1
Note: This README/NEWS file refers to the source tarball. Some things described
2
here may not be available in binary packages.
8
This version fixes memory management problems in the OLE2 decoder and
9
improves mail scanning. Because of the rapid ClamAV development the team
10
encourages users to help in testing new features:
12
http://www.clamav.net/snapshot
14
Thank you for using ClamAV !
17
The ClamAV team (http://www.clamav.net/team.html)
22
Major bugfixes in this release include crashes with corrupted BinHex messages
23
and some Excel documents. Protection against archive bombs (not fully
24
functional since 0.70) was improved and a number of other improvements were
28
The ClamAV team (http://www.clamav.net/team.html)
33
This release fixes all bugs found in 0.70 and introduces a few new features -
34
the noteworthy changes include:
37
+ support nested OLE2 files
38
+ support Word6 macro code
39
+ ignore popular file types (media, graphics)
40
+ support compress.exe (SZDD) compression (test/test.msc)
41
+ improve virus detection in e-mails
44
+ automatically decide (by comparing daily.cvd version numbers) which
45
database directory (hardcoded or clamav.conf's one) to use
46
+ support compression ratio feature (--max-ratio)
47
+ allow regular expressions in --[in|ex]clude
48
+ do not overwrite old files in a quarantine directory but add a numerical
49
extension to new files
50
+ respect --tempdir in libclamav
51
+ fix access problem when calling external unpackers in a superuser mode
52
+ fix file permission corruption with --deb in a superuser mode
55
+ support log facility specification in syslog's style (LogFacility)
56
+ new directive LeaveTemporaryFiles (Debug no longer leaves temporary
60
+ include the virus name in the 550 rejection
61
+ support user defined template for virus notifications (--template-file)
62
+ sort quarantine messages by date
63
+ improve thread management
64
+ add X-Virus-Scanned and X-Infected-Received-From: headers
65
+ improve load balancing (when using remote servers with --server)
66
+ send 554 after DATA received, not 550
67
+ save PID (--pidfile)
70
+ German clamdoc.pdf translation (Rupert Roesler-Schmidt and Karina
71
Schwarz, uplink coherent solutions, http://www.uplink.at)
72
+ new Japanese documentation (Masaki Ogawa)
76
The ClamAV team (http://www.clamav.net/team.html)
83
The two major changes in this version are new thread manager in clamd
84
and support for decoding MS Office VBA macros. Both of them have been
85
implemented by Trog. Besides, there are many improvements and bugfixes
86
(all listed in ChangeLog), a short summary:
89
+ new thread manager (with better SMP support)
90
+ on-access scanning now also available on FreeBSD (with Dazuko 2.0)
91
+ new directive ArchiveBlockEncrypted
92
+ new directive ReadTimeout (replaces ThreadTimeout)
93
+ handle SIGHUP (re-open logfile) and SIGUSR2 (reload database)
94
+ respect TCPAddr in stream scanner
100
+ support MS Office documents (OLE2) and VBA macro decoding
101
+ support encrypted archive detection
102
+ new flags: CL_OLE2, CL_ENCRYPTED (see clamdoc.pdf, Section 6.1)
103
+ improve virus detection in big files
104
+ improve support for multipart, bounce and embedded RFC822 messages
105
+ improve RAR support
106
+ include backup snprintf implementation
109
+ new option: --block-encrypted
112
+ new option: --pid, -p (write pid file if run as daemon)
113
+ handle SIGHUP (re-open logfile), SIGTERM (terminate with log message),
114
SIGALRM and SIGUSR1 (wake up and check mirror)
115
+ fix bug with -u and -c handling
118
+ windows clamd client now available with source code
121
+ new Polish documentation on ClamAV and Samba integration
122
+ official documentation updated
125
Special thanks to Dirk Mueller <mueller*kde.org> for his code review,
126
many bugfixes and cleanups.
129
Thanks to the help of many companies (clamdoc.pdf: Section 2.10,
130
http://www.clamav.net/mirrors.html) we have 49 very fast and reliable
131
virus database mirrors in 22 regions and the number is still growing.
132
As of March 2004 we attempt to redirect our users to the closest pool
133
of mirrors by looking at their ip source address when they try to resolve
134
database.clamav.net. Our DNS servers can answer with a CNAME to:
135
db.europe.clamav.net, db.america.clamav.net, db.asia.clamav.net or
136
db.other.clamav.net. Our advanced push-mirroring mechanism (maintained by
137
Luca Gibelli) allows database maintainers to update all the mirrors in less
141
There will be no major feature enhancements in the 0.7x series. Our work
142
will be concentrated on a new scanning engine and preliminary heuristics -
143
please help us and test CVS snapshots from time to time.
146
We are happy to announce new programs with support for ClamAV (all of them
147
have been reviewed by our team - more info in the documentation and
148
on our website: http://www.clamav.net/3rdparty.html):
150
+ ClamWin - a GUI for Windows (!)
