Siideynta xirmada ka hortagga bilaashka ah ee ClamAV 0.103.3 ayaa la sameeyay, taasoo soo jeedinaysa isbeddellada soo socda:
- Faylka mirrors.dat waxa loo badalay freshclam.dat sababtoo ah ClamAV waxa loo rogey in la isticmaalo shabkada gudbinta nuxurka (CDN) halkii laga isticmaali lahaa shabakad muraayad ah faylka datna kuma jiro macluumaadka muraayadda. Freshclam.dat waxay ku kaydisaa UUID-da loo isticmaalo ClamAV-Agent User. Baahida dib u magacaabista waxaa sabab u ah xaqiiqda ah in qoraalada isticmaalayaasha qaarkood ay tirtireen mirrors.dat haddii ay dhacdo FreshClam fashilantay, laakiin hadda faylkan waxaa ku jira aqoonsi, luminta taas oo ah mid aan la aqbali karin.
- Dhibaatooyinka leh waxqabadka iskaanka faylka hooseeya marka ENGINE_OPTIONS_FORCE_TO_DISK doorashada la damco waa la xaliyay.
- Shilalka go'an ee habka ClamDScan marka la isticmaalayo "--fdpass --multiscan" doorashooyinka oo ay la socoto goobta ExcludePath ee faylka qaabeynta.
- La xaliyay arrin ku saabsan dejinta xididka milkiilaha faylka mirrors.dat halkii uu isticmaali lahaa ku qeexan goobta Xogta Mulkiilaha marka uu u shaqeynayo clamav xidid ahaan.
- Dareemida HTTPUserAgent Dejinta in la damiyo marka DatabaseMirror isticmaalayso clamav.net si looga fogaado xannibaadda shilalka ah.
- Si aad awood ugu yeelatid ogaanshaha isku dayga lagu doonayo in lagaga faa'iidaysto nuglaanta CVE-2010-1205 (Heuristics.PNG.CVE-2010-1205), waa inaad hadda si cad u suurta gelisaa cabbirka ClamScan "-warbaahinta-warbaahinta-warbaahinta"ama goobta"AlertBrokenMedia", tan iyo markii nuglaanshaha ayaa muddo dheer meel walba lagu hagaajiyay.
- ClamSubmit go'an ayaa burburaya ka dib markii Cloudflare bedelay kukiga "__cfduid".
Source: opennet.ru