[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: [clamav-users] ClamAV 0.105.0, 0.104.3, 0.103.6 released
From: "Micah Snyder \(micasnyd\) via clamav-users" <clamav-users () lists ! clamav ! net>
Date: 2022-05-04 23:53:19
Message-ID: BYAPR11MB3174FA875FE0420D81134C7CC6C39 () BYAPR11MB3174 ! namprd11 ! prod ! outlook ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
Read this post online, at: \
https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
ClamAV 0.105.0, 0.104.3, 0.103.6 released
The ClamAV 0.105.0 feature release is now stable and available for download on \
ClamAV.net<https://www.clamav.net/downloads> or through Docker \
Hub<https://hub.docker.com/r/clamav/clamav/>.
Today, we're also publishing the 0.104.3 and 0.103.6 security patch versions, \
including several CVE fixes. These fixes have also been included in the 0.105 feature \
release. The source package and installer packages for these versions can be found \
under the "Previous Stable Releases" section of our \
Downloads<https://www.clamav.net/downloads> page.
As a reminder, the 0.105 and 0.104 release files now include the following install \
packages:
* x86_64 and i686 RPM packages are compatible with RPM-based Linux distributions \
running glibc version 2.17 or newer.
* x86_64 and i686 DEB packages are compatible with Debian-based Linux \
distributions running glibc version 2.23 or newer.
* An x86_64/ARM64 macOS installer package is compatible with Intel and Apple M1 \
systems.
* x64 and win32 Windows packages are compatible with Windows 7 and newer.
Keep reading to find out what is in each version.
0.105.0
ClamAV 0.105.0 includes the following improvements and changes.
New Requirements
* Starting with ClamAV v0.105, the Rust toolchain is required to compile ClamAV.
You can install the Rust toolchain for your development environment by following the \
instructions on the rustup<https://rustup.rs/> website. Some binary package \
distributions do provide relatively up-to-date packages of the Rust toolchain, but \
many do not. Using rustup ensures that you have the most up-to-date Rust compiler at \
the time of installation. Keep your toolchain updated for new features and \
bug/security fixes by periodically executing:
rustup update
* Building ClamAV requires, at a minimum, Rust compiler version 1.56, as it \
relies on features introduced in the Rust 2021 Edition.
ClamAV's third-party Rust library dependencies are vendored into the release tarball \
(clamav-<version>.tar.gz) file that we publish on \
clamav.net/downloads<https://www.clamav.net/downloads>. But, if you build from a Git \
clone or from an unofficial tarball taken from GitHub.com, you will need the internet \
to download the Rust libraries during the build.
Major changes
* Increased the default limits for file and scan size:
* MaxScanSize: 100M to 400M
* MaxFileSize: 25M to 100M
* StreamMaxLength: 25M to 100M
* PCREMaxFileSize: 25M to 100M
* MaxEmbeddedPE: 10M to 40M
* MaxHTMLNormalize: 10M to 40M
* MaxScriptNormalize: 5M to 20M
* MaxHTMLNoTags: 2M to 8M
* Added image fuzzy hash subsignatures for logical signatures.
Image fuzzy hash subsignatures are a new feature for detecting images known to be \
used in phishing campaigns or otherwise used when distributing malware.
Image fuzzy hash subsignatures follow this format:
fuzzy_img#<hash>
For example:
logo.png;Engine:150-255,Target:0;0;fuzzy_img#af2ad01ed42993c7
logo.png-2;Engine:150-255,Target:0;0&1;49484452;fuzzy_img#af2ad01ed42993c7
This initial implementation does not support matching with a hamming distance, but it \
may be added in the future.
ClamAV's image fuzzy hash is very close to, but not identical to, the fuzzy hash \
generated by the Python imagehash package's phash() function. These are only \
clean-room approximations of the pHash™️ algorithm. ClamAV's image fuzzy hashes \
are not expected to match the fuzzy hashes generated using other tools.
To generate the image fuzzy hash, run this command:
sigtool --fuzzy-img FILE(S)
Or, you may generate it through clamscan like:
clamscan --gen-json --debug /path/to/file
The hash will appear in the JSON above the "SCAN SUMMARY" under the object named \
"ImageFuzzyHash".
* ClamScan and ClamDScan (Windows only):
* Added a process memory scanning feature from ClamWin's ClamScan.
This adds three new options to ClamScan and ClamDScan on Windows:
* --memory
* --kill
* --unload
Special thanks to:
* Gianluigi Tiesi for allowing us to integrate the Windows process memory \
scanning feature from ClamWin into ClamAV.
* Grace Kang for integrating the ClamScan feature, and for extending it to \
work with ClamDScan in addition.
Notable changes
* Updated the LLVM bytecode runtime support so that it can use LLVM versions 8 \
through 12 and removed support for earlier LLVM versions. Using LLVM JIT for the \
bytecode runtime may improve scan performance over the built-in bytecode interpreter \
runtime, which is the default. If you wish to build using LLVM, you must obtain a \
complete build of the LLVM libraries including the development headers and static \
libraries.
There are some known issues in compiling and running the test suite with some LLVM \
installations. We are working to further stabilize LLVM bytecode runtime support, and \
document specific edge cases. Your feedback is welcome.
For details about building ClamAV with the LLVM bytecode runtime, see the install \
reference documentation<https://github.com/Cisco-Talos/clamav/blob/main/INSTALL.md>.
* Added a GenerateMetadataJson option to ClamD. The functionality is equivalent \
to the clamscan --gen-json option. Scan metadata is useful for file analysis and for \
debugging scan behavior. If Debug is enabled, ClamD will print out the JSON after \
each scan. If LeaveTemporaryFiles is enabled, ClamD will drop a metadata.json file in \
the scan-temp directory. You can customize the scan-temp directory path using the \
TemporaryDirectory option.
* The libclamunrar.so library's SO version now matches that of libclamav.so. The \
upstream UnRAR library does not have an SO version that we should match. This change \
is to prevent a possible collision when multiple ClamAV versions are installed.
* CMake: Added support for using an external TomsFastMath library (libtfm).
To use an external TomsFastMath library, configure the build with the new option -D \
ENABLE_EXTERNAL_TOMSFASTMATH=ON. The following CMake variables may also be set as \
needed:
* -D TomsFastMath_INCLUDE_DIR=<path> - The directory containing tfm.h.
* -D TomsFastMath_LIBRARY=<path> - The path to the TomsFastMath library.
Also updated the vendored TomsFastMath code to version 0.13.1.
