This release of ClamAV introduces new malware detection mechanisms and other
significant improvements to the scan engine. The key features include:
- The Bytecode Interpreter: the interpreter built into LibClamAV allows
the signature writers to create and distribute very complex detection
routines and remotely enhance the scanner's functionality
- Heuristic improvements: improve the PE heuristics detection engine by
adding support of bogus icons and fake PE header information. In a
nutshell, ClamAV can now detect malware that tries to disguise itself
as a harmless application by using the most common Windows program icons.
- Signature Improvements: logical signature improvements to allow more
detailed matching and referencing groups of signatures. Additionally,
improvements to wildcard matching on word boundaries and newlines.
- Support for new archives: 7zip, InstallShield and CPIO. LibClamAV
can now transparently unpack and inspect their contents.
- Support for new executable file formats: 64-bit ELF files and OS X
Universal Binaries with Mach-O files. Additionally, the PE module
can now decompress and inspect executables packed with UPX 3.0.
- Support for DazukoFS in clamd
- Performance improvements: overall performance improvements and memory
optimizations for a better overall resource utilization experience.
- Native Windows Support: ClamAV will now build natively under Visual
Studio. This will allow 3rd Party application developers on Windows
to easily integrate LibClamAV into their applications.
The complete list of changes is available in the ChangeLog file. For upgrade
notes and tips please see: https://wiki.clamav.net/Main/UpgradeNotes096
* Bugfixes and changes since 0.91.1:
- libclamav/rtf.c: fix possible NULL dereference (bb#611)
- libclamav/ole2_extract.c: properly initialise hdr.max_block_no (bb#603)
- libclamav/htmlnorm.c: fix possible NULL dereference (bb#582),
thanks to Stefanos Stamatis
- libclamav/htmlnorm.c: fix call to tolower() (bb#580)
- libclamav/filetypes.c: some embedded PEs were not being detected
- clamav-milter: Fix compilation error on NetBSD2.0
- clamav-milter: Black-hole-mode no longer needs to be run as root
- libclamav/pdf.c: Bug 618, --block-max not always honoured
- libclamav/phishcheck.c, regex_list.c, phish_whitelist.c: make debug
output look better (patch from Sven)
- libclamav/phishcheck.c: Don't report phishing on broken urls containing
'>' in the hostname. (bb #619)
- libclamav, sigtool: add support for PUA databases (.hdu, .mdu, .ndu),
requested by Christoph
- clamscan: add --detect-pua
- clamd, clamd.conf: add DetectPUA
- freshclam/mirman.c: properly handle mirror access times (bb#606, only
outdated installations - three versions behind the latest one were
affected by this problem),
Reported by David F. Skoll <dfs*roaringpenguin.com>
- clamav-milter: Bug 614
- libclamav/pdf.c: Bug 608
- clamav-milter: SPF checking no longer experimental
- libclamav/phishcheck.c: workaround Solaris problem with regexec() [bb #598
]
- libclamav/matcher-ac.c: fix matching of patterns with prefixes and some
other issues spotted by Glen <daineng*gmail.com>
- clamav-milter/clamav-milter.c: Better use of res_init()
- clamav-milter/clamav-milter.c: HP-UX doesn't have EX_CONFIG, reported
by clam * ministry.se
The 0.9x series introduces lots of improvements in terms of detection
rate and performance, like support for many new packers and decryptors,
RAR3 and SIS archives, and a new phishing signatures format that proves
to be very effective.
(I tried to contact the MAINTAINER but got no reply. I'm using this in our
production systems so this should work just fine.)
* Bugfixes:
- libclamav/rebuildpe.c: fix possible heap overflow [IDEF1597]
- libclamav/chmunpack.c: fix possible crash [IDEF1736]
- freshclam/manager.c: "Cache-Control: no-cache" is now disabled by default.
If you're behind a broken proxy you can recompile freshclam with
--enable-no-cache.
- Convert to use bsd.options.mk.
- The virus database has been moved to ${VARBASE}/clamav.
* freshclam/clamd: fix crash on PPC when LogFile was enabled together
with LogSyslog
* configure: improve gethostbyname_r check; cleanups
* clamav-milter: Use GETHOSTBYNAME_R_6
Better load balancing if max_children = 0
Fixed warning message when building on FreeBSD4.9
Closed (small) memory leak
Fix crash when the 1st remote service goes down
Only use gethostbyname_r on LINUX for now
Improved load balancing a bit
* clamdscan: fix stdin scanning in local mode
* clamav-milter: %v in the template file handling is now replaced
only with the virus name, no "stream:" appears
* libclamav/mbox.c: Fix crash when debugging on SPARC
* libclamav/message.c: Fix occasional crash when scanning
multipart within multipart e-mails
0.70
----
The two major changes in this version are new thread manager in clamd
and support for decoding MS Office VBA macros. Both of them have been
implemented by Trog. Besides, there are many improvements and bugfixes
(all listed in ChangeLog), a short summary:
-) clamd
+ new thread manager (with better SMP support)
+ on-access scanning now also available on FreeBSD (with Dazuko 2.0)
+ new directive ArchiveBlockEncrypted
+ new directive ReadTimeout (replaces ThreadTimeout)
+ handle SIGHUP (re-open logfile) and SIGUSR2 (reload database)
+ respect TCPAddr in stream scanner
-) clamav-milter:
+ TCPWrappers support
-) libclamav:
+ support MS Office documents (OLE2) and VBA macro decoding
+ support encrypted archive detection
+ new flags: CL_OLE2, CL_ENCRYPTED (see clamdoc.pdf, Section 6.1)
+ improve virus detection in big files
+ improve support for multipart, bounce and embedded RFC822 messages
+ improve RAR support
+ include backup snprintf implementation
-) clamscan:
+ new option: --block-encrypted
-) freshclam
+ new option: --pid, -p (write pid file if run as daemon)
+ handle SIGHUP (re-open logfile), SIGTERM (terminate with log message),
SIGALRM and SIGUSR1 (wake up and check mirror)
+ fix bug with -u and -c handling
-) contrib
+ windows clamd client now available with source code
-) documentation:
+ new Polish documentation on ClamAV and Samba integration
+ official documentation updated
0.68-1
------
Fixed RAR support.
