Kutulutsidwa kwa phukusi laulere la antivayirasi ClamAV 0.103.3 lapangidwa, lomwe limapereka zosintha zotsatirazi:
- Fayilo ya mirrors.dat yasinthidwa kukhala freshclam.dat chifukwa ClamAV yasinthidwa kuti igwiritse ntchito netiweki yotumizira zinthu (CDN) m'malo mwa netiweki yagalasi ndipo fayilo ya dat ilibenso chidziwitso chagalasi. Freshclam.dat imasunga UUID yomwe imagwiritsidwa ntchito mu ClamAV User-Agent. Kufunika kosinthanso dzina ndi chifukwa chakuti zolemba za ogwiritsa ntchito ena zidachotsa mirror.dat ngati FreshClam yalephera, koma tsopano fayiloyi ili ndi chizindikiritso, kutayika komwe sikuvomerezeka.
- Mavuto ndi kusanja kwamafayilo otsika pomwe njira ya ENGINE_OPTIONS_FORCE_TO_DISK yathetsedwa.
- Kuwonongeka kosasunthika kwa ndondomeko ya ClamDScan mukamagwiritsa ntchito "--fdpass --multiscan" zosankha pamodzi ndi ExcludePath makonda mu fayilo yosinthira ya clamd.
- Tinakonza vuto ndi kukhazikitsa mizu monga mwini wa fayilo ya mirrors.dat m'malo mwa wogwiritsa ntchito wofotokozedwa mu DatabaseOwner setting pamene akuyendetsa clamav ngati mizu.
- Yathandiza HTTPUserAgent kuti azimitsidwa pamene DatabaseMirror ikugwiritsa ntchito clamav.net kupewa kutsekereza mwangozi.
- Kuti athe kuzindikira zoyesayesa kugwiritsa ntchito chiopsezo CVE-2010-1205 (Heuristics.PNG.CVE-2010-1205), muyenera tsopano kuyatsa chizindikiro cha ClamScan "-alert-broken-media" kapena "AlertBrokenMedia", popeza chiwopsezocho chakhazikitsidwa kalekale.
- Kuwonongeka kwa ClamSubmit pambuyo pa Cloudflare kusintha Cookie "__cfduid".
Source: opennet.ru