Other improvements
* Freshclam:
* Improve ReceiveTimeout behavior so that will abort a download attempt if the \
download is not making significant progress. Previously this limit was an absolute \
time limit for the download and could abort prematurely for those on a slower \
connection. Special thanks to Simon Arlott for this improvement.
* Rewrote the ClamAV database archive incremental-update feature (CDIFF) from \
scratch in Rust. The new implementation was our first module to be rewritten in Rust. \
It is significantly faster at applying updates that remove large numbers of \
signatures from a database, such as when migrating signatures from daily.cvd to \
main.cvd.
* Freshclam & ClamD:
* Increased the maximum line-length for freshclam.conf and clamd.conf from \
512-characters to 1024-characters. This change was by request to accommodate very \
long DatabaseMirror options when using access tokens in the URI.
* Removed the Heuristics.PNG.CVE-2010-1205 detection. This alert had been placed \
behind the --alert-broken-media (SCAN_HEURISTIC_BROKEN_MEDIA) option in 0.103.3 and \
0.104 because of excessive alerts on slightly malformed but non- malicious files. Now \
it is completely removed.
* Added support for building ClamDTop using ncursesw if ncurses can not be found. \
Patch courtesy of Carlos Velasco.
Bug fixes
The CVE's fixes below are also addressed in versions 0.104.3 and 0.103.6.
* CVE-2022-20803<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20803>: \
Fixed a possible double-free vulnerability in the OLE2 file parser. Issue affects \
versions 0.104.0 through 0.104.2. Issue identified by OSS-Fuzz.
* CVE-2022-20770<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20770>: \
Fixed a possible infinite loop vulnerability in the CHM file parser. Issue affects \
versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank \
you to Michał Dardas for reporting this issue.
* CVE-2022-20796<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20796>: \
Fixed a possible NULL-pointer dereference crash in the scan verdict cache check. \
Issue affects versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2. Thank you to Alexander \
Patrakov and Antoine Gatineau for reporting this issue.
* CVE-2022-20771<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20771>: \
Fixed a possible infinite loop vulnerability in the TIFF file parser. Issue affects \
versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. The \
issue only occurs if the "--alert-broken-media" ClamScan option is enabled. For \
ClamD, the affected option is "AlertBrokenMedia yes", and for libclamav it is the \
"CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. Thank you to Michał Dardas for \
reporting this issue.
* CVE-2022-20785<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20785>: \
Fixed a possible memory leak in the HTML file parser / Javascript normalizer. Issue \
affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. \
Thank you to Michał Dardas for reporting this issue.
* CVE-2022-20792<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20792>: \
Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature \
database load module. The fix was to update the vendored regex library to the latest \
version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and \
prior versions. Thank you to Michał Dardas for reporting this issue.
* ClamOnAcc: Fixed a number of assorted stability issues and added niceties for \
debugging ClamOnAcc. Patches courtesy of Frank Fegert.
* Fixed an issue causing byte-compare subsignatures to cause an alert when they \
match even if other conditions of the given logical signatures were not met.
* Fixed an issue causing XLM macro false positives when scanning XLS documents \
containing images if the --alert-macros (AlertOLE2Macros) option was enabled.
* Fixed an issue causing signature alerts for images in XLS files to be lost.
* Fixed an issue preventing multiple matches when scanning in all-match mode.
* Docker:
* Fixed an issue exposing the health check port. Patch courtesy of Sammy Chu.
* Fixed an issue with health check failure false positives during container \
startup. Patch courtesy of Olliver Schinagl.
* Set the default time zone to Etc/UTC. The --env parameter can be used to \
customize the time zone by setting TZ environment variable. Patch courtesy of Olliver \
Schinagl.
* Fixed an issue where ClamD would listen only for IPv4 connections in \
environments where IPv6 is preferred. ClamD will now listen to all addresses \
available (IPv4 and IPv6). This is the default behavior of ClamD. Patch courtesy of \
Andre Breiler.
* Enable support for ncursesw, the wide-character / unicode version of ncurses.
* Added support for detecting the curses library dependency even when the \
associated pkg-config file is not present. This resolves a build issue on some BSD \
distributions. Patch courtesy of Stuart Henderson.
* Windows: Fix utf8 filepath issues affecting both scanning and log messages.
* Assorted bug fixes and improvements.
Acknowledgments
Special thanks to the following people for code contributions and bug reports:
* Ahmon Dancy
* Alexander Patrakov
* Alexander Sulfrian
* Andre Breiler
* Antoine Gatineau
* Carlos Velasco
* Bernd Kuhls
* David Korczynski
* Fabrice Fontaine
* Frank Fegert
* Gianluigi Tiesi
* Giovanni Bechis
* Grace Kang
* John Humlick
* Jordan Ernst
* JunWei Song
* Michał Dardas
* mko-x
* Olliver Schinagl
* Răzvan Cojocaru
* Sammy Chu
* Sergey Valentey
* Simon Arlott
* Stuart Henderson
* Yann E. Morin
0.104.3
ClamAV 0.104.3 is a critical patch release with the following fixes:
* CVE-2022-20803<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20803>: \
Fixed a possible double-free vulnerability in the OLE2 file parser. Issue affects \
versions 0.104.0 through 0.104.2. Issue identified by OSS-Fuzz.
* CVE-2022-20770<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20770>: \
Fixed a possible infinite loop vulnerability in the CHM file parser. Issue affects \
versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank \
you to Michał Dardas for reporting this issue.
* CVE-2022-20796<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20796>: \
Fixed a possible NULL-pointer dereference crash in the scan verdict cache check. \
Issue affects versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2. Thank you to Alexander \
Patrakov and Antoine Gatineau for reporting this issue.
* CVE-2022-20771<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20771>: \
Fixed a possible infinite loop vulnerability in the TIFF file parser. Issue affects \
versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. The \
issue only occurs if the "--alert-broken-media" ClamScan option is enabled. For \
ClamD, the affected option is "AlertBrokenMedia yes", and for libclamav it is the \
"CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. Thank you to Michał Dardas for \
reporting this issue.
* CVE-2022-20785<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20785>: \
Fixed a possible memory leak in the HTML file parser / Javascript normalizer. Issue \
affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. \
Thank you to Michał Dardas for reporting this issue.
* CVE-2022-20792<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20792>: \
Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature \
database load module. The fix was to update the vendored regex library to the latest \
version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and \
prior versions. Thank you to Michał Dardas for reporting this issue.
