ClamAV 0.103.4 is a critical patch release with the following fixes:
- FreshClam:
- Add a 24-hour cool-down for FreshClam clients that have received an HTTP
403 (Forbidden) response from the CDN.
This is to reduce the volume of 403-response data served to blocked
FreshClam clients that are configured with a tight update-loop.
- Fixed a bug where FreshClam treats an empty CDIFF as an incremental update
failure instead of as an intentional request to download the whole CVD.
- ClamDScan: Fix a scan error when broken symlinks are encountered on macOS with
"FollowDirectorySymlinks" and "FollowFileSymlinks" options disabled.
- Overhauled the scan recursion / nested archive extraction logic and added new
limits on embedded file-type recognition performed during the "raw" scan of
each file. This limits embedded file-type misidentification and prevents
detecting embedded file content that is found/extracted and scanned at other
layers in the scanning process.
- Fix an issue with the FMap module that failed to read from some nested files.
- Fixed an issue where failing to load some rules from a Yara file containing
multiple rules may cause a crash.
- Fixed assorted compiler warnings.
- Fixed assorted Coverity static code analysis issues.
- Scan limits:
- Added virus-name suffixes to the alerts that trigger when a scan limit has
been exceeded. Rather than simply `Heuristics.Limits.Exceeded`, you may now
see limit-specific virus-names, to include:
- `Heuristics.Limits.Exceeded.MaxFileSize`
- `Heuristics.Limits.Exceeded.MaxScanSize`
- `Heuristics.Limits.Exceeded.MaxFiles`
- `Heuristics.Limits.Exceeded.MaxRecursion`
- `Heuristics.Limits.Exceeded.MaxScanTime`
- Renamed the `Heuristics.Email.ExceedsMax.*` alerts to align with the other
limit alerts names. These alerts include:
- `Heuristics.Limits.Exceeded.EmailLineFoldcnt`
- `Heuristics.Limits.Exceeded.EmailHeaderBytes`
- `Heuristics.Limits.Exceeded.EmailHeaders`
- `Heuristics.Limits.Exceeded.EmailMIMEPartsPerMessage`
- `Heuristics.Limits.Exceeded.EmailMIMEArguments`
- Fixed an issue where the Email-related scan limits would alert even when the
"AlertExceedsMax" (`--alert-exceeds-max`) scan option is not enabled.
- Fixes an issue in the Zip parser where exceeding the "MaxFiles" limit or
the "MaxFileSize" limit would abort the scan but would fail to alert.
The Zip scan limit issues were independently identified and reported by
Aaron Leliaert and Max Allan.
- Fixed a leak in the Email parser when using the `--gen-json` scan option.
- Fixed an issue where a failure to record metadata in the Email parser when
using the `--gen-json` scan option could cause the Email parser to abort the
scan early and fail to extract and scan additional content.
- Fixed a file name memory leak in the Zip parser.
- Fixed an issue where certain signature patterns may cause a crash or cause
unintended matches on some systems when converting characters to uppercase if
a UTF-8 unicode single-byte grapheme becomes a multi-byte grapheme.
Patch courtesy of Andrea De Pasquale.
Other fixes backported from 0.104.0:
- Fixed a crash in programs that use libclamav when the programs don't set a
callback for the "virus found" event.
Patch courtesy of Markus Strehle.
- Added checks to the the SIS archive parser to prevent an SIS file entry from
pointing to the archive, which would result in a loop. This was not an actual
infinite loop, as ClamAV's scan recursion limit limits the depth of nested
archive extraction.
- ClamOnAcc: Fixed a socket file descriptor leak that could result in a crash
when all available file descriptors are exhausted.
- FreshClam: Fixed an issue where FreshClam would download a CVD repeatedly if a
zero-byte CDIFF is downloaded or if the incremental update failed and if the
CVD downloaded after that is older than advertised.
Patch courtesy of Andrew Williams.
- ClamDScan:
- Fixed a memory leak of the scan target filename when using the
`--fdpass` or `--stream` options.
