This version fixes vulnerabilities in handling of UPX and FSG compressed
executables. Support for PE files, Zip and Cabinet archives has been improved
and other small bugfixes have been made. The new option "--on-outdated-execute"
allows freshclam to run a command when system reports a new engine version.
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
changes since 0.86.1:
V 0.86.2
* Fixes backported from CVS:
- configure.in: disable support for URLs downloading with libcurl
(--with-libcurl) by default (tk)
- libclamav/others.c: cli_rmdirs: fix possible infinite loop (tk)
Patch by Mark Pizzolato <clamav-devel*subscriptions.pizzolato.net>
- libclamav/mspack: Some cab archives were not properly decompressed (tk)
Problem reported by Diego d'Ambra <diego*clamav.net>
- libclamav/pe.c: cli_peheader: Sync entry point calculation with
cli_scanpe (tk)
Problem reported by Christoph Cordes <ccordes*clamav.net>
- configure.in: fix compilation error when curl is installed in
a non-standard location (tk)
Reported by Serge van den Boom <svdb*stack.nl>
- configure.in: Add support for DragonFly (tk)
Thanks to Joerg Sonnenberger <joerg*britannica.bec.de>
- clamscan/clamscan.c: Verify arguments passed to --max-dir-recursion and
--max-ratio (tk)
Problem reported by Jo Mills <Jonathan.Mills*frequentis.com>
- libclamav/fsg.c: Fix possible integer overflow (acab)
Reported by Alex Wheeler.
- libclamav/mbox.c: Fix name clash with glibc library (njh)
Reported by Brian Bruns <bruns at 2mbit.com>
- libclamav/others.c: Check for 0 byte allocations in cli_(m|c|re)alloc (tk)
- libclamav/chmunpack.c: Fix possible malloc overflow (trog)
Reported by Alex Wheeler.
- libclamav/tnef.c: Fix possible crash if the length field is 0 or negative
in headers (njh)
Reported by Alex Wheeler (alexbling at gmail.com)
- clamav-milter: Honour LogClean. Only syslog once when storing email in
quarantine (reported by Panagiotis Christias, christias at gmail.com).
Log database reloads to the LogFile (njh)
- clamav-milter: Changed the default child_timeout to 5 minutes. Keep a
copy of the trie root in privdata. Removed trylock/unlock code in
clamfi_abort (njh)
(as with NetBSD 2, for instance), but pkgsrc sendmail 8.13 is installed,
then clamav will attempt to use the 8.13 milter API, and fail linking.
(It probably should use an autoconf symbol test instead.)
This change forces an API at least new enough to match the latest version
offered via pkgsrc; and since libmilter is a static library, it still
ends up with no runtime DEPENDS.
No PKGREVISION bump required, as milter is a non-default option.
changes since 0.85.1:
Thu Jun 23 23:13:41 CEST 2005
-----------------------------
V 0.86.1
- libclamav/mspack/qtmd.c: fix possible crash (tk)
Reported by Andrew Toller <atoller*connectfree.co.uk>
and Stefan Kanthak <stefan.kanthak*fujitsu-siemens.com>
Sun Jun 19 21:37:07 CEST 2005
-----------------------------
V 0.86
- libclamav/mspack/cabd.c: fix possible infinite loop (tk)
- libclamav/cvd.c: fix potential directory traversal in cvd unpacker (a low
risk problem since all databases are digitally signed). Pointed out by
Florian Weimer <fw*deneb.enyo.de> (tk)
- libclamav/zziplib/zzip-file.c: add method id for AES encrypted archives
(thanks to David Majorel <dm*lagoon.nc>) (tk)
- clamscan/manager.c: better message on zip/rar unpacking error (tk)
- libclamav/mbox.c: Fix mishandling of fast track uuencoded files (njh)
- clamav-milter: Better error message if the white-list file can't be
opened (njh)
- clamav-milter: When loading a new database when not in external mode,
keep scanning with the old one rather than hold up incoming mails while
waiting for clamav-milter to become idle then reloading the database (njh)
- libclamav/others.c: print warnings and errors in single call to write
(thanks to Denis Vlasenko <vda*ilport.com.ua>) (tk)
- clamscan/others.c: enable REG_EXTENDED in match_regex (tk)
- libclamav/scanners.c: fix file descriptor leaks if cli_msexpand() returns
an error in cli_scanszdd, patch by Mark Pizzolato (tk)
- libclamav/scanners.c: fix file descriptor leak in error path (out of mem)
in cli_scangzip(), patch by Mark Pizzolato (tk)
- clamd/scanner.c: fix error path for a read timeout which logged messages
indicating that both a timeout and a poll error occurred (patch by Mark
Pizzolato <clamav-devel*subscriptions.pizzolato.net>) (tk)
- libclamav: Extract TNEF files even when the filename isn't known,
problem reported by John Miller (contact*glideslopesoftware.co.uk) (njh)
A problem where an email with more than one content-disposition type line,
one or more of which was empty, could crash libclamav has been fixed. Other
minor bugfixes have been made.
