This release contains new scanning features and bug fixes.
- Improvements to PDF processing: decryption, escape sequence
handling, and file property collection.
- Scanning/analysis of additional Microsoft Office 2003 XML format.
- Fix infinite loop condition on crafted y0da cryptor file. Identified
and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
- Fix crash on crafted petite packed file. Reported and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
- Fix false negatives on files within iso9660 containers. This issue
was reported by Minzhuan Gong.
- Fix a couple crashes on crafted upack packed file. Identified and
patches supplied by Sebastian Andrzej Siewior.
- Fix a crash during algorithmic detection on crafted PE file.
Identified and patch supplied by Sebastian Andrzej Siewior.
- Fix an infinite loop condition on a crafted "xz" archive file.
This was reported by Dimitri Kirchner and Goulven Guiheux.
CVE-2015-2668.
- Fix compilation error after ./configure --disable-pthreads.
Reported and fix suggested by John E. Krokes.
- Apply upstream patch for possible heap overflow in Henry Spencer's
regex library. CVE-2015-2305.
- Fix crash in upx decoder with crafted file. Discovered and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
- Fix segfault scanning certain HTML files. Reported with sample by
Kai Risku.
- Improve detections within xar/pkg files.
Changes from 0.98.5.
--------------------
- library shared object revisions.
- installation issues on some Mac OS X and FreeBSD platforms.
- includes a patch from Sebastian Andrzej Siewior making
ClamAV pid files compatible with systemd.
- Fix a heap out of bounds condition with crafted Yoda's
crypter files. This issue was discovered by Felix Groebert
of the Google Security Team.
- Fix a heap out of bounds condition with crafted mew packer
files. This issue was discovered by Felix Groebert of the
Google Security Team.
- Fix a heap out of bounds condition with crafted upx packer
files. This issue was discovered by Kevin Szkudlapski of
Quarkslab.
- Fix a heap out of bounds condition with crafted upack packer
files. This issue was discovered by Sebastian Andrzej Siewior.
CVE-2014-9328.
- Compensate a crash due to incorrect compiler optimization when
handling crafted petite packer files. This issue was discovered
by Sebastian Andrzej Siewior.
ChangeLog for this version:
Wed, 12 Nov 2014 14:30:39 EDT (swebb)
-------------------------------------
* bb11176 - Instruct OpenSSL to allow MD5 when in FIPS-compliant mode.
Patch submitted by Reinhard Max.
Mon, 10 Nov 2014 11:03:29 EDT (swebb)
-------------------------------------
* bb11155 - Adjust the logic surrounding adjusting the PE section sizes
This fixes a crash with maliciously crafted yoda's crypter files and
also improves virus detections for PE files.
Thu, 6 Nov 2014 14:51:26 EDT (swebb)
-------------------------------------
* bb11088 - Merge in fixes for clamscan -a crash bug
Mon, 20 Oct 2014 11:33:18 EDT (swebb)
-------------------------------------
* Revert "bb#10731 - Allow to specificy a group for the socket of which
the user is not a member"
Thu, 31 Jul 2014 19:11:22 EDT (swebb)
-------------------------------------
* Add support for XDP PDF file format
Thu, Jul 31 11:50:23 EDT 2014 (swebb)
------------------------------------
* bb#10731 - Allow specification of a group for the milter socket of which
the user is not a member - patch submitted by Sebastian Andrzej Siewior
Fri, 25 Jul 2014 12:26:04 EDT (klin)
------------------------------------
* bb#10981 - applied LLVM 3.1-3.4 - patch submitted by Andreas Cadhalpun
Fri, 25 Jul 2014 12:06:13 (klin)
--------------------------------
* clambc: added diagnostic tools for bytecode IR
Tue, 8 Jul 2014 19:53:41 EDT (swebb)
------------------------------------
* mass cleanup of compiler warnings
Tue, 08 Jul 11:30:00 EDT 2014 (morgan)
------------------------------------
* 0.98.5 beta release
Mon, 07 Jul 09:00:00 EDT 2014 (swebb)
------------------------------------
* 0.98.5-beta1 release engineering
Thu, 03 Jul 22:14:40 EDT 2014 (swebb)
------------------------------------
* Call cl_initialize_crypto() in cl_init()
Thu, 03 Jul 16:28:10 EDT 2014 (swebb)
------------------------------------
* Finalize PDF parsing code for the preclassification feature
Wed, 25 Jun 16:26:33 EDT 2014 (swebb)
------------------------------------
* Finalize linking in libjson, a new optional dependency
Fri, 13 Jun 2014 16:11:15 EDT (smorgan)
---------------------------------------
* add timeout facility for file property scanning
Tue, 3 Jun 2014 13:31:50 EDT (smorgan)
--------------------------------------
* add callback for user processing of json string and json scan result
Wed, 7 May 2014 10:56:35 EDT (swebb)
------------------------------------
* PE file properties collection
Tue, 6 May 2014 15:26:30 EDT (klin)
-----------------------------------
* add api to read json to the bytecode api
Thu, 1 May 2014 16:59:01 EDT (klin)
-----------------------------------
* docx/pptx/xlsx file properties collection
Wed, 30 Apr 2014 16:38:55 EDT (swebb)
-------------------------------------
* pdf file properties collection
Tue, 22 Apr 2014 14:22:39 EDT (klin)
------------------------------------
* json api wrapper
Mon, 21 Apr 2014 18:30:28 EDT (klin)
------------------------------------
* doc/ppt/xls file properties collection
Wed, 16 Apr 18:14:45 2014 EDT (smorgan)
--------------------------------------
* Initial libjson-c configure/build support and json file properties work
- Various build problems on Solaris, OpenBSD, AIX.