- Fixed an issue where ClamDScan would fail to scan any file after excluding
a file with the "ExcludePath" option when using when using the `--multiscan`
(`-m`) option along with either `--fdpass` or `--stream`.
Also fixed a memory leak of the accidentally-excluded paths in this case.
- Fixed a single file path memory leak when using `--fdpass`.
- Fixed an issue where the "ExcludePath" regex may fail to exclude absolute
paths when the scan is invoked with a relative path.
Special thanks to the following for code contributions and bug reports:
- Aaron Leliaert
- Andrea De Pasquale
- Andrew Williams
- Markus Strehle
- Max Allan
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
0.103.2 (2021-04-07)
ClamAV 0.103.2 is a security patch release with the following fixes:
* CVE-2021-1386: Fix for UnRAR DLL load privilege escalation. Affects
0.103.1 and prior on Windows only.
* CVE-2021-1252: Fix for Excel XLM parser infinite loop. Affects 0.103.0
and 0.103.1 only.
* CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
Affects 0.103.0 and 0.103.1 only.
* CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects
0.103.1 and prior.
* Fix possible memory leak in PNG parser.
* Fix ClamOnAcc scan on file-creation race condition so files are scanned
after their contents are written.
* FreshClam: Deprecate the SafeBrowsing config option. The SafeBrowsing
option will no longer do anything.
* For more details, see our blog post from last year about the future of the
ClamAV Safe Browsing database.
* Tip: If creating and hosting your own safebrowing.gdb database, you can
use the DatabaseCustomURL option in freshclam.conf to download it.
* FreshClam: Improved HTTP 304, 403, & 429 handling.
* FreshClam: Added back the mirrors.dat file to the database directory.
This new mirrors.dat file will store:
- A randomly generated UUID for the FreshClam User-Agent.
- A retry-after timestamp that so FreshClam won't try to update
after having received an HTTP 429 response until the Retry-After
timeout has expired.
* FreshClam will now exit with a failure in daemon mode if an HTTP 403
(Forbidden) was received, because retrying later won't help any. The
FreshClam user will have to take actions to get unblocked.
* Fix the FreshClam mirror-sync issue where a downloaded database is "older
than the version advertised."
* If a new CVD download gets a version that is older than advertised,
FreshClam will keep the older version and retry the update so that the
incremental update process (CDIFF patch process) will update to the latest
version.
0.103.1 (2021-01-31)
ClamAV 0.103.1 is a patch release with the following fixes and improvements.
Notable changes
* Added a new scan option to alert on broken media (graphics) file formats.
This feature mitigates the risk of malformed media files intended to
exploit vulnerabilities in other software. At present media validation
exists for JPEG, TIFF, PNG, and GIF files. To enable this feature, set
AlertBrokenMedia yes in clamd.conf, or use the --alert-broken-media option
when using clamscan. These options are disabled by default in this patch
release, but may be enabled in a subsequent release. Application
developers may enable this scan option by enabling
CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field.
* Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing behavior.
BMP and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS
because ClamAV does not yet have BMP or JPEG 2000 format checking
capabilities.
Bug fixes
* Fixed PNG parser logic bugs that caused an excess of parsing errors and
fixed a stack exhaustion issue affecting some systems when scanning PNG
files. PNG file type detection was disabled via signature database update
for ClamAV version 0.103.0 to mitigate the effects from these bugs.
* Fixed an issue where PNG and GIF files no longer work with Target:5
graphics signatures if detected as CL_TYPE_PNG/GIF rather than as
CL_TYPE_GRAPHICS. Target types now support up to 10 possible file types
to make way for additional graphics types in future releases.
* Fixed clamonacc's --fdpass option.
* File descriptor passing (or "fd-passing") is a mechanism by which
clamonacc and clamdscan may transfer an open file to clamd to scan, even
if clamd is running as a non-privileged user and wouldn't otherwise have
read-access to the file. This enables clamd to scan all files without
having to run clamd as root. If possible, clamd should never be run as
root so as to mitigate the risk in case clamd is somehow compromised while
scanning malware.