* ClamOnAcc: Fixed a number of assorted stability issues and added niceties for \
debugging ClamOnAcc. Patches courtesy of Frank Fegert.
* Enable support for ncursesw, the wide-character/Unicode version of ncurses.
* Added support for detecting the curses library dependency even when the \
associated pkg-config file is not present. This resolves a build issue on some BSD \
distributions. Patch courtesy of Stuart Henderson.
* Docker:
* Fixed an issue exposing the health check port. Patch courtesy of Sammy Chu.
* Fixed an issue with health check failure false positives during container \
startup. Patch courtesy of Olliver Schinagl.
* Set the default time zone to Etc/UTC. The --env parameter can be used to \
customize the time zone by setting TZ environment variable. Patch courtesy of Olliver \
Schinagl.
* Fixed an issue causing XLM macro false positives when scanning XLS documents \
containing images if the --alert-macros (AlertOLE2Macros) option was enabled.
* Fixed an issue causing signature alerts for images in XLS files to be lost.
* Fixed an issue causing byte-compare subsignatures to cause an alert when they \
match even if other conditions of the given logical signatures were not met.
* Assorted bug fixes and improvements.
Special thanks to the following people for code contributions and bug reports:
* Alexander Patrakov
* Antoine Gatineau
* Frank Fegert
* Michał Dardas
* Olliver Schinagl
* Sammy Chu
* Stuart Henderson
0.103.6
ClamAV 0.103.6 is a critical patch release with the following fixes:
* CVE-2022-20770<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20770>: \
Fixed a possible infinite loop vulnerability in the CHM file parser. Issue affects \
versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank \
you to Michał Dardas for reporting this issue.
* CVE-2022-20796<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20796>: \
Fixed a possible NULL-pointer dereference crash in the scan verdict cache check. \
Issue affects versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2. Thank you to Alexander \
Patrakov and Antoine Gatineau for reporting this issue.
* CVE-2022-20771<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20771>: \
Fixed a possible infinite loop vulnerability in the TIFF file parser. Issue affects \
versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. The \
issue only occurs if the "--alert-broken-media" ClamScan option is enabled. For \
ClamD, the affected option is "AlertBrokenMedia yes", and for libclamav it is the \
"CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. Thank you to Michał Dardas for \
reporting this issue.
* CVE-2022-20785<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20785>: \
Fixed a possible memory leak in the HTML file parser / Javascript normalizer. Issue \
affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. \
Thank you to Michał Dardas for reporting this issue.
* CVE-2022-20792<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20792>: \
Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature \
database load module. The fix was to update the vendored regex library to the latest \
version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and \
prior versions. Thank you to Michał Dardas for reporting this issue.
* ClamOnAcc: Fixed a number of assorted stability issues and added niceties for \
debugging ClamOnAcc. Patches courtesy of Frank Fegert.
* Fixed an issue causing byte-compare subsignatures to cause an alert when they \
match even if other conditions of the given logical signatures were not met.
* Fix memleak when using multiple byte-compare subsignatures. This fix was \
backported from 0.104.0. Thank you to Andrea De Pasquale for contributing the fix.
* Assorted bug fixes and improvements.
Special thanks to the following people for code contributions and bug reports:
* Alexander Patrakov
* Andrea De Pasquale
* Antoine Gatineau
* Frank Fegert
* Michał Dardas
Posted by Micah Snyder<https://www.blogger.com/profile/07798916006145826441> at 8:38 \
AM<https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html>[https://img \
1.blogblog.com/img/icon18_email.gif]<https://www.blogger.com/email-post.g?blogID=23666 \
89974368239573&postID=7375039653997449903>[https://img2.blogblog.com/img/icon18_edit_a \
llbkg.gif]<https://www.blogger.com/post-edit.g?blogID=2366689974368239573&postID=7375039653997449903&from=pencil>
Labels: 0.103.6<https://blog.clamav.net/search/label/0.103.6>, \
0.104.3<https://blog.clamav.net/search/label/0.104.3>, \
0.105.0<https://blog.clamav.net/search/label/0.105.0>, \
clamav<https://blog.clamav.net/search/label/clamav>, \
patch<https://blog.clamav.net/search/label/patch>, patch \
release<https://blog.clamav.net/search/label/patch%20release>, \
release<https://blog.clamav.net/search/label/release>
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} \
</style> </head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; \
color: rgb(0, 0, 0);" class="elementToProof"> <div class="post-body entry-content">
<p style="text-align:left"><span style="font-size: 11pt;">Read this post online, at:
</span><span style="font-size:small"><a \
href="https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html" \
id="LPNoLPOWALinkPreview"><span style="font-size: \
11pt;">https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html</span></a><br>
</span></p>
<div class="_Entity _EType_OWALinkPreview _EId_OWALinkPreview _EReadonly_1"></div>
<br>
<p style="text-align:left"><span style="font-size: 12pt;"></span></p>
</div>
<h3 class="post-title entry-title"><br>
<span class="shadow">ClamAV 0.105.0, 0.104.3, 0.103.6 released </span></h3>
<div class="post-body entry-content">
<p><span style="font-size:small">The ClamAV 0.105.0 feature release is now stable and \
available for <a href="https://www.clamav.net/downloads" rel="nofollow" \
target="_blank">download on ClamAV.net</a> or through <a \
href="https://hub.docker.com/r/clamav/clamav/" rel="nofollow" target="_blank"> Docker \
Hub</a>. <br> </span></p>
<p><span style="font-size:small">Today, we're also publishing the 0.104.3 and 0.103.6 \
security patch versions, including several CVE fixes. These fixes have also been \
included in the 0.105 feature release. The source package and installer packages for \
