and improvements.

[close]

http://www.clamav.net

Titel: ClamAV 0.105.1
Beitrag von: SiLæncer am 27 Juli, 2022, 11:00

Changelog

- Upgrade the vendored UnRAR library to version 6.1.7.
- Fix issue building macOS universal binaries in some configurations.
- Silence error message when the logical signature maximum functionality level
is lower than the current functionality level.
- Fix scan error when scanning files containing malformed images that cannot be
loaded to calculate an image fuzzy hash.
- Fix logical signature "Intermediates" feature.
- Relax constraints on slightly malformed zip archives that contain overlapping
file entries.

[close]

http://www.clamav.net

Titel: ClamAV 1.0.0 RC
Beitrag von: SiLæncer am 26 Oktober, 2022, 21:00

Changelog

### Major changes

- Support for decrypting read-only OLE2-based XLS files that are encrypted with
the default "VelvetSweatshop" password.
Use of the VelvetSweatshop password will now appear in the metadata JSON.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/700

- Overhauled the implementation of the all-match feature. The newer code is more
reliable and easier to maintain.
- This project fixed several known issues with signature detection in all-
match mode:
- Enabled embedded file-type-recognition-signatures to match when a malware
signature also matched in a scan of the same layer.
- Enabled bytecode signatures to run in all-match mode after a match has
occurred.
- Fixed an assortment of all-match edge case issues:
- Added multiple test cases to verify correct all-match behavior.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/687

- Added a new callback to the public API for inspecting file content during a
scan at each layer of archive extraction.
- The new callback function type is `clcb_file_inspection` defined in
`clamav.h`.
- The function `cl_engine_set_clcb_file_inspection()` may be used to enable
the callback prior to performing a scan.
- This new callback is to be considered *unstable* for the 1.0 release.
We may alter this function in a subsequent feature version.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/170

- Added a new function to the public API for unpacking CVD signature archives.
- The new function is `cl_cvdunpack()`. The last parameter for the function
may be set to verify if a CVD's signature is valid before unpacking the CVD
content to the destination directory.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/690

### Other improvements

- Add checks to limit PDF object extraction recursion.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/629

- Increased the limit for memory allocations based on untrusted input and
altered the warning message when the limit is exceeded so that it is more
helpful and less dramatic.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/723

- Dramatically improved the build time of libclamav-Rust unit tests.
The unit test build is included in the time limit for the test itself and was
timing out on slower systems. The ClamAV Rust code modules now share the same
build directory, which also reduces the amount of disk space used for the
build.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/694

- Windows: The debugging symbol (PDB) files are now installed alongside the DLL
- and LIB library files when built in "RelWithDebInfo" or "Debug" mode.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/669

- Relaxed the constraints on the check for overlapping ZIP file entries so as
not to alert on slightly malformed, but non-malicious, Java (JAR) archives.
- Talos escalations issues:
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/561

- Increased the time limit in FreshClam before warning if the DNS entry is
stale. In combination with changes to update the DNS entry more
frequently, this should prevent false alarms of failures in the database
publication system.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/597

- Docker: The C library header files are now included in the Docker image.
Patch courtesy of GitHub user TerminalFi.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/693

- Show the BYTECODE_RUNTIME build options when using the `ccmake` GUI for CMake.
Patch courtesy of ????? ????????.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/678

- Added explicit minimum and maximum supported LLVM versions so that the build
will fail if you try to build with the version that is too old or too new and
will print a helpful message rather than simply failing to compile because of
compatibility issues. Patch courtesy of Matt Jolly.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/692

### Bug fixes

- Assorted code quality fixes. These are not security issues and will not be
backported to prior feature versions:
- Several heap buffer overflows while loading PDB and WDB databases were found
by OSS-Fuzz and by Micha? Dardas.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/530
- Follow-up Optimization: https://github.com/Cisco-Talos/clamav/pull/712

- oss-fuzz 43843: heap buffer overflow read (1) cli_sigopts_handler
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/560

- oss-fuzz 44849: heap buffer overflow read (4) in HTML/js-norm
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/503