* Interprocess file descriptor passing for clamonacc was broken since
version 0.102.0 due to a bug introduced by the switch to curl for
communicating with clamd. On Linux, passing file descriptors from one
process to another is handled by the kernel, so we reverted clamonacc to
use standard system calls for socket communication when fd passing is
enabled.
* Fixed a clamonacc stack corruption issue on some systems when using an
older version of libcurl. Patch courtesy of Emilio Pozuelo Monfort.
* Allow clamscan and clamdscan scans to proceed even if the realpath lookup
failed. This alleviates an issue on Windows scanning files hosted on
file- systems that do not support the GetMappedFileNameW() API such as on
ImDisk RAM-disks.
* Fixed freshclam --on-update-execute=EXIT_1 temporary directory cleanup
issue.
* clamd's log output and VirusEvent now provide the scan target's file path
instead of a file descriptor. The clamd socket API for submitting a scan
by FD-passing doesn't include a file path, this feature works by looking
up the file path by file descriptor. This feature works on Mac and Linux
but is not yet implemented for other UNIX operating systems. FD-passing
is not available for Windows.
* Fixed an issue where freshclam database validation didn't work correctly
when run in daemon mode on Linux/Unix.
Other improvements
* Scanning JPEG, TIFF, PNG, and GIF files will no longer return "parse"
errors when file format validation fails. Instead, the scan will alert
with the "Heuristics.Broken.Media" signature prefix and a descriptive
suffix to indicate the issue, provided that the "alert broken media"
feature is enabled.
* GIF format validation will no longer fail if the GIF image is missing the
trailer byte, as this appears to be a relatively common issue in otherwise
functional GIF files.
* Added a TIFF dynamic configuration (DCONF) option, which was missing.
This will allow us to disable TIFF format validation via signature
database update in the event that it proves to be problematic. This
feature already exists for many other file types.
Acknowledgements
The ClamAV team thanks the following individuals for their code submissions:
Emilio Pozuelo Monfort
Update clamav package to 0.103.0.
Quote from release announce:
ClamAV 0.103.0 highlights
With your feedback on the previous candidates, we've fixed these additional
issues:
* The freshclam PID file was not readable by other users in previous release
candidates but is now readable by all.
* An issue with how freshclam was linked with the autotools build system
caused SysLog settings to be ignored.
* The real-path checks introduced to clamscan and clamdscan in 0.102.4 broke
scanning of some files with Unicode filenames and files on network shares
for Windows users.
Thanks to the users for your help in fixing these bugs.
Major changes
* clamd can now reload the signature database without blocking
scanning. This multi-threaded database reload improvement was made
possible thanks to a community effort.
* Non-blocking database reloads are now the default behavior. Some systems
that are more constrained on RAM may need to disable non-blocking reloads,
as it will temporarily consume double the amount of memory. We added a new
clamd config option ConcurrentDatabaseReload, which may be set to no.
Special thanks to those who made this feature a reality:
* Alberto Wu
* Alexander Sulfrian
* Arjen de Korte
* David Heidelberg
* Ged Haywood
* Julius Plenz
* Michael Orlitzky
Notable changes
* The DLP module has been enhanced with additional credit card ranges and a
new engine option that allows ClamAV to alert only on credit cards (and
not, for instance, gift cards) when scanning with the DLP module. John
Schember developed this feature, with input from Alexander Sulfrian.
* We added support for Adobe Reader X PDF encryption and overhauled the
PNG-scanning tool to detect PNG-specific exploits. We also made a major
change to GIF parsing that now makes it more tolerant of problematic files
and adds the ability to scan overlays, all thanks to work and patches
submitted by Aldo Mazzeo.
* clamdtop.exe is now available for Windows users. The functionality is
somewhat limited when compared to clamdtop on Linux. PDCurses is required
to build clamdtop.exe for ClamAV on Windows.