151
+ KlamAV - a collection of GUI tools for using ClamAV on KDE
152
+ clamscan-procfilter - a Perl procmail filter
153
+ j-chkmail - a powerful filter for sendmail
154
+ qscanq - Virus Scanning for Qmail
155
+ clamavr - a Ruby binding for ClamAV
156
+ DansGuardian Anti-Virus Plugin
157
+ Viralator - a Perl script that virus scans http downloads
158
+ ClamAssassin - a filter for procmail
159
+ Gadoyanvirus - a filter for Qmail
160
+ OpenProtect - a complete e-mail protection solution
161
+ RevolSys SMTP kit for Postfix - an antispam/antivirus tools installation
162
+ POP3 Virus Scanner Daemon
163
+ mailman-clamav - a virus filter for Mailman
164
+ wbmclamav - a webmin module to manage ClamAV
166
+ mailgraph - a RRDtool frontend for Postfix Statistics
167
+ INSERT - a security toolkit on a credit card size CD
168
+ Local Area Security - a Live CD Linux distribution
171
The ClamAV team (http://www.clamav.net/team.html)
181
This version fixes a crash with some RAR archives generated by the Bagle worm,
182
also a few important fixes have been backported from CVS.
184
We strongly encourage users to install the 0.70-rc version (released today).
188
This release fixes a memory management problem (platform dependent; can lead
189
to a DoS attack) with messages that only have attachments (reported by Oliver
190
Brandmueller). It also contains patches for a few problems found in 0.66 and
191
has better Cygwin support.
195
This version is a response to the "clamav 0.65 remote DOS exploit" information
196
published on popular security-related mailing lists. Unfortunately we had
197
not been contacted by the author before he published that and had to release
198
this (unplanned) package very quickly (it should be mentioned that CVS version
199
was not vulnerable to the exploit). Untested code has been disabled also
200
the Dazuko support is temporarily not available (if you really need it please
201
use a CVS version or wait for a next stable release). Other noteworthy changes:
204
+ fixed database timestamp handling (and a double reload problem reported
205
by Alex Pleiner and Ole Stanstrup)
206
+ new directive: ArchiveMaxCompressionRatio
207
+ new command: SESSION (starts a clamd session and allows to do multiple
208
commands per TCP session)
209
+ new directives: TemporaryDirectory, LogClean (Andrey V. Malyshev)
211
-) clamav-milter: (Nigel Horne)
212
+ added support for AllowSupplementaryGroups and ThreadTimeout
213
+ added --quarantine-dir (thanks to Michael Dankov)
214
+ added --noreject (thanks to Vijay Sarvepalli)
215
+ added --headers (thanks Leonid Zeitlin)
216
+ added --sign option
219
+ detect Worm.SCO.A bounces (Nigel)
220
+ prevent buffer overflow in broken uuencoded files (Nigel)
221
+ scan multipart alternatives that have no boundaries (Nigel)
222
+ better handling of encapsulated messages (Nigel)
223
+ locate uuencoded viruses hidden in text portions of multipart/mixed
224
mime messages (Nigel)
225
+ initial support for BinHex (Nigel)
226
+ fixed a mail recursion loop (problem reported by Alex Kah and Kristof
228
+ fixed bzip2 memory limit (improper call suggested by the buggy libbz2
229
documentation, problem reported by Tomasz Klim)
230
+ fixed on error descriptor leak in CVD unpacker (Thomas Lamy)
231
+ fixed memory leak in digital signature verification code (Thomas Lamy)
232
+ added maximal compression ratio limit (cl_limits->maxratio)
235
+ support for multiple arguments on command line (Thomas Lamy)
236
+ fixed buffer overflow in --move (Denis De Messemacker)
237
+ removed support for sendfile() under Linux
240
+ support for freshclam.conf (that may be optionally merged with
241
clamav.conf, command line options overwrite config settings)
242
+ work-around for potential database downgrade (subtle problem
243
in r-r dns handling) - reported by Daniel Mario Vega and patched
247
+ list virus names with --list-sigs (-l)
250
+ clamdwatch (by Mike Cathey)
251
+ windows clamd client with drag&drop support (Nigel Horne)
254
+ complete clamdoc.pdf French translation by Stephane Jeannenot
255
+ Polish how-to on ClamAV and Sendmail integration (with clamav-milter)
256
by Przemyslaw Holowczyc
261
ClamAV was the first anti-virus protecting against Worm.SCO.A (aka MyDoom.A) !
262
The signature was published by Diego d'Ambra in the daily update 105,
263
26-Jan-2004 20:23 GMT and we were at least two hours faster than "big" AV
265
http://sourceforge.net/mailarchive/forum.php?thread_id=3764826&forum_id=34654
266
http://www.pcwelt.de/news/viren_bugs/37278/4.html
269
clamav-devel is finally able to decode OLE2 (Microsoft Office) files and
270
decompress VBA streams ! The code is developed by Trog, official ClamAV
271
developer. Also we're testing new clamd implementation that will solve
272
several important problems (especially that "Time out" related). Please
273
help us and test the latest CVS version.