these versions can be found under the "Previous Stable Releases" section \
of our <a href="https://www.clamav.net/downloads" rel="nofollow" target="_blank"> \
Downloads</a> page. <br> </span></p>
<p><span style="font-size:small">As a reminder, the 0.105 and 0.104 release files now \
include the following install packages:</span></p> <ul \
style="margin-bottom:0.7em;margin-top:0px"> <li class="code-line" data-line="7">
<p><span style="font-size:small">x86_64 and i686 RPM packages are compatible with \
RPM-based Linux distributions running glibc version 2.17 or newer.</span></p> \
</li><li class="code-line" data-line="8"> <p><span style="font-size:small">x86_64 and \
i686 DEB packages are compatible with Debian-based Linux distributions running glibc \
version 2.23 or newer.</span></p> </li><li class="code-line" data-line="9">
<p><span style="font-size:small">An x86_64/ARM64 macOS installer package is \
compatible with Intel and Apple M1 systems.</span></p> </li><li class="code-line" \
data-line="10"> <p><span style="font-size:small">x64 and win32 Windows packages are \
compatible with Windows 7 and newer. </span></p>
</li></ul>
<p><span style="font-size:small">Keep reading to find out what is in each \
version.</span> </p> <p><span style="font-size:small"><span></span></span></p>
<a></a>
<p></p>
<h3 data-sourcepos="6:1-6:10"><br>
</h3>
<h3 data-sourcepos="6:1-6:10"><span style="font-size: 18pt;">0.105.0</span></h3>
<p data-sourcepos="8:1-8:63" dir="auto">ClamAV 0.105.0 includes the following \
improvements and changes.</p> <h2 data-sourcepos="10:1-10:20"><span style="font-size: \
14pt;">New Requirements</span></h2> <ul data-sourcepos="12:1-33:0" dir="auto">
<li data-sourcepos="12:1-33:0">
<p data-sourcepos="12:3-12:80">Starting with ClamAV v0.105, the Rust toolchain is \
required to compile ClamAV.</p> <p data-sourcepos="14:3-19:76">You can install the \
Rust toolchain for your development environment by following the instructions on the \
<a href="https://rustup.rs/" rel="nofollow noreferrer noopener" \
target="_blank"><code>rustup</code></a> website. Some binary package distributions do \
provide relatively up-to-date packages of the Rust toolchain, but many do not. Using \
<code>rustup</code> ensures that you have the most up-to-date Rust compiler at the \
time of installation. Keep your toolchain updated for new features and bug/security \
fixes by periodically executing:</p> <div class="gl-relative markdown-code-block \
js-markdown-code"> <pre class="code highlight js-syntax-highlight language-shell \
solarized-dark" data-sourcepos="20:3-22:5" lang="shell"><code><span class="line" \
lang="shell">rustup update</span></code></pre> </div>
</li></ul>
<ul data-sourcepos="12:1-33:0" dir="auto">
<li data-sourcepos="12:1-33:0">
<p data-sourcepos="24:3-25:57">Building ClamAV requires, at a minimum, Rust compiler \
version 1.56, as it relies on features introduced in the Rust 2021 Edition.</p> <p \
data-sourcepos="27:3-32:12">ClamAV's third-party Rust library dependencies are \
vendored into the release tarball (<code>clamav-<version>.tar.gz</code>) file \
that we publish on <a href="https://www.clamav.net/downloads" rel="nofollow \
noreferrer noopener" target="_blank"> clamav.net/downloads</a>. But, if you build \
from a Git clone or from an unofficial tarball taken from GitHub.com, you will need \
the internet to download the Rust libraries during the build.</p> </li></ul>
<h2 data-sourcepos="34:1-34:17"><span style="font-size: 14pt;">Major \
changes</span></h2> <ul data-sourcepos="36:1-94:0" dir="auto">
<li data-sourcepos="36:1-45:0">
<p data-sourcepos="36:3-36:59">Increased the default limits for file and scan \
size:</p> <ul data-sourcepos="37:3-45:0">
<li data-sourcepos="37:3-37:36">MaxScanSize: 100M to 400M</li><li \
data-sourcepos="38:3-38:36">MaxFileSize: 25M to 100M</li><li \
data-sourcepos="39:3-39:36">StreamMaxLength: 25M to 100M</li><li \
data-sourcepos="40:3-40:36">PCREMaxFileSize: 25M to 100M</li><li \
data-sourcepos="41:3-41:35">MaxEmbeddedPE: 10M to 40M</li><li \
data-sourcepos="42:3-42:35">MaxHTMLNormalize: 10M to 40M</li><li \
data-sourcepos="43:3-43:35">MaxScriptNormalize: 5M to 20M</li><li \
data-sourcepos="44:3-45:0">MaxHTMLNoTags: 2M to 8M</li></ul> </li><li \
data-sourcepos="46:1-80:0"> <p data-sourcepos="46:3-46:62">Added image fuzzy hash \
subsignatures for logical signatures.</p> <p data-sourcepos="48:3-49:76">Image fuzzy \
hash subsignatures are a new feature for detecting images known to be used in \
phishing campaigns or otherwise used when distributing malware.</p> <p \
data-sourcepos="51:3-51:52">Image fuzzy hash subsignatures follow this format:</p> \
<div class="gl-relative markdown-code-block js-markdown-code"> <pre class="code \
highlight js-syntax-highlight language-plaintext solarized-dark" \
data-sourcepos="52:3-54:5" lang="plaintext"><code><span class="line" \
lang="plaintext">fuzzy_img#<hash></span></code></pre> For example:<code><span \
class="line" lang="plaintext"> </span></code></div> <div class="gl-relative \
markdown-code-block js-markdown-code"><code><span class="line" \
lang="plaintext"> </span></code></div> <div class="gl-relative \
markdown-code-block js-markdown-code"><code><span class="line" \
lang="plaintext">logo.png;Engine:150-255,Target:0;0;fuzzy_img#af2ad01ed42993c7</span></code><code><span \
class="line" lang="plaintext"> </span></code></div> <div class="gl-relative \
markdown-code-block js-markdown-code"><code><span class="line" \
lang="plaintext">logo.png-2;Engine:150-255,Target:0;0&1;49484452;fuzzy_img#af2ad01ed42993c7</span></code> </div>
<div class="gl-relative markdown-code-block js-markdown-code"> </div>
<div class="gl-relative markdown-code-block js-markdown-code">This initial \
implementation does not support matching with a hamming distance, but it may be added \
in the future.</div> <div class="gl-relative markdown-code-block \
js-markdown-code"> </div> <div class="gl-relative markdown-code-block \
js-markdown-code">ClamAV's image fuzzy hash is very close to, but not identical to, \
the fuzzy hash generated by the Python <code>imagehash</code> package's \
<code>phash()</code> function. These are only clean-room approximations of the \