- freshclam/manager.c: fix socket descriptor leak in --no-dns mode (patch
by GertJan Spoelman <cav*gjs.cc>) (tk)
- clamscan, freshclam: return with 62 (instead of 1) when logger can't be
initialized (tk)
- libclamav/matcher-ac.c, libclamav/matcher-bm.c: fix detection problem
with *.ndb OLE2 signatures (problem reported by Trog) (tk)
- fix signature offset calculation in large files (problem reported by
Christoph) (tk)
- clamav-milter: print segfault diagnostic, even if print_trace is not
available (njh)
- sigtool/sigtool.c: fix support for *.fp databases (tk)
- clamav-milter: Better handling of log file errors. Always send 451 when
loading a new database when --external is not set (njh)
- libclamav/tnef.c: If a parse fails and debugging is on, the file being
scanned is dumped to a temporary file (njh)
- libclamav/scanners.c: do not report I/O error with encrypted zips (tk)
Changes:
-) libclamav:
+ JPEG exploit detector now also checks embedded Photoshop thumbnail images
+ archive meta-data scanner (improves malware detection within encrypted
archives)
+ support for TNEF (winmail.dat) decoding
+ support for all tar archive formats
+ MD5 implementation replaced with a slightly faster one
+ improved database reloading with reference counter
+ database updateable false positive eliminator
+ speed improvements
+ various bugfixes
-) clamd:
+ VirusEvent now sets CLAM_VIRUSEVENT_FILENAME and CLAM_VIRUSEVENT_VIRUSNAME
environment variables
-) clamav-milter:
+ improved database update detection when not --external
-) clamscan:
+ new options --include-dir and exclude-dir
+ new option --max-dir-recursion
-) freshclam:
+ new directive LocalIPAddress
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
changes since 0.82 (summarized):
* clamd: change default value of StreamMaxPort to 2048
* freshclam: add support for Foreground (requested by Jeremy Kitchen
<kitchen*scriptkitchen.com>)
* clamav-milter: Added --whistlist-file and --sendmail-cf options
When in SESSION mode, not all sessions would send END
other changes are documentation and misc. bug fixes.
changes since 0.80 (summarized to include only the significant
changes. other changes are documentation updates and misc. bug fixes.
see the full ChangeLog for details).
Sat Feb 5 16:48:46 CET 2005 (tk)
---------------------------------
* libclamav: activate RIFF code (patch by Trog)
Sat Feb 5 16:17:41 CET 2005 (tk)
---------------------------------
* libclamav/scanners.c: do not report Suspected.Zip on standard breaking zip
archives created by ICEOWS (problem reported by
Hamacker <sirhamacker*vidy.com.br> and Dirk Mueller
<mueller*kde.org>)
Sat Feb 5 09:39:48 GMT 2005 (trog)
-----------------------------------
* libclamav/special.c: support for big-endian system in RIFF code.