0.68
----
This version fixes a crash with some RAR archives generated by the Bagle worm,
also a few important fixes have been backported from CVS.
We strongly encourage users to install the 0.70-rc version (released today).
0.67
----
This release fixes a memory management problem (platform dependent; can lead
to a DoS attack) with messages that only have attachments (reported by Oliver
Brandmueller). It also contains patches for a few problems found in 0.66 and
has better Cygwin support.
This version is a response to the "clamav 0.65 remote DOS exploit"
information published on popular security-related mailing lists.
Other changes include: (see the README for a full list)
-) clamd:
+ fixed database timestamp handling (and a double reload problem reported
by Alex Pleiner and Ole Stanstrup)
+ new directive: ArchiveMaxCompressionRatio
+ new command: SESSION (starts a clamd session and allows to do multiple
commands per TCP session)
+ new directives: TemporaryDirectory, LogClean (Andrey V. Malyshev)
-) freshclam:
+ support for freshclam.conf (that may be optionally merged with
clamav.conf, command line options overwrite config settings)
+ work-around for potential database downgrade (subtle problem
in r-r dns handling) - reported by Daniel Mario Vega and patched
by Luca Gibelli
Fix build by rather patch "configure" directly instead of configure.in
(autoconf failed). Tested on NetBSD-current and Linux (some kind of Debian).
Somewhat based upon PR 24294 by Eric Schnoebelen.
While at it also fix configure to always install the example config file
to "examples".
Bump PKGREVISION to 1.
working on the issue.
Changes:
-) clamd:
+ fixed a race condition in database reloading code (random crashes
under high load)
+ fixed a race condition with the improperly initialized session start time
(thanks to Michael Dankov)
+ fixed PidFile permissions (Magnus Ekdahl, bug reported by Tomasz Papszun)
+ fixed LogFile permissions (Magnus Ekdahl)
+ new directive ScanRAR (bacause RAR support is now disabled by default)
+ new directive VirusEvent
+ new directive FixStaleSocket (Thomas Lamy and Mark Mielke)
+ new directive TCPAddr (Bernard Quatermass, fixed by Damien Curtain)
+ new directive Debug
-) clamav-milter: (Nigel Horne <njh*clamav.net>)
+ new --force-scan flag
+ new -P and -q flags by Nicholas M. Kirsch
WARNING: clamav-milter and our mail scanner are still in high development
and may be unstable. You should always use the CVS version.
-) libclamav:
+ support for a new database container format (CVD) - compressed and
digitally signed
+ better protection against malformed zip archives (such as Mimail)
+ mail decoder fixes (thanks to Rene Bellora, Bernd Kuhls, Thomas Lamy,
Tomasz Papszun) (Nigel Horne)
+ memory leak fixes (Thomas Lamy)
+ new scan option CL_DISABLERAR (disables built-in RAR unpacker)
-) freshclam:
+ fixed --on-error-execute behaviour (David Woakes)
+ new option --user (-u) USER - run as USER instead of the default user.
Patch by Damien Curtain.
+ rewritten to use database.clamav.net and CVD
-) documentation:
+ new Spanish documentation on ClamAV and Sendmail integration by
Erick Ivaan Lopez Carreon
+ included clamdoc.pdf Turkish translation by yavuz kaya and Ýbrahim erken
+ included clamav-mirror-howto.pdf by Luca Gibelli
+ included clamd+daemontools HOWTO by Jesse D. Guardiani
+ included signatures.pdf
+ man pages: updated
+ clamdoc.pdf: rewritten
However currently milter support is disabled, as it requires strerror_r to
be available, which it isn't on -current.
Note this required the fixing of the milter tests in the configure.in file.
It seemed if you used --disable-milter and the .h file was in the include
path, eg on -current it's in /usr/include/libmilter it was found and used.
We now have a want_milter for the --enable/disable-milter, which will
trigger the tests to setup have_milter.
Once I've sorted out the strerror_r problem in -current I'll enable the
milter support (or if someone tells me it works with pth)
Bump PKGREVISION.
Also fix pkg/22714, clamav not building, this was due to it rerunning
configure due to dependancy updates, which built a new libtool, replacing
the one we had given it from pkgsrc.
The fix is to run autoconf and automake on the patches, I would have done
diff's post autoconf/automake, but the diffs are much bigger.
Known issue, if you run fetchclam to update the databases you'll find that
pkg_install won't remove the db files as the MD5 checksum has changed, I
may move the db files into etc/clamav and copy them in, then fetchclam can
update as needed.
However I thought that given the current spate of viruses hitting people
they maybe wanting the latest version.
Provided in PR 20662 by David Ferlier, modified to use pkgsrc libtool
and to add users by myself.
Clam AntiVirus is an anti-virus toolkit written from scratch. It is
licensed under GNU GPL2 and uses the virus database from
OpenAntiVirus, which is an another free anti-virus project. In
contrast to OpenAntiVirus (which is written in Java), Clam AntiVirus
is written entirely in C and its database is KEPT UP TO DATE. It also
detects polymorphic viruses as well.
