Cisco tau tshaj tawm qhov kev tso tawm tshiab loj ntawm nws qhov dawb antivirus suite, ClamAV 0.104.0. Cia peb nco qab tias qhov project tau dhau mus rau hauv tes ntawm Cisco hauv 2013 tom qab kev yuav khoom ntawm Sourcefire, lub tuam txhab tsim ClamAV thiab Snort. Txoj haujlwm code raug faib raws li daim ntawv tso cai GPLv2.
Tib lub sijhawm, Cisco tau tshaj tawm qhov pib ntawm kev tsim ClamAV lub sijhawm ntev kev txhawb nqa (LTS) ceg, uas yuav tau txais kev txhawb nqa rau peb xyoos txij li hnub tshaj tawm thawj zaug tso tawm hauv ceg. Thawj LTS ceg yuav yog ClamAV 0.103, hloov tshiab nrog qhov tsis zoo thiab cov teeb meem tseem ceeb yuav raug tso tawm kom txog rau thaum 2023.
Kev hloov tshiab rau cov ceg tsis tu ncua LTS yuav raug tshaj tawm tsawg kawg yog 4 lub hlis tom qab thawj zaug tso tawm ntawm ceg tom ntej (piv txwv li, hloov tshiab rau ClamAV 0.104.x ceg yuav raug tshaj tawm rau lwm 4 lub hlis tom qab tso tawm ClamAV 0.105.0. 4). Lub peev xwm los rub tawm cov ntaub ntawv kos npe rau cov ceg ntoo uas tsis yog LTS kuj tseem yuav muab rau tsawg kawg XNUMX lub hlis tom qab tso tawm ntawm ceg tom ntej.
Lwm qhov kev hloov pauv tseem ceeb yog kev tsim cov pob khoom siv ua haujlwm, tso cai rau koj hloov kho yam tsis muaj kev rov tsim kho los ntawm cov ntawv sau thiab tsis tas tos cov pob khoom tshwm sim hauv kev faib khoom. Cov pob khoom tau npaj rau Linux (hauv RPM thiab DEB hom hauv versions rau x86_64 thiab i686 architectures), macOS (rau x86_64 thiab ARM64, suav nrog kev txhawb nqa rau Apple M1 nti) thiab Windows (x64 thiab win32). Tsis tas li ntawd, kev tshaj tawm cov duab ntim cov duab ntawm Docker Hub tau pib (cov duab tau muab ob qho tib si nrog thiab tsis muaj cov ntaub ntawv kos npe tsim). Yav tom ntej, kuv npaj yuav tshaj tawm RPM thiab DEB pob rau ARM64 architecture thiab tshaj tawm cov rooj sib tham rau FreeBSD (x86_64).
Kev txhim kho tseem ceeb hauv ClamAV 0.104:
- Kev hloov pauv mus rau kev siv CMake los ua ke system, muaj qhov tam sim no xav tau los tsim ClamAV. Autotools thiab Visual Studio tsim tshuab tau raug txiav tawm.
- LLVM cov khoom tsim rau hauv kev faib khoom tau raug tshem tawm hauv kev pom zoo siv cov tsev qiv ntawv LLVM sab nraud uas twb muaj lawm. Hauv lub sijhawm ua haujlwm, txhawm rau ua cov ntawv kos npe nrog cov bytecode built-in, los ntawm lub neej ntawd tus neeg txhais lus bytecode yog siv, uas tsis muaj JIT kev txhawb nqa. Yog tias koj xav siv LLVM es tsis txhob siv tus neeg txhais lus bytecode thaum tsim, koj yuav tsum qhia meej txog txoj hauv kev mus rau LLVM 3.6.2 cov tsev qiv ntawv (kev txhawb nqa rau kev tshaj tawm tshiab yog npaj yuav ntxiv tom qab)
- Cov txheej txheem clamd thiab freshclam tam sim no muaj raws li cov kev pabcuam Windows. Txhawm rau nruab cov kev pabcuam no, "--install-service" xaiv, thiab pib koj tuaj yeem siv tus qauv "net start [name]" hais kom ua.
- Ib qho kev xaiv scanning tshiab tau ntxiv uas ceeb toom txog kev hloov pauv ntawm cov duab nraaj uas puas lawm, los ntawm kev sim ua kom muaj peev xwm los siv qhov tsis zoo hauv cov tsev qiv ntawv duab. Format validation yog siv rau JPEG, TIFF, PNG thiab GIF cov ntaub ntawv, thiab yog enabled ntawm lub AlertBrokenMedia chaw nyob rau hauv clamd.conf los yog cov "--alert-broken-media" hais kom ua kab kev xaiv nyob rau hauv clamscan.
- Ntxiv hom tshiab CL_TYPE_TIFF thiab CL_TYPE_JPEG kom sib xws nrog cov ntsiab lus ntawm GIF thiab PNG cov ntaub ntawv. BMP thiab JPEG 2000 hom txuas ntxiv raug txhais tias yog CL_TYPE_GRAPHICS vim tsis muaj kev txheeb xyuas hom ntawv rau lawv.
- ClamScan tau ntxiv qhov taw qhia pom ntawm qhov kev nce qib ntawm kev kos npe thauj khoom thiab lub cav tso ua ke, uas yog ua ua ntej scanning pib. Qhov taw qhia tsis tshwm sim thaum pib los ntawm sab nraud lub davhlau ya nyob twg lossis thaum twg ib qho ntawm cov kev xaiv "--debug", "- ntsiag to", "- kis", "-tsis muaj cov ntsiab lus" tau teev tseg.
- Txhawm rau ua kom pom kev nce qib, libclamav tau ntxiv hu rov qab cl_engine_set_clcb_sigload_progress(), cl_engine_set_clcb_engine_compile_progress() thiab cav dawb: cl_engine_set_clcb_engine_free_progress(), nrog rau cov ntawv thov twg tuaj yeem taug qab thiab kwv yees lub sijhawm ua tiav ntawm kev ua tiav thiab kos npe rau lub sijhawm ua tiav.
- Ntxiv kev txhawb nqa rau txoj hlua formatting daim npog qhov ncauj "%f" rau VirusEvent kev xaiv los hloov txoj hauv kev rau cov ntaub ntawv uas tau kuaj pom tus kab mob (zoo ib yam li "%v" daim npog qhov ncauj nrog lub npe ntawm tus kab mob kuaj pom). Hauv VirusEvent, kev ua haujlwm zoo sib xws kuj muaj los ntawm $CLAM_VIRUSEVENT_FILENAME thiab $CLAM_VIRUSEVENT_VIRUSNAME ib puag ncig hloov pauv.
- Txhim kho kev ua tau zoo ntawm AutoIt script unpacking module.
- Ntxiv kev txhawb nqa rau rho tawm cov duab los ntawm *.xls cov ntaub ntawv (Excel OLE2).
- Nws muaj peev xwm rub tawm Authenticode hashes raws li SHA256 algorithm hauv daim ntawv *.cat cov ntaub ntawv (siv los txheeb xyuas cov ntawv kos npe digitally Windows executable files).
Tau qhov twg los: opennet.ru