- Crashes of clamd on Windows and Mac OS X platforms when reloading the virus signature database.
- Infinite loop in clamdscan when clamd is not running.
- Freshclam failure on Solaris 10.
- Buffer underruns when handling multi-part MIME email attachments.
- Configuration of OpenSSL on various platforms.
- Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1.
- Linking issues with libclamunrar
- Support for common raw disk image formats using 512 byte sectors,
specifically GPT, APM, and MBR partitioning.
- Experimental support of OpenIOC files. ClamAV will now extract file
hashes from OpenIOC files residing in the signature database location,
and generate ClamAV hash signatures. ClamAV uses no other OpenIOC
features at this time. No OpenIOC files will be delivered through
freshclam. See openioc.org and iocbucket.com for additional information
about OpenIOC.
- All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)
now support IPV6 addresses and configuration parameters.
- Use OpenSSL file hash functions for improved performance. OpenSSL
is now prerequisite software for ClamAV 0.98.3.
- Improved detection of malware scripts within image files. Issue reported
by Maarten Broekman.
- Change to circumvent possible denial of service when processing icons within
specially crafted PE files. Icon limits are now in place with corresponding
clamd and clamscan configuration parameters. This issue was reported by
Joxean Koret.
- Improvements to the fidelity of the ClamAV pattern matcher, an issue
reported by Christian Blichmann.
- Opt-in collection of statistics. Statistics collected are: sizes and MD5
hashes of files, PE file section counts and section MD5 hashes, and names
and counts of detected viruses. Enable statistics collection with the
--enable-stats clamscan flag or StatsEnabled clamd configuration
parameter.
- Improvements to ClamAV build process, unit tests, and platform support with
assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,
and Dave Simonson.
- Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.
- ClamAV 0.98.3 also includes miscellaneous bug fixes and documentation
improvements.
quality improvements. These include:
- Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.
- Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
XAR format is commonly used for software packaging, such as PKG and RPM, as well as
general archival.
- Decompression and scanning of files in "Xz" compression format.
- Improvements and fixes to extraction and scanning of ole formats.
- Option to force all scanned data to disk. This impacts only a few file types where
some embedded content is normally scanned in memory. Enabling this option
ensures that a file descriptor exists when callback functions are used, at a small
performance cost. This should only be needed when callback functions are used
that need file access.
- Various improvements to ClamAV configuration, support of third party libraries,
and unit tests.
* libclamav: Scan output at end of truncated tar
* libclamav: Fix handling of tar file with malformed header
* libclamav: Scan chm with invalid handling
* freshclam: give custom dbs higher priority during update
* libclamav: detect read races and abort the scan with an error
* libclamav/pe.c: drop old header check
freshclam/manager.c: fix error when compiling without DNS support (bb#3056)
libclamav/pdf.c: flag and dump PDF objects with /Launch (bb #3514)
libclamav/bytecode.c,bytecode_api.c: fix recursion level crash
ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing detection,
hash matcher, and other minor issues. Please see the ChangeLog file for
details.
ClamAV 0.97 brings many improvements, including complete Windows support
(all major components compile out-of-box under Visual Studio), support for
signatures based on SHA1 and SHA256, better error detection, as well as
speed and memory optimizations. The complete list of changes is available
in the ChangeLog file.