276
The virus database now contains more than 20.000 signatures ! On January 8,
277
Denis De Messemacker (who joined our team 3 months ago) added signatures for
278
about 7700 new viruses. Also special thanks go to Tomasz Papszun for his
279
hard work on daily submissions and forcing us to keep ClamAV quality on
280
the highest possible level.
283
New mirroring mechanisms. Luca Gibelli (ClamAV) and mirror administrators
284
(22 sites, http://www.clamav.net/mirrors.html, please see clamdoc.pdf for
285
a complete mirror information) are converting mirrors to new "push mirroring"
286
method. It uses advanced techniques to ensure all the mirrors are up to date.
287
More info: http://www.clamav.net/docs/mirrors
290
"Newsworthy Hack of Kindness" - Affero.net is featuring ClamAV in its latest
291
newsletter (Volume #9, January 2004: http://www.affero.net/nl/dec03.html).
292
Affero is a great rate-donate system and its mission is to bring a culture
293
of patronage to the Internet. Currently we only accept donations via Affero.
294
You can also help us and promote our project by adding the ClamAV logo to
295
your home page. Look at http://www.clamav.net/donate.html for more information.
298
We would like to thank our donors:
300
* Jeremy Garcia (http://www.linuxquestions.org)
301
* Andries Filmer (http://www.netexpo.nl)
302
* David Eriksson (http://www.2good.nu)
303
* Dynamic Network Services, Inc (http://www.dyndns.org)
305
* Invisik Corporation (http://www.invisik.com)
306
* Keith (http://www.textpad.com)
307
* Explido Software USA Inc. (http://www.explido.us)
308
* cheahch from Singapore
313
* ActiveIntra.net Inc. (http://www.activeintra.net)
314
* An anonymous donor from Colorado, US
317
Tomasz Kojm <tkojm*clamav.net>
323
IMPORTANT NOTE: The project has been moved into SourceForge. The only official
324
ClamAV's homepage is www.clamav.net (however clamav.elektrapro.
325
com still works). We would like to thank ElektraPro.com for
326
their support for the open-source community - THANKS !
329
ClamAV 0.65 introduces a new database container file format (called CVD) with
330
support for digital signatures and compression. Please remove the old
331
databases from your database directory before the installation. And the most
332
important thing: clamd stability has been greatly improved (especially under
333
FreeBSD) ! Also we have a new mirror infrastructure - you will find all the
334
details in clamdoc.pdf. If you want to become an official ClamAV mirror
335
(with entry in database.clamav.net) please read the clamav-mirror-howto.pdf
336
document and contact our administrator - Luca Gibelli <nervous*clamav.net>.
338
Noteworthy changes in this version:
341
+ fixed a race condition in database reloading code (random crashes
343
+ fixed a race condition with the improperly initialized session start time
344
(thanks to Michael Dankov)
345
+ fixed PidFile permissions (Magnus Ekdahl, bug reported by Tomasz Papszun)
346
+ fixed LogFile permissions (Magnus Ekdahl)
347
+ new directive ScanRAR (bacause RAR support is now disabled by default)
348
+ new directive VirusEvent
349
+ new directive FixStaleSocket (Thomas Lamy and Mark Mielke)
350
+ new directive TCPAddr (Bernard Quatermass, fixed by Damien Curtain)
351
+ new directive Debug
353
-) clamav-milter: (Nigel Horne <njh*clamav.net>)
354
+ new --force-scan flag
355
+ new -P and -q flags by Nicholas M. Kirsch
356
WARNING: clamav-milter and our mail scanner are still in high development
357
and may be unstable. You should always use the CVS version.
360
+ support for a new database container format (CVD) - compressed and
362
+ better protection against malformed zip archives (such as Mimail)
363
+ mail decoder fixes (thanks to Rene Bellora, Bernd Kuhls, Thomas Lamy,
364
Tomasz Papszun) (Nigel Horne)
365
+ memory leak fixes (Thomas Lamy)
366
+ new scan option CL_DISABLERAR (disables built-in RAR unpacker)
369
+ fixed --on-error-execute behaviour (David Woakes)
370
+ new option --user (-u) USER - run as USER instead of the default user.
371
Patch by Damien Curtain.
372
+ rewritten to use database.clamav.net and CVD
375
+ new Spanish documentation on ClamAV and Sendmail integration by
376
Erick Ivaan Lopez Carreon
377
+ included clamdoc.pdf Turkish translation by yavuz kaya and �brahim erken
378
+ included clamav-mirror-howto.pdf by Luca Gibelli
379
+ included clamd+daemontools HOWTO by Jesse D. Guardiani
380
+ included signatures.pdf
382
+ clamdoc.pdf: rewritten
384
New members of our list of ClamAV certified software (see clamdoc.pdf for
391
+ OpenAntiVirus samba-vscan
395
Thanks to Mia Kalenius and Sergei Pronin we have a new official logo !