* The phishing detection module will now print "Suspicious link found!"
along with the "Real URL" and "Display URL" each time ClamAV detects
phishing. In a future version, we would like to print out alert-related
metadata like this at the end of a scan, but for now, this detail will
help users understand why a given file is being flagged as phishing.
* Added new *experimental* CMake build tooling. CMake is not yet recommended
for production builds. Our team would appreciate any assistance improving
the CMake build tooling so we can one day deprecate autotools and remove
the Visual Studio solutions.
- Please see the new CMake installation instructions found in
INSTALL.cmake.md for detailed instructions on how to build ClamAV
with CMake.
* Added --ping and --wait options to the clamdscan and clamonacc client
applications.
* The --ping (-p) command will attempt to ping clamd up to a specified
maximum number of attempts at an optional interval. If the interval isn't
specified, a default one-second interval is used. It will exit with
status code `0` when it receives a PONG from clamd or status code `21` if
the timeout expires before it receives a response.
Update clamav to 0.102.4.
## 0.102.4
ClamAV 0.102.4 is a bug patch release to address the following issues.
- [CVE-2020-3350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350):
Fix a vulnerability wherein a malicious user could replace a scan target's
directory with a symlink to another path to trick clamscan, clamdscan, or
clamonacc into removing or moving a different file (eg. a critical system
file). The issue would affect users that use the --move or --remove options
for clamscan, clamdscan, and clamonacc.
For more information about AV quarantine attacks using links, see the
[RACK911 Lab's report](https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software).
- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that
could cause a Denial-of-Service (DoS) condition. Improper bounds checking
results in an out-of-bounds read which could cause a crash.
The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly
resolves the issue.
- [CVE-2020-3481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481):
Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3
could cause a Denial-of-Service (DoS) condition. Improper error handling
may result in a crash due to a NULL pointer dereference.
This vulnerability is mitigated for those using the official ClamAV
signature databases because the file type signatures in daily.cvd
will not enable the EGG archive parser in versions affected by the
vulnerability.
Update clamav to 0.102.3.
## 0.102.3
ClamAV 0.102.3 is a bug patch release to address the following issues.
- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper bounds checking of
an unsigned variable results in an out-of-bounds read which causes a crash.
Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ
parsing vulnerability.
- [CVE-2020-3341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341):
Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper size checking of
a buffer used to initialize AES decryption routines results in an out-of-
bounds read which may cause a crash. Bug found by OSS-Fuzz.
- Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
- Fix a couple of minor memory leaks.
- Updated libclamunrar to UnRAR 5.9.2.
Update clamav to 0.102.2.
## 0.102.2
ClamAV 0.102.2 is a bug patch release to address the following issues.
- [CVE-2020-3123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3123):
An Denial-of-Service (DoS) condition may occur when using the optional credit
card data-loss-prevention (DLP) feature. Improper bounds checking of an
unsigned variable resulted in an out-of-bounds read which causes a crash.
- Significantly improved scan speed of PDF files on Windows.
- Re-applied a fix to alleviate file access issues when scanning RAR files in
downstream projects that use libclamav where the scanning engine is operating
in a low-privelege process. This bug was originally fixed in 0.101.2 and the
fix was mistakenly omitted from 0.102.0.
- Fixed an issue wherein freshclam failed to update if the database version
downloaded is 1 version older than advertised. This situation may occur after
a new database version is published. The issue affected users downloading the
whole CVD database file.
- Changed the default freshclam ReceiveTimeout setting to 0 (infinite).
The ReceiveTimeout had caused needless database update failures for users with
slower internet connections.
- Correctly display number of kilobytes (KiB) in progress bar and reduced the
size of the progress bar to accomodate 80-char width terminals.
- Fixed an issue where running freshclam manually causes a daemonized freshclam
process to fail when it updates because the manual instance deletes the
temporary download directory. Freshclam temporary files will now download to a
unique directory created at the time of an update instead of using a hardcoded
directory created/destroyed at the program start/exit.
