ClamAV 0.99.3 Released (January 25, 2018) This release fixes 7 critical vulnerabilities: Announcement Download ClamAV Version number adjustment January 25, 2018 http://blog.clamav.net/2018/01/clamav-version-number-adjustment.html
ClamAV 0.100.0 Released (April 9, 2018) Announcement Download Spoiler: Submissions / Changes Some of the more prominent submissions include: Interfaces to the Prelude SIEM open source package for collecting ClamAV virus events. Support for Visual Studio 2015 for Windows builds. Please note that we have deprecated support for Windows XP, and while Vista may still work, we no longer test ClamAV on Windows XP or Vista. Support libmspack internal code or as a shared object library. The internal library is the default and includes modifications to enable parsing of CAB files that do not entirely adhere to the CAB file format. Linking with OpenSSL 1.1.0. Deprecation of the AllowSupplementaryGroups parameter statement in clamd, clamav-milter, and freshclam. Use of supplementary is now in effect by default. Numerous bug fixes, typo corrections, and compiler warning fixes. Additionally, we have introduced important changes and new features in ClamAV 0.100, including but not limited to: Deprecating internal LLVM code support. The configure script has changed to search the system for an installed instance of the LLVM development libraries, and to otherwise use the bytecode interpreter for ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for executing bytecode signatures, please ensure that the LLVM development package at version 3.6 or lower is installed. Using the deprecated LLVM code is possible with the command: ./configure --with-system-llvm=no, but it no longer compiles on all platforms. Compute and check PE import table hash (a.k.a. "imphash") signatures. Support file property collection and analysis for MHTML files. Raw scanning of PostScript files. Fix clamsubmit to use the new virus and false positive submission web interface. Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when size limitations are exceeded. Improved decoders for PDF files. Reduced number of compile time warnings. Improved support for C++11. Improved detection of system installed libraries. Fixes to ClamAV's Container system and the introduction of Intermediates for more descriptive signatures. Improvements to clamd's On-Access scanning capabilities for Linux.
ClamAV 0.100.1 Released (July 9, 2018) Announcement Download Spoiler: Fixes Fixes for the following CVE's: CVE-2017-16932: Vulnerability in libxml2 dependency (affects ClamAV on Windows only). (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932) CVE-2018-0360: HWP integer overflow, infinite loop vulnerability. Reported by Secunia Research at Flexera. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0360) CVE-2018-0361: ClamAV PDF object length check, unreasonably long time to parse relatively small file. Reported by aCaB. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0361) Fixes for a few additional bugs: Buffer over-read in unRAR code due to missing max value checks in table initialization. Reported by Rui Reis. Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck. PDF parser bugs reported by Alex Gaynor. Buffer length checks when reading integers from non-NULL terminated strings. Buffer length tracking when reading strings from dictionary objects. HTTPS support for clamsubmit. Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only. Patch provided by Guilherme Benkenstein.
Ah... they finally got to .100. I wonder if they will ever get to a version 1.0? In any event, I have a huge system disk so I always keep the latest Clam Av on-board. Rarely installed, but ... on-board. Thanks for the updates, mood!
You're welcome It will take a very long time until they reach v1.0 2009 - ClamAV v0.95 2018 - ClamAV v0.100.1 ...
