Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 1 reactie
Bron: ClamAV

Clam AntiVirus, zoals het programma voluit heet, is een antivirusprogramma voor Linux en FreeBSD dat zich voornamelijk richt op de integratie in mailservers voor het scannen van de bijlagen. Naast een antivirusdaemon bestaat ClamAV uit een command line scanner en een tool voor het automatisch bijwerken van de virusdefinities via internet. De ontwikkelaars hebben een nieuwe versie uitgebracht die voorzien is van 0.90.1 als het versienummer. De lijst met veranderingen ziet er als volgt uit:

Version 0.90.1:

This release includes various bugfixes and code enhancements. Important note: please run 'ldconfig' after installing this version.
  • 0.90.1 (released with JS and PST code removed)
  • shared/output.c: revert patch for bb#360 (didn't work properly when mprintf() was called from logg())
  • clamd/server-th.c: make more attempts when cl_load returns CL_ELOCKDB
  • libclamav/blob.h: NAME_MAX is now in others.h
  • shared/misc: dircopy: use 0755 permissions for new directories (fixes possible permission problems with backup directories in freshclam)
  • libclamav/lockdb.c: fix handling of read locks
  • shared/output.c: fix handling of special characters in mprintf (bb#360)
  • libclamav/mbox.c: Fix bug 358
  • libclamav/pdf.c: Fix compilation error on machines without mmap()
  • libclamav/unrar/unrar.c, unrarvm.c: better fix for bb#350
  • libclamav/unrar/unrar.c: skip all files inside multi-volume solid archives (but still scan their metadata)
  • libclamav/pdf.c: Try with both real and calculated Length fields, since the Length object can't always be trusted Improved backing out of unhandled formats (e.g. Predictor for images and embedded fonts)
  • libclamav/unrar/unrar.c: improve handling of multi-volume archives: do not report CL_ESUPPORT, instead scan all complete files and do full metadata scan
  • libclamav/others.h: update NAME_MAX block and add workaround for HP-UX (bb#367)
  • libclamav/unrar/unrar.c: fix leak in cli_unrar_extract_next_prepare (bb#352)
  • libclamav/unrar/unrar.c: fix rarvm memory leak (bb#350)
  • libclamav/filetypes.c: comment out dead code (see bb#373), spotted by "alex"
  • shared: merge win32 patches from NJH
  • drop shared/memory.[ch]
  • libclamav: minor cleanup (bb#247)
  • libclamav/petite.c: invalid read in valgrind (bb#369)
  • libclamav/pe.c: minor cleanup (bb#247)
  • libclamav/scanners.c: fix small memory leak (bb#359)
  • libclamav/pe.c: fix leaks on upack return (bb#351)
  • libclamav/unzip.c: fix memory leak when extracting stored files
  • libclamav/readdb.c,lockdb.c: merge win32 patches from NJH
  • clamscan: merge win32 patches from NJH
  • libclamav/pdf.c: Remove warning on FreeBSD4.11
  • clamscan, clamdscan, clamconf: compile with CL_NOTHREADS defined
  • libclamav: fix memory leaks in db handling code
  • libclamav/mbox.c: Fix confusion when recursing to multipart/related
  • configure, libclamav: add support for HP-UX 11.11 with native compiler (bb#180)
  • configure: use -pthread also for FreeBSD 6.x
  • libclamav/untar.c: Added extra functionality (bug 269) - based on patches from Andy Fiddaman
  • clamav-milter/clamav-milter.c: Fix compilation error on Solaris (bug 347)
  • clamd/scanner.c: fix compilation error on Solaris (bb#341)
  • libclamav/mbox.c: Handle wide characters on Windows
  • libclamav/tnef.c: Remove warning messages
  • freshclam: merge win32 patches from NJH
  • clamd/clamd.c: print some more information in Foreground mode (bb#317)
  • shared/misc.c: drop rmdirs() and use cli_rmdirs() instead
  • libclamav: new scan setting CL_SCAN_PDF
  • clamd: new option ScanPDF (default: no)
  • clamscan: new switch --no-pdf (PDF scanning enabled by default)
  • docs: update
  • libclamav: s/sanitiseFilename/cli_sanitise_filename/, patch from trog Changed some strdup to cli_strdup
  • clamd: handle signals while polling in select mode
  • clamav-milter/clamav-milter.c: Fix typo
  • shared/misc.c: daemonize: don't re-utilize descriptor 0
  • clamd: handle signals while polling the sockets in the main loop (bb#320)
  • clamav-milter/clamav-milter.c: Better recovery when a remote clamd goes down
  • libclamav/message.c: Better warning message, bug 311
  • libclamav/pst.c: Include upstream patches
  • libclamav/mbox.c: Fix bug 326, reported by Edvin
  • clamav-milter/clamav-milter.c: Use logg() functions instead of syslog. Needed for code tidy, and also possibly fixes bug 332.
  • libclamav/entconv.c: don't cache iconv_open() failures. (bb #329)
  • configure: fix compilation errors on FreeBSD (bb#306)
  • configure: add support for osf/tru64
  • clamd: merge multiscan() with dirscan() (also closes bb#302)
  • libclamav/others.c: increase f-level to activate RTF extractor
  • clamd, clamconf: merge win32 patches from NJH
  • libclamav/unrar: allow for sparc aligned access requirements (bb#304)
  • libclamav/sis.c: improve debug messages
  • libclamav/pe.c: improved broken detection - closes bb#305
  • libclamav/lockdb.c: win32 fix (bb#255)
  • libclamav/phish_*.c, regex_list.c: Remove obsolete $Log$ keyword.
  • libclamav/filetypes.c: add more tags to HTML rule set (bb#218)
  • libclamav/unzip.c: handle some deflate64 compressed files
  • libclamav/entconv.c: Don't normalize buffer shorter than 2 bytes.
  • libclamav/rtf.c: Fix possible memory leak, and add more sanity checks.
  • libclamav/rtf.c: Don't spin on on cli_readn (bb#312) - patch from Edvin
  • libclamav/regex_list.c: Close #303 - patch from Edvin
  • libclamav/clamav-milter.c: Added support for sendmail 8.14, bug 267, patch from Andy Fiddaman
  • libclamav/rtf.c: add more sanity checks (Edwin)
  • freshclam/manager.c: fix warning message (bb#292)
  • libclamav/mbox.c: Fixed bugs in the handling of boundary lines Improved handling of the warning messages associated with recursion limits Fixed handling of OK_ATTACHMENTS_NOT_SAVED in some larger files
  • libclamav/entconv.c: fix incorrect use of isspace() in experimental code
  • libclamav: fix some debug messages
  • libclamav/mbox.c: Fix BeOS link error
  • libclamav/phishcheck.c: Fix warning message, patch from Edvin
  • libclamav/mbox.c,phishcheck.c: Fix compilation errors on BeOS

