Thema: ClamWin/ClamAV .......

[SiLæncer]

Changelog

Improved support for YARA rules including private rules, referencing other rules, and YARA "include" files.
Configurable default password list to attempt zip file decryption.
TIFF support. ./configure options for YARA. upgrade Windows pthread library to 2.9.1. a new signature target type for uncategorized files.
ClamAV 0.99 contains major new features and changes. Particularly, if you are using clamd on-access scanning or have applications using all-match mode, you will want to review the changes and make any necessary
adjustments before using ClamAV 0.99.
Processing of YARA rules(some limitations- see signatures.pdf).
Support in ClamAV logical signatures for many of the features added for YARA, such as Perl compatible Regular Expressions, alternate strings, and YARA string attributes. See signatures.pdf for full details.
post and clamdoc.pdf for details on the new on-access capabilities.
A new ClamAV API callback function that is invoked when a virus is found. This is intended primarily for applications running in all-match mode. Any applications using all-match mode must use the new callback function to record and report detected viruses.
Configurable default password list to attempt zip file decryption.
TIFF file support.
Upgrade Windows pthread library to 2.9.1.
A new signature target type for designating signatures to run against files with unknown file types.
Improved fidelity of the "data loss prevention" heuristic algorithm. Code supplied by Bill Parker.
Support for LZMA decompression within Adobe Flash files.
Support for MSO attachments within Microsoft Office 2003 XML files.
A new sigtool option(--ascii-normalize) allowing signature authors to more easily generate normalized versions of ascii files.

[close]

http://www.clamwin.com/

[SiLæncer]

Changelog

bb11420 - fix preclass/cache interaction.
bb11419 - fix valgrind-detected uninitialized value when caching is disabled.
bb11418 - fix clamdscan segfault when using stream(stdin) input.
bb#11421 - CUD digital signature verification and empty files
change unknown database default to skip from .db
use pkg-config to determine CHECK_LIBS
bb#11015(2) - refactor automated pwdb target assignment for tdb
fix error reporting for pwdb signature loading
fix crash in clamd scan callback function.
fix for openssl build with specific openssl location
onas: adding better feedback for users attempting to use fanotify prevention on kernels with unsupported configurations.
onas: adding throttling to notifications when handling fanotify errors on large files.
onas: adding optional extra scanning for inotify events
onas: improving handling of fanotify read errors for large files.

[close]

http://www.clamwin.com/

[SiLæncer]

Changelog

ClamAV 0.99 contains major new features and changes. YARA rules, Perl Compatible Regular Expressions, revamped on-access scanning for Linux, and other new features join the many great features of ClamAV:

Processing of YARA rules(some limitations- see signatures.pdf).
Support in ClamAV logical signatures for many of the features added for YARA, such as Perl Compatible Regular Expressions, alternate strings, and YARA string attributes. See signatures.pdf for full details.
New and improved on-access scanning for Linux. See the recent blog post and clamdoc.pdf for details on the new on-access capabilities
A new ClamAV API callback function that is invoked when a virus is found. This is intended primarily for applications running in all-match mode. Any applications using all-match mode must use the new callback function to record and report detected viruses.
Configurable default password list to attempt zip file decryption.
TIFF file support.
Upgrade Windows pthread library to 2.9.1.
A new signature target type for designating signatures to run against files with unknown file types.
Improved fidelity of the "data loss prevention" heuristic algorithm. Code supplied by Bill Parker.
Support for LZMA decompression within Adobe Flash files.
Support for MSO attachments within Microsoft Office 2003 XML files.
A new sigtool option(--ascii-normalize) allowing signature authors to more easily generate normalized versions of ascii files.

[close]

http://www.clamwin.com/

[SiLæncer]

Whats new:>>

This release updates ClamAV scanning engine to the latest version and brings important improvements:

    Heuristic detection improvements
    Improvements in detection and processing of archived files
    Other important bug fixes

http://www.clamwin.com/

[SiLæncer]

Whats new:>>

add scanning options for scanning xml-based documents (MSXML, OOXML, HWPML) and HWP3
add dconfs for XDP, MBR, GPT, APM, OOXML, MSXML, and HWP formats (09:29:32) (IS) Iulia Ivan: sau 0.99.1
ClamAV 0.99.1 contains a new feature for parsing Hancom Office files including extracting and scanning embedded objects. ClamAV 0.99.1 also contains important bug fixes. Please see ChangeLog for details.

