1.4.1$$$ClamAV 1.4.1 is a critical patch release with the following fixes:$$$$$$CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the clamd or freshclam services from using a symlink to corrupt system files.$$$$$$This issue affects all currently supported versions. It will be fixed in:$$$$$$1.4.1$$$1.3.2$$$1.0.7$$$0.103.12$$$Thank you to Detlef for identifying this issue.$$$$$$CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.$$$$$$This issue affects all currently supported versions. It will be fixed in:$$$$$$1.4.1$$$1.3.2$$$1.0.7$$$0.103.12$$$Thank you to OSS-Fuzz for identifying this issue.$$$$$$Removed unused Python modules from freshclam tests including deprecated cgi module that is expected to cause test failures in Python 3.13.

ClamAV 1.4.0$$$ClamAV 1.4.0 includes the following improvements and changes:$$$$$$Major changes$$$Added support for extracting ALZ archives. The new ClamAV file type for ALZ archives is CL_TYPE_ALZ. Added a DCONF option to enable or disable ALZ archive support.$$$$$$Tip: DCONF (Dynamic CONFiguration) is a feature that allows for some configuration changes to be made via ClamAV .cfg signatures.$$$$$$GitHub pull request$$$Added support for extracting LHA/LZH archives. The new ClamAV file type for LHA/LZH archives is CL_TYPE_LHA_LZH. Added a DCONF option to enable or disable LHA/LZH archive support.$$$$$$GitHub pull request$$$Added the ability to disable image fuzzy hashing; if needed. For context; image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document.$$$$$$New ClamScan options:$$$$$$--scan-image[=yes(*)/no]$$$--scan-image-fuzzy-hash[=yes(*)/no]$$$New ClamD config options:$$$$$$ScanImage yes(*)/no$$$ScanImageFuzzyHash yes(*)/no$$$New libclamav scan options:$$$$$$options.parse &= ~CL_SCAN_PARSE_IMAGE;$$$options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH;$$$Added a DCONF option to enable or disable image fuzzy hashing support.$$$$$$GitHub pull request$$$Other improvements$$$Added cross-compiling instructions for targeting ARM64/aarch64 processors for Windows and Linux.$$$$$$GitHub pull request$$$Improved the Freshclam warning messages when being blocked or rate limited to include the Cloudflare Ray ID; which helps with issue triage.$$$$$$GitHub pull request$$$Removed unnecessary memory allocation checks when the size to be allocated is fixed or comes from a trusted source. We also renamed internal memory allocation functions and macros; so it is more obvious what each function does.$$$$$$GitHub pull request$$$Improved the Freshclam documentation to make it clear that the --datadir option must be an absolute path to a directory that already exists; is writable by Freshclam; and is readable by ClamScan and ClamD.$$$$$$GitHub pull request$$$Added an optimization to avoid calculating the file hash if the clean file cache has been disabled. The file hash may still be calculated as needed to perform hash-based signature matching if any hash-based signatures exist that target a file of the same size; or if any hash-based signatures exist that target any file size.$$$$$$GitHub pull request$$$Added an improvement to the SystemD service file for ClamOnAcc so that the service will shut down faster on some systems.$$$$$$GitHub pull request$$$Added a CMake build dependency on the version map files so that the build will re-run if changes are made to the version map files. Work courtesy of Sebastian Andrzej Siewior.$$$$$$GitHub pull request$$$Added an improvement to the CMake build so that the RUSTFLAGS settings are inherited from the environment. Work courtesy of liushuyu.$$$$$$GitHub pull request$$$Bug fixes$$$Silenced confusing warning message when scanning some HTML files.$$$$$$GitHub pull request$$$Fixed minor compiler warnings.$$$$$$GitHub pull request$$$Since the build system changed from Autotools to CMake; ClamAV no longer supports building with configurations where bzip2; libxml2; libz; libjson-c; or libpcre2 are not available. Libpcre is no longer supported in favor of libpcre2. In this release; we removed all the dead code associated with those unsupported build configurations.$$$$$$GitHub pull request$$$Fixed assorted typos. Patch courtesy of RainRat.$$$$$$GitHub pull request$$$Added missing documentation for the ClamScan --force-to-disk option.$$$$$$GitHub pull request$$$Fixed an issue where ClamAV unit tests would prefer an older libclamunrar_iface library from the install path; if present; rather than the recently compiled library in the build path.$$$$$$GitHub pull request$$$Fixed a build issue on Windows with newer versions of Rust. Also upgraded GitHub Actions imports to fix CI failures. Fixes courtesy of liushuyu.$$$$$$GitHub pull request$$$Fixed an unaligned pointer dereference issue on select archit

