Cisco released the new version of the antivirus ClamAV 0.101.0

Darkcrizt

4 minutes

Clam AV logo

ClamAV is an open source antivirus for Windows, GNU / Linux, BSD, Solaris, Mac OS X and other Unix-like operating systems.

ClamAV provides a series of antivirus tools specifically designed for email scanning. The ClamAV architecture is scalable and flexible thanks to a multi-threaded process.

It has a powerful monitor integrated with the command line and tools to update the databases automatically. The project code is distributed under the GPLv2 license.

New version of ClamAV

Recientemente Cisco introduced a new significant version of the ClamAV package reaching its version 0.101.0 with which it adds new improvements and bug fixes around its previous version.

It is important to remember that the ClamAV project passed into the hands of Cisco in 2013 after the purchase of the Sourcefire company, which develops ClamAV and Snort.

Main new features of ClamAv 0.101.0

In this new release of the antivirus, support was added to extract data from files created in RAR 5Instead of the previously used unrar unpacker, the UnRAR 5.6.5 library distributed by RarLabs is now used.

On the other hand, the options and directives of the clamscan utility and the clamd.conf configuration file have been restructured.

As a result, options related to displaying analytics-based warnings are now provided with the prefixes "Alert *" and "- alert- *".

The algorithmic detection setting has been renamed to HeuristicAlerts, so support for the above options is still preserved, but may be removed in a future release.

In clamd.conf and command line interface option OnAccessExtraScanning temporarily disabled Due to still having a problem with stability and resource drain fixed.

New AlertEncryptedArchive and AlertEncryptedDoc options have also been added to display a warning about detecting encrypted files or documents.

ClamAV

Logical signatures support byte sequence comparison, allowing, by analogy to a similar opportunity in Snort, to extract and compare a certain number of bytes based on the specified size and offset.

The libmspack library has been updated to version 0.7.1 alpha (version 0.5 alpha was previously used) and was expanded with tools to analyze corrupted or non-standard CAB files.

Improved supports

In the builds of the antivirus for Windows, a new installer has been proposed, built with InnoSetup 5.

Authenticode signatures added support for specific properties of Windows system files and ensured its use by analyzing executable files in PE format.

On the other hand, correct signature parsing was implemented on systems with "big endian" byte order.

And the simplified code for managing mirrors in the freshclam utility, reduced the time to ignore mirrors after errors, taking into account the delays in the appearance of new signatures when loaded through content delivery networks.

Whereas in ibfreshclam the previously deprecated AllowSupplementaryGroups option, which has already been excluded from freshclam, was removed.

Changes to the libclamav library API

In the cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback functions, an argument has been added to transfer the file name (used to display more informational errors and warnings, as well as for more meaningful temporary file creation).

The scan options for a set of bit fields are highlighted in a structure with separate flags, making it easy to add new options when the need arises.

The cl_cleanup_crypto () function has been deprecated, which lost its meaning after increasing the requirements for the OpenSSL version (above 1.0.1), as the cleanup procedure is called automatically.

The CL_SCAN_HEURISTIC_ENCRYPTED option is divided into two options CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE and CL_SCAN_HEURISTIC_ENCRYPTED_DOC separate.

How to install ClamAv on Linux?

To install this application, open a terminal on your system and follow the instructions below, according to the distribution you have:

Debian, Ubuntu and derivatives

sudo apt-get install clamav

Arch Linux and derivatives

sudo pacman-S clamav

Fedora and derivatives

sudo dnf install clamav

OpenSUSE

sudo zypper install clamav

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   angelo said
    ago 5 years

    Question: does this antivirus have real-time protection or does it only work for manual scans?

    Reply to angelo