Download hier : http://sourceforge.net/projects/clamav/files/beta/0.99.1-beta1/

http://www.clamwin.com/

[SiLæncer]

Whats new:>>

hwp5.x: fix for streams without names
libclamav: yara: avoid unaliged access to 64bit variable
bb11455 - patch to add show-progress option to freshclam.
added 'CustomXML' as trigger for likely OOXML

Download hier : https://sourceforge.net/projects/clamav/files/clamav/

http://www.clamwin.com/

[SiLæncer]

This release updates ClamAV scanning engine to the latest version and brings important improvements:

Heuristic detection improvements
Improvements in detection and processing of archived files
Other important bug fixes

http://www.clamwin.com/

[SiLæncer]

Changelog

Note:  As previously discussed for the last three releases, we are no longer uploading ClamAV to SourceForge for release.  0.99.2 is the first release that is ONLY released on ClamAV.net

Below are the notes from the ChangeLog since 0.99.1:

Thu, 22 Apr 2016 12:45:00 -0500 (Steven Morgan)
------------------------------------------
 * ClamAV 0.99.2 release.

Thu, 31 Mar 2016 17:07:39 -0400 (Kevin Lin)
------------------------------------------
 * 7z: fix for FolderStartPackStreamIndex array index heck

Tue, 29 Mar 2016 16:18:51 -0400 (Steven Morgan)
------------------------------------------
 * bb11547 - print all CDBNAME entries for a zip file when using the
 -z flag.

Tue, 2 Sep 2014 22:44:41 +0200 (Sebastian Andrzej Siewior)
------------------------------------------
 * try to minimize the err cleanup path

Tue, 2 Sep 2014 22:44:14 +0200 (Sebastian Andrzej Siewior)
------------------------------------------
 * clamunrar: notice if unpacking comment failed

Wed, 23 Mar 2016 16:39:52 -0400 (Steven Morgan)
------------------------------------------
 * bb9042 - signature manual update.

Wed, 23 Mar 2016 16:14:42 -0400 (Kevin Lin)
------------------------------------------
 * bb#11396 - use temp var for realloc to prevent pointer loss. Patch by
 Bill Parker.

Wed, 23 Mar 2016 15:49:56 -0400 (Kevin Lin)
------------------------------------------
 * bb#11397 - fix debug VI hex truncation

Wed, 23 Mar 2016 15:38:21 -0400 (Kevin Lin)
------------------------------------------
 * bb#11398 - freshclam: avoid random data in mirrors.dat. Patch by
 Tomasz Kojm.

Wed, 23 Mar 2016 15:28:51 -0400 (Kevin Lin)
------------------------------------------
 * libclamav: print raw certificate metadata

Wed, 23 Mar 2016 14:16:00 -0400 (Kevin Lin)
------------------------------------------
 * bb#11529 - freshclam manager check return code of strdup. Patch by
 Sebastian A. Siewior.

Tue, 22 Mar 2016 16:21:59 -0400 (Kevin Lin)
------------------------------------------
 * bb#11261 - additional suppress IP notification when using proxy

Tue, 22 Mar 2016 12:54:52 -0400 (Kevin Lin)
------------------------------------------
 * bb#10983 - fix download and verification of *.cld through PrivateMirrors

Mon, 21 Mar 2016 11:21:08 -0400 (Kevin Lin)
------------------------------------------
 * bb#11261 - suppress IP notification when using proxy

Mon, 21 Mar 2016 11:20:01 -0400 (Kevin Lin)
------------------------------------------
 * bb#11543 - remove redundant mempool assignment

Thu, 17 Mar 2016 11:49:26 -0400 (Kevin Lin)
------------------------------------------
 * bb#11003 - divide out dumpcerts output for better readability

Wed, 16 Mar 2016 15:42:35 -0400 (Kevin Lin)
------------------------------------------
 * bb#11003 - fix dconf and option handling for nocert and dumpcert

Mon, 14 Mar 2016 16:07:45 -0400 (Mickey Sola)
------------------------------------------
 * bb11463 - patch by Jim Morris to increase clamd's soft file descriptor to
 its potential maximum on 64-bit systems

Mon, 14 Mar 2016 17:12:20 -0400 (Steven Morgan)
------------------------------------------
 * Move libfreshclam config to m4/reorganization.

Fri, 11 Mar 2016 13:32:31 -0700 (andrey mirtchovski)
------------------------------------------
 * adding libfreshclam

Sun, 13 Mar 2016 23:27:23 -0400 (Tom Judge)
------------------------------------------
 * Add 'cdb' datafile to sigtools list of datafile types.

Fri, 11 Mar 2016 16:02:22 -0500 (Steven Morgan)
------------------------------------------
 * bb11526 - NULL pointer check. Patch by Bill Parker.

Fri, 11 Mar 2016 15:48:01 -0500 (Steven Morgan)
------------------------------------------
 * bb11524 - malloc() NULL pointer check. Patch by Bill Parker.

Thu, 10 Mar 2016 18:26:33 -0500 (Steven Morgan)
------------------------------------------
 * bb1436 - clamscan 'block-macros' option. Patch by Kai Risku.