Fri Feb 4 10:02:08 GMT 2005 (trog)
-----------------------------------
* libclamav/special.c: check RIFF files for MS05-002. Not yet activated.
Thu Feb 3 21:09:34 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Speed improvements in the handling of bounce messages
Wed Feb 2 08:32:46 GMT 2005 (njh)
----------------------------------
* clamav-milter: Call watchdog when neither SESSION nor --external is
given
Tue Feb 1 14:47:21 GMT 2005 (njh)
----------------------------------
* libclamav/blob.c: Sanitise tab characters in filenames ("Heinz Martin"
<Martin*hemag.ch>)
Decode encapsulated messages that have for some reason
been base64 encoded (even though they're already
7 bit)
Tue Feb 1 08:54:46 GMT 2005 (njh)
----------------------------------
* clamav-milter: Delete X-Virus-Status in clamfi_eom not in
clamfi_header. Patch by Jef Poskanzer
<jef*acme.com>
X-Virus-Status now says that virus that it's infected
with. Suggestion by "Hank Beatty"
<hbeatty*starband.net>
Mon Jan 31 11:05:20 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Empty lines should the end of the headers,
but some base64 decoders, e.g. uudeview, are
broken and will handle this type of entry,
decoding the base64 content that's after the
text that's after the header
Sun Jan 30 15:18:02 GMT 2005 (njh)
----------------------------------
* clamav-milter: SESSION is on now by default, to test clamd
PACKADDR is now uses unsinged to remove warning on
Sun's C compiler, patch by
"Dugal James P." <jpd*louisiana.edu>
Don't check compatibility with sendmail.cf if sendmail
is running on a different machine
Fri Jan 28 08:51:08 GMT 2005 (njh)
----------------------------------
* clamav-milter: Some error messages still talked about --internal
Scanmail not set warning is now only given if
DisableDefaultScanOptions is set
Thu Jan 27 14:11:13 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Scan sendmail queue df* files
Thu Jan 27 10:55:35 GMT 2005 (njh)
----------------------------------
* clamav-milter: Don't scan emails intended for the --quarantine address,
that stops scanning of emails generated with
viruses if --outgoing has been set
Downgraded scanmail not defined if --external isn't
given from error to warning
Added -i flag when calling sendmail, suggested by
Michal Jaegermann <michal*harddata.com>
Thu Jan 27 01:35:35 CET 2005 (tk)
---------------------------------
* freshclam/manager.c: add support for HTTP/1.0 ansers in IMS (--no-dns) mode
(patch by Sven Strickroth <sstrickroth*gym-oha.de>)
Wed Jan 26 19:27:57 CET 2005 (tk)
---------------------------------
V 0.81
Tue Jan 25 08:12:51 GMT 2005 (njh)
----------------------------------
* clamav-milter: Internal mode is now the default. Removed --internal
option, added --external.
Don't use clamd's SESSION mode, since that causes
problems with clamd/freshclam when freshclam
is run. SESSION mode can be enabled from
the source code. Most people can use SESSION
mode safely, but it has caused problems on BSD
Mon Jan 24 13:56:19 GMT 2005 (njh)
----------------------------------
* libclamav/message.c: Some Exploit.IE.CrashSOS were not being caught,
found by Carsten.Borchardt*drs-systemberatung.de
Sat Jan 22 13:45:42 GMT 2005 (njh)
----------------------------------
* clamav-milter: If forwarding to a quarantine user fails log as LOG_ERR
not LOG_DEBUG
Try to santity check that the input socket name is the
same as the same given to sendmail
Redirect stdout and stderr to LogFile, if that is set
--quarantine didn't redirect to the given email address
if --internal was used (reported by N Fung
<nsfung*yahoo.com>)
Sun Jan 16 06:28:59 CET 2005 (tk)
---------------------------------
* libclamav/pe.c: attempt to detect W32.Parite.B using cryptanalysis (thanks
to aCaB for info on detection)
Fri Jan 14 16:12:21 GMT 2005 (trog)
-----------------------------------
* libclamav/filetypes.c: add a few more HTML filetype markers
Fri Jan 14 14:53:59 GMT 2005 (trog)
-----------------------------------
* libclamav/htmlnorm.c: RFC2397 ("data" URL scheme) support.