- Fix for Freshclam's OnOutdatedExecute config option.
- Fixes a memory leak in the error condition handling for the email parser.
- Improved bound checking and error handling in ARJ archive parser.
- Improved error handling in PDF parser.
- Fix for memory leak in byte-compare signature handler.
- Updates to the unit test suite to support libcheck 0.13.
- Updates to support autoconf 2.69 and automake 1.15.
Special thanks to the following for code contributions and bug reports:
- Antoine Deschênes
- Eric Lindblad
- Gianluigi Tiesi
- Tuomo Soini
Update clamav to 0.102.1.
## 0.102.1
ClamAV 0.102.1 is a security patch release to address the following issues.
- Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:
- [CVE-2019-15961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15961)
A Denial-of-Service (DoS) vulnerability may occur when scanning a specially
crafted email file as a result of excessively long scan times. The issue is
resolved by implementing several maximums in parsing MIME messages and by
optimizing use of memory allocation.
- Build system fixes to build clamav-milter, to correctly link with libxml2 when
detected, and to correctly detect fanotify for on-access scanning feature
support.
- Signature load time is significantly reduced by changing to a more efficient
algorithm for loading signature patterns and allocating the AC trie.
Patch courtesy of Alberto Wu.
- Introduced a new configure option to statically link libjson-c with libclamav.
Static linking with libjson is highly recommended to prevent crashes in
applications that use libclamav alongside another JSON parsing library.
- Null-dereference fix in email parser when using the `--gen-json` metadata
option.
- Fixes for Authenticode parsing and certificate signature (.crb database) bugs.
Special thanks to the following for code contributions and bug reports:
- Alberto Wu
- Joran Dirk Greef
- Reio Remma
* The On-Access Scanning feature has been migrated out of clamd and
into a brand new utility named clamonacc, which is disabled in this
package as it is for Linux only.
* The freshclam database update utility has undergone a significant
update. This includes:
+ Added support for HTTPS.
+ Support for database mirrors hosted on ports other than 80.
+ Removal of the mirror management feature (mirrors.dat).
+ An all new libfreshclam library API.
* Added support for extracting ESTsoft .egg archives. This feature is
new code developed from scratch using ESTsoft's Egg-archive
specification and without referencing the UnEgg library provided by
ESTsoft. This was necessary because the UnEgg library's license
includes restrictions limiting the commercial use of the UnEgg library.
Full release notes available at:
https://github.com/Cisco-Talos/clamav-devel/blob/rel/0.102/NEWS.md
Remove rar support to workaround PR pkg/54420
This release includes 3 extra security related bug fixes that do not
apply to prior versions. In addition, it includes a number of minor bug
fixes and improvements.
* Fixes for the following vulnerabilities affecting 0.101.1 and
prior:
+ CVE-2019-1787: An out-of-bounds heap read condition may occur
when scanning PDF documents. The defect is a failure to
correctly keep track of the number of bytes remaining in a
buffer when indexing file data.
+ CVE-2019-1789: An out-of-bounds heap read condition may occur
when scanning PE files (i.e. Windows EXE and DLL files) that
have been packed using Aspack as a result of inadequate
bound-checking.
+ CVE-2019-1788: An out-of-bounds heap write condition may occur
when scanning OLE2 files such as Microsoft Office 97-2003
documents. The invalid write happens when an invalid pointer
is mistakenly used to initialize a 32bit integer to zero. This
is likely to crash the application.
* Fixes for the following ClamAV vulnerabilities:
+ CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
feature that could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition on an affected
device. Reported by Secunia Research at Flexera.
+ Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
code. Reported by Alex Gaynor.
* Fixes for the following vulnerabilities in bundled third-party
libraries:
+ CVE-2018-14680: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM
filenames.
+ CVE-2018-14681: An issue was discovered in kwajd_read_headers
in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
header extensions could cause a one or two byte overwrite.