Wed, 9 Mar 2016 17:07:06 -0500 (Kevin Lin)
------------------------------------------
 * bb#11514 - initialize cpio name buffer

Wed, 9 Mar 2016 16:43:03 -0500 (Kevin Lin)
------------------------------------------
 * bb#11514 - initialize mspack decompression buffers

Wed, 9 Mar 2016 12:15:16 -0500 (Kevin Lin)
------------------------------------------
 * bb#11514 - prevent memory allocations on used pointers (folder objects)

Tue, 8 Mar 2016 16:04:21 -0500 (Kevin Lin)
------------------------------------------
 * bb#11514 - prevent memory allocations on used pointers (boolvectors)

Tue, 8 Mar 2016 14:37:20 -0500 (Kevin Lin)
------------------------------------------
 * bb#11514 - initialize ARJ metadata structures

Tue, 8 Mar 2016 14:37:01 -0500 (Kevin Lin)
------------------------------------------
 * bb#11514 - change cli_malloc with cli_calloc

Mon, 7 Mar 2016 16:25:10 -0500 (Kevin Lin)
------------------------------------------
 * bb#11514 - check packSizes prior to dereference

Mon, 7 Mar 2016 16:10:09 -0500 (Kevin Lin)
------------------------------------------
 * bb#11514 - fixed inconsistent folder state on failure

Mon, 7 Mar 2016 15:11:08 -0500 (Kevin Lin)
------------------------------------------
 * bb#11514 - pre-check on (*unpackSizes) dereference

Mon, 7 Mar 2016 13:56:42 -0500 (Kevin Lin)
------------------------------------------
 * bb11514 - fix on pre-checks on dereferenced array

Fri, 4 Mar 2016 16:57:14 -0500 (Kevin Lin)
------------------------------------------
 * bb11514 - pre-checks on dereferenced array size values (not =0)

Wed, 2 Mar 2016 13:57:03 -0500 (Mickey Sola)
------------------------------------------
 * bb-11514 - adding sanity checks to 7z header parsing

Tue, 1 Mar 2016 12:43:01 -0500 (Kevin Lin)
------------------------------------------
 * bb#11514 - fixed mew source read issue

Fri, 4 Mar 2016 17:05:01 -0500 (Steven Morgan)
------------------------------------------
 * bb11188 - Upgrade to use libtool 2.4.6 for ClamAV building: fixes issues
 with MacOSX 10.10 and 10.11.

Tue, 1 Mar 2016 12:34:48 -0500 (Kevin Lin)
------------------------------------------
 * bb#11513 - documentation update on targets

Mon, 29 Feb 2016 16:58:19 -0500 (Kevin Lin)
------------------------------------------
 * filetype consistency

Mon, 29 Feb 2016 11:34:25 -0500 (Kevin Lin)
------------------------------------------
 * move llvm option flag handling to new m4 file

Wed, 24 Feb 2016 13:29:42 -0500 (Kevin Lin)
------------------------------------------
 * hwp5.x: fix for streams without names

[close]

http://www.clamav.net

[SiLæncer]

Release Notes

In this release, we have included many code submissions from the ClamAV community:

Interfaces to the Prelude SIEM open source package for collecting ClamAV virus events.
Visual Studio 2015 for building Microsoft Windows binaries.
Support libmspack internal code or as a shared object library. The internal library is the default and contains additional integrity checks.
Linking with openssl 1.1.0.
Numerous code patches, typos, and compiler warning fixes.

Additionally, we have introduced important changes and new features in ClamAV 0.99.3, including:

Deprecating internal LLVM code support. The configure script has changed to search the system for an installed instance of the LLVM development libraries, and to otherwise use the bytecode interpreter for ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for executing bytecode signatures, please ensure that the LLVM development package at version 3.6 or lower is installed. Using the deprecated LLVM code is possible with the command: ./configure --with-system-llvm=no', but it no longer compile on all platforms
Compute and check PE import table hash (a.k.a. "imphash") signatures
Support file property collection and analysis for MHTML files
Raw scanning of PostScript files
Fix clamsubmit to use the new virus and false positive submission web interface
Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when size limitations are exceeded
Improve decoders for PDF files

[close]

http://www.clamav.net

[SiLæncer]

Changelog

Interfaces to the Prelude SIEM open source package for collecting ClamAV virus events.
Visual Studio 2015 for building Microsoft Windows binaries.
Support libmspack internal code or as a shared object library. The internal library is the default and contains additional integrity checks.
Linking with openssl 1.1.0.
Numerous code patches, typos, and compiler warning fixes.

