Skip to content

Releases: Cisco-Talos/clamav

ClamAV 1.4.0

15 Aug 16:02
@micahsnyder micahsnyder
clamav-1.4.0
cad552d
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
ClamAV 1.4.0 Latest
Latest

ClamAV 1.4.0 includes the following improvements and changes:

Major changes

  • Added support for extracting ALZ archives.
    The new ClamAV file type for ALZ archives is CL_TYPE_ALZ.
    Added a DCONF
    option to enable or disable ALZ archive support.

    Tip: DCONF (Dynamic CONFiguration) is a feature that allows for some
    configuration changes to be made via ClamAV .cfg "signatures".

  • Added support for extracting LHA/LZH archives.
    The new ClamAV file type for LHA/LZH archives is CL_TYPE_LHA_LZH.
    Added a DCONF
    option to enable or disable LHA/LZH archive support.

  • Added the ability to disable image fuzzy hashing, if needed. For context,
    image fuzzy hashing is a detection mechanism useful for identifying malware
    by matching images included with the malware or phishing email/document.

    New ClamScan options:

    --scan-image[=yes(*)/no]
--scan-image-fuzzy-hash[=yes(*)/no]

    New ClamD config options:

    ScanImage yes(*)/no
ScanImageFuzzyHash yes(*)/no

    New libclamav scan options:

    options.parse &= ~CL_SCAN_PARSE_IMAGE;
options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH;

    Added a DCONF
    option to enable or disable image fuzzy hashing support.

Other improvements

  • Added cross-compiling instructions for targeting ARM64/aarch64 processors for
    Windows
    and
    Linux.

  • Improved the Freshclam warning messages when being blocked or rate limited
    so as to include the Cloudflare Ray ID, which helps with issue triage.

  • Removed unnecessary memory allocation checks when the size to be allocated
    is fixed or comes from a trusted source.
    We also renamed internal memory allocation functions and macros, so it is
    more obvious what each function does.

  • Improved the Freshclam documentation to make it clear that the --datadir
    option must be an absolute path to a directory that already exists, is
    writable by Freshclam, and is readable by ClamScan and ClamD.

  • Added an optimization to avoid calculating the file hash if the clean file
    cache has been disabled. The file hash may still be calculated as needed to
    perform hash-based signature matching if any hash-based signatures exist that
    target a file of the same size, or if any hash-based signatures exist that
    target "any" file size.

  • Added an improvement to the SystemD service file for ClamOnAcc so that the
    service will shut down faster on some systems.

  • Added a CMake build dependency on the version map files so that the build
    will re-run if changes are made to the version map files.
    Work courtesy of Sebastian Andrzej Siewior.

  • Added an improvement to the CMake build so that the RUSTFLAGS settings
    are inherited from the environment.
    Work courtesy of liushuyu.

Bug fixes

  • Silenced confusing warning message when scanning some HTML files.

  • Fixed minor compiler warnings.

  • Since the build system changed from Autotools to CMake, ClamAV no longer
    supports building with configurations where bzip2, libxml2, libz, libjson-c,
    or libpcre2 are not available. Libpcre is no longer supported in favor of
    libpcre2. In this release, we removed all the dead code associated with those
    unsupported build configurations.

  • Fixed assorted typos. Patch courtesy of RainRat.

  • Added missing documentation for the ClamScan --force-to-disk option.

  • Fixed an issue where ClamAV unit tests would prefer an older
    libclamunrar_iface library from the install path, if present, rather than
    the recently compiled library in the build path.

  • Fixed a build issue on Windows with newer versions of Rust.
    Also upgraded GitHub Actions imports to fix CI failures.
    Fixes courtesy of liushuyu.

  • Fixed an unaligned pointer dereference issue on select architectures.
    Fix courtesy of Sebastian Andrzej Siewior.

  • Fixed a bug that prevented loading plaintext (non-CVD) signature files
    when using the --fail-if-cvd-older-than=DAYS / FailIfCvdOlderThan option.
    Fix courtesy of Bark.