* libclamav/scanner.c: scan RFC2397 data.
Wed Jan 12 08:58:29 GMT 2005 (njh)
----------------------------------
* clamav-milter: Fixed DNS resolution error messages which could print
the incorrect hostname that is not being resolved. Patch from
Yar Tikhiy <yar*comp.chem.msu.su>
Tue Jan 11 02:27:24 CET 2005 (tk)
---------------------------------
* libclamav/scanners.c: Fix possible crash when handling file information in
corrupted zip archives (problem reported by
Reinhard Max <max*suse.de>)
Sun Jan 9 21:24:58 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Some HTML.Phishing.Bank-41 were getting through
Sun Jan 9 11:38:39 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Add support for messages that break RFC2047
Sat Jan 8 02:53:20 CET 2005 (tk)
---------------------------------
* libclamav/filetypes.c: Add support for mail files parsed by CMU Sieve
(samples provided by Stefan Kaltenbrunner
<stefan*kaltenbrunner.cc>)
Wed Jan 5 21:09:14 GMT 2005 (njh)
----------------------------------
* libclamav/message.c: Fix crash caused when looking for non-existant
uuencoded files. This happens when the stated encoding
method is wrong so we have to try all methods and
including those which will fail
Mon Dec 27 05:01:54 CET 2004 (tk)
---------------------------------
* freshclam/manager.c: use If-Modified-Since in --no-dns mode (based on code
by Reini Urban <rurban*x-ray.at>)
Mon Dec 27 01:09:20 CET 2004 (tk)
---------------------------------
* libclamav/scanners.c: Add missing ArchiveBlockMax rule for recursion limit
(reported by HR <haavard*zyf.no-ip.org>)
Sun Dec 19 17:01:56 GMT 2004 (njh)
----------------------------------
* clamav-milter: Correctly warn that --max_childen must be given in SESSION
mode if LocalSocket is used and MaxThreads isn't given in
clamd.conf. max_children is needed to know how many sessions
to initiate to clamd(s)
Tue Dec 14 11:36:43 GMT 2004 (trog)
-----------------------------------
* libclamav/vba_extract.c:
- Add signature for MacOffice 2004
- Guess endianness of unknown versions of MS Office.
Tue Dec 14 11:15:22 GMT 2004 (trog)
-----------------------------------
* sigtool/options.c sigtool/sigtool.c: New options: --vba and --vba-hex
* sigtool/vba.c sigtool/vba.h: New files. Code to extract VBA/Word6 macros
Tue Dec 7 23:40:30 CET 2004 (tk)
---------------------------------
* configure: added --disable-zlib-vcheck (allows building on potentially
buggy zlib versions (1.2.0 & 1.2.1))
Tue Dec 7 19:25:06 GMT 2004 (njh)
----------------------------------
* clamav-milter: Ensure that the daily quarantine directory is created
Tue Dec 7 02:48:08 CET 2004 (tk)
---------------------------------
* clamd: added support for file descriptor passing (patch by Richard Lyons
<frob-clamav*webcentral.com.au>)
Mon Dec 6 22:33:26 GMT 2004 (njh)
----------------------------------
* clamav-milter: Ensure the date is kept in the quarantine path
Wed Dec 1 22:29:33 GMT 2004 (njh)
----------------------------------
* clamav-milter: Added --internal flag (some functionality to do)
SESSIONS: Don't hang when StreamMaxLength is hit
Wed Dec 1 13:14:33 GMT 2004 (njh)
----------------------------------
* libclamav/mbox.c: Decode text/plain parts marked as being encoded,
reported by Trog
Mon Nov 29 00:23:55 CET 2004 (tk)
---------------------------------
* clamdscan: add support for --move and --remove options
Sun Nov 28 16:30:18 GMT 2004 (njh)
----------------------------------
* libclamav/message.c: Allow lower case hex in quoted-printable
messages
Sat Nov 27 14:40:55 GMT 2004 (njh)
----------------------------------
* libclamav/mbox.c: Honour section 7.2.6 of RFC1521