[close]

http://www.clamav.net

[SiLæncer]

Changelog

CVE-2017-12374
1. ClamAV UAF (use-after-free) Vulnerabilities
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations. If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
https://bugzilla.clamav.net/show_bug.cgi?id=11939
CVE-2017-12375
2. ClamAV Buffer Overflow Vulnerability
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L
https://bugzilla.clamav.net/show_bug.cgi?id=11940
CVE-2017-12376
3. ClamAV Buffer Overflow in handle_pdfname Vulnerability
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.
https://bugzilla.clamav.net/show_bug.cgi?id=11942
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2017-12377
4. ClamAV Mew Packet Heap Overflow Vulnerability
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap overflow condition when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.
https://bugzilla.clamav.net/show_bug.cgi?id=11943
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L
CVE-2017-12378
5. ClamAV Buffer Over Read Vulnerability
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.
https://bugzilla.clamav.net/show_bug.cgi?id=11946
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L
CVE-2017-12379
6. ClamAV Buffer Overflow in messageAddArgument Vulnerability
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.
https://bugzilla.clamav.net/show_bug.cgi?id=11944
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L
CVE-2017-12380
7. ClamAV Null Dereference Vulnerability
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to improper input validation checking mechanisms during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.
https://bugzilla.clamav.net/show_bug.cgi?id=11945
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Also included are 2 minor fixes to properly detect openssl install locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1# version numbers.

[close]

http://www.clamav.net

[SiLæncer]

Changelog

0.99.4 is a security patch release, quick on the heels of the 0.99.3 security patch release. This is a renewal of our commitment to the ClamAV community for timely fixes to critical issues. 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for:

CVE-2012-6706
CVE-2017-6419
CVE-2017-11423
CVE-2018-1000085

There are also a few bug fixes that were not assigned CVE’s, but were important enough to address while we had the chance. One of these was the notorious file descriptor exhaustion bug that caused outages late last January.

[close]

http://www.clamav.net

[SiLæncer]

Whats new:>>

This security patch release updates ClamAV scanning engine to the latest version and addresses the following issues:

    ClamAV UAF Vulnerabilities
    ClamAV Buffer Overflow Vulnerabilities
    ClamAV Null Dereference Vulnerability
    A number of other outstanding vulnerability bugs

http://www.clamwin.com/

[SiLæncer]

Changelog

Some of the more prominent submissions include:

Interfaces to the Prelude SIEM open source package for collecting ClamAV virus events.
Support for Visual Studio 2015 for Windows builds. Please note that we have deprecated support for Windows XP, and while Vista may still work, we no longer test ClamAV on Windows XP or Vista.
Support libmspack internal code or as a shared object library. The internal library is the default and includes modifications to enable parsing of CAB files that do not entirely adhere to the CAB file format.
Linking with OpenSSL 1.1.0.
Deprecation of the AllowSupplementaryGroups parameter statement in clamd, clamav-milter, and freshclam. Use of supplementary is now in effect by default.
Numerous bug fixes, typo corrections, and compiler warning fixes.

Additionally, we have introduced important changes and new features in ClamAV 0.100, including but not limited to:

Deprecating internal LLVM code support. The configure script has changed to search the system for an installed instance of the LLVM development libraries, and to otherwise use the bytecode interpreter for ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for executing bytecode signatures, please ensure that the LLVM development package at version 3.6 or lower is installed. Using the deprecated LLVM code is possible with the command: ./configure --with-system-llvm=no, but it no longer compiles on all platforms.
Compute and check PE import table hash (a.k.a. "imphash") signatures.
Support file property collection and analysis for MHTML files.
Raw scanning of PostScript files.
Fix clamsubmit to use the new virus and false positive submission web interface.
Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when size limitations are exceeded.
Improved decoders for PDF files.
Reduced number of compile time warnings.
Improved support for C++11.
Improved detection of system installed libraries.
Fixes to ClamAV's Container system and the introduction of Intermediates for more descriptive signatures.

[close]

http://www.clamav.net

[SiLæncer]

Changelog

HTTPS support for clamsubmit.
Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only.

Fixes for the following CVE's:

CVE-2017-16932: Vulnerability in libxml2 dependency (affects ClamAV on Windows only). (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932)
CVE-2018-0360: HWP integer overflow, infinite loop vulnerability. Reported by Secunia Research at Flexera. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0360)
CVE-2018-0361: ClamAV PDF object length check, unreasonably long time to parse relatively small file. Reported by aCaB. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0361)

Fixes for a few additional bugs:

Buffer over-read in unRAR code due to missing max value checks in table initialization. Reported by Rui Reis.
Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck.
PDF parser bugs reported by Alex Gaynor.
Buffer length checks when reading integers from non-NULL terminated strings.
Buffer length tracking when reading strings from dictionary objects.

[close]

http://www.clamav.net