ClamAV 0.101.0 Released (December 3, 2018) Announcement Download Spoiler: Changes / Improvements Highlighted Changes: Our user manual has been converted from latex/pdf/html into Markdown! Markdown is easier to read & edit than latex, and is easier to contribute to as it eliminates the need to generate documents (the PDF, HTML). The user manual is now shipped in:docs/UserManual[.md]. However, the most up to date version at any time will be on ClamAV.net (This is not live right now, but will be shortly) Support for RAR v5 archive extraction! We replaced the legacy C-based unrar implementation with RarLabs UnRAR 5.6.5 library. Licensing is the same as before, although our libclamunrar_ifacesupporting library has changed from LGPL to the BSD 3-Clause license. Libclamav API changes: The following scanning functions now require a filename argument. This will enable ClamAV to report more details warning and error information in the future, and will also allow for more sensible temp file names. The filename argument may be NULL if a filename is not available. cl_scandesc cl_scandesc_callback cl_scanmap_callback Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. This change enabled us to add new scanning options requested by the community. In addition, the name of each scan option has changed a little. As a result, the API changes will require libclamav users to modify how they initialize and pass scan options into calls such as cl_scandesc() . For details: example code documentation With our move to openssl versions >1.0.1, the cl_cleanup_crypto() function has been deprecated. This is because cleanup of open-ssl init functions is now handled by an auto-deinit procedure within the openssl library, meaning the call to EVP_cleanup() may cause problems to processes external to Clam. CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE CL_SCAN_HEURISTIC_ENCRYPTED_DOC clamd.conf and command line interface (CLI) changes: As in 0.100.2, the clamd.conf OnAccessExtraScanning has been temporarily disabled in order to prevent resource cleanup issues from impacting clamd stability. As noted below, OnAccessExtraScanning is an opt-in minor feature of on-access scanning on Linux systems and its loss does not significantly impact the effectiveness of on-access scanning. The option still exists, but the feature will not be enabled and a warning will show if LogVerbose is enabled. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 "Heuristic Alerts" (aka "Algorithmic Detection") options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. In addition, two new scan options were added to alert specifically on encrypted archives or encrypted docs. Previous functionality did both, even though it claimed to be specific to archives: Scan option details: [...] Some more subtle improvements: Logical signatures have been extended with a new sub-signature type which allows for numerical byte sequence comparison. For those familiar with Snort, this byte comparison feature works similarly to the byte_extract and byte_test feature, in that it allows signature writers to extract and compare a specified number of bytes (offset from a match) against another numeric value. You can read more about this feature, see how it works, and look over examples in our documentation. Backwards compatibility improvements for detecting the OpenSSL dependency. Freshclam updated to match exit codes defined in the freshclam.1 man page. Upgrade from libmspack 0.5alpha to libmspack 0.7.1alpha. As a reminder, we support system-installed versions of libmspack. However, at this time the ClamAV-provided version of libmspack provides additional abilities to parse broken or non-standard CAB files beyond what the stock libmspack 0.7.1alpha provides. We are working with the upstream project to incorporate our modifications, and hopefully these changes will appear in a future release of libmspack. Updated the bundled 3rd party library libxml2 included for Windows builds to version 2.9.8. Updated the bundled 3rd party library pcre included for Windows builds to pcre2 version 10.31. Upgraded Aspack PE unpacking capability with support up to version 2.42. Improvements to PDF parsing capability. Replaced the Windows installer with a new installer built using InnoSetup 5. Improved curl-config detection logic GitHub pull-request by Thomas Petazzoni. Added file type CL_TYPE_LNK to more easily identify Windows Shortcut files when writing signatures. Improved parsing of Windows executable (PE) Authenticode signatures. Pull request by Andrew Williams. Added support for Authenticode signature properties commonly used by Windows system files. These files are now much more likely to be whitelisted correctly. Signature parsing now works correctly on big endian systems. Some simplification to freshclam mirror management code, including changes to reduce timeout on ignoring mirrors after errors, and to make freshclam more tolerant when there is a delay between the time the new signature database content is announced and the time that the content-delivery-network has the content available for download. Email MIME Header parsing changes to accept argument values with unbalanced quotes. Improvement should improve detection of attachments on malformed emails. GitHub pull request by monnerat. Included the config filename when reporting errors parsing ClamAV configs. GitHub pull request by Josh Soref. Improvement to build scripts for clamav-milter. GitHub pull request by Renato Botelho. Other changes: Removed option handler for AllowSupplementaryGroups from libfreshclam. This option was previously deprecated from freshclam in ClamAV 0.100.0 but remained in libfreshclam by mistake. In older versions of pcre2 and in pcre, a higher PCRERecMatchLimit may cause clamd to crash on select files. We have lowered the default PCRERecMatchLimit to 2000 to reduce the likelihood of a crash and have added warnings to recommend using pcre2 v10.30 or higher to eliminate the issue.
