Softpedia >Mac >Antivirus >ClamAV >  Changelog

ClamAV Changelog

What's new in ClamAV 0.99.1

Mar 3, 2016
  • hwp5.x: fix for streams without names
  • libclamav: yara: avoid unaliged access to 64bit variable
  • bb11455 - patch by Mark Allan to add show-progress option to freshclam.
  • added 'CustomXML' as trigger for likely OOXML

New in ClamAV 0.99.1 Beta 1 (Feb 5, 2016)

  • Contains a new feature for parsing Hancom Office files including extracting and scanning embedded objects.
  • ClamAV 0.99.1 also contains important bug fixes.

New in ClamAV 0.99 RC 2 (Nov 17, 2015)

  • bb11420 - fix preclass/cache interaction.
  • bb11419 - fix valgrind-detected uninitialized value when caching is disabled.
  • bb11418 - fix clamdscan segfault when using stream(stdin) input.
  • bb#11421 - CUD digital signature verification and empty files
  • change unknown database default to skip from .db
  • use pkg-config to determine CHECK_LIBS
  • bb#11015(2) - refactor automated pwdb target assignment for tdb
  • fix error reporting for pwdb signature loading
  • fix crash in clamd scan callback function.
  • fix for openssl build with specific openssl location
  • onas: adding better feedback for users attempting to use fanotify prevention on kernels with unsupported configurations.
  • onas: adding throttling to notifications when handling fanotify errors on large files.
  • onas: adding optional extra scanning for inotify events
  • onas: improving handling of fanotify read errors for large files.

New in ClamAV 0.99 RC 1 (Oct 15, 2015)

  • Processing of YARA rules(some limitations- see signatures.pdf).
  • Support in ClamAV logical signatures for many of the features added for YARA, such as Perl Compatible Regular Expressions, alternate strings, and YARA string attributes. See signatures.pdf for full details.
  • New and improved on-access scanning for Linux. See the recent blog post and clamdoc.pdf for details on the new on-access capabilities.
  • A new ClamAV API callback function that is invoked when a virus is found. This is intended primarily for applications running in all-match mode. Any applications using all-match mode must use the new callback function to record and report detected viruses.
  • Configurable default password list to attempt zip file decryption.
  • TIFF file support.
  • Upgrade Windows pthread library to 2.9.1.
  • A new signature target type for designating signatures to run against files with unknown file types.
  • Improved fidelity of the "data loss prevention" heuristic algorithm. Code supplied by Bill Parker.
  • Support for LZMA decompression within Adobe Flash files.
  • Support for MSO attachments within Microsoft Office 2003 XML files.
  • A new sigtool option(--ascii-normalize) allowing signature authors to more easily generate normalized versions of ascii files.
  • Windows installation directories changed from \Program Files\Sourcefire\ ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.

New in ClamAV 0.99 Beta 2 (Sep 9, 2015)

  • New and improved on-access scanning for Linux. See the recent blog post for more details on the new on-access capabilities.
  • Improved support for YARA rules including private rules, referencing other rules, and YARA "include" files.
  • Configurable default password list to attempt zip file decryption.
  • TIFF support.
  • ./configure options for YARA.
  • upgrade Windows pthread library to 2.9.1.
  • a new signature target type for uncategorized files.
  • Improved fidelity of the "data loss prevention" heuristic algorithm. Code supplied by Bill Parker.

New in ClamAV 0.99 Beta 1 (May 30, 2015)

  • Process YARA rules(with limitations) as ClamAV signatures.
  • Support in ClamAV logical signatures many of the features added for YARA, such as Perl Compatible Regular Expressions.