Acknowledgments

Special thanks to the following people for code contributions and bug reports:

  • Bark
  • liushuyu
  • Sebastian Andrzej Siewior
  • RainRat
Assets 22

ClamAV 1.4.0-rc

07 May 17:44
@micahsnyder micahsnyder
clamav-1.4.0-rc
18f2916
Compare
Choose a tag to compare
ClamAV 1.4.0-rc Pre-release
Pre-release

ClamAV 1.4.0 Release Candidate includes the following improvements and changes:

Major changes

  • Added support for extracting ALZ archives.
    The new ClamAV file type for ALZ archives is CL_TYPE_ALZ.
    Added a DCONF option to enable or disable ALZ archive support.

    Tip: DCONF (Dynamic CONFiguration) is a feature that allows for some configuration changes to be made via ClamAV .cfg "signatures".

  • Added support for extracting LHA/LZH archives.
    The new ClamAV file type for ALZ archives is CL_TYPE_LHA_LZH.
    Added a DCONF option to enable or disable LHA/LZH archive support.

  • Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document.

    New ClamScan options:

    --scan-image[=yes(*)/no]
--scan-image-fuzzy-hash[=yes(*)/no]

    New ClamD config options:

    ScanImage yes(*)/no
ScanImageFuzzyHash yes(*)/no

    New libclamav scan options:

    options.parse &= ~CL_SCAN_PARSE_IMAGE;
options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH;

    Added a DCONF option to enable or disable image fuzzy hashing support.

Other improvements

  • Added cross-compiling instructions for targeting ARM64/aarch64 processors for Windows and Linux.

  • Improved the Freshclam warning messages when being blocked or rate limited so as to include the Cloudflare Ray ID, which helps with issue triage.

  • Removed unnecessary memory allocation checks when the size to be allocated is fixed or comes from a trusted source.
    We also renamed internal memory allocation functions and macros, so it is more obvious what each function does.

  • Improved the Freshclam documentation to make it clear that the --datadir option must be an absolute path to a directory that already exists, is writable by Freshclam, and is readable by ClamScan and ClamD.

  • Added an optimization to avoid calculating the file hash if the clean file cache has been disabled. The file hash may still be calculated as needed to perform hash-based signature matching if any hash-based signatures exist that target a file of the same size, or if any hash-based signatures exist that target "any" file size.

  • Added an improvement to the SystemD service file for ClamOnAcc so that the service will shut down faster on some systems.

Bug fixes

  • Silenced confusing warning message when scanning some HTML files.

  • Fixed minor compiler warnings.

  • Since the build system changed from Autotools to CMake, ClamAV no longer supports building with configurations where bzip2, libxml2, libz, libjson-c, or libpcre2 are not available. Libpcre is no longer supported in favor of libpcre2. In this release, we removed all the dead code associated with those unsupported build configurations.

  • Fixed assorted typos. Patch courtesy of RainRat.

  • Added missing documentation for the ClamScan --force-to-disk option.

  • Fixed an issue where ClamAV unit tests would prefer an older libclamunrar_iface library from the install path, if present, rather than
    the recently compiled library in the build path.

Acknowledgments

Special thanks to the following people for code contributions and bug reports:

  • RainRat
Assets 22

ClamAV 1.3.1

17 Apr 17:25
@micahsnyder micahsnyder
clamav-1.3.1
ae81c21
Compare
Choose a tag to compare
ClamAV 1.3.1

ClamAV 1.3.1 is a critical patch release with the following fixes:

  • CVE-2024-20380:
    Fixed a possible crash in the HTML file parser that could cause a
    denial-of-service (DoS) condition.

    This issue affects version 1.3.0 only and does not affect prior versions.

    Thank you to Błażej Pawłowski for identifying this issue.

  • Updated select Rust dependencies to the latest versions.
    This resolved Cargo audit complaints and included PNG parser bug fixes.

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • Fixed assorted complaints identified by Coverity static analysis.

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam
    config option to be pruned and then re-downloaded with every update.

  • Added the new 'valhalla' database name to the list of optional databases in
    preparation for future work.

  • Added symbols to the libclamav.map file to enable additional build
    configurations.

    Patch courtesy of Neil Wilson.