LOL. I was just gonna say. I believe unless ClamAV gets a big sponsor like Canonical etc. It'll never get to a final edition but always a beta or alpha.
ClamAV 0.101.2 / 0.100.3 Released (March 26, 2019) Announcement Download Spoiler: Changes 0.101.2 - Fixes for the following vulnerabilities affecting 0.101.1 and prior: - CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. - CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. - CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. - Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only: - CVE-2019-1786: An out-of-bounds heap read condition may occur when scanning malformed PDF documents as a result of improper bounds-checking. - CVE-2019-1785: A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. Issue reported by aCaB. - CVE-2019-1798: A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives. Issue reported by David L. - Fixes for the following assorted bugs: - Added checks to prevent shifts from causing undefined behavior in HTML normalizer, UPX unpacker, ARJ extractor, CPIO extractor, OLE2 parser, LZW decompressor used in the PDF parser, Xz decompressor, and UTF-16 to ASCII transcoder. - Added checks to prevent integer overflow in UPX unpacker. - Fix for minor memory leak in OLE2 parser. - Fix to speed up PDF parser when handling truncated (or malformed) PDFs. - Fix for memory leak in ARJ decoder failure condition. - Fix for potential memory and file descriptor leak in HTML normalization code. - Removed use of problematic feature that converted file descriptors to file paths. The feature was intended to improve performance when scanning file types, notably RAR archives, for which the API requires a file path. This feature caused issues in environments where the ClamAV engine is run in a low-permissions or sandboxed process. RAR archives are still supported with this change, but performance may suffer slightly if the file path is not provided in calls to `cl_scandesc_callback()`. - Added filename and tempfile names to scandesc calls in clamd. - Added general scan option `CL_SCAN_GENERAL_UNPRIVILEGED` to treat the scan engine as unprivileged, meaning that the scan engine will not have read access to the file. Provided file paths are for logging purposes only. - Added ability to create a temp file when scanning RAR archives when the process does not have read access to the file path provided (i.e. unprivileged is set, or an access check fails). Spoiler: Changes 0.100.3 - Fixes for the following vulnerabilities: - CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. - CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. - CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application.
ClamAV 0.101.3 / 0.102-beta Released (August 5, 2019) Announcement Download Spoiler: Changes 0.101.3 ClamAV 0.101.3 is a patch release to address a vulnerability to non-recursive zip bombs. A Denial-of-Service (DoS) vulnerability may occur when scanning a zip bomb as a result of excessively long scan times. The issue is resolved by detecting the overlapping local file headers which characterize the non-recursive zip bomb described by David Fifield. Thank you to Hanno Böck for reporting the issue as it relates to ClamAV, here. Also included in 0.101.3: Update of bundled the libmspack library from 0.8alpha to 0.10alpha, to address a buffer overflow vulnerability in libmspack < 0.9.1α. Spoiler: Changes 0.102-beta ClamAV 0.102.0 includes an assortment of improvements and a couple of significant changes. Major changes The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: On-Access scanning for created and moved files (Extra-Scanning) is fixed. VirusEvent for On-Access scans is fixed. With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. For details on how to use the new clamonacc On-Access scanner, please refer to the user manual on ClamAV.net, and keep an eye out for a new blog post on the topic The freshclam database update utility has undergone a significant update. This includes: Added support for HTTPS. Support for database mirrors hosted on ports other than 80. Removal of the mirror management feature (mirrors.dat). An all new libfreshclam library API. Notable changes Added support for extracting ESTsoft .egg archives. This feature is new code developed from scratch using ESTsoft's Egg-archive specification and without referencing the UnEgg library provided by ESTsoft. This was necessary because the UnEgg library's license includes restrictions limiting the commercial use of the