[clamav-users] ClamAV® blog: ClamAV 0.103.1 patch release

Pablo Murillo info at pablomurillo.com.ar
Tue Feb 9 16:38:38 UTC 2021 

Great !

PNG - GIF files, problem solved !

On 2/9/2021 1:06 PM, Joel Esler (jesler) via clamav-users wrote:
>
>>
>> https://blog.clamav.net/2021/02/clamav-01031-patch-release.html 
>> <https://blog.clamav.net/2021/02/clamav-01031-patch-release.html>
>>
>>
>>   ClamAV 0.103.1 patch release
>>
>> ClamAV 0.103.1 is out now. Users can head over to 
>> clamav.net/downloads <https://www.clamav.net/downloads> to download 
>> the release materials.
>>
>> The latest version of ClamAV contains the following fixes and 
>> improvements:
>>
>>
>>       Notable changes
>>
>>   *  Added a new scan option to alert on broken media (graphics) file
>>     formats.
>>
>>     This feature mitigates the risk of malformed media files intended
>>     to exploit vulnerabilities in other software. At present, media
>>     validation exists for JPEG, TIFF, PNG and GIF files. To enable
>>     this feature, set AlertBrokenMedia yes in clamd.conf for use with
>>     ClamD, or use the --alert-broken-media option when using
>>     ClamScan. These options are disabled by default in this patch
>>     release but may be enabled in a subsequent release.
>>
>>     Application developers may enable this scan option by enabling
>>     CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit
>>     field.
>>
>>   * Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF and PNG
>>     typing behavior. BMP and JPEG 2000 files will continue to detect
>>     as CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG
>>     2000 format-checking capabilities.
>>
>>
>>        Bug fixes
>>
>>   * Fixed PNG parser logic bugs that caused an excess of parsing
>>     errors and fixed a stack exhaustion issue affecting some systems
>>     when scanning PNG files. PNG file type detection was disabled via
>>     signature database update for ClamAV version 0.103.0 to mitigate
>>     the effects from these bugs.
>>
>>   * Fixed an issue where PNG and GIF files no longer work with
>>     Target:5 graphics signatures if detected as CL_TYPE_PNG or
>>     CL_TYPE_GIF rather than as CL_TYPE_GRAPHICS. Target types now
>>     support up to 10 possible file types to make way for additional
>>     graphics types in future releases.
>>
>>   * Fixed ClamOnAcc's --fdpass option.
>>
>>     File descriptor passing (or "FD-passing") is a mechanism by which
>>     ClamOnAcc and ClamDScan may transfer an open file to ClamD to
>>     scan, even if ClamD is running as a non-privileged user and
>>     wouldn't otherwise have read-access to the file. This enables
>>     ClamD to scan all files without having to run ClamD as root. If
>>     possible, ClamD should never be run as root to mitigate the risk
>>     in case ClamD is somehow compromised while scanning malware.
>>
>>     Interprocess file descriptor passing for ClamOnAcc was broken
>>     since version 0.102.0 due to a bug introduced by the switch to
>>     cURL for communicating with ClamD. On Linux, passing file
>>     descriptors from one process to another is handled by the kernel,
>>     so we reverted ClamOnAcc to use standard system calls for socket
>>     communication when FD-passing is enabled.
>>
>>   * Fixed a ClamOnAcc stack corruption issue on some systems when
>>     using an older version of libcurl. Patch courtesy of Emilio
>>     Pozuelo Monfort.
>>
>>   * Allow ClamScan and ClamDScan scans to proceed even if the
>>     realpath lookup failed. This alleviates an issue on Windows
>>     scanning files hosted on file-systems that do not support the
>>     GetMappedFileNameW() API, such as on ImDisk RAM-disks.
>>
>>   * Fixed FreshClam's --on-update-execute=EXIT_1 temporary directory
>>     cleanup issue.
>>
>>   * ClamD's log output and VirusEvent feature now provide the scan
>>     target's file path instead of a file descriptor. The ClamD socket
>>     API for submitting a scan by FD-passing doesn't include a file
>>     path. This feature works by looking up the file path by the file
>>     descriptor. This feature works on Mac and Linux but is not yet
>>     implemented for other UNIX operating systems. FD-passing is not
>>     available for Windows.
>>
>>   * Fixed an issue where FreshClam database validation didn't work
>>     correctly when run in daemon mode on Linux/Unix.
>>
>>   * Fixed scan speed performance issues accidentally introduced in
>>     ClamAV 0.103.0 caused by hashing file maps more than once when
>>     parsing a file as a new type, and caused by frequent scanning of
>>     non-HTML text data with the HTML parser.
>>
>>
>>       Other improvements
>>
>>   * Scanning JPEG, TIFF, PNG and GIF files will no longer return
>>     "parse" errors when file format validation fails. Instead, the
>>     scan will alert with the "Heuristics.Broken.Media" signature
>>     prefix and a descriptive suffix to indicate the issue, provided
>>     that the "alert broken media" feature is enabled.
>>
>>   * GIF format validation will no longer fail if the GIF image is
>>     missing the trailer byte, as this appears to be a relatively
>>     common issue in otherwise functional GIFs.
>>
>>   * Added a TIFF dynamic configuration (DCONF) option that was
>>     missing. This will allow us to disable TIFF format validation via
>>     signature database update in the event that it proves to be
>>     problematic. This feature already exists for many other file types.
>>
>>
>>       Acknowledgments
>>
>> The ClamAV team thanks Emilio Pozuelo Monfort for their code submissions.
>>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

-- 
This email has been checked for viruses by AVG.
https://www.avg.com

More information about the clamav-users mailing list