[clamav-users] ClamAV® blog: ClamAV 0.102.0 has been released!
Joel Esler (jesler)
jesler at cisco.com
Wed Oct 2 15:08:15 EDT 2019
ClamAV 0.102.0 has been released!
Today we are excited to release ClamAV 0.102.0!
Users that have tested the 0.102.0 release candidate may note that the 0.102.0 release includes a handful of minor bug fixes and improvements over the release candidate. For easy reference, these include:
* Improved zlib, and iconv detection when running ./configure.
* Fixed detection of the libcurl version and c-ares dependency required for the LocalIP freshclam config option.
* Fixed bug in file copy routine that caused a failure when attempting to update freshclam using a DatabaseCustomURL with "file://"
* Added ./configure --enable-libclamav-only option, for those wishing to bypass building of libfreshclam and the ClamAV CLI applications. This option also bypasses the libcurl dependency requirement.
Release materials for ClamAV 0.102.0 can be found on the ClamAV's downloads site.<http://www.clamav.net/downloads>
ClamAV 0.102.0 includes an assortment improvements and a couple of significant changes.
* The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects:
* On-Access scanning for created and moved files (Extra-Scanning) is fixed.
* VirusEvent for On-Access scans is fixed.
* With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan.
* For details on how to use the new clamonacc On-Access scanner, please refer to the user manual on ClamAV.net<http://www.clamav.net/documents/>, and please read our blog post entitled "Understanding and transitioning to ClamAV's new On-Access scanner<https://blog.clamav.net/2019/09/understanding-and-transitioning-to.html>."
* The freshclam database update utility has undergone a significant update. This includes:
* Added support for HTTPS.
* Support for database mirrors hosted on ports other than 80.
* Removal of the mirror management feature (mirrors.dat).
* An all new libfreshclam library API.
* Added support for extracting ESTsoft .egg archives. This feature is new code developed from scratch using ESTsoft's Egg-archive specification and without referencing the UnEgg library provided by ESTsoft. This was necessary because the UnEgg library's license includes restrictions limiting the commercial use of the UnEgg library.
* The documentation has moved!
* Users should navigate to ClamAV.net<http://www.clamav.net/documents/> to view the documentation online.
* The documentation will continue to be provided in HTML format with each release for offline viewing in the docs/html directory.
* The new home for the documentation markdown is in our ClamAV FAQ Github repository<https://github.com/Cisco-Talos/clamav-faq>.
* To remediate future denial of service conditions caused by excessive scan times, we introduced a scan time limit. The default value is 2 minutes (120000 milliseconds).
To customize the time limit:
* use the clamscan --max-scantime option
* use the clamd MaxScanTime config option
* Libclamav users may customize the time limit using the cl_engine_set_num function. For example:
cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, time_limit_milliseconds)
* Improved Windows executable Authenticode handling, enabling both whitelisting and blacklisting of files based on code-signing certificates. Additional improvements to Windows executable (PE file) parsing. Work courtesy of Andrew Williams.
* Added support for creating bytecode signatures for Mach-O and ELF executable unpacking. Work courtesy of Jonas Zaddach.
* Re-formatted the entire ClamAV code-base using clang-format in conjunction with our new ClamAV code style specification. See the clamav.net blog post<https://blog.clamav.net/2019/02/clamav-adopts-clang-format.html> for details.
* Integrated ClamAV with Google's OSS-Fuzz<https://github.com/google/oss-fuzz> automated fuzzing service with the help of Alex Gaynor. This work has already proven beneficial, enabling us to identify and fix subtle bugs in both legacy code and newly developed code.
* The clamsubmit tool is now available on Windows.
* The clamscan metadata feature (--gen-json) is now available on Windows.
* Significantly reduced number of warnings generated when compiling ClamAV with "-Wall" and "-Wextra" compiler flags and made many subtle improvements to the consistency of variable types throughout the code.
* Updated the majority of third-party dependencies for ClamAV on Windows. The source code for each has been removed from the clamav-devel repository. This means that these dependencies have to be compiled independently of ClamAV. The added build process complexity is offset by significantly reducing the difficulty of releasing ClamAV with newer versions of those dependencies.
* During the 0.102 development period, we've also improved our Continuous Integration (CI) processes. Most recently, we added a CI pipeline definition to the ClamAV Git repository. This chains together our build and quality assurance test suites and enables automatic testing of all proposed changes to ClamAV, with customizable parameters to suit the testing needs of any given code change.
* Added a new clamav-version.h generated header to provide version number macros in text and numerical format for ClamAV, libclamav, and libfreshclam.
* Improved cross-platform buildability of libxml2. Work courtesy of Eneas U de Queiroz with supporting ideas pulled from the work of Jim Klimov.
* Fix to prevent a possible crash when loading LDB type signature databases and PCRE is not available. Patch courtesy of Tomasz Kojm.
* Fixes to the PDF parser that will improve PDF malware detection efficacy. Patch courtesy of Clement Lecigne.
* Fix for regular expression phishing signatures (PDB R-type signatures).
* Various other bug fixes.
* Libcurl has become a hard-dependency. Libcurl enables HTTPS support for freshclam and clamsubmit as well as communication between clamonacc and clamd.
* Libcurl version >= 7.45 is required when building ClamAV from source with the new On-Access Scanning application (clamonacc). Users on Linux operating systems that package older versions of libcurl (e.g. all versions of CentOS and Debian versions <= 8) have a number of options:
* Wait for your package maintainer to provide a newer version of libcurl.
* Install a newer version of libcurl from source.
* Disable installation of clamonacc and On-Access Scanning capabilities with the ./configure flag --disable-clamonacc.
* Non-Linux users will need to take no actions as they are unaffected by this new requirement.
The ClamAV team thanks the following individuals for their code submissions:
* Alex Gaynor
* Andrew Williams
* Carlo Landmeter
* Clement Lecigne
* Eneas U de Queiroz
* Jim Klimov
* Joe Cooper
* Jonas Zaddach
* Markus Kolb
* Orion Poplawski
* Ørjan Malde
* Paul Arthur
* Rick Wang
* Romain Chollet
* Rosen Penev
* Thomas Jarosch
* Tomasz Kojm
* Tuomo Soini
Finally, we'd like to thank Joe McGrath for building our quality assurance test suite and for working diligently to ensure knowledge transfer up until his last day on the team. Working with you was a pleasure, Joe, and we wish you the best of luck in your next adventure!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the clamav-users