+ CVE-2018-14682: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the
TOLOWER() macro for CHM decompression.
+ Additionally, 0.100.2 reverted 0.100.1's patch for
CVE-2018-14679, and applied libmspack's version of the fix in
its place.
* Fixes for the following CVE's:
+ CVE-2017-16932: Vulnerability in libxml2 dependency (affects
ClamAV on Windows only).
+ CVE-2018-0360: HWP integer overflow, infinite loop
vulnerability. Reported by Secunia Research at Flexera.
+ CVE-2018-0361: ClamAV PDF object length check, unreasonably
long time to parse relatively small file. Reported by aCaB.
For the full release notes, see:
https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md
ClamAV 0.99.4 is a hotfix release to patch a set of vulnerabilities.
- fixes for the following CVE's: CVE-2012-6706, CVE-2017-6419,
CVE-2017-11423, CVE-2018-0202, and CVE-2018-1000085.
- also included are 2 fixes for file descriptor leaks as well fixes for
a handful of other important bugs, including patches to support g++ 6, C++11.
Security release fixing CVE-2017-12374, CVE-2017-12375, CVE-2017-12376,
CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.
Also included are 2 minor fixes to properly detect openssl install locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1# version numbers.
on pkgsrc-users.
Changes from 0.99.1 to 0.99.2 are available only with ChangeLog and it
is too many to write here. Please refer ChangeLog file.
0.99.1
------
ClamAV 0.99.1 contains a new feature for parsing Hancom Office files
including extracting and scanning embedded objects. ClamAV 0.99.1
also contains important bug fixes. Please see ChangeLog for details.
Perl Compatible Regular Expressions, revamped on-access scanning
for Linux, and other new features join the many great features of ClamAV:
- Processing of YARA rules(some limitations- see signatures.pdf).
- Support in ClamAV logical signatures for many of the features
added for YARA, such as Perl Compatible Regular Expressions,
alternate strings, and YARA string attributes. See signatures.pdf
for full details.
- New and improved on-access scanning for Linux. See the recent blog
post and clamdoc.pdf for details on the new on-access capabilities.
- A new ClamAV API callback function that is invoked when a virus
is found. This is intended primarily for applications running in
all-match mode. Any applications using all-match mode must use
the new callback function to record and report detected viruses.
- Configurable default password list to attempt zip file decryption.
- TIFF file support.
- Upgrade Windows pthread library to 2.9.1.
- A new signature target type for designating signatures to run
against files with unknown file types.
- Improved fidelity of the "data loss prevention" heuristic
algorithm. Code supplied by Bill Parker.
- Support for LZMA decompression within Adobe Flash files.
- Support for MSO attachments within Microsoft Office 2003 XML files.
- A new sigtool option(--ascii-normalize) allowing signature authors
to more easily generate normalized versions of ascii files.
- Windows installation directories changed from \Program Files\Sourcefire\
ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
This release contains new scanning features and bug fixes.
- Improvements to PDF processing: decryption, escape sequence
handling, and file property collection.
- Scanning/analysis of additional Microsoft Office 2003 XML format.
- Fix infinite loop condition on crafted y0da cryptor file. Identified
and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
- Fix crash on crafted petite packed file. Reported and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
- Fix false negatives on files within iso9660 containers. This issue
was reported by Minzhuan Gong.
- Fix a couple crashes on crafted upack packed file. Identified and
patches supplied by Sebastian Andrzej Siewior.
- Fix a crash during algorithmic detection on crafted PE file.
Identified and patch supplied by Sebastian Andrzej Siewior.
- Fix an infinite loop condition on a crafted "xz" archive file.
This was reported by Dimitri Kirchner and Goulven Guiheux.
CVE-2015-2668.
- Fix compilation error after ./configure --disable-pthreads.
Reported and fix suggested by John E. Krokes.
- Apply upstream patch for possible heap overflow in Henry Spencer's
regex library. CVE-2015-2305.