pHash™️ algorithm. ClamAV's image fuzzy hashes are not expected to match the \
fuzzy hashes generated using other tools. </div> <div class="gl-relative \
markdown-code-block js-markdown-code"> </div> <div class="gl-relative \
markdown-code-block js-markdown-code">To generate the image fuzzy hash, run this \
command:<code><span class="line" lang="plaintext"> </span></code></div> <div \
class="gl-relative markdown-code-block js-markdown-code"><code><span class="line" \
lang="plaintext"> </span></code></div> <div class="gl-relative \
markdown-code-block js-markdown-code"><code><span class="line" \
lang="plaintext">sigtool --fuzzy-img FILE(S)</span></code> </div> <div \
class="gl-relative markdown-code-block js-markdown-code"> </div> <div \
class="gl-relative markdown-code-block js-markdown-code">Or, you may generate it \
through <code>clamscan</code> like:<code><span class="line" \
lang="plaintext"> </span></code></div> <div class="gl-relative \
markdown-code-block js-markdown-code"><code><span class="line" \
lang="plaintext"> </span></code></div> <div class="gl-relative \
markdown-code-block js-markdown-code"><code><span class="line" \
lang="plaintext">clamscan --gen-json --debug /path/to/file</span></code> </div> \
<div class="gl-relative markdown-code-block js-markdown-code"> </div> <div \
class="gl-relative markdown-code-block js-markdown-code">The hash will appear in the \
JSON above the "SCAN SUMMARY" under the object named \
"ImageFuzzyHash".</div> </li></ul>
<ul data-sourcepos="36:1-94:0" dir="auto">
<li data-sourcepos="81:1-94:0">
<p data-sourcepos="81:3-81:38">ClamScan and ClamDScan (Windows only):</p>
<ul data-sourcepos="82:3-94:0">
<li data-sourcepos="82:3-94:0">
<p data-sourcepos="82:5-82:68">Added a process memory scanning feature from ClamWin's \
ClamScan.</p> <p data-sourcepos="84:5-84:69">This adds three new options to ClamScan \
and ClamDScan on Windows:</p> <ul data-sourcepos="85:5-88:0">
<li data-sourcepos="85:5-85:16"><code>--memory</code></li><li \
data-sourcepos="86:5-86:14"><code>--kill</code></li><li \
data-sourcepos="87:5-88:0"><code>--unload</code></li></ul> <p \
data-sourcepos="89:5-89:22">Special thanks to:</p> <ul data-sourcepos="90:5-94:0">
<li data-sourcepos="90:5-91:52">Gianluigi Tiesi for allowing us to integrate the \
Windows process memory scanning feature from ClamWin into ClamAV.</li><li \
data-sourcepos="92:5-94:0">Grace Kang for integrating the ClamScan feature, and for \
extending it to work with ClamDScan in addition.</li></ul> </li></ul>
</li></ul>
<h2 data-sourcepos="95:1-95:19"><span style="font-size: 14pt;">Notable \
changes</span></h2> <ul data-sourcepos="97:1-133:0" dir="auto">
<li data-sourcepos="97:1-110:0">
<p data-sourcepos="97:3-102:74">Updated the LLVM bytecode runtime support so that it \
can use LLVM versions 8 through 12 and removed support for earlier LLVM versions. \
Using LLVM JIT for the bytecode runtime may improve scan performance over the \
built-in bytecode interpreter runtime, which is the default. If you wish to build \
using LLVM, you must obtain a complete build of the LLVM libraries including the \
development headers and static libraries.</p> <p data-sourcepos="104:3-106:78">There \
are some known issues in compiling and running the test suite with some LLVM \
installations. We are working to further stabilize LLVM bytecode runtime support, and \
document specific edge cases. Your feedback is welcome.</p> <p \
data-sourcepos="108:3-109:65">For details about building ClamAV with the LLVM \
bytecode runtime, see the <a \
href="https://github.com/Cisco-Talos/clamav/blob/main/INSTALL.md">install reference \
documentation</a>.</p> </li><li data-sourcepos="111:1-118:0">
<p data-sourcepos="111:3-117:40">Added a <code>GenerateMetadataJson</code> option to \
ClamD. The functionality is equivalent to the <code>clamscan --gen-json</code> \
option. Scan metadata is useful for file analysis and for debugging scan behavior. If \
<code>Debug</code> is enabled, ClamD will print out the JSON after each scan. If \
<code> LeaveTemporaryFiles</code> is enabled, ClamD will drop a \
<code>metadata.json</code> file in the scan-temp directory. You can customize the \
scan-temp directory path using the <code>TemporaryDirectory</code> option.</p>
</li><li data-sourcepos="119:1-123:0">
<p data-sourcepos="119:3-122:16">The <code>libclamunrar.so</code> library's SO \
version now matches that of <code>libclamav.so</code>. The upstream UnRAR library \
does not have an SO version that we should match. This change is to prevent a \
possible collision when multiple ClamAV versions are installed.</p> </li><li \
data-sourcepos="124:1-133:0"> <p data-sourcepos="124:3-124:75">CMake: Added support \
for using an external TomsFastMath library (libtfm).</p> <p \
data-sourcepos="126:3-128:24">To use an external TomsFastMath library, configure the \
build with the new option <code>-D ENABLE_EXTERNAL_TOMSFASTMATH=ON</code>. The \
following CMake variables may also be set as needed:</p> <ul \
data-sourcepos="129:3-131:0"> <li data-sourcepos="129:3-129:76"><code>-D \
TomsFastMath_INCLUDE_DIR=<path></code> - The directory containing \
<code>tfm.h</code>.</li><li data-sourcepos="130:3-131:0"><code>-D \
TomsFastMath_LIBRARY=<path></code> - The path to the TomsFastMath \
library.</li></ul> <p data-sourcepos="132:3-132:64">Also updated the vendored \
TomsFastMath code to version 0.13.1.</p> </li></ul>
<h2 data-sourcepos="134:1-134:22"><span style="font-size: 14pt;">Other \
improvements</span></h2> <ul data-sourcepos="136:1-161:0" dir="auto">
<li data-sourcepos="136:1-142:0">
<p data-sourcepos="136:3-136:12">Freshclam:</p>
<ul data-sourcepos="137:3-142:0">
<li data-sourcepos="137:3-142:0">Improve <code>ReceiveTimeout</code> behavior so that \
will abort a download attempt if the download is not making significant progress. \
Previously this limit was an absolute time limit for the download and could abort \
prematurely for those on a slower connection. Special thanks to Simon Arlott for \
this improvement.</li></ul> </li><li data-sourcepos="143:1-148:0">
<p data-sourcepos="143:3-147:28">Rewrote the ClamAV database archive \
incremental-update feature (CDIFF) from scratch in Rust. The new implementation was \