- oss-fuzz 43816: heap buffer overflow read (8) in cli_bcomp_freemeta
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/583

- oss-fuzz 43832: heap buffer overflow read (2) in cli_parse_add
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/611

- oss-fuzz 44493: integer overflow in cli_scannulsft
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/554

- CIFuzz leak detected in IDB parser
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/547

- oss-fuzz assorted signature parser leaks
- GitHub pull requests:
- https://github.com/Cisco-Talos/clamav/pull/532
- https://github.com/Cisco-Talos/clamav/pull/533
- https://github.com/Cisco-Talos/clamav/pull/535

- oss-fuzz 40601: leak detected in pdf_parseobj
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/553

- Fixed a build failure when using LIBCLAMAV_ONLY mode with tests enabled.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/714

- Fixed an issue verifying EXE/DLL authenticode signatures to determine a given
file can be trusted (skipped).
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/727

- Fixed a caching bug relating to the Container and Intermediates logical
signature condition.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/724

- Fixed a build issues when build with RAR disabled or when building with an
external libmspack library rather than the vendored library.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/672

- Fixed the capitalization of the `-W` option for `clamonacc` in the `clamonacc`
manpage. Patch courtesy of GitHub user monkz.
- GitHub pull requests:
- https://github.com/Cisco-Talos/clamav/pull/709
- https://github.com/Cisco-Talos/clamav/pull/710

- macOS: Fixed an issue with memory-map (`mmap`) system call detection affecting
versions 0.105 and 0.104. Memory maps may be used in ClamAV to improve
signature load performance, scan performance, and RAM usage.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/705

- Fixed a performance issue with Rust code when the build type is not explicitly
set to "Release" or "RelWithDebInfo". The Rust default build type is now
"RelWithDebInfo" just like the C code, instead of Debug.
This means it is now optimized by default.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/701

- Fixed an issue loading Yara rules containing regex strings with an escaped
forward-slash (`\/`) followed by a colon (`:`).
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/696

- Fixed an issue detecting and scanning ZIP file entries appended to very small
files. The fix is part of the all-match feature overhaul.

- Fixed a detection issue with EXE/DLL import-address-table hash signatures that
specify a wildcard (`*`) for the size field. The fix is part of the all-match
feature overhaul.

- Fix the default bytecode timeout value listed in the manpages and in the
sample config files. Patches courtesy of Liam Jarvis and Ben Bodenmiller.
- GitHub pull requests:
- https://github.com/Cisco-Talos/clamav/pull/631
- https://github.com/Cisco-Talos/clamav/pull/661

- Fix issue building the libclamav_rust test program when running `ctest` if
building with `BYTECODE_RUNTIME=llvm` and when the `FindLLVM.cmake` module is
used to find the LLVM libraries. Patch courtesy of GitHub user teoberi.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/572

[close]

http://www.clamav.net

Titel: ClamAV 1.0.0 Final
Beitrag von: SiLæncer am 29 November, 2022, 19:00

Changelog

Major changes:

Support for decrypting read-only OLE2-based XLS files that are encrypted with the default password. Use of the default password will now appear in the metadata JSON.

Overhauled the implementation of the all-match feature. The newer code is more reliable and easier to maintain:

This project fixed several known issues with signature detection in all- match mode:

Enabled embedded file-type recognition signatures to match when a malware signature also matched in a scan of the same layer.
Enabled bytecode signatures to run in all-match mode after a match has occurred.
Fixed an assortment of all-match edge case issues.
Added multiple test cases to verify correct all-match behavior.
Added a new callback to the public API for inspecting file content during a scan at each layer of archive extraction:
The new callback function type is clcb_file_inspection defined in clamav.h.
The function cl_engine_set_clcb_file_inspection() may be used to enable the callback prior to performing a scan.
This new callback is to be considered unstable for the 1.0 release. We may alter this function in a subsequent feature version.
Added a new function to the public API for unpacking CVD signature archives:
The new function is cl_cvdunpack(). The last parameter for the function may be set to verify if a CVD's signature is valid before unpacking the CVD content to the destination directory.
The option to build with an external TomsFastMath library has been removed. ClamAV requires non-default build options for TomsFastMath to support bigger floating point numbers. Without this change, database and Windows EXE/DLL authenticode certificate validation may fail. The ENABLE_EXTERNAL_TOMSFASTMATH build is now ignored.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/742
Moved the Dockerfile and supporting scripts from the main ClamAV repository over to a new repository: https://github.com/Cisco-Talos/clamav-docker
The separate repository will make it easier to update the images and fix issues with images for released ClamAV versions.
Any users building the ClamAV Docker image rather than pulling them from Docker Hub will have to get the latest Docker files from the new location.
Increased the SONAME major version for libclamav because of ABI changes between the 0.103 LTS release and the 1.0 LTS release.