UnEgg library. The documentation has moved! Users should navigate to ClamAV.net to view the documentation online. The documentation will continue to be provided in HTML format with each release for offline viewing in the docs/html directory. The new home for the documentation markdown is in our ClamAV FAQ Github repository. Other improvements Improved Windows executable Authenticode handling, enabling both whitelisting and blacklisting of files based on code-signing certificates. Additional improvements to Windows executable (PE file) parsing. Work courtesy of Andrew Williams. Added support for creating bytecode signatures for Mach-O and ELF executable unpacking. Work courtesy of Jonas Zaddach. Re-formatted the entire ClamAV code-base using clang-format in conjunction with our new ClamAV code style specification. See the clamav.net blog post for details. Integrated ClamAV with Google's OSS-Fuzz automated fuzzing service with the help of Alex Gaynor. This work has already proven beneficial, enabling us to identify and fix subtle bugs in both legacy code and newly developed code. The clamsubmit tool is now available on Windows. The clamscan metadata feature (--gen-json) is now available on Windows. Significantly reduced number of warnings generated when compiling ClamAV with "-Wall" and "-Wextra" compiler flags and made many subtle improvements to the consistency of variable types throughout the code. Updated the majority of third-party dependencies for ClamAV on Windows. The source code for each has been removed from the clamav-devel repository. This means that these dependencies have to be compiled independently of ClamAV. The added build process complexity is offset by significantly reducing the difficulty of releasing ClamAV with newer versions of those dependencies. During the 0.102 development period, we've also improved our Continuous Integration (CI) processes. Most recently, we added a CI pipeline definition to the ClamAV Git repository. This chains together our build and quality assurance test suites and enables automatic testing of all proposed changes to ClamAV, with customizable parameters to suit the testing needs of any given code change. Bug fixes Fix to prevent a possible crash when loading LDB type signature databases and PCRE is not available. Patch courtesy of Tomasz Kojm. Fixes to the PDF parser that will improve PDF malware detection efficacy. Patch courtesy of Clement Lecigne. Fix for regular expression phishing signatures (PDB R-type signatures). Various other bug fixes. New Requirements Libcurl has become a hard-dependency. Libcurl enables HTTPS support for freshclam and clamsubmit as well as communication between clamonacc and clamd. Libcurl version >= 7.45 is required when building ClamAV from source with the new On-Access Scanning application (clamonacc). Users on Linux operating systems that package older versions of libcurl (e.g. all versions of CentOS and Debian versions <= 8) have a number of options: Wait for your package maintainer to provide a newer version of libcurl. Install a newer version of libcurl from source. Disable installation of clamonacc and On-Access Scanning capabilities with the ./configure flag --disable-clamonacc. Non-Linux users will need to take no actions as they are unaffected by this new requirement.
ClamAV 0.101.4 Released (August 21, 2019) Announcement Download Spoiler: Changes 0.101.4 0.101.4 ClamAV 0.101.4 is a security patch release that addresses the following issues. An out of bounds write was possible within ClamAV's NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library (CVE-2019-12900). The issue has been resolved by respecting that limit. Thanks to Martin Simmons for reporting the issue here. The zip bomb vulnerability mitigated in 0.101.3 has been assigned the CVE identifier CVE-2019-12625. Unfortunately, a workaround for the zip-bomb mitigation was immediately identified. To remediate the zip-bomb scan time issue, a scan time limit has been introduced in 0.101.4. This limit now resolves ClamAV's vulnerability to CVE-2019-12625. The default scan time limit is 2 minutes (120000 milliseconds). To customize the time limit: - use the clamscan --max-scantime option - use the clamd MaxScanTime config option Libclamav users may customize the time limit using the cl_engine_set_num function. For example: C cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, time_limit_milliseconds) Thanks to David Fifield for reviewing the zip-bomb mitigation in 0.101.3 and reporting the issue.