397
Thank you for using ClamAV !
400
Tomasz Kojm <tkojm*clamav.net>
410
This is a new, (very?) stable release of Clam AntiVirus. 0.60 was developed
411
and stabilized for over seven months and many people had contributed to the
412
final release. This version introduces many enhancements and a new program:
413
clamav-milter written by ClamAV developer Nigel Horne. This is a mail scanner
414
for Sendmail/milter written entirely in C, which uses clamd for virus scanning.
415
Clamav-milter and clamd duet is a powerful solution for systems where high
416
performance is required. Please check clamdoc for more detail.
419
Many people get confused with ClamAV database status because of
420
the OpenAntiVirus update information at:
421
http://openantivirus.org/latest.php
422
(last update at 17 October, 2002). The ClamAV virus database contains
423
the OAV database (with some signatures fixed or removed) but we
424
develop it independently of the OAV project. Our database is updated
425
frequently (on average 4-5 times a week). You can help (or join) us -
426
will find some basic but useful instructions at
427
http://clamav.elektrapro.com/doc/signatures.pdf
430
News from ClamAV world:
432
-) New email address for virus submitting: virus@clamav.elektrapro.com
433
You don't need to encrypt a virus sample, but if your system doesn't allow
434
you to send infected files just put it into an encrypted zip archive
437
Special thanks to Nicholas Chua, Diego D'Ambra, Hrvoje Habjanic, Nigel Kukard
438
and Chris van Meerendonk for a big number of samples submitted.
440
-) New mailing list: virusdb@clamav.elektrapro.com
441
After each update an email with subject "[clamav-virusdb] Update" and a list
442
of viruses added is sent to it. You can set up a procmail rule for freshclam
443
to react on such a mails (and update the database just after an update).
445
-) New official mirrors:
446
+ clamav.ozforces.com: database mirror updated manually (thanks to
447
Andrew <andrew@ozforces.com>)
448
+ clamav.essentkabel.com: full (automatic) mirror of clamav.elektrapro.com
449
(thanks to Chris van Meerendonk <cvm@castel.nl>)
450
+ clamav.linux-sxs.org: database mirror - rsync from clamav.ozforces.com
451
(thanks to Douglas J Hunley <doug@hunley.homeip.net>)
453
Freshclam will automatically use them when the main server is not
456
-) Official port in FreeBSD available ! (maintained by Masahiro Teramoto
459
-) Unofficial port for OpenBSD is available at:
460
http://www.activeintra.net/openbsd/article.php?id=5
461
(maintained by Flinn Mueller <flinn@activeintra.net>)
463
-) there are many new programs that use ClamAV, eg. mod_clamav (Apache
464
virus scanning filter), clamdmail or Sagator. You will find more
470
+ fixed buffer overflow in unrarlib (patch by Robbert Kouprie
473
+ various mbox code updates (fixed memory leak; added support for decoding
474
viruses sent in message bodies, detection of viruses that put their
475
payloads after the end of message marker (thanks to Stephen White
476
<stephen@earth.li> for the bug report and useful CGI tools);
478
+ zziplib updated to 0.10.81 (some problems with older version were reported
480
+ direct scanning of mbox/maildir files (new directive CL_MAIL)
481
+ file scanner optimization (patch by Hendrik Muhs
482
<Hendrik.Muhs@student.uni-magdeburg.de>)
484
+ faster detection of malformed Zip archives (eg. 'Zip of Death'), they are
485
reported as a viruses
486
+ fixed strcasecmp() compile problem in zziplib on Free/NetBSD and others
490
+ fixed descriptor leak in directory scanner - it was causing random
491
clamd crashes and locks, especially on highly loaded servers. Reported
492
by Kristof Petr <Kristof.P@fce.vutbr.cz>.
494
+ fixed crash with archive scanning on BSD (increased thread stack size)
496
+ fixed CONTSCAN command (used by clamdscan) - it had archive support
498
+ fixed SelfCheck option (there was a logic bug, and the option was
499
disabled) it now checks a databases time stamps and reloads them
501
+ fixed possible writing to undefined descriptors (bug found by
502
Brian May <bam@debian.org>)
503
+ new STREAM command (scanning data on socket) and directives:
504
StreamSaveToDisk (save stream to disk to allow scanning within archives),
505
StreamMaxLength. This option allows scanning data on socket (might be
506
sent from another host), currently only clamav-milter uses this.