Other improvements:

Add checks to limit PDF object extraction recursion.
Increased the limit for memory allocations based on untrusted input and altered the warning message when the limit is exceeded so that it is more helpful and less dramatic.
Dramatically improved the build time of libclamav-Rust unit tests. The unit test build is included in the time limit for the test itself and was timing out on slower systems. The ClamAV Rust code modules now share the same build directory, which also reduces the amount of disk space used for the build.
For Windows: The debugging symbol (PDB) files are now installed alongside the DLL and LIB library files when built in "RelWithDebInfo" or "Debug" mode.
Relaxed the constraints on the check for overlapping ZIP file entries so as not to alert on slightly malformed, but non-malicious, Java (JAR) archives.
Increased the time limit in FreshClam before warning if the DNS entry is stale. In combination with changes to update the DNS entry more frequently, this should prevent false alarms of failures in the database publication system.
Docker: The C library header files are now included in the Docker image. Patch courtesy of GitHub user TerminalFi.
Show the BYTECODE_RUNTIME build options when using the ccmake GUI for CMake. Patch courtesy of ????? ????????.
Added explicit minimum and maximum supported LLVM versions so that the build will fail if you try to build with a version that is too old or too new and will print a helpful message rather than simply failing to compile because of compatibility issues. Patch courtesy of Matt Jolly.
Fixed compiler warnings that may turn into errors in Clang 16. Patch courtesy of Michael Orlitzky.
Allow building with a custom RPATH so that the executables may be moved after build in a development environment to a final installation directory.

Bug fixes:

Assorted code quality fixes. These are not security issues and will not be backported to prior feature versions:
Several heap buffer overflows while loading PDB and WDB databases were found by OSS-Fuzz and by Michal Dardas.
Follow-up Optimization: https://github.com/Cisco-Talos/clamav/pull/712
oss-fuzz 43843: heap buffer overflow read (1) cli_sigopts_handler
oss-fuzz 44849: heap buffer overflow read (4) in HTML/js-norm
oss-fuzz 43816: heap buffer overflow read (8) in cli_bcomp_freemeta
oss-fuzz 43832: heap buffer overflow read (2) in cli_parse_add
oss-fuzz 44493: integer overflow in cli_scannulsft
CIFuzz leak detected in IDB parser
oss-fuzz assorted signature parser leaks
oss-fuzz 40601: leak detected in pdf_parseobj
Fixed a build failure when using LIBCLAMAV_ONLY mode with tests enabled.
Fixed an issue verifying EXE/DLL authenticode signatures to determine a given file can be trusted (skipped).
Fixed a caching bug relating to the Container and Intermediates logical signature condition.
Fixed a build issue when build with RAR disabled or when building with an external libmspack library rather than the bundled library.
Fixed the capitalization of the -W option for clamonacc in the clamonacc manpage. Patch courtesy of GitHub user monkz.
Fixed a performance issue with Rust code when the build type is not explicitly set to "Release" or "RelWithDebInfo". The Rust default build type is now "RelWithDebInfo" just like the C code, instead of Debug. This means it is now optimized by default.
Fixed an issue loading Yara rules containing regex strings with an escaped forward-slash (/) followed by a colon (:).
Fixed an issue detecting and scanning ZIP file entries appended to very small files. The fix is part of the all-match feature overhaul.
Fixed a detection issue with EXE/DLL import-address-table hash signatures that specify a wildcard (*) for the size field. The fix is part of the all-match feature overhaul.
Fixed the default bytecode timeout value listed in the manpages and in the sample config files. Patches courtesy of Liam Jarvis and Ben Bodenmiller.
Fixed an issue building the libclamav_rust test program when running ctest if building with BYTECODE_RUNTIME=llvm and when the FindLLVM.cmake module is used to find the LLVM libraries. Patch courtesy of GitHub user teoberi.
Fixed an issue where scans sent to clamd with the all-match mode enabled caused all subsequent scans to also use all-match mode.
Fixed bug when starting clamonacc with the --log=FILE option that created randomly named files in the current directory.
Other assorted bug fixes.