ClamAV 0.102-rc Released (September 16, 2019) Announcement Download Spoiler: Changes 0.102-rc Release Notes ClamAV 0.102.0 includes an assortment improvements and a couple of significant changes. Major changes The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: On-Access scanning for created and moved files (Extra-Scanning) is fixed. VirusEvent for On-Access scans is fixed. With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. For details on how to use the new clamonacc On-Access scanner, please refer to the user manual on ClamAV.net, and keep an eye out for a new blog post on the topic. The freshclam database update utility has undergone a significant update. This includes: Added support for HTTPS. Support for database mirrors hosted on ports other than 80. Removal of the mirror management feature (mirrors.dat). An all new libfreshclam library API. Notable changes Added support for extracting ESTsoft .egg archives. This feature is new code developed from scratch using ESTsoft's Egg-archive specification and without referencing the UnEgg library provided by ESTsoft. This was necessary because the UnEgg library's license includes restrictions limiting the commercial use of the UnEgg library. The documentation has moved! Users should navigate to ClamAV.net to view the documentation online. The documentation will continue to be provided in HTML format with each release for offline viewing in the docs/html directory. The new home for the documentation markdown is in our ClamAV FAQ Github repository. To remediate future denial of service conditions caused by excessive scan times, we introduced a scan time limit. The default value is 2 minutes (120000 milliseconds). To customize the time limit: use the clamscan --max-scantime option use the clamd MaxScanTime config option Libclamav users may customize the time limit using the cl_engine_set_num function. For example: cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, time_limit_milliseconds) Other improvements Improved Windows executable Authenticode handling, enabling both whitelisting and blacklisting of files based on code-signing certificates. Additional improvements to Windows executable (PE file) parsing. Work courtesy of Andrew Williams. Added support for creating bytecode signatures for Mach-O and ELF executable unpacking. Work courtesy of Jonas Zaddach. Re-formatted the entire ClamAV code-base using clang-format in conjunction with our new ClamAV code style specification. See the clamav.net blog post for details. Integrated ClamAV with Google's OSS-Fuzz automated fuzzing service with the help of Alex Gaynor. This work has already proven beneficial, enabling us to identify and fix subtle bugs in both legacy code and newly developed code. The clamsubmit tool is now available on Windows. The clamscan metadata feature (--gen-json) is now available on Windows. Significantly reduced number of warnings generated when compiling ClamAV with "-Wall" and "-Wextra" compiler flags and made many subtle improvements to the consistency of variable types throughout the code. Updated the majority of third-party dependencies for ClamAV on Windows. The source code for each has been removed from the clamav-devel repository. This means that these dependencies have to be compiled independently of ClamAV. The added build process complexity is offset by significantly reducing the difficulty of releasing ClamAV with newer versions of those dependencies. During the 0.102 development period, we've also improved our Continuous Integration (CI) processes. Most recently, we added a CI pipeline definition to the ClamAV Git repository. This chains together our build and quality assurance test suites and enables automatic testing of all proposed changes to ClamAV, with customizable parameters to suit the testing needs of any given code change. Added a new clamav-version.h generated header to provide version number macros in text and numerical format for ClamAV, libclamav, and libfreshclam. Improved cross-platform buildability of libxml2. Work courtesy of Eneas U de Queiroz with supporting ideas pulled from the work of Jim Klimov. Bug fixes Fix to prevent a possible crash when loading LDB type signature databases and PCRE is not available. Patch courtesy of Tomasz Kojm. Fixes to the PDF parser that will improve PDF malware detection efficacy. Patch courtesy of Clement Lecigne. Fix for regular expression phishing signatures (PDB R-type signatures). Various other bug fixes. New Requirements Libcurl has become a hard-dependency. Libcurl enables HTTPS support for freshclam and clamsubmit as well as communication between clamonacc and clamd. Libcurl version >= 7.45 is required when building ClamAV from source with the new On-Access Scanning application (clamonacc). Users on Linux operating systems that package older versions of libcurl (e.g. all versions of CentOS and Debian versions <= 8) have a number of options: Wait for your package maintainer to provide a newer version of libcurl. Install a newer version of libcurl from source. Disable installation of clamonacc and On-Access Scanning capabilities with the ./configure flag --disable-clamonacc. Non-Linux users will need to take no actions as they are unaffected by this new requirement.