508
+ new ScanMail directive for scanning into mbox/Maildir files
509
+ new directive: ArchiveLimitMemoryUsage (limit memory usage with bzip2)
510
+ new directive: AllowSupplementaryGroups (feature requested by Exiscan
512
+ syslog support (LogSyslog) (patch by Hrvoje Habjanic
513
<hrvoje.habjanic@zg.hinet.hr>)
514
+ fixed parser segfault with extra space between option and argument
515
in config file (Magnus Ekdahl <magnus@debian.org>)
519
+ fixed --remove option (didn't work when the file was scanned with an
520
internal unpacker) (patch by Damien Curtain <damien@pagefault.org>)
521
+ --move option for moving infected files into a specified directory
522
(by Damien Curtain <damien@pagefault.org>)
523
+ --mbox enables a direct support for mbox files
524
(ex. clamscan --mbox /var/spool/mail)
525
+ fixed --log (-l) option
526
+ fixed -i option (patch by Magnus Ekdahl <magnus@debian.org>)
527
+ enabled default archive limits (max-files = 500, max-size = 10M,
529
+ use arj instead of non-free unarj (patch by Magnus Ekdahl)
530
+ use unzoo instead of non-free zoo (patch by Magnus Ekdahl)
531
+ removed thread support
534
+ mirror support (implemented by Damien Curtain <damien@pagefault.org>)
535
+ --proxy-user: proxy authorization support (implemented by Gernot Tenchio
536
<g.tenchio@telco-tech.de>)
537
+ new options --on-error-execute, --on-update-execute
538
(ex. freshclam -d -c 6 --on-error-execute "sendsms 23332243 Can't
539
update virus database"). Idea by Douglas J Hunley <doug@hunley.homeip.net>
542
+ --disable-cr (don't link with C reentrant library (needed on some newer
543
versions of OpenBSD))
545
-) Enhanced AIX (thanks to Mike Loewen <mloewen@sturgeon.cac.psu.edu>) and
546
Tru64 support (thanks to Christophe Varoqui <ext.devoteam.varoqui@sncf.fr>)
549
+ included how-to in Portugese by Alexandre de Jesus Marcolino
550
+ clamdoc.pdf and system manual updates
552
Many thanks to Luca 'NERvOus' Gibelli from ElektraPro for his support,
553
to Ken McKittrick from USA DataNet for a fully accessible FreeBSD box and
554
to mailing list subscribers for a constructive discussions.
563
Many major changes this time...
566
+ fixed segfault with some strange zip archives (there is a bug in zziplib,
567
libclamav contains a work around for it) (the problem was reported by
568
Oliver Paukstadt <pstadt@stud.fh-heilbronn.de>)
569
+ engine improvements (better support for a detection of new viruses,
570
limited memory usage (consumes ~ 5 Mb now))
571
+ mbox code updated and moved into the library: fixed core dump when an
572
embedded message includes a mime header with the line Content-Type:
573
without specifying the type of content, fixed (theoretical) memory leak,
574
support for multipart/report messages, fixed bug causing some formats to
575
fail to scan) (Nigel)
577
+ new commands: CONTSCAN (it doesn't stop scanning even when virus is
579
+ disable logging of a unnecessary time stamps with LogTime when
580
LogVerbose isn't used (patch by Ed Phillips <ed@UDel.Edu>)
582
+ "Cache-Control: no-cache" enabled by default
587
+ removed huge printf() in help() (there was a buffer overflow problem with
588
--help option under Windows and SCO Unix (reported by Wojciech Noworyta
589
<wnow@konarski.edu.pl> and Nigel respectively)
591
+ allow configuration of the clamav user and group with --with-user and
592
--with-group (patch by Patrick Bihan-Faou <patrick@mindstep.com>)
593
+ --enable-id-check - it uses the check procedure from Jason Englander
594
<jason@englanders.cc>, currently it will fail on systems with getent
595
which doesn't detect clamav group.
596
+ do not overwrite the existing config file
599
There are initial packages for Windows available at:
600
http://clamav.elektrapro.com/binary
607
This release has removed the limit for a file name length in clamscan. Some
608
viruses (eg. W32/Yaha.E) are using very long file names, and they were
609
ignored in mbox mode. Users of AMaViS-ng and other wrappers were not
610
vulnerable to this problem, because that programs don't use original
611
attachement file names.
614
+ removed limit for a file name length (thanks to Odhiambo Washington
615
<wash@wananchi.com> for the test files and extensive mbox testing)
616
+ mbox: adapted to the new changes, enabled thread support (Nigel),
617
re-enabled temporary directory removing.
622
This version contains a portability fixes - it should compile on OpenBSD,
623
MacOSX and NetBSD (support for them was broken in 0.51).