[close]

http://www.clamav.net

Titel: ClamAV 1.0.1
Beitrag von: SiLæncer am 16 Februar, 2023, 20:00

Whats new:>>

ClamAV 1.0.1 is a critical patch release with the following fixes:

CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
Fix an allmatch detection issue with the preclass bytecode hook.
Update the vendored libmspack library to version 0.11alpha.

https://www.clamav.net

Titel: ClamAV 1.1.0
Beitrag von: SiLæncer am 02 Mai, 2023, 19:00

Changelog

ClamAV 1.1.0 includes the following improvements and changes:

### Major changes

- Added the ability to extract images embedded in HTML CSS `<style>` blocks.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/813

- Updated to Sigtool so that the `--vba` option will extract VBA code from
Microsoft Office documents the same way that libclamav extracts VBA.
This resolves several issues where Sigtool could not extract VBA.
Sigtool will also now display the normalized VBA code instead of the
pre-normalized VBA code.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/852

- Added a new ClamScan and ClamD option: `--fail-if-cvd-older-than=days`.
Additionally, we introduce `FailIfCvdOlderThan` as a `clamd.conf` synonym for
`--fail-if-cvd-older-than`. When passed, it causes ClamD to exit on startup
with a non-zero return code if the virus database is older than the specified
number of days.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/867

- Added a new function `cl_cvdgetage()` to the libclamav API.
This function will retrieve the age in seconds of the youngest file in a
database directory, or the age of a single CVD (or CLD) file.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/867

- Added a new function `cl_engine_set_clcb_vba()` to the libclamav API.
Use this function to set a `cb_vba` callback function.
The cb_vba callback function will be run whenever VBA is extracted from
office documents. The provided data will be a normalized copy of the
extracted VBA.
This callback was added to support Sigtool so that it can use the same VBA
extraction logic that ClamAV uses to scan documents.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/852

## Other improvements

- Removed the vendored TomsFastMath library in favor of using OpenSSL to
perform "big number"/multiprecision math operations.
Work courtesy of Sebastian Andrzej Siewior.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/840

- Build system: Added CMake option `DO_NOT_SET_RPATH` to avoid setting
`RPATH` on Unix systems.
Feature courtesy of Sebastian Andrzej Siewior.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/815

- Build system: Enabled version-scripts with CMake to limit symbol exports for
libclamav, libfreshclam, libclamunrar_iface, and libclamunrar shared
libraries on Unix systems, excluding macOS.
Improvement courtesy of Orion Poplawski and Sebastian Andrzej Siewior.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/776

- Build system: Enabled users to pass in custom Rust compiler flags using the
`RUSTFLAGS` CMake variable.
Feature courtesy of Orion Poplawski.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/835

- Removed a hard-coded alert for CVE-2004-0597.
The CVE is old enough that it is no longer a threat and the detection had
occasional false-positives.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/855

- Set Git attributes to prevent Git from altering line endings for Rust
vendored libraries. Third-party Rust libraries are bundled in the ClamAV
release tarball. We do not commit them to our own Git repository, but
community package maintainers may now store the tarball contents in Git.
The Rust build system verifies the library manifest, and this change
ensures that the hashes are correct.
Improvement courtesy of Nicolas R.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/800

- Fixed compile time warnings.
Improvement courtesy of R?zvan Cojocaru.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/795