our first module to be rewritten in Rust. It is significantly faster at applying \
updates that remove large numbers of signatures from a database, such as when \
migrating signatures from <code> daily.cvd</code> to <code>main.cvd</code>.</p>
</li><li data-sourcepos="149:1-153:0">
<p data-sourcepos="149:3-149:20">Freshclam & ClamD:</p>
<ul data-sourcepos="150:3-153:0">
<li data-sourcepos="150:3-153:0">Increased the maximum line-length for \
<code>freshclam.conf</code> and <code>clamd.conf</code> from 512-characters to \
1024-characters. This change was by request to accommodate very long \
<code>DatabaseMirror</code> options when using access tokens in the URI.</li></ul> \
</li><li data-sourcepos="154:1-158:0"> <p data-sourcepos="154:3-157:48">Removed the \
Heuristics.PNG.CVE-2010-1205 detection. This alert had been placed behind the \
<code>--alert-broken-media</code> (<code>SCAN_HEURISTIC_BROKEN_MEDIA</code>) option \
in 0.103.3 and 0.104 because of excessive alerts on slightly malformed but non- \
malicious files. Now it is completely removed.</p> </li><li \
data-sourcepos="159:1-161:0"> <p data-sourcepos="159:3-160:42">Added support for \
building ClamDTop using ncursesw if ncurses can not be found. Patch courtesy of \
Carlos Velasco.</p> </li></ul>
<h2 data-sourcepos="162:1-162:13"><span style="font-size: 14pt;">Bug \
fixes</span></h2> <p data-sourcepos="164:1-164:73" dir="auto">The CVE's fixes below \
are also addressed in versions 0.104.3 and 0.103.6.</p> <ul \
data-sourcepos="166:1-239:0" dir="auto"> <li data-sourcepos="166:1-170:0">
<p data-sourcepos="166:3-169:31"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20803" rel="nofollow" \
target="_blank">CVE-2022-20803</a>: Fixed a possible double-free vulnerability in the \
OLE2 file parser. Issue affects versions 0.104.0 through 0.104.2. Issue identified \
by OSS-Fuzz.</p> </li><li data-sourcepos="171:1-176:0">
<p data-sourcepos="171:3-175:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20770" rel="nofollow" \
target="_blank">CVE-2022-20770</a>: Fixed a possible infinite loop vulnerability in \
the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version \
0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.</p> \
</li><li data-sourcepos="177:1-181:0"> <p data-sourcepos="177:3-180:80"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20796" rel="nofollow" \
target="_blank">CVE-2022-20796</a>: Fixed a possible NULL-pointer dereference crash \
in the scan verdict cache check. Issue affects versions 0.103.4, 0.103.5, 0.104.1, \
and 0.104.2. Thank you to Alexander Patrakov and Antoine Gatineau for reporting this \
issue.</p> </li><li data-sourcepos="182:1-190:0">
<p data-sourcepos="182:3-189:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20771" rel="nofollow" \
target="_blank">CVE-2022-20771</a>: Fixed a possible infinite loop vulnerability in \
the TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version \
0.103.5 and prior versions. The issue only occurs if the \
"--alert-broken-media" ClamScan option is enabled. For ClamD, the affected \
option is "AlertBrokenMedia yes", and for libclamav it is the \
"CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. Thank you to Michał Dardas \
for reporting this issue.</p> </li><li data-sourcepos="191:1-196:0">
<p data-sourcepos="191:3-195:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20785" rel="nofollow" \
target="_blank">CVE-2022-20785</a>: Fixed a possible memory leak in the HTML file \
parser / Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2 and \
LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting \
this issue.</p> </li><li data-sourcepos="197:1-203:0">
<p data-sourcepos="197:3-202:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20792" rel="nofollow" \
target="_blank">CVE-2022-20792</a>: Fixed a possible multi-byte heap buffer overflow \
write vulnerability in the signature database load module. The fix was to update the \
vendored regex library to the latest version. Issue affects versions 0.104.0 through \
0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for \
reporting this issue.</p> </li><li data-sourcepos="204:1-206:0">
<p data-sourcepos="204:3-205:56">ClamOnAcc: Fixed a number of assorted stability \
issues and added niceties for debugging ClamOnAcc. Patches courtesy of Frank \
Fegert.</p> </li><li data-sourcepos="207:1-209:0">
<p data-sourcepos="207:3-208:78">Fixed an issue causing byte-compare subsignatures to \
cause an alert when they match even if other conditions of the given logical \
signatures were not met.</p> </li><li data-sourcepos="210:1-213:0">
<p data-sourcepos="210:3-212:10">Fixed an issue causing XLM macro false positives \
when scanning XLS documents containing images if the <code>--alert-macros</code> \
(<code>AlertOLE2Macros</code>) option was enabled.</p> </li><li \
data-sourcepos="214:1-215:0"> <p data-sourcepos="214:3-214:77">Fixed an issue causing \
signature alerts for images in XLS files to be lost.</p> </li><li \
data-sourcepos="216:1-217:0"> <p data-sourcepos="216:3-216:77">Fixed an issue \
preventing multiple matches when scanning in all-match mode.</p> </li><li \
data-sourcepos="218:1-229:0"> <p data-sourcepos="218:3-218:9">Docker:</p>
<ul data-sourcepos="219:3-229:0">
<li data-sourcepos="219:3-219:79">Fixed an issue exposing the health check port. \
Patch courtesy of Sammy Chu.</li><li data-sourcepos="220:3-221:48">Fixed an issue \
with health check failure false positives during container startup. Patch courtesy of \
Olliver Schinagl.</li><li data-sourcepos="222:3-224:39">Set the default time zone to \
<code>Etc/UTC</code>. The <code>--env</code> parameter can be used to customize the \
time zone by setting <code> TZ</code> environment variable. Patch courtesy of Olliver \
Schinagl.</li><li data-sourcepos="225:3-229:0">Fixed an issue where ClamD would \
listen only for IPv4 connections in environments where IPv6 is preferred. ClamD will \
now listen to all addresses available (IPv4 and IPv6). This is the default behavior \
of ClamD. Patch courtesy of Andre Breiler.</li></ul>
</li><li data-sourcepos="230:1-231:0">
<p data-sourcepos="230:3-230:79">Enable support for ncursesw, the wide-character / \
unicode version of ncurses.</p> </li><li data-sourcepos="232:1-235:0">