New in ClamAV 0.98.7 (Apr 29, 2015)

  • Fixed issues:
  • bb#11296 - various fixes to pdf string base64 string conversion
  • bb11298 - look for TOC element name (as a synonynm for ). Continue processing rather than exit in the event of missing or error in TOC checksum specification.
  • iso9660: remove unnecessaty parameter on iso_parse_dir() and reset return code when scanall is in effect.
  • pdf: correctly handle decoding, decryption, character set conversions, and file properties collection(base64 encoded as needed).
  • converted cb_file_props from using engine-based ctx to file-based ctx
  • bb11281 - Reworked reverted upack.c crash patch to fix regression false negatives.
  • make check: added env check 'T' to set timeout
  • bb#11282 - patch for code clean up in rebuildpe. Patch supplied by Sebastian Andrzej Siewior.
  • bb#11284 - fixed integer underflow in detecting W32.Polipos.A method. Patch supplied by Sebastian Andrzej Siewior.
  • updated documentation on document property collection
  • added support for MS Office 2003 XML(msxml) document types and msxml file properties collection.
  • fixed converity issue ID 12109 buffer was not freed on rare error case
  • fixed coverity ID 12110 12111 changed a the type of a value from unsigned to signed due to possible negative values
  • Fix for infinite loop on crafted xz file.
  • bb11278 - was not detecting viruses on files inside iso9660. Also fix up all-match logic.
  • bb11274 - adds out of bounds check for petite packed files. Patch from Sebastian Andrzej Siewior.
  • updated example fileprop analysis bytecodes moved old example bytecodes to examples/fileprop_analysis/old/
  • backwards compatibility for target type 13 json scanning
  • generates fmap from desc if no map is NULL
  • Apply y0da cryptor patch sent in by Sebastian Andrzej Siewior.
  • flevel updated to 80 (new bytecode hook type)
  • clambc info option updated for new hook type
  • added BC_PRECLASS hook support; replaces target type 13
  • pdf string UTF-16 conversion no longer solely depends on ICONV reason: no ICONV meant no conversion even though conversion function existed
  • bb#11269 - bm matcher no longer sets scanning window offset reason: certain segments could be hashed multiple times
  • bb#11269 - hash does not compute on segments smaller than the maxpatlen
  • bb#11267 - libclamav upx cover against hand crafted section ove patch supplied bySebastian Andrzej Siewior.
  • Patch for integer overflow checks for petite unpack code supplied by Sebastian Andrzej Siewior.
  • remove obsolete parameters from the clamd.conf man page: MailMaxRecursion, ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles, ArchiveMaxCompressionRatio, ArchiveBlockMax, ArchiveLimitMemoryUsage, Clamuko*.
  • bb#11212 - fix MEW unpacker
  • bb11264 - patch for 'possible' heap overflow submitted by the Debian team.
  • bb11260: fix compile error when './configure --disable-pthreads' is specified.
  • bb#11254 - removed built-in llvm configure check and added --with-llvm-linking option to specify system-llvm linking method
  • improved documentation on macro subsignatures
  • fix documentation errors in example logical signature.
  • bb#12887 - fixed an issue regarding (fd==-1) in WinAPI
  • fixed Windows API SetOption/GetOption CLAM_LIMIT_RECURSION
  • added ICONV to clamconf optional features report
  • fixed an incorrect return value for magic_scandesc
  • cleaned up configure help strings by using AS_HELP_STRING
  • bb#11238 - added missing PDF preclass operations > added whitespace fix for indirect references strings > added PDF escape sequence handling (including octal)
  • bb#11237 - fixed bug in building CUD file
  • bb11233 - fix a strange bus error on Mac OS X PPC when using debug mode.
  • bb#11226 - fixed gpt GUID debugging message

New in ClamAV 0.98.6 (Jan 28, 2015)

  • library shared object revisions.
  • installation issues on some Mac OS X and FreeBSD platforms.
  • includes a patch from Sebastian Andrzej Siewior making ClamAV pid files compatible with systemd.
  • Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team.
  • Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team.
  • Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab.
  • Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior. CVE-2014-9328.
  • Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior.