ClamAV 0.102.0 Released (October 2, 2019) Announcement Download Spoiler: Changes 0.102.0 Release Notes ClamAV 0.102.0 includes an assortment improvements and a couple of significant changes. Major changes The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: On-Access scanning for created and moved files (Extra-Scanning) is fixed. VirusEvent for On-Access scans is fixed. With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. For details on how to use the new clamonacc On-Access scanner, please refer to the user manual on ClamAV.net, and please read our blog post entitled "Understanding and transitioning to ClamAV's new On-Access scanner." The freshclam database update utility has undergone a significant update. This includes: Added support for HTTPS. Support for database mirrors hosted on ports other than 80. Removal of the mirror management feature (mirrors.dat). An all new libfreshclam library API. Notable changes Added support for extracting ESTsoft .egg archives. This feature is new code developed from scratch using ESTsoft's Egg-archive specification and without referencing the UnEgg library provided by ESTsoft. This was necessary because the UnEgg library's license includes restrictions limiting the commercial use of the UnEgg library. The documentation has moved Users should navigate to ClamAV.net to view the documentation online. The documentation will continue to be provided in HTML format with each release for offline viewing in the docs/html directory. The new home for the documentation markdown is in our ClamAV FAQ Github repository. To remediate future denial of service conditions caused by excessive scan times, we introduced a scan time limit. The default value is two minutes (120,000 milliseconds). To customize the time limit: use the clamscan --max-scantime option use the clamd MaxScanTime config option Libclamav users may customize the time limit using the cl_engine_set_num function. For example: cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, time_limit_milliseconds) Other improvements Improved Windows executable Authenticode handling, enabling both whitelisting and blacklisting of files based on code-signing certificates. Additional improvements to Windows executable (PE file) parsing. Work courtesy of Andrew Williams. Added support for creating bytecode signatures for Mach-O and ELF executable unpacking. Work courtesy of Jonas Zaddach. Re-formatted the entire ClamAV code-base using clang-format in conjunction with our new ClamAV code style specification. See the clamav.net blog post for details. Integrated ClamAV with Google's OSS-Fuzz automated fuzzing service with the help of Alex Gaynor. This work has already proven beneficial, enabling us to identify and fix subtle bugs in both legacy code and newly developed code. The clamsubmit tool is now available on Windows. The clamscan metadata feature (--gen-json) is now available on Windows. Significantly reduced number of warnings generated when compiling ClamAV with "-Wall" and "-Wextra" compiler flags and made many subtle improvements to the consistency of variable types throughout the code. Updated the majority of third-party dependencies for ClamAV on Windows. The source code for each has been removed from the clamav-devel repository. This means that these dependencies have to be compiled independently of ClamAV. The added build process complexity is offset by significantly reducing the difficulty of releasing ClamAV with newer versions of those dependencies. During the 0.102 development period, we've also improved our Continuous Integration (CI) processes. Most recently, we added a CI pipeline definition to the ClamAV Git repository. This chains together our build and quality assurance test suites and enables automatic testing of all proposed changes to ClamAV, with customizable parameters to suit the testing needs of any given code change. Added a new clamav-version.h generated header to provide version number macros in text and numerical format for ClamAV, libclamav, and libfreshclam. Improved cross-platform buildability of libxml2. Work courtesy of Eneas U de Queiroz with supporting ideas pulled from the work of Jim Klimov. Bug fixes Fix to prevent a possible crash when loading LDB type signature databases and PCRE is not available. Patch courtesy of Tomasz Kojm. Fixes to the PDF parser that will improve PDF malware detection efficacy. Patch courtesy of Clement Lecigne. Fix for regular expression phishing signatures (PDB R-type signatures). Various other bug fixes. New Requirements Libcurl has become a hard-dependency. Libcurl enables HTTPS support for freshclam and clamsubmit as well as communication between clamonacc and clamd. Libcurl version >= 7.45 is required when building ClamAV from source with the new On-Access Scanning application (clamonacc). Users on Linux operating systems that package older versions of libcurl (e.g. all versions of CentOS and Debian versions <= 8) have a number of options: Wait for your package maintainer to provide a newer version of libcurl. Install a newer version of libcurl from source. Disable installation of clamonacc and On-Access Scanning capabilities with the ./configure flag --disable-clamonacc. Non-Linux users will need to take no actions as they are unaffected by this new requirement.