Sat Nov 27 13:18:42 GMT 2004 (njh)
----------------------------------
* libclamav: Assume x-uue is the same as x-uuencode
If uudecoding fails and other possibilities have been
registered, don't take the failure as fatal, also try
the other decoding methods
Thu Nov 25 18:38:06 CET 2004 (tk)
---------------------------------
* clamd: new directives StreamMinPort and StreamMaxPort (allow port range
specification for stream mode). Patch by Alexander Marx
<mad-ml*madness.at>)
Thu Nov 18 20:28:13 CET 2004 (tk)
---------------------------------
* libclamav: add support for Mac's HQX file format (patch by Nigel)
Thu Nov 18 11:03:14 CET 2004 (tk)
---------------------------------
* libclamav: try to detect (and mark as Suspected.Zip) zip archives with
modified information in local header
Fri Nov 12 09:44:23 GMT 2004 (njh)
----------------------------------
* libclamav/mbox.c: Draft of RFC1341 support is now on by default.
Fragments arriving out of order are not scanned (yet).
If you use clamav-milter to load balance clamd across
servers you will need to ensure that the partial
directory is on a shared directory (e.g. NFS)
Mon Nov 8 15:24:18 CET 2004 (tk)
---------------------------------
* clamd: new directive ExitOnOOM (stop deamon when libclamav reports out of
memory condition)
Wed Nov 3 12:47:41 GMT 2004 (njh)
----------------------------------
* libclamav/clamav-milter: Save the original subject as X-Original-Subject
when running in advisory or qurantine mode
SESSION mode: warn when no clamd can be reached
Wed Oct 27 13:36:14 BST 2004 (njh)
----------------------------------
* clamav-milter: Remove X-VIRUS-STATUS on incoming messages
Plug remote possibility of file descriptor leak
Return EX_OSERR if fork fails, not EX_TEMPFAIL
If clamav-milter points to more than one server, ensure
that the version information for that server is
added to the header
Update version information in the watchdog. There may
therefore be a delay between the server updating
and this being reflected in the headers
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
into the bsd.options.mk framework. Instead of appending to
${PKG_OPTIONS_VAR}, it appends to PKG_DEFAULT_OPTIONS. This causes
the default options to be the union of PKG_DEFAULT_OPTIONS and any
old USE_* and FOO_USE_* settings.
This fixes PR pkg/26590.
- Convert to use bsd.options.mk.
- The virus database has been moved to ${VARBASE}/clamav.
* freshclam/clamd: fix crash on PPC when LogFile was enabled together
with LogSyslog
* configure: improve gethostbyname_r check; cleanups
* clamav-milter: Use GETHOSTBYNAME_R_6
Better load balancing if max_children = 0
Fixed warning message when building on FreeBSD4.9
Closed (small) memory leak
Fix crash when the 1st remote service goes down
Only use gethostbyname_r on LINUX for now
Improved load balancing a bit
* clamdscan: fix stdin scanning in local mode
* clamav-milter: %v in the template file handling is now replaced
only with the virus name, no "stream:" appears
* libclamav/mbox.c: Fix crash when debugging on SPARC
* libclamav/message.c: Fix occasional crash when scanning
multipart within multipart e-mails
Bugfixes in this version include crashes with multipart/mixed messages
and corrupted OLE2 and Zip files. Improvements include various optimisations
of mail scanning and clamav-milter and clamdscan behaviour.
Changes:
0.72
----
Major bugfixes in this release include crashes with corrupted BinHex messages
and some Excel documents. Protection against archive bombs (not fully
functional since 0.70) was improved and a number of other improvements were
made.