1.3.1$$$ClamAV 1.3.1 is a critical patch release with the following fixes:$$$$$$CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.$$$$$$This issue affects version 1.3.0 only and does not affect prior versions.$$$$$$Thank you to Blazej Pawlowski for identifying this issue.$$$$$$GitHub pull request$$$Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.$$$$$$GitHub pull request$$$Fixed a bug causing some text to be truncated when converting from UTF-16.$$$$$$GitHub pull request$$$Fixed assorted complaints identified by Coverity static analysis.$$$$$$GitHub pull request$$$Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.$$$$$$GitHub pull request$$$Added the new valhalla database name to the list of optional databases in preparation for future work.$$$$$$GitHub pull request$$$Added symbols to the libclamav.map file to enable additional build configurations.$$$$$$Patch courtesy of Neil Wilson.$$$$$$GitHub pull request

1.3.0$$$$$$ClamAV 1.3.0 includes the following improvements and changes:$$$$$$Major changes$$$$$$Added support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default; but may be optionally disabled using one of the following options:$$$a. The clamscan command line option: --scan-onenote=no;$$$b. The clamd.conf config option: ScanOneNote no;$$$c. The libclamav scan option options.parse &= ~CL_SCAN_PARSE_ONENOTE;;$$$d. A signature change to the daily.cfg dynamic configuration (DCONF).$$$GitHub pull request$$$$$$Other improvements$$$$$$Fixed issue when building ClamAV on the Haiku (BeOS-like) operating system. Patch courtesy of Luca DAmico$$$$$$GitHub pull request$$$$$$ClamD: When starting; ClamD will now check if the directory specified by TemporaryDirectory in clamd.conf exists. If it doesnt; ClamD will print an error message and will exit with exit code 1. Patch courtesy of Andrew Kiggins.$$$$$$GitHub pull request$$$$$$CMake: If configured to build static libraries; CMake will now also install the libclamav_rust; libclammspack; libclamunrar_iface; and libclamunrar static libraries required by libclamav.$$$$$$Note: These libraries are all linked into the clamscan; clamd; sigtool; and freshclam programs; which is why they did not need to be installed to function. However; these libraries would be required if you wish to build some other program that uses the libclamav static library.$$$$$$Patch courtesy of driverxdw.$$$$$$GitHub pull request$$$$$$Added file type recognition for compiled Python (`.pyc`) files.$$$$$$ The file type appears as a string parameter for these callback functions:$$$$$$ - clcb_pre_cache$$$$$$ - clcb_pre_scan$$$$$$ - clcb_file_inspection$$$$$$ When scanning a `.pyc` file; the `type` parameter will now show$$$$$$ CL_TYPE_PYTHON_COMPILED instead of CL_TYPE_BINARY_DATA.$$$$$$GitHub pull request$$$$$$Improved support for decrypting PDFs with empty passwords.$$$GitHub pull request$$$Assorted minor improvements and typo fixes.$$$$$$Bug fixes$$$Fixed a warning when scanning some HTML files.$$$$$$GitHub pull request$$$Fixed an issue decrypting some PDFs with an empty password.$$$$$$GitHub pull request$$$ClamOnAcc: Fixed an infinite loop when a watched directory does not exist.$$$$$$GitHub pull request$$$ClamOnAcc: Fixed an infinite loop when a file has been deleted before a scan.$$$Patch courtesy of gsuehiro.$$$GitHub pull request$$$Fixed a possible crash when processing VBA files on HP-UX/IA 64bit. Patch courtesy of Albert Chin-A-Young.$$$$$$GitHub pull request$$$ClamConf: Fixed an issue printing `MaxScanSize` introduced with the change to allow a `MaxScanSize` greater than 4 GB.$$$Fix courtesy of teoberi.$$$GitHub pull request$$$Fixed an issue building a ClamAV RPM in some configurations.$$$The issue was caused by faulty CMake logic that intended to create an empty database directory during the installation.$$$GitHub pull request

1.2.1$$$ClamAV 1.2.1 is a patch release with the following fixes:$$$$$$Eliminate security warning about unused atty dependency.$$$$$$GitHub pull request.$$$Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12.$$$$$$GitHub pull request.$$$Build system: Fix link error with Clang/LLVM/LLD version 17. Patch courtesy of Yasuhiro Kimura.$$$$$$GitHub pull request.$$$Fix alert-exceeds-max feature for files > 2GB and < max-filesize.$$$$$$GitHub pull request.

