I-Cisco imemezele ukukhishwa okusha okukhulu kwe-antivirus suite yayo yamahhala, i-ClamAV 0.104.0. Masikhumbule ukuthi iphrojekthi yadlulela ezandleni zeCisco ngo-2013 ngemuva kokuthengwa kwe-Sourcefire, inkampani eyakha i-ClamAV ne-Snort. Ikhodi yephrojekthi isatshalaliswa ngaphansi kwelayisensi ye-GPLv2.
Ngesikhathi esifanayo, i-Cisco yamemezela ukuqala kokwakhiwa kwamagatsha e-ClamAV ngokusekelwa kwesikhathi eside (LTS), ukusekelwa okuzonikezwa iminyaka emithathu kusukela ngosuku lokushicilelwa kokukhululwa kokuqala egatsheni. Igatsha lokuqala le-LTS lizoba i-ClamAV 0.103, izibuyekezo ezinobuthakathaka nezinkinga ezibucayi zizokhishwa kuze kube ngu-2023.
Izibuyekezo zamagatsha avamile angewona ama-LTS zizoshicilelwa okungenani ezinye izinyanga ezi-4 ngemva kokukhishwa kokuqala kwegatsha elilandelayo (ngokwesibonelo, izibuyekezo zegatsha le-ClamAV 0.104.x zizoshicilelwa ezinye izinyanga ezingu-4 ngemva kokukhululwa kwe-ClamAV 0.105.0. 4). Amandla okulanda isizindalwazi sesiginesha samagatsha angewona ama-LTS azohlinzekwa okungenani ezinye izinyanga ezi-XNUMX ngemva kokukhishwa kwegatsha elilandelayo.
Olunye ushintsho olubalulekile kwaba ukwakhiwa kwamaphakheji okufaka asemthethweni, okukuvumela ukuthi ubuyekeze ngaphandle kokwakha kabusha kusuka emibhalweni yomthombo futhi ngaphandle kokulinda ukuthi amaphakheji avele ekusatshalalisweni. Amaphakheji alungiselelwa i-Linux (ngamafomethi we-RPM kanye ne-DEB kuzinguqulo ze-x86_64 ne-i686 architecture), i-macOS (ye-x86_64 ne-ARM64, okuhlanganisa ukusekelwa kwe-chip ye-Apple M1) ne-Windows (x64 ne-win32). Ukwengeza, ukushicilelwa kwezithombe zeziqukathi ezisemthethweni ku-Docker Hub sekuqalile (izithombe zinikezwa kokubili kanye nangaphandle kwedathabheyisi yesiginesha eyakhelwe ngaphakathi). Ngokuzayo, ngihlele ukushicilela amaphakheji e-RPM nawe-DEB okwakhiwa kwe-ARM64 nemihlangano yokuthunyelwe ye-FreeBSD (x86_64).
Ukuthuthukiswa okubalulekile ku-ClamAV 0.104:
- Ukushintshela ekusebenziseni uhlelo lokuhlanganisa lwe-CMake, ubukhona manje obudingekayo ukuze kwakhiwe i-ClamAV. I-Autotools kanye nezinhlelo zokwakha ze-Visual Studio zinqanyuliwe.
- Izingxenye ze-LLVM ezakhelwe ekusabalaliseni zisusiwe ukuze kusetshenziswe imitapo yolwazi yangaphandle ye-LLVM. Ngesikhathi sokusebenza, ukucubungula amasiginesha nge-bytecode eyakhelwe ngaphakathi, ngokuzenzakalelayo kusetshenziswa umhumushi we-bytecode, onganakho ukusekelwa kwe-JIT. Uma udinga ukusebenzisa i-LLVM esikhundleni sotolika we-bytecode lapho wakha, kufanele ucacise izindlela eziya kulabhulali ye-LLVM 3.6.2 (ukusekelwa kokukhishwa okusha kuhlelwe ukuthi kwengezwe kamuva)
- Izinqubo ze-clamd ne-freshclam manje seziyatholakala njengezinsizakalo ze-Windows. Ukufaka lawa masevisi, inketho ethi “--install-service” inikezwa, futhi ukuze uqalise ungasebenzisa umyalo ojwayelekile othi “net start [igama]”.
- Inketho entsha yokuskena yengeziwe exwayisa ngokudluliswa kwamafayela ezithombe ezilimele, okungenziwa ngawo imizamo engaba yingozi yokusebenzisa ubungozi kulabhulali eyingcaca. Ukuqinisekiswa kwefomethi kusetshenziswa kumafayela e-JPEG, TIFF, PNG nawe-GIF, futhi kunikwa amandla ngokulungiselelwa kwe-AlertBrokenMedia ku-clamd.conf noma inketho yomugqa womyalo we-"--alert-broken-media" ku-clamscan.
- Kwengezwe izinhlobo ezintsha CL_TYPE_TIFF kanye ne-CL_TYPE_JPEG ukuze kuhambisane nencazelo yamafayela e-GIF nawe-PNG. Izinhlobo ze-BMP ne-JPEG 2000 ziyaqhubeka nokuchazwa njenge-CL_TYPE_GRAPHICS ngoba ukuncozululwa kwefomethi akusekelwa kuzo.
- I-ClamScan yengeze inkomba ebonakalayo yenqubekelaphambili yokulayisha isiginesha nokuhlanganiswa kwenjini, okwenziwa ngaphambi kokuthi kuqale ukuskena. Inkomba ayivezwa lapho yethulwa ngaphandle kwetheminali noma lapho enye yezinketho “--debug”, “-thula”, “-infected”, “-no-summary” icacisiwe.
- Ukuze ubonise inqubekelaphambili, i-libclamav yengeze izingcingo zokuphinda ushayele cl_engine_set_clcb_sigload_progress(), cl_engine_set_clcb_engine_compile_progress() kanye ne-injini mahhala: cl_engine_set_clcb_engine_free_progress(), lapho izinhlelo zokusebenza zingalandelela futhi zisayine isigaba sokuqala sokulayisha umkhawulo we-exe.
- Kwengezwe ukusekelwa kwemaski yokufometha kweyunithi yezinhlamvu ethi “%f” kunketho ye-VirusEvent ukuze kungene indlela eya efayelini lapho igciwane litholwe khona (elifana nemaski ethi “%v” enegama legciwane elitholiwe). Ku-VirusEvent, ukusebenza okufanayo kuyatholakala nangokuguquguquka kwemvelo kwe-$CLAM_VIRUSEVENT_FILENAME kanye ne-$CLAM_VIRUSEVENT_VIRUSNAME.
- Ukusebenza okuthuthukisiwe kwemojuli yokuqaqa iskripthi se-AutoIt.
- Ukwesekwa okwengeziwe kokukhipha izithombe kumafayela e-*.xls (Excel OLE2).
- Kungenzeka ukulanda ama-hashi e-Authenticode asekelwe ku-algorithm ye-SHA256 ngendlela yamafayela *.cat (asetshenziselwa ukuqinisekisa amafayela asebenzisekayo e-Windows asayiniwe ngedijithali).
Source: opennet.ru