0.71
----
This release fixes all bugs found in 0.70 and introduces a few new features -
the noteworthy changes include:
-) libclamav:
+ support nested OLE2 files
+ support Word6 macro code
+ ignore popular file types (media, graphics)
+ support compress.exe (SZDD) compression (test/test.msc)
+ improve virus detection in e-mails
-) clamscan:
+ automatically decide (by comparing daily.cvd version numbers) which
database directory (hardcoded or clamav.conf's one) to use
+ support compression ratio feature (--max-ratio)
+ allow regular expressions in --[in|ex]clude
+ do not overwrite old files in a quarantine directory but add a numerical
extension to new files
+ respect --tempdir in libclamav
+ fix access problem when calling external unpackers in a superuser mode
+ fix file permission corruption with --deb in a superuser mode
-) clamd
+ support log facility specification in syslog's style (LogFacility)
+ new directive LeaveTemporaryFiles (Debug no longer leaves temporary
files not removed)
-) clamav-milter:
+ include the virus name in the 550 rejection
+ support user defined template for virus notifications (--template-file)
+ sort quarantine messages by date
+ improve thread management
+ add X-Virus-Scanned and X-Infected-Received-From: headers
+ improve load balancing (when using remote servers with --server)
+ send 554 after DATA received, not 550
+ save PID (--pidfile)
-) documentation:
+ German clamdoc.pdf translation (Rupert Roesler-Schmidt and Karina
Schwarz, uplink coherent solutions, http://www.uplink.at)
+ new Japanese documentation (Masaki Ogawa)
0.70
----
The two major changes in this version are new thread manager in clamd
and support for decoding MS Office VBA macros. Both of them have been
implemented by Trog. Besides, there are many improvements and bugfixes
(all listed in ChangeLog), a short summary:
-) clamd
+ new thread manager (with better SMP support)
+ on-access scanning now also available on FreeBSD (with Dazuko 2.0)
+ new directive ArchiveBlockEncrypted
+ new directive ReadTimeout (replaces ThreadTimeout)
+ handle SIGHUP (re-open logfile) and SIGUSR2 (reload database)
+ respect TCPAddr in stream scanner
-) clamav-milter:
+ TCPWrappers support
-) libclamav:
+ support MS Office documents (OLE2) and VBA macro decoding
+ support encrypted archive detection
+ new flags: CL_OLE2, CL_ENCRYPTED (see clamdoc.pdf, Section 6.1)
+ improve virus detection in big files
+ improve support for multipart, bounce and embedded RFC822 messages
+ improve RAR support
+ include backup snprintf implementation
-) clamscan:
+ new option: --block-encrypted
-) freshclam
+ new option: --pid, -p (write pid file if run as daemon)
+ handle SIGHUP (re-open logfile), SIGTERM (terminate with log message),
SIGALRM and SIGUSR1 (wake up and check mirror)
+ fix bug with -u and -c handling
-) contrib
+ windows clamd client now available with source code
-) documentation:
+ new Polish documentation on ClamAV and Samba integration
+ official documentation updated
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
0.68-1
------
Fixed RAR support.
0.68
----
This version fixes a crash with some RAR archives generated by the Bagle worm,
also a few important fixes have been backported from CVS.
We strongly encourage users to install the 0.70-rc version (released today).
0.67
----
This release fixes a memory management problem (platform dependent; can lead
to a DoS attack) with messages that only have attachments (reported by Oliver
Brandmueller). It also contains patches for a few problems found in 0.66 and
has better Cygwin support.
This version is a response to the "clamav 0.65 remote DOS exploit"
information published on popular security-related mailing lists.
Other changes include: (see the README for a full list)
-) clamd:
+ fixed database timestamp handling (and a double reload problem reported
by Alex Pleiner and Ole Stanstrup)
+ new directive: ArchiveMaxCompressionRatio
+ new command: SESSION (starts a clamd session and allows to do multiple
commands per TCP session)
+ new directives: TemporaryDirectory, LogClean (Andrey V. Malyshev)
-) freshclam:
+ support for freshclam.conf (that may be optionally merged with
clamav.conf, command line options overwrite config settings)
+ work-around for potential database downgrade (subtle problem
in r-r dns handling) - reported by Daniel Mario Vega and patched
by Luca Gibelli
Fix build by rather patch "configure" directly instead of configure.in
(autoconf failed). Tested on NetBSD-current and Linux (some kind of Debian).
