Cisco has introduced a major new release of the free antivirus package ClamAV 1.0.0. The new branch is notable for the transition to the traditional "Major.Minor.Patch" release numbering (instead of 0.Version.Patch). The significant version change is also due to changes to the libclamav library that break ABI compatibility by removing the CLAMAV_PUBLIC namespace, changing the type of arguments in the cl_strerror function, and including symbols for the Rust language in the namespace. The project passed into the hands of Cisco in 2013 after the purchase of Sourcefire, which develops ClamAV and Snort. The project code is distributed under the GPLv2 license.
The 1.0.0 branch is categorized as Long Term Support (LTS) and is maintained for three years. The release of ClamAV 1.0.0 will replace the previous LTS branch of ClamAV 0.103, for which updates with fixes for vulnerabilities and critical issues will be released until September 2023. Updates for regular non-LTS branches are published at least 4 months after the first release of the next branch. The ability to download the signature database for non-LTS branches is also provided for at least another 4 months after the release of the next branch.
Key improvements in ClamAV 1.0:
- Added support for decrypting read-only OLE2-based XLS files encrypted with a default password.
- The code was rewritten with the implementation of the all-match mode, in which all matches in the file are determined, i.e. scanning continues after the first match. The new code is marked as more reliable and easier to maintain. The new implementation also eliminates a series of conceptual flaws that appear when checking against signatures in the all-match mode. Added tests to check the correctness of all-match behavior.
- The callback call clcb_file_inspection() has been added to the API to connect handlers that inspect the contents of files, including those extracted from archives.
- The cl_cvdunpack() function has been added to the API for unpacking signature archives in CVD format.
- Scripts for building docker images with ClamAV have been moved to a separate clamav-docker repository. The docker image includes header files for the C library.
- Added checks to limit the level of recursion when extracting objects from PDF documents.
- The limit on the amount of memory allocated when processing untrusted input data has been increased, and a warning has been raised when this limit is exceeded.
- Significantly accelerated the assembly of unit tests for the libclamav-Rust library. ClamAV modules written in Rust are now built in a directory shared with ClamAV.
- Restrictions have been relaxed when checking for overlapping records in ZIP files, which made it possible to get rid of false warnings when processing slightly modified, but not malicious, JAR archives.
- The build defines the minimum and maximum supported versions of LLVM. Attempting to build with too old or too new a version will now result in an error warning about compatibility issues.
- Build with own RPATH list (list of directories from which shared libraries are loaded) is allowed, which allows moving executable files to another location after building in the development environment.
Source: opennet.ru