625
-) clamd: various fixes:
626
+ drop supplementary groups (suggested by Enrico Scholz
627
<enrico.scholz@informatik.tu-chemnitz.de>) (this has been implemented
629
+ work-around for the segmentation fault at QUIT under FreeBSD
630
+ check timeouts when waiting for threads in RELOAD mode
631
+ SelfCheck - internal integrity check (by default every 1 hour)
632
+ fixed problem with directory scanning on non typical file systems
633
(bug reported by Jason Englander <jason@englanders.cc>)
634
+ clamd is a system command (clamd.1 -> clamd.8, /usr/local/bin ->
635
/usr/local/sbin) (Magnus Ekdahl)
637
+ mbox code updates (Nigel Horne) - it fixes some problems on *BSD
638
systems (see mailing lists archives for the details)
639
+ enable core dumping (Nigel Horne) [ with --enable-debug ]
641
+ applied http-proxy patch from http://bugs.debian.org/clamav (by
642
Martin Lesser <admin-debian@bettercom.de>)
643
+ when configured with --disable-cache, freshclam forces 'no-cache'
644
option in proxy servers (patch by Ant La Porte <ant@dvere.net>)
646
-) HPUX (10.20/11.0 tested) support (thanks to Joe Oaks <joe.oaks@hp.com>)
647
-) fixed support for SCO Unix and BeOS (Nigel Horne)
648
-) support/mboxscan: new version with SpamAssassin support (Nigel Horne)
649
-) re-included TrashScan 0.08 (by Trashware <trashware@gmx.de>) - the security
650
issue has been fixed.
651
-) included "Installing qmail-scanner, Clam Antivirus and SpamAssassin under
652
FreeBSD" how-to by Paul Hoadley and Eric Parsonage
658
OAV database is up to date ! There was a problem with signature parsing,
659
because some hex strings were upper case. Anyway, I still recommend you
660
freshclam for a database updating.
662
-) support for the genuine OAV database
663
-) limited memory usage (at the cost of speed, increase CL_MIN_LENGTH in
664
libclamav/clamav.h to make it faster, it's safe to set it on 3-4 for
666
-) fixed compile problem on TurboLinux 6.5 (probably others, too), the bug
667
was reported by Henk Kuipers <henk@opensourcesolutions.nl>.
668
-) clamd: fixed THREXIT (thanks to Piotr Gackiewicz <gacek@intertele.pl>)
669
-) clamd: fixed serious bug with thread argument type
670
-) clamscan: mbox: don't scan empty attachments (Nigel Horne)
671
-) configure: --with-db1, --with-db2 (suggested by Magnus Ekdahl)
678
Clam AntiVirus 0.50 contains an anti-virus library - libclamav, a fully
679
multi-threaded daemon clamd(1) and a quite long list of changes. The
680
documentation was rewritten and you _should_ review it. By courtesy of
681
NERvOus <nervous@nervous.it> and ElektraPro, there are three mailing lists
682
available - you can subscribe via www at http://clamav.elektrapro.com/ml.
683
Please check the manual for more information.
688
-) libclamav with RAR, Zip and Gzip support built-in. The library is thread
689
safe and should be very secure, also. It uses UniquE RAR File
690
Library by Christian Scheurer and Johannes Winkelmann (RAR 2.0 support only)
691
and zziplib library by Guido Draheim and Tomi Ollila. Both of them are
692
included and slightly modified in the clamav sources. You need the zlib
693
library for the Zip/Gzip support, though. The API is described with
694
examples in the clamdoc.
696
-) clamd: a modern anti-virus daemon. It uses configuration file clamav.conf
697
described in the clamav.conf(5) manual. The program was written with
700
-) clamuko: on-access scanning under Linux. It utilizes Dazuko kernel module
701
(GPL, http://dazuko.org) and is clamd-based.
703
New features / improvements:
705
-) enhanced scanner engine (better detection of some complex polymorphic
708
-) clamscan: Nigel Horne <njh@bandsman.co.uk> has added the ability to scan
709
mail attachments in a filter. For example:
711
$ clamscan -i --mbox - < /var/spool/mail/john
712
/tmp/aa6b9fc06bc477ae/setup.exe: Worm/Klez.H FOUND
714
Nigel is the author of the whole mbox code in clamscan. Currently it only
715
works in a filter mode, but there are plans to move the code into the
716
libclamav and allow clamd using it. Please check support/mboxscan, also.
718
-) clamscan: support for including and excluding multiple patterns with
719
--include and --exclude (patch by Alejandro Dubrovsky
720
<s328940@student.uq.edu.au>).
721
Example: clamscan --include .exe --include .obj --include .scr /mnt/windows
723
-) clamscan: don't scan /proc files (Linux, st_dev comparing). No more
724
/proc/kcore related mails :))
726
-) clamscan: use libclamav's archive support by default (it's enabled by default
727
and may be disabled with --disable-archive) and switch to the external
728
unpackers (if specified) in the case of libclamav archive code error.
730
-) freshclam: proxy support (via $http_proxy variable and --http-proxy).
731
I started implementing proxy support some time ago, but never finished.
732
Nigel Horne did the great job and has finished the proxy support !
734
-) freshclam: --daemon-notify. freshclam will send the RELOAD command to the
735
daemon after database update (supports both tcp and local sockets, it reads
736
clamav.conf to determine the socket type).
738
-) freshclam: support for viruses.db2
742
-) freshclam: log 'Database updated' message (thanks to Jeffrey Moskot
743
<jef@math.miami.edu> for the bug report). It now prints a number
744
of signatures in a database, also.