New in ClamAV 0.98.5 (Nov 24, 2014)

  • Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files.
  • Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. Andreas Cadhalpun submitted the patch implementing this support.
  • Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs.
  • Resolution of many of the warning messages from ClamAV compilation.
  • Improved detection of malicious PE files.
  • Security fix for ClamAV crash when using 'clamscan -a'. This issue was identified by Kurt Siefried of Red Hat.
  • Security fix for ClamAV crash when scanning maliciously crafted yoda's crypter files. This issue, as well as several other bugs fixed in this release, were identified by Damien Millescamp of Oppida.
  • ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode. Thanks to Reinhard Max for supplying the patch.
  • Bug fixes and other feature enhancements. See Changelog or git log for details.

New in ClamAV 0.98.4 (Nov 10, 2014)

  • CHANGES:
  • Various build problems on Solaris, OpenBSD, AIX.
  • Crashes of clamd on Windows and Mac OS X platforms when reloading the virus signature database.
  • Infinite loop in clamdscan when clamd is not running.
  • Freshclam failure on Solaris 10
  • Buffer underruns when handling multi-part MIME email attachments.
  • Configuration of OpenSSL on various platforms.
  • Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1.
  • Linking issues with libclamunrar

New in ClamAV 0.98.5 RC 1 (Oct 14, 2014)

  • ClamAV 0.98.5 includes important new features for collecting and analyzing file properties.
  • Also includes these new features:
  • Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files.
  • Addition of shared library support for LLVM verions 3.1 - 3.4 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. Andreas Cadhalpun submitted the patch implementing this support.
  • Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs.
  • Resolution of many of the warning messages from ClamAV compilation.
  • Bug fixes and other feature enhancements. See Changelog or git log for details.

New in ClamAV 0.96.3 (Sep 20, 2010)

  • This release fixes problems with the PDF parser and the internal bzip2
  • library.

New in ClamAV 0.95.3 (Dec 9, 2009)

  • use a double instead of integer to avoid negative time (bb #1731).

New in ClamAV 0.95.2 (Jun 23, 2009)

  • Improves handling of archives.
  • Adds support for --file-list in clamscan and clamdscan, and fixes various issues found in previous releases.

New in ClamAV 0.95.1 (Apr 9, 2009)

  • Bugfix release only.

New in ClamAV 0.95 (Mar 24, 2009)

  • Google Safe Browsing support: in addition to the heuristic and signature based phishing detection mechanisms already available in ClamAV, the scanner can now make use of the Google's blacklists of suspected phishing and malware sites. The ClamAV Project distributes a constantly updated Safe Browsing database, which can be automatically fetched by freshclam. For more information, please see freshclam.conf(5) and http://safebrowsing.clamav.net.
  • New clamav-milter: The program has been redesigned and rewritten from scratch. The most notable difference is that the internal mode has been dropped which means that now a working clamd companion is required. The milter now also has its own configuration file.
  • Clamd extensions: The protocol has been extended to lighten the load that clamd puts on the system, solve limitations of the old protocol, and reduce latency when signature updates are received. For more information about the new extensions please see the official documentation and the upgrade notes.
  • Improved API: The API used to program ClamAV's engine (libclamav) has been redesigned to use modern object-oriented techniques and solves various API/ABI compatibility issues between old and new releases. You can find more information in Section 6 of clamdoc.pdf and in the upgrade notes.
  • ClamdTOP: This is a new program that allows system administrators to monitor clamd. It provides information about the items in the clamd's queue, clamd's memory usage, and the version of the signature database, all in real-time and in nice curses-based interface.
  • Memory Pool Allocator: Libclamav now includes its own memory pool allocator based on memory mapping. This new solution replaces the traditional malloc/free system for the copy of the signatures that is kept in memory. As a result, clamd requires much less memory, particularly when signature updates are received and the database is loaded into memory.
  • Unified Option Parser: Prior to version 0.95 each program in ClamAV's suite of programs had its own set of runtime options. The new general parser brings consistency of use and validation to these options across the suite. Some command line switches of clamscan have been renamed (the old ones will still be accepted but will have no effect and will result in warnings), please see clamscan(1) and clamscan --help for the details.

New in ClamAV 0.95 RC 2 (Mar 17, 2009)

  • Fixed a number of problems that were found in the last version and provided support for Google Safe Browsing, which can be enabled by turning on the SafeBrowsing option in freshclam.conf.