Version 0.90.0:

The ClamAV team is proud to announce the long awaited ClamAV 0.90. This version introduces lots of new interesting features and marks a big step forward in the development of our antivirus engine.

One of the most important changes is the introduction of scripted updates. Instead of transferring the whole cvd file at each update, only the differences between the latest cvds and the previous versions will be transferred.

In case the local copy of the latest cvd is corrupted or the scripted update fails for some reason, freshclam will fallback to the old method. Similarly to cvd files, scripted updates are compressed and digitally signed and are already being distributed. They will dramatically reduce traffic on our mirrors and will allow us to release even more updates in the future.

Another noticeable change is the new configuration syntax: you can now turn single options on and off, the old crude hack of "DisableDefaultScanOptions" is no longer required.

Cosmetic changes apart, the 0.9x series introduces lots of new code, but some parts are not compiled in by default because they are not ready for production systems yet. You are encouraged to pass the --enable-experimental flag to ./configure when compiling ClamAV. The experimental code introduces many improvements in terms of detection rate and performances. If you find a bug, please take some time to report it on our bugzilla: http://bugs.clamav.net. Your help in testing the new code is really appreciated. The experimental code introduces many improvements in terms of detection rate and performances.

RAR3, SIS and SFX archives support is finally available together with new unpackers and decryptors: pespin, sue, yc, wwpack32, nspack, mew, upack and others. Additionally, ClamAV now includes better mechanisms for scanning ELF, PDF and tar files. The email decoding has been improved to reduce both the memory requirements and the time taken to process attachments.