<p data-sourcepos="232:3-234:56">Added support for detecting the curses library \
dependency even when the associated pkg-config file is not present. This resolves a \
build issue on some BSD distributions. Patch courtesy of Stuart Henderson.</p> \
</li><li data-sourcepos="236:1-237:0"> <p data-sourcepos="236:3-236:77">Windows: Fix \
utf8 filepath issues affecting both scanning and log messages.</p> </li><li \
data-sourcepos="238:1-239:0"> <p data-sourcepos="238:3-238:38">Assorted bug fixes and \
improvements.</p> </li></ul>
<h2 data-sourcepos="240:1-240:20"><span style="font-size: \
14pt;">Acknowledgments</span></h2> <p data-sourcepos="242:1-242:78" \
dir="auto">Special thanks to the following people for code contributions and bug \
reports:</p> <ul data-sourcepos="243:1-268:0" dir="auto">
<li data-sourcepos="243:1-243:13">Ahmon Dancy</li><li \
data-sourcepos="244:1-244:20">Alexander Patrakov</li><li \
data-sourcepos="245:1-245:20">Alexander Sulfrian</li><li \
data-sourcepos="246:1-246:15">Andre Breiler</li><li \
data-sourcepos="247:1-247:18">Antoine Gatineau</li><li \
data-sourcepos="248:1-248:16">Carlos Velasco</li><li \
data-sourcepos="249:1-249:13">Bernd Kuhls</li><li data-sourcepos="250:1-250:18">David \
Korczynski</li><li data-sourcepos="251:1-251:18">Fabrice Fontaine</li><li \
data-sourcepos="252:1-252:14">Frank Fegert</li><li \
data-sourcepos="253:1-253:17">Gianluigi Tiesi</li><li \
data-sourcepos="254:1-254:17">Giovanni Bechis</li><li \
data-sourcepos="255:1-255:12">Grace Kang</li><li data-sourcepos="256:1-256:14">John \
Humlick</li><li data-sourcepos="257:1-257:14">Jordan Ernst</li><li \
data-sourcepos="258:1-258:13">JunWei Song</li><li \
data-sourcepos="259:1-259:16">Michał Dardas</li><li \
data-sourcepos="260:1-260:7">mko-x</li><li data-sourcepos="261:1-261:18">Olliver \
Schinagl</li><li data-sourcepos="262:1-262:18">Răzvan Cojocaru</li><li \
data-sourcepos="263:1-263:11">Sammy Chu</li><li data-sourcepos="264:1-264:17">Sergey \
Valentey</li><li data-sourcepos="265:1-265:14">Simon Arlott</li><li \
data-sourcepos="266:1-266:18">Stuart Henderson</li><li \
data-sourcepos="267:1-268:0">Yann E. Morin</li></ul> <p><span \
style="font-size:small"><span></span></span></p> <p></p>
<h3 data-sourcepos="6:1-6:10"><span style="font-size: 18pt;">0.104.3</span></h3>
<p data-sourcepos="8:1-8:68" dir="auto">ClamAV 0.104.3 is a critical patch release \
with the following fixes:</p> <ul data-sourcepos="10:1-75:0" dir="auto">
<li data-sourcepos="10:1-14:0">
<p data-sourcepos="10:3-13:31"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20803" rel="nofollow" \
target="_blank">CVE-2022-20803</a>: Fixed a possible double-free vulnerability in the \
OLE2 file parser. Issue affects versions 0.104.0 through 0.104.2. Issue identified \
by OSS-Fuzz.</p> </li><li data-sourcepos="15:1-20:0">
<p data-sourcepos="15:3-19:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20770" rel="nofollow" \
target="_blank">CVE-2022-20770</a>: Fixed a possible infinite loop vulnerability in \
the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version \
0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.</p> \
</li><li data-sourcepos="21:1-25:0"> <p data-sourcepos="21:3-24:80"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20796" rel="nofollow" \
target="_blank">CVE-2022-20796</a>: Fixed a possible NULL-pointer dereference crash \
in the scan verdict cache check. Issue affects versions 0.103.4, 0.103.5, 0.104.1, \
and 0.104.2. Thank you to Alexander Patrakov and Antoine Gatineau for reporting this \
issue.</p> </li><li data-sourcepos="26:1-34:0">
<p data-sourcepos="26:3-33:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20771" rel="nofollow" \
target="_blank">CVE-2022-20771</a>: Fixed a possible infinite loop vulnerability in \
the TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version \
0.103.5 and prior versions. The issue only occurs if the \
"--alert-broken-media" ClamScan option is enabled. For ClamD, the affected \
option is "AlertBrokenMedia yes", and for libclamav it is the \
"CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. Thank you to Michał Dardas \
for reporting this issue.</p> </li><li data-sourcepos="35:1-40:0">
<p data-sourcepos="35:3-39:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20785" rel="nofollow" \
target="_blank">CVE-2022-20785</a>: Fixed a possible memory leak in the HTML file \
parser / Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2 and \
LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting \
this issue.</p> </li><li data-sourcepos="41:1-47:0">
<p data-sourcepos="41:3-46:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20792" rel="nofollow" \
target="_blank">CVE-2022-20792</a>: Fixed a possible multi-byte heap buffer overflow \
write vulnerability in the signature database load module. The fix was to update the \
vendored regex library to the latest version. Issue affects versions 0.104.0 through \
0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for \
reporting this issue.</p> </li><li data-sourcepos="48:1-50:0">
<p data-sourcepos="48:3-49:56">ClamOnAcc: Fixed a number of assorted stability issues \
and added niceties for debugging ClamOnAcc. Patches courtesy of Frank Fegert.</p> \
</li><li data-sourcepos="51:1-52:0"> <p data-sourcepos="51:3-51:79">Enable support \
for ncursesw, the wide-character/Unicode version of ncurses.</p> </li><li \
data-sourcepos="53:1-56:0"> <p data-sourcepos="53:3-55:56">Added support for \
detecting the curses library dependency even when the associated pkg-config file is \
not present. This resolves a build issue on some BSD distributions. Patch courtesy of \
Stuart Henderson.</p> </li><li data-sourcepos="57:1-64:0">
<p data-sourcepos="57:3-57:9">Docker:</p>
<ul data-sourcepos="58:3-64:0">
<li data-sourcepos="58:3-58:79">Fixed an issue exposing the health check port. Patch \
courtesy of Sammy Chu.</li><li data-sourcepos="59:3-60:48">Fixed an issue with health \
check failure false positives during container startup. Patch courtesy of Olliver \
Schinagl.</li><li data-sourcepos="61:3-64:0">Set the default time zone to \
<code>Etc/UTC</code>. The <code>--env</code> parameter can be used to customize the \