- Added a minor optimization when matching domain name regex signatures for
PDB, WDB and CDB type signatures.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/837

- Build system: Enabled the ability to select a specific Python version.
When building, you may use the CMake option `-D PYTHON_FIND_VER=<version>`
to choose a specific Python version.
Feature courtesy of Matt Jolly.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/787

- Added improvements to the ClamOnAcc process log output so that it is
easier to diagnose bugs.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/822

- Windows: Enabled the MSI installer to upgrade between feature versions more
easily when ClamAV is installed to a location different from the default
(i.e., not `C:\Program Files\ClamAV`). This means that the MSI installer can
find a previous ClamAV 1.0.x installation to upgrade to ClamAV 1.1.0.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/872

- Sigtool: Added the ability to change the location of the temp directory
using the `--tempdir` option and added the ability to retain the temp files
created by Sigtool using the `--leave-temps` option.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/852

- Other minor improvements.

### Bug fixes

- Fixed the broken `ExcludePUA` / `--exclude-pua` feature.
Fix courtesy of Ged Haywood and Shawn Iverson.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/780

- Fixed an issue with integer endianness when parsing Windows executables on
big-endian systems.
Fix courtesy of Sebastian Andrzej Siewior.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/814

- Fixed a possible stack overflow read when parsing WDB signatures.
This issue is not a vulnerability.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/807

- Fixed a possible index out of bounds when loading CRB signatures.
This issue is not a vulnerability.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/810

- Fixed a possible use after free when reading logical signatures.
This issue is not a vulnerability.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/811

- Fixed a possible heap overflow read when reading PDB signatures.
This issue is not a vulnerability.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/812

- Fixed a possible heap overflow read in javascript normalizer module.
This issue is not a vulnerability.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/868

- Fixed two bugs that would cause Freshclam to fail update when applying a
CDIFF database patch if that patch adds a file to the database archive
or removes a file from the database archive.
This bug also caused Sigtool to fail to create such a patch.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/893

- Fixed an assortment of complaints identified by Coverity static analysis.
- GitHub pull requests:
- https://github.com/Cisco-Talos/clamav/pull/891
- https://github.com/Cisco-Talos/clamav/pull/899

- Fixed one of the Freshclam tests that was failing on some Fedora systems
due to a bug printing debug-level log messages to stdout.
Fix courtesy of Arjen de Korte.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/881

- Correctly remove temporary files generated by the VBA and XLM extraction
modules so that the files are not leaked in patched versions of ClamAV
where temporary files are written directly to the temp-directory instead
of writing to a unique subdirectory.
- GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/894

[close]

https://www.clamav.net

Titel: ClamAV 1.1.1
Beitrag von: SiLæncer am 16 August, 2023, 22:00

Changelog

Fixed a possible denial of service vulnerability in the HFS+ file parser. This issue affects versions 1.1.0, 1.0.1 through 1.0.0, 0.105.2 through 0.105.0, 0.104.4 through 0.104.0, and 0.103.8 through 0.103.0. Thank you to Steve Smith for reporting this issue.
Fixed a build issue when using the Rust nightly toolchain, which was affecting the oss-fuzz build environment used for regression tests.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/997
Fixed a build issue on Windows when using Rust version 1.70 or newer.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/994
CMake build system improvement to support compiling with OpenSSL 3.x on macOS with the Xcode toolchain. The official ClamAV installers and packages are now built with OpenSSL 3.1.1 or newer.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/972
Removed a warning message showing the HTTP response codes during the Freshclam database update process.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/939

[close]

https://www.clamav.net

Titel: ClamAV 1.2.0
Beitrag von: SiLæncer am 29 August, 2023, 08:00

Changelog

Major changes:

Added support for extracting Universal Disk Format (UDF) partitions.
Specifically, this version adds support for the Beginning Extended Area Descriptor (BEA01) type of UDF files.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/941
Added an option to customize the size of ClamAV's clean file cache.
Increasing the size of the clean file cache may improve scan performance but will require more RAM. The cache size value should be a square number or will be rounded up to the nearest square number.
The cache size option for clamd and clamscan is --cache-size. Alternatively, you can customize the cache size for ClamD by setting CacheSize in clamd.conf.
Patch courtesy of Craig Andrews.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/882
Introduced a SystemD timer for running Freshclam updates, without sending Freshclam into the background. This takes the "burden of timing the updates" from Freshclam and puts it onto SystemD. The timer can be activated, audited, and the logs inspected:
sudo systemctl enable --now clamav-freshclam-once.timer
sudo systemctl list-timers
sudo systemctl status clamav-freshclam-once.timer
sudo systemctl status clamav-freshclam-once.service
journalctl -u clamav-freshclam-once.service
If you want a different update interval you can edit the timer unit file:
sudo systemctl edit clamav-freshclam-once.timer
Patch courtesy of Nils Werner.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/962
Raised the MaxScanSize limit so the total amount of data scanned when scanning a file or archive may exceed 4 gigabytes.
Introduced the ability to suffix the MaxScanSize and other config file size options with a "G" or "g" for the number of gigabytes. For example, for ClamD you may now specify MaxScanSize 10G in clamd.conf. And for ClamScan, you may now specify --max-scansize=10g.
The MaxFileSize is still limited internally in ClamAV to 2 gigabytes. Any file, or embedded file, larger than 2GB will be skipped. You may use clamscan --alert-exceeds-max, or the clamd.conf option AlertExceedsMax yes to tell if a scan is not completed because of the scan limits.
Patch courtesy of matthias-fratz-bsz.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/945
Added ability for Freshclam to use a client certificate PEM file and a private key PEM file for authentication to a private mirror by setting the following environment variables:
FRESHCLAM_CLIENT_CERT: May be set to the path of a file (PEM) containing the client certificate.
FRESHCLAM_CLIENT_KEY: May be set to the path of a file (PEM) containing the client private key.
FRESHCLAM_CLIENT_KEY_PASSWD: May be set to a password for the client key PEM file, if it is password protected.
Patch courtesy of jedrzej.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/955

Other improvements:

Fix an issue extracting files from ISO9660 partitions where the files are listed in the plain ISO tree and there also exists an empty Joliet tree.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/938
CMake build system improvement to support compiling with OpenSSL 3.x on macOS with the Xcode toolchain.
The official ClamAV installers and packages are now built with OpenSSL 3.1.1 or newer.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/970

The suggested path for the clamd.pid and clamd.sock file in the sample configs have been updated to reflect the recommended locations for these files in the Docker images. These are:

/run/clamav/clamd.pid
/run/clamav/clamd.sock
For consistency, it now specifies clamd.sock instead of clamd.socket.
Patch courtesy of computersalat.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/931

Bug fixes:

Fixed an issue where ClamAV does not abort the signature load process after partially loading an invalid signature. The bug would later cause a crash when scanning certain files.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/934
Fixed a possible buffer over-read bug when unpacking PE files.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/927
Removed a warning message showing the HTTP response codes during the Freshclam database update process.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/935
Added missing command line options to the ClamD and ClamAV-Milter --help message and manpages.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/936
ClamOnAcc: Fixed error message when using --wait without --ping option. Patch courtesy of R?zvan Cojocaru.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/984

Fixed an assortment of code quality issues identified by Coverity:

GitHub pull requests:

https://github.com/Cisco-Talos/clamav/pull/989
https://github.com/Cisco-Talos/clamav/pull/998
Windows: Fixed a build issue with the CMake-Rust integration regarding detecting native static libraries that caused builds to fail with Rust version 1.70 and newer.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/992
Fixed a bounds check issue in the PDF parser that may result in a 1-byte buffer over read but does not cause a crash.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/988
Upgraded the bundled UnRAR library (libclamunrar) to version 6.2.10.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/1008
Fixed a compatibility issue with libjson-c version 0.17.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/1002

[close]

https://www.clamav.net

DVB-Cube <<< Das deutsche PC und DVB-Forum >>>

PC-Ecke => # Security Center => Software (PC-Sicherheit) => Thema gestartet von: SiLæncer am 18 November, 2006, 13:22