746
-) clamscan: fixed compile problem on Solaris 8 and some other systems -
747
#include <signal.h> lack in others.c (thanks Mike Loewen
748
<mloewen@sturgeon.cac.psu.edu> for the bug report)
752
-) included Japanese documentation by Masaki Ogawa <proc@mac.com>
754
-) updated Spanish "Sendmail + Amavis + ClamAv - Como" by Erick I. Lopez
755
Carreon <elopezc@technitrade.com>
757
-) rewritten clamdoc, included clamdoc-html, removed PostScript version (.ps)
759
-) Clam-Mutant ;) logo update by Michal Hajduczenia <michalis@mat.uni.torun.pl>
761
-) new man pages: clamd(1), clamav.conf(5); others updated
765
Please don't use the oav-update script with this version. It doesn't
766
update viruses.db2 and supports OpenAntiVirus.org site only (the last
767
update of the OAV database was 1 July !). Nicholas Chua <nicholas@ncmbox.net>
768
has generated over 200 new signatures, ClamAV's database is also frequently
769
updated (expecially when new wild virus/worm appears, eg. W32/BugBear.A).
771
This software is still in developement (new software == new bugs), however
772
clamscan should be very stable. You shouldn't use clamd/clamuko (well, clamd is
773
stable, clamuko isn't) on production systems, yet. Please wait for 0.51 at
774
least ;). ClamAV 0.50 was tested on Linux and Solaris and should work fine.
775
There is a problem with clamd on FreeBSD (tested on my FreeBSD 5.0-CURRENT) -
776
the daemon crashes with Zip/Gzip files (disabling ScanArchive should help).
787
-) fixed threads deadlock in a critical error situation (bug found by David
788
Sanchez <dsanchez@veloxia.com>)
789
-) fixed sigtool bug (negative seeking)
790
-) fixed potential clamscan segfault in the case of memory allocation error
791
-) unpacker execution error is no longer treated as critical - a few programs
792
(eg. Qmail-Scanner, TrashScan) have clamscan command hardcoded with all
793
archive options turned on. Now, if unpacker can't be executed, raw file is
794
scanned and scan process is continued.
795
-) reverted to pthread.h detection
796
-) TrashScan 0.07 (Trashware <trashware@gmx.net>)
797
-) --exclude (regular expressions are not supported !)
798
[ex: clamscan --exclude="/proc/kcore" /], but please use it with care.
799
-) included html documentation
803
You will probably have a problem with a default Qmail-Scanner (1.13 or newer)
804
installation. You need to increase qmail-smtpd softlimit or disable it. You
805
can force clamscan to use only half of the memory which it uses by default, too.
806
Please change the following line in the clamscan/matcher.h file:
810
and recompile the program. Unhappily, scanning may be a little slower in some
811
cases, but it shouldn't be significant. Then you can safely set the qmail
812
softlimit to 8 MB. I want to thank Doug Monroe <doug@planetconnect.com> for
813
his contribution in the problem analysis.
816
New ClamAV version is in a heavy development. It has currently built-in
817
support for RAR, Zip, Gzip and tar. The daemon will support only built-in
818
compression/archive support. Snapshot will be available for a few days.
823
-) fixed compile problem on FreeBSD (thanks to Wieslaw Glod <wkg@x2.pl> and
824
Ken McKittrick <klmac@usadatanet.com>)
825
-) clamscan reads all .db files from data directory, so you can put your
826
own databases there and they won't be overwrited by the updaters. viruses.db
827
is still the main database file (if --database isn't used).
828
-) --deb (debian binary packages scanning) by Magnus Ekdahl <magnus@debian.org>
829
-) --remove option, but be careful with it !
830
-) new clam logo ;) (GPL) by Michal Hajduczenia <michalis@mat.uni.torun.pl>.
831
-) TrashScan 0.06 (by Trashware <trashware@gmx.net>) - a script for scanning
832
mail with procmail. I recommend it. (support/trashscan)
833
-) documentation updates
835
0.30 release will contain a daemon and an anti-virus library (with simple API),
836
so you can use it directly in your projects. I want to build in zip and rar
839
There are binary packages for AIX available. Please check the documentation.
844
This release fixes bug with scanning archives in unaccessible directories with
845
*superuser* priviledges (after dropping priviledges scanner wasn't able to
846
access the archive, although the same archive was accessible), thanks
847
for Sergei Pronin <sp@finndesign.fi> for the problem description. Now all
848
archives unaccessible directly by the clamav user are copied (with a respect to
849
--max-space) to the temporary directory. All old filesystem tricks were removed.
851
Other fixes / improvements:
853
-) better error handling, new error codes
854
-) improved -i (--infected) option
855
-) removed --strange-unzip option
856
-) removed eicar test files and logos from the documentation due to the GPL
857
(thanks for Magnus Ekdahl <magnus@debian.org>), ClamAV-Test-Signature is
859
-) removed Qmail-Scanner patch, ClamAV is supported by Q-S 1.13 (thanks guys!)