Somewhat based upon PR 24294 by Eric Schnoebelen.
While at it also fix configure to always install the example config file
to "examples".
Bump PKGREVISION to 1.
working on the issue.
Changes:
-) clamd:
+ fixed a race condition in database reloading code (random crashes
under high load)
+ fixed a race condition with the improperly initialized session start time
(thanks to Michael Dankov)
+ fixed PidFile permissions (Magnus Ekdahl, bug reported by Tomasz Papszun)
+ fixed LogFile permissions (Magnus Ekdahl)
+ new directive ScanRAR (bacause RAR support is now disabled by default)
+ new directive VirusEvent
+ new directive FixStaleSocket (Thomas Lamy and Mark Mielke)
+ new directive TCPAddr (Bernard Quatermass, fixed by Damien Curtain)
+ new directive Debug
-) clamav-milter: (Nigel Horne <njh*clamav.net>)
+ new --force-scan flag
+ new -P and -q flags by Nicholas M. Kirsch
WARNING: clamav-milter and our mail scanner are still in high development
and may be unstable. You should always use the CVS version.
-) libclamav:
+ support for a new database container format (CVD) - compressed and
digitally signed
+ better protection against malformed zip archives (such as Mimail)
+ mail decoder fixes (thanks to Rene Bellora, Bernd Kuhls, Thomas Lamy,
Tomasz Papszun) (Nigel Horne)
+ memory leak fixes (Thomas Lamy)
+ new scan option CL_DISABLERAR (disables built-in RAR unpacker)
-) freshclam:
+ fixed --on-error-execute behaviour (David Woakes)
+ new option --user (-u) USER - run as USER instead of the default user.
Patch by Damien Curtain.
+ rewritten to use database.clamav.net and CVD
-) documentation:
+ new Spanish documentation on ClamAV and Sendmail integration by
Erick Ivaan Lopez Carreon
+ included clamdoc.pdf Turkish translation by yavuz kaya and Ýbrahim erken
+ included clamav-mirror-howto.pdf by Luca Gibelli
+ included clamd+daemontools HOWTO by Jesse D. Guardiani
+ included signatures.pdf
+ man pages: updated
+ clamdoc.pdf: rewritten
However currently milter support is disabled, as it requires strerror_r to
be available, which it isn't on -current.
Note this required the fixing of the milter tests in the configure.in file.
It seemed if you used --disable-milter and the .h file was in the include
path, eg on -current it's in /usr/include/libmilter it was found and used.
We now have a want_milter for the --enable/disable-milter, which will
trigger the tests to setup have_milter.
Once I've sorted out the strerror_r problem in -current I'll enable the
milter support (or if someone tells me it works with pth)
Bump PKGREVISION.
Also fix pkg/22714, clamav not building, this was due to it rerunning
configure due to dependancy updates, which built a new libtool, replacing
the one we had given it from pkgsrc.
The fix is to run autoconf and automake on the patches, I would have done
diff's post autoconf/automake, but the diffs are much bigger.
Known issue, if you run fetchclam to update the databases you'll find that
pkg_install won't remove the db files as the MD5 checksum has changed, I
may move the db files into etc/clamav and copy them in, then fetchclam can
update as needed.
However I thought that given the current spate of viruses hitting people
they maybe wanting the latest version.
Provided in PR 20662 by David Ferlier, modified to use pkgsrc libtool
and to add users by myself.
Clam AntiVirus is an anti-virus toolkit written from scratch. It is
licensed under GNU GPL2 and uses the virus database from
OpenAntiVirus, which is an another free anti-virus project. In
contrast to OpenAntiVirus (which is written in Java), Clam AntiVirus
is written entirely in C and its database is KEPT UP TO DATE. It also
detects polymorphic viruses as well.