1.2.0$$$ClamAV 1.2.0 includes the following improvements and changes:$$$$$$Major changes$$$Added support for extracting Universal Disk Format (UDF) partitions.$$$$$$Specifically; this version adds support for the Beginning Extended Area Descriptor (BEA01) type of UDF files.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/941$$$Added an option to customize the size of ClamAVs clean file cache.$$$$$$Increasing the size of the clean file cache may improve scan performance but will require more RAM. The cache size value should be a square number or will be rounded up to the nearest square number.$$$$$$The cache size option for clamd and clamscan is --cache-size. Alternatively; you can customize the cache size for ClamD by setting CacheSize in clamd.conf.$$$$$$Patch courtesy of Craig Andrews.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/882$$$Introduced a SystemD timer for running Freshclam updates; without sending Freshclam into the background. This takes the burden of timing the updates from Freshclam and puts it onto SystemD. The timer can be activated; audited; and the logs inspected:$$$$$$sudo systemctl enable --now clamav-freshclam-once.timer$$$sudo systemctl list-timers$$$sudo systemctl status clamav-freshclam-once.timer$$$sudo systemctl status clamav-freshclam-once.service$$$journalctl -u clamav-freshclam-once.service$$$If you want a different update interval you can edit the timer unit file:$$$$$$sudo systemctl edit clamav-freshclam-once.timer$$$Patch courtesy of Nils Werner.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/962$$$Raised the MaxScanSize limit so the total amount of data scanned when scanning a file or archive may exceed 4 gigabytes.$$$$$$Introduced the ability to suffix the MaxScanSize and other config file size options with a G or g for the number of gigabytes. For example; for ClamD you may now specify MaxScanSize 10G in clamd.conf. And for ClamScan; you may now specify --max-scansize=10g.$$$$$$The MaxFileSize is still limited internally in ClamAV to 2 gigabytes. Any file; or embedded file; larger than 2GB will be skipped. You may use clamscan --alert-exceeds-max; or the clamd.conf option AlertExceedsMax yes to tell if a scan is not completed because of the scan limits.$$$$$$Patch courtesy of matthias-fratz-bsz.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/945$$$Added ability for Freshclam to use a client certificate PEM file and a private key PEM file for authentication to a private mirror by setting the following environment variables:$$$$$$FRESHCLAM_CLIENT_CERT: May be set to the path of a file (PEM) containing the client certificate.$$$FRESHCLAM_CLIENT_KEY: May be set to the path of a file (PEM) containing the client private key.$$$FRESHCLAM_CLIENT_KEY_PASSWD: May be set to a password for the client key PEM file; if it is password protected.$$$Patch courtesy of jedrzej.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/955$$$Other improvements$$$Fix an issue extracting files from ISO9660 partitions where the files are listed in the plain ISO tree and there also exists an empty Joliet tree.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/938$$$CMake build system improvement to support compiling with OpenSSL 3.x on macOS with the Xcode toolchain.$$$$$$The official ClamAV installers and packages are now built with OpenSSL 3.1.1 or newer.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/970$$$The suggested path for the clamd.pid and clamd.sock file in the sample configs have been updated to reflect the recommended locations for these files in the Docker images. These are:$$$$$$/run/clamav/clamd.pid$$$/run/clamav/clamd.sock$$$For consistency; it now specifies clamd.sock instead of clamd.socket.$$$$$$Patch courtesy of computersalat.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/931$$$Bug fixes$$$Fixed an issue where ClamAV does not abort the signature load process after partially loading an