Assets 22

ClamAV 1.2.3

17 Apr 17:24
@micahsnyder micahsnyder
clamav-1.2.3
a232cb9
Compare
Choose a tag to compare
ClamAV 1.2.3

ClamAV 1.2.3 is a critical patch release with the following fixes:

  • Updated select Rust dependencies to the latest versions.
    This resolved Cargo audit complaints and included PNG parser bug fixes.

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • Fixed assorted complaints identified by Coverity static analysis.

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam
    config option to be pruned and then re-downloaded with every update.

  • Added the new 'valhalla' database name to the list of optional databases in
    preparation for future work.

  • Silenced a warning "Unexpected early end-of-file" that occured when
    scanning some PNG files.

Assets 22

ClamAV 1.0.6

17 Apr 17:24
@micahsnyder micahsnyder
clamav-1.0.6
b977f2e
Compare
Choose a tag to compare
ClamAV 1.0.6

ClamAV 1.0.6 is a critical patch release with the following fixes:

  • Updated select Rust dependencies to the latest versions.
    This resolved Cargo audit complaints and included PNG parser bug fixes.

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • Fixed assorted complaints identified by Coverity static analysis.

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam
    config option to be pruned and then re-downloaded with every update.

  • Added the new 'valhalla' database name to the list of optional databases in
    preparation for future work.

  • Silenced a warning "Unexpected early end-of-file" that occured when
    scanning some PNG files.

Assets 22

ClamAV 1.3.0

07 Feb 16:06
@micahsnyder micahsnyder
clamav-1.3.0
5f934c1
Compare
Choose a tag to compare
ClamAV 1.3.0

ClamAV 1.3.0 includes the following improvements and changes:

Major changes

  • Added support for extracting and scanning attachments found in Microsoft
    OneNote section files.
    OneNote parsing will be enabled by default, but may be optionally disabled
    using one of the following options:
    a. The clamscan command line option: --scan-onenote=no,
    b. The clamd.conf config option: ScanOneNote no,
    c. The libclamav scan option options.parse &= ~CL_SCAN_PARSE_ONENOTE;,
    d. A signature change to the daily.cfg dynamic configuration (DCONF).

Other improvements

  • Fixed issue when building ClamAV on the Haiku (BeOS-like) operating system.
    Patch courtesy of Luca D'Amico

  • ClamD: When starting, ClamD will now check if the directory specified by
    TemporaryDirectory in clamd.conf exists. If it doesn't, ClamD
    will print an error message and will exit with exit code 1.
    Patch courtesy of Andrew Kiggins.

  • CMake: If configured to build static libraries, CMake will now also
    install the libclamav_rust, libclammspack, libclamunrar_iface, and
    libclamunrar static libraries required by libclamav.

    Note: These libraries are all linked into the clamscan, clamd, sigtool,
    and freshclam programs, which is why they did not need to be installed
    to function. However, these libraries would be required if you wish to
    build some other program that uses the libclamav static library.

    Patch courtesy of driverxdw.

  • Added file type recognition for compiled Python (.pyc) files.
    The file type appears as a string parameter for these callback functions:

    • clcb_pre_cache
    • clcb_pre_scan
    • clcb_file_inspection
      When scanning a .pyc file, the type parameter will now show
      "CL_TYPE_PYTHON_COMPILED" instead of "CL_TYPE_BINARY_DATA".
    • GitHub pull request

  • Improved support for decrypting PDF's with empty passwords.

  • Assorted minor improvements and typo fixes.

Bug fixes

  • Fixed a warning when scanning some HTML files.

  • Fixed an issue decrypting some PDF's with an empty password.

  • ClamOnAcc: Fixed an infinite loop when a watched directory does not exist.

  • ClamOnAcc: Fixed an infinite loop when a file has been deleted before a scan.
    Patch courtesy of gsuehiro.

  • Fixed a possible crash when processing VBA files on HP-UX/IA 64bit.
    Patch courtesy of Albert Chin-A-Young.

  • ClamConf: Fixed an issue printing MaxScanSize introduced with the change
    to allow a MaxScanSize greater than 4 GiB.
    Fix courtesy of teoberi.

  • Fixed an issue building a ClamAV RPM in some configurations.
    The issue was caused by faulty CMake logic that intended to create an
    empty database directory during the install.