As part of the Google Summer of Code program, we have introduced support for a new phishing signatures format that has proved very effective in detecting phishing emails. The ClamAV phishing module allows better and more generic detection of phishing emails by searching for URLs in email messages, and comparing the real site with the URL displayed to the user in the message.

On the performance side, support for the MULTISCAN command has been implemented in clamd, allowing to scan multiple files simultaneously. Support for Sensory Networks' NodalCore acceleration technology (http://www.clamav.net/nodalcore/) is now available in ClamAV and will be compiled in if the ncore libraries are detected at compile time. NodalCore acceleration allows highly improved scan speeds on systems equipped with NodalCore cards.

libclamav:
  • New unpacker for RAR3, RAR2 and RAR1
  • Rewritten unpackers for Zip and CAB files
  • Support for RAR-SFX, Zip-SFX and CAB-SFX archives
  • New PE parsing model:
    • Accurate virtual and raw size and offset calculations
    • Proper parsing of executables with weird/handcrafted/uncommon headers
    • Proper handling (or skipping) of ghost sections at various places in the code
    • Rebuild improvements for various unpackers
    • Adjusted alignment on rebuilt executables
    • Proper handling of out of sections offsets
    • Broken exe detection now mimics the XPSP2 loader
    • Lots of misc improvements and fixes
  • Support for PE32+ (64-bit) executables
  • Support for MD5 signatures based on PE sections (.mdb)
  • ELF file parser
  • Support for Sensory Networks' NodalCore hardware acceleration technology
  • Advanced phishing detection module (experimental)
  • Signatures are stored in separate trees depending on their target type
  • Algorithmic detection can be controlled with CL_SCAN_ALGORITHMIC
  • Support for new obfuscators: SUE, Y0da Cryptor, CryptFF
  • Support for new packers: NsPack, wwpack32, MEW, Upack
  • Support for SIS files (SymbianOS packages)
  • Support for PDF and RTF files
  • New encoding and entity normalizer (experimental)
clamd:
  • New config file parser:
    • all options require arguments (options without args must be now followed by boolean values: (yes, no), (1, 0), or (true, false)
    • optional arguments (as in NotifyClamd) are no longer supported
    • removed "DisableDefaultScanOptions" option (scan options can be configured individually)
  • TCP and local sockets can be operated simultaneously
  • New command: MULTISCAN (scan directory with multiple threads)
  • New option AlgorithmicDetection
  • New option ScanELF
  • New option NodalCoreAcceleration (requires hardware accelerator)
  • New option PhishingSignatures
  • New options to control the phishing module:
    • PhishingRestrictedScan
    • PhishingScanURLs
    • PhishingAlwaysBlockSSLMismatch
    • PhishingAlwaysBlockCloak
clamav-milter:
  • Black list mode: optionally black lists an IP for a configurable amount of time
  • Black hole mode: detects emails that will be discarded and refrains from scanning them
  • Reporting: ability to report phishing attempts to anti-phishing organisations to help close the sites
  • Improved load balancing for scanning with clusters
  • Removed -b option (enable BOUNCE compile time option to re-enable the option)
clamscan:
  • New options: --no-phishing-sigs, --no-algorithmic (disable phishing and algorithmic detection respectively)
  • New options to control the phishing module: --no-phishing-scan-urls, --no-phishing-restrictedscan, --phishing-ssl, --phishing-cloak
  • New option: --ncore (requires hardware accelerator)
  • New option: --no-elf
  • New option: --copy
freshclam:
  • Interpreter for .cdiff files (scripted updates)
  • Initial version of mirror manager
  • New option: --list-mirrors (list details on mirrors accessed by the mirror manager)
  • New option HTTPUserAgent to force different User-Agent header
sigtool:
  • New option: --utf16-decode (decode UTF16 encoded files)
  • New options: --diff, --run-cdiff, --verify-cdiff (update script management)
  • New option: --mdb (generated .mdb compatible signatures)
clamconf:
  • initial version of configuration utility for clamd and freshclam
Moderatie-faq Wijzig weergave

Reacties (1)

dit ding wordt echt steeds beter, op m'n FreeBSD server pikt ie dingen eruit die de meeste commercieele scanners compleet over het hoofd zien.

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True