ClamAV 0.102.1 / 0.101.5 Released (November 20, 2019) Announcement Download Spoiler: Changes 0.102.1 0.102.1 ClamAV 0.102.1 is a security patch release to address the following issues. Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior: CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support. Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. Null-dereference fix in email parser when using the --gen-json metadata option. Fixes for Authenticode parsing and certificate signature (.crb database) bugs. Spoiler: Changes 0.101.5 0.101.5 ClamAV 0.101.5 is a security patch release that addresses the following issues. Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior: CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. Added the zip scanning improvements found in v0.102.0 where it scans files using zip records from a sorted catalogue which provides deduplication of file records resulting in faster extraction and scan time and reducing the likelihood of alerting on non-malicious duplicate file entries as overlapping files. Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. Null-dereference fix in email parser when using the --gen-json metadata option.
ClamAV 0.102.2 Released (February 5, 2020) Announcement Download Spoiler: Changes 0.102.2 0.102.2 ClamAV 0.102.2 is a security patch release to address the following issues. CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. Significantly improved the scan speed of PDF files on Windows. Re-applied a fix to alleviate file access issues when scanning RAR files in downstream projects that use libclamav where the scanning engine is operating in a low-privilege process. This bug was originally fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0. Fixed an issue where freshclam failed to update if the database version downloaded is one version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file. Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The ReceiveTimeout had caused needless database update failures for users with slower internet connections. Correctly display the number of kilobytes (KiB) in progress bar and reduced the size of the progress bar to accommodate 80-character width terminals. Fixed an issue where running freshclam manually causes a daemonized freshclam process to fail when it updates because the manual instance deletes the temporary download directory. The freshclam temporary files will now download to a unique directory created at the time of an update instead of using a hardcoded directory created/destroyed at the program start/exit. Fix for freshclam's OnOutdatedExecute config option. Fixes a memory leak in the error condition handling for the email parser. Improved bound checking and error handling in ARJ archive parser. Improved error handling in PDF parser. Fix for memory leak in byte-compare signature handler. Updates to the unit test suite to support libcheck 0.13. Updates to support autoconf 2.69 and automake 1.15.
ClamAV 0.102.3 Released (May 12, 2020) Announcement Download Spoiler: Changes 0.102.3 0.102.3 ClamAV 0.102.3 is a bug patch release to address the following issues. CVE-2020-3327: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability. CVE-2020-3341: Fixed a vulnerability in the PDF-parsing module in ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read, which may cause a crash. OSS-Fuzz discovered this vulnerability. Fixed "Attempt to allocate 0 bytes" error when parsing some PDF documents. Fixed a couple of minor memory leaks. Updated libclamunrar to UnRAR 5.9.2.
The future of the ClamAV safebrowsing database June 15, 2020 https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html
ClamAV 0.102.4 Released (July 16, 2020) Announcement Download Spoiler: Changes 0.102.4 0.102.4 ClamAV 0.102.4 is a bug patch release to address the following issues: CVE-2020-3350 Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc. For more information about AV quarantine attacks using links, see RACK911 Lab's report. CVE-2020-3327 Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue. CVE-2020-3481 Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions.