Acknowledgments

Special thanks to the following people for code contributions and bug reports:

  • Albert Chin-A-Young
  • Andrew Kiggins
  • driverxdw
  • gsuehiro
  • Luca D'Amico
  • RainRat
  • teoberi
Assets 22

ClamAV 1.2.2

07 Feb 16:06
@micahsnyder micahsnyder
clamav-1.2.2
ae891c9
Compare
Choose a tag to compare
ClamAV 1.2.2

ClamAV 1.2.2 is a critical patch release with the following fix:

  • CVE-2024-20290:
    Fixed a possible heap overflow read bug in the OLE2 file parser that could
    cause a denial-of-service (DoS) condition.

    Affected versions:

    • 1.0.0 through 1.0.4 (LTS)
    • 1.1 (all patch versions)
    • 1.2.0 and 1.2.1

    Thank you to OSS-Fuzz for identifying this issue.

  • CVE-2024-20328:
    Fixed a possible command injection vulnerability in the VirusEvent feature
    of ClamAV's ClamD service.

    To fix this issue, we disabled the '%f' format string parameter.
    ClamD administrators may continue to use the CLAM_VIRUSEVENT_FILENAME
    environment variable, instead of '%f'. But you should do so only from within
    an executable, such as a Python script, and not directly in the clamd.conf
    VirusEvent command.

    Affected versions:

    • 0.104 (all patch versions)
    • 0.105 (all patch versions)
    • 1.0.0 through 1.0.4 (LTS)
    • 1.1 (all patch versions)
    • 1.2.0 and 1.2.1

    Thank you to Amit Schendel for identifying this issue.

Assets 22

ClamAV 1.0.5

07 Feb 16:06
@micahsnyder micahsnyder
clamav-1.0.5
81ee14a
Compare
Choose a tag to compare
ClamAV 1.0.5

ClamAV 1.0.5 is a critical patch release with the following fixes:

  • CVE-2024-20290:
    Fixed a possible heap overflow read bug in the OLE2 file parser that could
    cause a denial-of-service (DoS) condition.

    Affected versions:

    • 1.0.0 through 1.0.4 (LTS)
    • 1.1 (all patch versions)
    • 1.2.0 and 1.2.1

    Thank you to OSS-Fuzz for identifying this issue.

  • CVE-2024-20328:
    Fixed a possible command injection vulnerability in the VirusEvent feature
    of ClamAV's ClamD service.

    To fix this issue, we disabled the '%f' format string parameter.
    ClamD administrators may continue to use the CLAM_VIRUSEVENT_FILENAME
    environment variable, instead of '%f'. But you should do so only from within
    an executable, such as a Python script, and not directly in the clamd.conf
    VirusEvent command.

    Affected versions:

    • 0.104 (all patch versions)
    • 0.105 (all patch versions)
    • 1.0.0 through 1.0.4 (LTS)
    • 1.1 (all patch versions)
    • 1.2.0 and 1.2.1

    Thank you to Amit Schendel for identifying this issue.

Assets 23

ClamAV 1.3.0-rc2

24 Jan 20:29
@micahsnyder micahsnyder
clamav-1.3.0-rc2
17c9f5b
Compare
Choose a tag to compare
ClamAV 1.3.0-rc2 Pre-release
Pre-release

ClamAV 1.3.0 includes the following improvements and changes:

Major changes

  • Added support for extracting and scanning attachments found in Microsoft
    OneNote section files.
    OneNote parsing will be enabled by default, but may be optionally disabled
    using one of the following options:
    a. The clamscan command line option: --scan-onenote=no,
    b. The clamd.conf config option: ScanOneNote no,
    c. The libclamav scan option options.parse &= ~CL_SCAN_PARSE_ONENOTE;,
    d. A signature change to the daily.cfg dynamic configuration (DCONF).

Other improvements

  • Fixed issue when building ClamAV on the Haiku (BeOS-like) operating system.
    Patch courtesy of Luca D'Amico

  • ClamD: When starting, ClamD will now check if the directory specified by
    TemporaryDirectory in clamd.conf exists. If it doesn't, ClamD
    will print an error message and will exit with exit code 1.
    Patch courtesy of Andrew Kiggins.

  • CMake: If configured to build static libraries, CMake will now also
    install the libclamav_rust, libclammspack, libclamunrar_iface, and
    libclamunrar static libraries required by libclamav.