ClamAV 1.1.0 released$$$The ClamAV 1.1.0 feature release is now stable and available for download on ClamAV.net or through Docker Hub. $$$$$$ClamAV 1.1.0 includes the following improvements and changes.$$$$$$$$$$$$Major changes$$$Added the ability to extract images embedded in HTML CSS <style> blocks.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/813$$$Updated to Sigtool so that the --vba option will extract VBA code from Microsoft Office documents the same way that libclamav extracts VBA. This resolves several issues where Sigtool could not extract VBA. Sigtool will also now display the normalized VBA code instead of the pre-normalized VBA code.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/852$$$Added a new ClamScan and ClamD option: --fail-if-cvd-older-than=days. Additionally; we introduce FailIfCvdOlderThan as a clamd.conf synonym for --fail-if-cvd-older-than. When passed; it causes ClamD to exit on startup with a non-zero return code if the virus database is older than the specified number of days.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/867$$$Added a new function cl_cvdgetage() to the libclamav API. This function will retrieve the age in seconds of the youngest file in a database directory; or the age of a single CVD (or CLD) file.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/867$$$Added a new function cl_engine_set_clcb_vba() to the libclamav API. Use this function to set a cb_vba callback function. The cb_vba callback function will be run whenever VBA is extracted from office documents. The provided data will be a normalized copy of the extracted VBA. This callback was added to support Sigtool so that it can use the same VBA extraction logic that ClamAV uses to scan documents.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/852$$$Other improvements$$$Removed the vendored TomsFastMath library in favor of using OpenSSL to perform big number/multiprecision math operations. Work courtesy of Sebastian Andrzej Siewior.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/840$$$Build system: Added CMake option DO_NOT_SET_RPATH to avoid setting RPATH on Unix systems. Feature courtesy of Sebastian Andrzej Siewior.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/815$$$Build system: Enabled version-scripts with CMake to limit symbol exports for libclamav; libfreshclam; libclamunrar_iface; and libclamunrar shared libraries on Unix systems; excluding macOS. Improvement courtesy of Orion Poplawski and Sebastian Andrzej Siewior.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/776$$$Build system: Enabled users to pass in custom Rust compiler flags using the RUSTFLAGS CMake variable. Feature courtesy of Orion Poplawski.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/835$$$Removed a hard-coded alert for CVE-2004-0597. The CVE is old enough that it is no longer a threat and the detection had occasional false-positives.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/855$$$Set Git attributes to prevent Git from altering line endings for Rust vendored libraries. Third-party Rust libraries are bundled in the ClamAV release tarball. We do not commit them to our own Git repository; but community package maintainers may now store the tarball contents in Git. The Rust build system verifies the library manifest; and this change ensures that the hashes are correct. Improvement courtesy of Nicolas R.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/800$$$Fixed compile time warnings. Improvement courtesy of Razvan Cojocaru.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/795$$$Added a minor optimization when matching domain name regex signatures for PDB; WDB and CDB type signatures.$$$$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/837$$$Build system: Enabled the ability to select a specific Python version. When b

The ClamAV 1.0.0 feature release is now stable and available for download on ClamAV.net or through Docker Hub. $$$ClamAV 1.0.0 includes the following improvements and changes.$$$$$$Major changes$$$Support for decrypting read-only OLE2-based XLS files that are encrypted with the default password. Use of the default password will now appear in the metadata JSON.$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/700$$$Overhauled the implementation of the all-match feature. The newer code is more reliable and easier to maintain.$$$This project fixed several known issues with signature detection in all- match mode:$$$Enabled embedded file-type recognition signatures to match when a malware signature also matched in a scan of the same layer.$$$Enabled bytecode signatures to run in all-match mode after a match has occurred.$$$Fixed an assortment of all-match edge case issues.$$$Added multiple test cases to verify correct all-match behavior.$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/687$$$Added a new callback to the public API for inspecting file content during a scan at each layer of archive extraction.$$$The new callback function type is clcb_file_inspection defined in clamav.h.$$$The function cl_engine_set_clcb_file_inspection() may be used to enable the callback prior to performing a scan.$$$This new callback is to be considered unstable for the 1.0 release. We may alter this function in a subsequent feature version.$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/170$$$Added a new function to the public API for unpacking CVD signature archives.$$$The new function is cl_cvdunpack(). The last parameter for the function may be set to verify if a CVDs signature is valid before unpacking the CVD content to the destination directory.$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/690$$$The option to build with an external TomsFastMath library has been removed. ClamAV requires non-default build options for TomsFastMath to support bigger floating point numbers. Without this change; database and Windows EXE/DLL authenticode certificate validation may fail. The ENABLE_EXTERNAL_TOMSFASTMATH build is now ignored.$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/742$$$Moved the Dockerfile and supporting scripts from the main ClamAV repository over to a new repository: https://github.com/Cisco-Talos/clamav-docker$$$The separate repository will make it easier to update the images and fix issues with images for released ClamAV versions.$$$Any users building the ClamAV Docker image rather than pulling them from Docker Hub will have to get the latest Docker files from the new location.$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/764$$$Increased the SONAME major version for libclamav because of ABI changes between the 0.103 LTS release and the 1.0 LTS release.$$$GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/778

*Upgrade the vendored UnRAR library to version 6.1.7.$$$*Fix issue building macOS universal binaries in some configurations.$$$*Silence error message when the logical signature maximum functionality level is lower than the current functionality level.$$$*Fix scan error when scanning files containing malformed images that cannot be loaded to calculate an image fuzzy hash.$$$*Fix logical signature Intermediates feature.$$$*Relax constraints on slightly malformed ZIP archives that contain overlapping file entries.