- Fix crash in upx decoder with crafted file. Discovered and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
- Fix segfault scanning certain HTML files. Reported with sample by
Kai Risku.
- Improve detections within xar/pkg files.
Changes from 0.98.5.
--------------------
- library shared object revisions.
- installation issues on some Mac OS X and FreeBSD platforms.
- includes a patch from Sebastian Andrzej Siewior making
ClamAV pid files compatible with systemd.
- Fix a heap out of bounds condition with crafted Yoda's
crypter files. This issue was discovered by Felix Groebert
of the Google Security Team.
- Fix a heap out of bounds condition with crafted mew packer
files. This issue was discovered by Felix Groebert of the
Google Security Team.
- Fix a heap out of bounds condition with crafted upx packer
files. This issue was discovered by Kevin Szkudlapski of
Quarkslab.
- Fix a heap out of bounds condition with crafted upack packer
files. This issue was discovered by Sebastian Andrzej Siewior.
CVE-2014-9328.
- Compensate a crash due to incorrect compiler optimization when
handling crafted petite packer files. This issue was discovered
by Sebastian Andrzej Siewior.
ChangeLog for this version:
Wed, 12 Nov 2014 14:30:39 EDT (swebb)
-------------------------------------
* bb11176 - Instruct OpenSSL to allow MD5 when in FIPS-compliant mode.
Patch submitted by Reinhard Max.
Mon, 10 Nov 2014 11:03:29 EDT (swebb)
-------------------------------------
* bb11155 - Adjust the logic surrounding adjusting the PE section sizes
This fixes a crash with maliciously crafted yoda's crypter files and
also improves virus detections for PE files.
Thu, 6 Nov 2014 14:51:26 EDT (swebb)
-------------------------------------
* bb11088 - Merge in fixes for clamscan -a crash bug
Mon, 20 Oct 2014 11:33:18 EDT (swebb)
-------------------------------------
* Revert "bb#10731 - Allow to specificy a group for the socket of which
the user is not a member"
Thu, 31 Jul 2014 19:11:22 EDT (swebb)
-------------------------------------
* Add support for XDP PDF file format
Thu, Jul 31 11:50:23 EDT 2014 (swebb)
------------------------------------
* bb#10731 - Allow specification of a group for the milter socket of which
the user is not a member - patch submitted by Sebastian Andrzej Siewior
Fri, 25 Jul 2014 12:26:04 EDT (klin)
------------------------------------
* bb#10981 - applied LLVM 3.1-3.4 - patch submitted by Andreas Cadhalpun
Fri, 25 Jul 2014 12:06:13 (klin)
--------------------------------
* clambc: added diagnostic tools for bytecode IR
Tue, 8 Jul 2014 19:53:41 EDT (swebb)
------------------------------------
* mass cleanup of compiler warnings
Tue, 08 Jul 11:30:00 EDT 2014 (morgan)
------------------------------------
* 0.98.5 beta release
Mon, 07 Jul 09:00:00 EDT 2014 (swebb)
------------------------------------
* 0.98.5-beta1 release engineering
Thu, 03 Jul 22:14:40 EDT 2014 (swebb)
------------------------------------
* Call cl_initialize_crypto() in cl_init()
Thu, 03 Jul 16:28:10 EDT 2014 (swebb)
------------------------------------
* Finalize PDF parsing code for the preclassification feature
Wed, 25 Jun 16:26:33 EDT 2014 (swebb)
------------------------------------
* Finalize linking in libjson, a new optional dependency
Fri, 13 Jun 2014 16:11:15 EDT (smorgan)
---------------------------------------
* add timeout facility for file property scanning
Tue, 3 Jun 2014 13:31:50 EDT (smorgan)
--------------------------------------
* add callback for user processing of json string and json scan result
Wed, 7 May 2014 10:56:35 EDT (swebb)
------------------------------------
* PE file properties collection
Tue, 6 May 2014 15:26:30 EDT (klin)
-----------------------------------
* add api to read json to the bytecode api
Thu, 1 May 2014 16:59:01 EDT (klin)
-----------------------------------
* docx/pptx/xlsx file properties collection
Wed, 30 Apr 2014 16:38:55 EDT (swebb)
-------------------------------------
* pdf file properties collection
Tue, 22 Apr 2014 14:22:39 EDT (klin)
------------------------------------
* json api wrapper
Mon, 21 Apr 2014 18:30:28 EDT (klin)
------------------------------------
* doc/ppt/xls file properties collection
Wed, 16 Apr 18:14:45 2014 EDT (smorgan)
--------------------------------------
* Initial libjson-c configure/build support and json file properties work
- Various build problems on Solaris, OpenBSD, AIX.