    Note: These libraries are all linked into the clamscan, clamd, sigtool,
    and freshclam programs, which is why they did not need to be installed
    to function. However, these libraries would be required if you wish to
    build some other program that uses the libclamav static library.

    Patch courtesy of driverxdw.

  • Added file type recognition for compiled Python (.pyc) files.
    The file type appears as a string parameter for these callback functions:

    • clcb_pre_cache
    • clcb_pre_scan
    • clcb_file_inspection
      When scanning a .pyc file, the type parameter will now show
      "CL_TYPE_PYTHON_COMPILED" instead of "CL_TYPE_BINARY_DATA".
    • GitHub pull request

  • Improved support for decrypting PDF's with empty passwords.

  • Assorted minor improvements and typo fixes.

Bug fixes

  • Fixed a warning when scanning some HTML files.

  • Fixed an issue decrypting some PDF's with an empty password.

  • ClamOnAcc: Fixed an infinite loop when a watched directory does not exist.

  • ClamOnAcc: Fixed an infinite loop when a file has been deleted before a scan.
    Patch courtesy of gsuehiro.

  • Fixed a possible crash when processing VBA files on HP-UX/IA 64bit.
    Patch courtesy of Albert Chin-A-Young.

  • ClamConf: Fixed an issue printing MaxScanSize introduced with the change
    to allow a MaxScanSize greater than 4 GiB.
    Fix courtesy of teoberi.

  • Fixed an issue building a ClamAV RPM in some configurations.
    The issue was caused by faulty CMake logic that intended to create an
    empty database directory during the install.

Acknowledgments

Special thanks to the following people for code contributions and bug reports:

  • Albert Chin-A-Young
  • Andrew Kiggins
  • driverxdw
  • gsuehiro
  • Luca D'Amico
  • RainRat
  • teoberi
Assets 22

ClamAV 1.3.0-rc

15 Dec 16:07
@micahsnyder micahsnyder
clamav-1.3.0-rc
2178e4a
Compare
Choose a tag to compare
ClamAV 1.3.0-rc Pre-release
Pre-release

ClamAV 1.3.0 release candidate includes the following improvements and changes:

Major changes

  • Added support for extracting and scanning attachments found in Microsoft
    OneNote section files.
    OneNote parsing will be enabled by default, but may be optionally disabled
    using one of the following options:
    a. The clamscan command line option: --scan-onenote=no,
    b. The clamd.conf config option: ScanOneNote no,
    c. The libclamav scan option options.parse &= ~CL_SCAN_PARSE_ONENOTE;,
    d. A signature change to the daily.cfg dynamic configuration (DCONF).

Other improvements

  • Fixed issue when building ClamAV on the Haiku (BeOS-like) operating system.
    Patch courtesy of Luca D'Amico

  • ClamD: When starting, ClamD will now check if the directory specified by
    TemporaryDirectory in clamd.conf exists. If it doesn't, ClamD
    will print an error message and will exit with exit code 1.
    Patch courtesy of Andrew Kiggins.

  • CMake: If configured to build static libraries, CMake will now also
    install the libclamav_rust, libclammspack, libclamunrar_iface, and
    libclamunrar static libraries required by libclamav.

    Note: These libraries are all linked into the clamscan, clamd, sigtool,
    and freshclam programs, which is why they did not need to be installed
    to function. However, these libraries would be required if you wish to
    build some other program that uses the libclamav static library.

    Patch courtesy of driverxdw.

  • Added file type recognition for compiled Python (.pyc) files.
    The file type appears as a string parameter for these callback functions:

    • clcb_pre_cache
    • clcb_pre_scan
    • clcb_file_inspection
      When scanning a .pyc file, the type parameter will now show
      "CL_TYPE_PYTHON_COMPILED" instead of "CL_TYPE_BINARY_DATA".
    • GitHub pull request

  • Assorted minor improvements and typo fixes.

Bug fixes

Acknowledgments

Special thanks to the following people for code contributions and bug reports:

  • Albert Chin-A-Young
  • Andrew Kiggins
  • driverxdw
  • Luca D'Amico
  • RainRat
Assets 22