866
It fixes following problems:
868
-) database downloading in freshclam/0.20
869
-) malformed amavis-perl patch from 0.20
870
-) clamscan problems with some unzip versions, please try --strange-unzip
873
ClamAV 0.21 source package contains initial support for NetBSD
874
(thanks to Marc Baudoin <babafou@babafou.eu.org>, Jean-Edouard BABIN
875
<Jeb@jeb.com.fr>), better support for Mac OS X (Masaki Ogawa <proc@mac.com>),
876
and clamdoc documentation corrected by Dennis Leeuw <dleeuw@made-it.com>.
882
The most important change in this release is a new, linear pattern matching
883
algorithm. You will find more informations about it in clamscan/matcher.c -
884
in the sources and in clamdoc. Summary (since 0.15):
888
-) fast pattern matching algorithm
889
-) sigtool utility, check `man sigtool` and clamdoc
890
-) Linux: threads autodetection on various architectures
891
(Magnus Ekdahl <magnus@debian.org>)
892
-) -i, --infected: clamscan prints only infected files
893
-) 'Data scanned' in summary, size in megabytes with 16 Kb precision
894
-) configure: --with-dbdir sets the database location
895
-) support/sigmake shell script by Dennis Leeuw <leeuw@stone-it.com>
896
-) Spanish "Sendmail+Amavis+ClamAv installation how-to" by
897
Erick I. Lopez Carreon <elopezc@technitrade.com>
901
-) "Debian GNU/Linux Mail Server v. 0.2.0" by Dennis Leeuw <leeuw@stone-it.com>
902
-) qmail-scanner patch from Kazuhiko <kazuhiko@fdiary.net>
903
-) general documentation cleanups / updates
904
-) freshclam / Internet database location
908
-) threads autodetection on not-x86 Linux systems
909
-) gcc 3.x support (David Ford <david+cert@blue-labs.org>)
910
-) data type fix on Mac OS X (Peter N Lewis <peter@stairways.com.au>)
911
-) removed -w, --whole-file, now clamscan scans whole files by default
912
-w is still supported by internal getopt(), because it is used in
914
-) removed --one-virus, still supported by getopt(); removed 'Found viruses'
915
from summary, clamscan stops file scanning after first virus
916
-) fixed old problem with scanning stdin
917
-) removed amavisd-patch - strange problems have been reported
919
OpenAntiVirus Update is a great tool written by Matthew A. Grant
920
<grantma@anathoth.gen.nz> and it will be the primary updater for ClamAV
921
in the near future. In contrast to freshclam it has proxy support and many
922
specific features. Please check clamdoc for more informations and how to
929
This version contains minor bugfixes only, such as:
930
-) multiple fixes in freshclam (it has problems, when one of the
931
hosts wasn't accessible), there were logic flaws in the code
932
-) fixed problem with password protected archives (unpackers were waiting
936
-) OpenBSD support (thanks to Kamil Andrusz <wizz@mniam.net>)
937
-) added support for amavisd, qmail-scanner (see ./support)
939
There were no major bugs and I was very busy, that's why new version is
940
released just today. In the next 2 months, clamav development will be much
941
faster. Here are some of my plans:
943
~ 0.20 : New pattern-matching algorithm
944
~ 0.30 : clamlib; clamscan and the daemon based on it
946
There is a new homepage:
948
http://clamav.elektrapro.com
950
Thanks to ElektraPro.com for sponsoring this site (it's very fast).
951
Thanks to NERvOus <nervous@nervous.it>.
953
If you are interested in current development versions, please check
956
Resource usage limits in 0.14
957
-----------------------------
959
Two new features: --max-files, --max-space have been implemented. If you have
960
enabled one of this options, clamscan monitors resource usage (number of
961
created files and used space) and stops extractor when it has exceeded
962
the limit. You should use these options to protect your machine against
963
Denial of Service attacks. In the near future --max-levels (limit for
964
recursive archives extracting) and --max-time (spent on checking/extracting
965
files) will be implemented.
968
FreeBSD: AMaViS compile problems
969
--------------------------------
973
!!! Strange signatures in VirusSignatures-2002.04.15.10.51.zip !!!
974
------------------------------------------------------------------
976
Last version of signatures was ~90 kb, this version is ~474 kb.
977
But I don't understand, why some signatures are mega-huge. When I decoded
978
them, they looked like regular files. In CA they were removed from the
979
database and I probably add them later, in normal sizes.
984
Please view documentation in ./docs. There are several formats - pdf, ps
985
and plain latex, if you want to compile it yourself.
987
You need GNU make (on Solaris you should have gmake).
988
It was tested only with gcc 2.9x compilers.
4
This version fixes vulnerabilities in handling of UPX and FSG compressed
5
executables. Support for PE files, Zip and Cabinet archives has been improved
6
and other small bugfixes have been made. The new option "--on-outdated-execute"
7
allows freshclam to run a command when system reports a new engine version.
10
The ClamAV team (http://www.clamav.net/team.html)