ClamAV 1.5.0 includes the following improvements and changes:
Major changes
-
Added checks to determine if an OLE2-based Microsoft Office document is
encrypted. -
Added the ability to record URLs found in HTML if the generate-JSON-metadata
feature is enabled.
Also adds an option to disable this in case you want the JSON metadata
feature but don't want to record HTML URLs.
The ClamScan command-line option is--json-store-html-urls=no.
Theclamd.confconfig option isJsonStoreHTMLUrls no. -
Added regex support for the
clamd.confOnAccessExcludePathconfig option.
This change courtesy of GitHub user b1tg. -
Added FIPS-compliant CVD signing/verification with external
.signfiles.Freshclam will now attempt to download external signature files to accompany
existing.cvddatabases and.cdiffpatch files. Sigtool now has commands
to sign and verify using the external signatures.ClamAV now installs a 'certs' directory in the app config directory
(e.g.<prefix>/etc/certs). The install path is configurable.
The CMake option to configure the CVD certs directory is:
-D CVD_CERTS_DIRECTORY=PATHNew options to set an alternative CVD certs directory:
- The command-line option for Freshclam, ClamD, ClamScan, and Sigtool is:
--cvdcertsdir PATH - The environment variable for Freshclam, ClamD, ClamScan, and Sigtool is:
CVD_CERTS_DIR - The config option for Freshclam and ClamD is:
CVDCertsDirectory PATH
Added two new APIs to the public clamav.h header:
extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory);
The original
cl_cvdverifyandcl_cvdunpackare deprecated.Added a
cl_engine_fieldenum optionCL_ENGINE_CVDCERTSDIR.
You may set this option withcl_engine_set_strand get it with
cl_engine_get_str, to override the compiled in default CVD certs directory.Thank you to Mark Carey at SAP for inspiring work on this feature with an
initial proof of concept for external-signature FIPS compliant CVD signing. - The command-line option for Freshclam, ClamD, ClamScan, and Sigtool is:
Other improvements
-
Set a limit on the max-recursion config option. Users will no longer be
able to set max-recursion higher than 100.
This change prevents errors on start up or possible crashes if encountering
a file with that many layers of recursion. -
Build system: CMake improvements to support compiling for the AIX platform.
This change is courtesy of GitHub user KamathForAIX. -
Improve support for extracting malformed zip archives.
This change is courtesy of Frederick Sell. -
Windows: Code quality improvement for the ClamScan and ClamDScan
--move
and--removeoptions.
This change is courtesy of Maxim Suhanov. -
Added file type recognition for some kinds of AI model files.
The file type appears as a string parameter for these callback functions:
clcb_pre_cacheclcb_pre_scanclcb_file_inspection
When scanning these files, the
typeparameter will now show
"CL_TYPE_AI_MODEL" instead of "CL_TYPE_BINARY_DATA".
Bug fixes
-
Technical debt: Reduced email multipart message parser complexity.
-
Fixed possible undefined behavior in inflate64 module.
The inflate64 module is a modified version of the zlib library, taken from
version 1.2.3 with some customization and with some cherry-picked fixes.
This adds one additional fix from zlib 1.2.9.
Thank you to TITAN Team for reporting this issue. -
Fixed a bug in ClamD that broke reporting of memory usage on Linux.
The STATS command can be used to monitor ClamD directly or through ClamDTOP.
The memory stats feature does not work on all platforms (e.g. Windows). -
Windows: Fix a build issue when the same library dependency is found in
two different locations. -
Fix an infinite loop when scanning some email files in debug-mode.
This fix is courtesy of Yoann Lecuyer
Acknowledgments
Special thanks to the following people for code contributions and bug reports:
- b1tg
- Frederick Sell
- KamathForAIX
- Mark Carey at SAP
- Maxim Suhanov
- TITAN Team
- Yoann Lecuyer