- Crashes of clamd on Windows and Mac OS X platforms when reloading the virus signature database.
- Infinite loop in clamdscan when clamd is not running.
- Freshclam failure on Solaris 10.
- Buffer underruns when handling multi-part MIME email attachments.
- Configuration of OpenSSL on various platforms.
- Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1.
- Linking issues with libclamunrar
- Support for common raw disk image formats using 512 byte sectors,
specifically GPT, APM, and MBR partitioning.
- Experimental support of OpenIOC files. ClamAV will now extract file
hashes from OpenIOC files residing in the signature database location,
and generate ClamAV hash signatures. ClamAV uses no other OpenIOC
features at this time. No OpenIOC files will be delivered through
freshclam. See openioc.org and iocbucket.com for additional information
about OpenIOC.
- All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)
now support IPV6 addresses and configuration parameters.
- Use OpenSSL file hash functions for improved performance. OpenSSL
is now prerequisite software for ClamAV 0.98.3.
- Improved detection of malware scripts within image files. Issue reported
by Maarten Broekman.
- Change to circumvent possible denial of service when processing icons within
specially crafted PE files. Icon limits are now in place with corresponding
clamd and clamscan configuration parameters. This issue was reported by
Joxean Koret.
- Improvements to the fidelity of the ClamAV pattern matcher, an issue
reported by Christian Blichmann.
- Opt-in collection of statistics. Statistics collected are: sizes and MD5
hashes of files, PE file section counts and section MD5 hashes, and names
and counts of detected viruses. Enable statistics collection with the
--enable-stats clamscan flag or StatsEnabled clamd configuration
parameter.
- Improvements to ClamAV build process, unit tests, and platform support with
assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,
and Dave Simonson.
- Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.
- ClamAV 0.98.3 also includes miscellaneous bug fixes and documentation
improvements.
quality improvements. These include:
- Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.
- Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
XAR format is commonly used for software packaging, such as PKG and RPM, as well as
general archival.
- Decompression and scanning of files in "Xz" compression format.
- Improvements and fixes to extraction and scanning of ole formats.
- Option to force all scanned data to disk. This impacts only a few file types where
some embedded content is normally scanned in memory. Enabling this option
ensures that a file descriptor exists when callback functions are used, at a small
performance cost. This should only be needed when callback functions are used
that need file access.
- Various improvements to ClamAV configuration, support of third party libraries,
and unit tests.
* libclamav: Scan output at end of truncated tar
* libclamav: Fix handling of tar file with malformed header
* libclamav: Scan chm with invalid handling
* freshclam: give custom dbs higher priority during update
* libclamav: detect read races and abort the scan with an error
* libclamav/pe.c: drop old header check
freshclam/manager.c: fix error when compiling without DNS support (bb#3056)
libclamav/pdf.c: flag and dump PDF objects with /Launch (bb #3514)
libclamav/bytecode.c,bytecode_api.c: fix recursion level crash
ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing detection,
hash matcher, and other minor issues. Please see the ChangeLog file for
details.
ClamAV 0.97 brings many improvements, including complete Windows support
(all major components compile out-of-box under Visual Studio), support for
signatures based on SHA1 and SHA256, better error detection, as well as
speed and memory optimizations. The complete list of changes is available
in the ChangeLog file.