time zone by setting <code> TZ</code> environment variable. Patch courtesy of Olliver \
Schinagl.</li></ul> </li><li data-sourcepos="65:1-68:0">
<p data-sourcepos="65:3-67:10">Fixed an issue causing XLM macro false positives when \
scanning XLS documents containing images if the <code>--alert-macros</code> \
(<code>AlertOLE2Macros</code>) option was enabled.</p> </li><li \
data-sourcepos="69:1-70:0"> <p data-sourcepos="69:3-69:77">Fixed an issue causing \
signature alerts for images in XLS files to be lost.</p> </li><li \
data-sourcepos="71:1-73:0"> <p data-sourcepos="71:3-72:78">Fixed an issue causing \
byte-compare subsignatures to cause an alert when they match even if other conditions \
of the given logical signatures were not met.</p> </li><li \
data-sourcepos="74:1-75:0"> <p data-sourcepos="74:3-74:38">Assorted bug fixes and \
improvements.</p> </li></ul>
<p data-sourcepos="76:1-76:78" dir="auto">Special thanks to the following people for \
code contributions and bug reports:</p> <ul data-sourcepos="77:1-84:0" dir="auto">
<li data-sourcepos="77:1-77:20">Alexander Patrakov</li><li \
data-sourcepos="78:1-78:18">Antoine Gatineau</li><li \
data-sourcepos="79:1-79:14">Frank Fegert</li><li data-sourcepos="80:1-80:16">Michał \
Dardas</li><li data-sourcepos="81:1-81:18">Olliver Schinagl</li><li \
data-sourcepos="82:1-82:11">Sammy Chu</li><li data-sourcepos="83:1-84:0">Stuart \
Henderson</li></ul> <p><span style="font-size:small"> <span></span></span></p>
<p></p>
<p><span style="font-size:small"> </span></p>
<h3 data-sourcepos="6:1-6:10"><span style="font-size: 18pt;">0.103.6</span></h3>
<p data-sourcepos="8:1-8:68" dir="auto">ClamAV 0.103.6 is a critical patch release \
with the following fixes:</p> <ul data-sourcepos="10:1-54:0" dir="auto">
<li data-sourcepos="10:1-15:0">
<p data-sourcepos="10:3-14:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20770" rel="nofollow" \
target="_blank">CVE-2022-20770</a>: Fixed a possible infinite loop vulnerability in \
the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version \
0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.</p> \
</li><li data-sourcepos="16:1-20:0"> <p data-sourcepos="16:3-19:80"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20796" rel="nofollow" \
target="_blank">CVE-2022-20796</a>: Fixed a possible NULL-pointer dereference crash \
in the scan verdict cache check. Issue affects versions 0.103.4, 0.103.5, 0.104.1, \
and 0.104.2. Thank you to Alexander Patrakov and Antoine Gatineau for reporting this \
issue.</p> </li><li data-sourcepos="21:1-29:0">
<p data-sourcepos="21:3-28:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20771" rel="nofollow" \
target="_blank">CVE-2022-20771</a>: Fixed a possible infinite loop vulnerability in \
the TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version \
0.103.5 and prior versions. The issue only occurs if the \
"--alert-broken-media" ClamScan option is enabled. For ClamD, the affected \
option is "AlertBrokenMedia yes", and for libclamav it is the \
"CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. Thank you to Michał Dardas \
for reporting this issue.</p> </li><li data-sourcepos="30:1-35:0">
<p data-sourcepos="30:3-34:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20785" rel="nofollow" \
target="_blank">CVE-2022-20785</a>: Fixed a possible memory leak in the HTML file \
parser / Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2 and \
LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting \
this issue.</p> </li><li data-sourcepos="36:1-42:0">
<p data-sourcepos="36:3-41:55"><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20792" rel="nofollow" \
target="_blank">CVE-2022-20792</a>: Fixed a possible multi-byte heap buffer overflow \
write vulnerability in the signature database load module. The fix was to update the \
vendored regex library to the latest version. Issue affects versions 0.104.0 through \
0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for \
reporting this issue.</p> </li><li data-sourcepos="43:1-45:0">
<p data-sourcepos="43:3-44:56">ClamOnAcc: Fixed a number of assorted stability issues \
and added niceties for debugging ClamOnAcc. Patches courtesy of Frank Fegert.</p> \
</li><li data-sourcepos="46:1-48:0"> <p data-sourcepos="46:3-47:78">Fixed an issue \
causing byte-compare subsignatures to cause an alert when they match even if other \
conditions of the given logical signatures were not met.</p> </li><li \
data-sourcepos="49:1-52:0"> <p data-sourcepos="49:3-51:59">Fix memleak when using \
multiple byte-compare subsignatures. This fix was backported from 0.104.0. Thank you \
to Andrea De Pasquale for contributing the fix.</p> </li><li \
data-sourcepos="53:1-54:0"> <p data-sourcepos="53:3-53:38">Assorted bug fixes and \
improvements.</p> </li></ul>
<p data-sourcepos="55:1-55:78" dir="auto">Special thanks to the following people for \
code contributions and bug reports:</p> <ul data-sourcepos="56:1-61:0" dir="auto">
<li data-sourcepos="56:1-56:20">Alexander Patrakov</li><li \
data-sourcepos="57:1-57:20">Andrea De Pasquale</li><li \
data-sourcepos="58:1-58:18">Antoine Gatineau</li><li \
data-sourcepos="59:1-59:14">Frank Fegert</li><li data-sourcepos="60:1-61:0">Michał \
Dardas</li></ul> <p><span style="font-size:small"> </span></p>
<p></p>
<div style="clear:both"></div>
</div>
<div class="post-footer">
<div class="post-footer-line post-footer-line-1"><span class="post-author \
vcard">Posted by <span class="fn"><a class="g-profile" \
href="https://www.blogger.com/profile/07798916006145826441" rel="author" \
title="author profile" data-gapiscan="true" data-onload="true" \
data-gapiattached="true"><span>Micah Snyder</span></a></span></span><span \
class="post-timestamp"> at <a class="timestamp-link" \
href="https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html" \
rel="bookmark" title="permanent link"> <abbr class="published" \
title="2022-05-04T08:38:00-04:00">8:38 AM</abbr></a></span><span \
class="post-comment-link"></span><span class="post-icons"><span \
class="item-action"><a \
href="https://www.blogger.com/email-post.g?blogID=2366689974368239573&postID=7375039653997449903" \
title="Email Post"><img alt="" class="icon-action" width="18" height="13" \
src="https://img1.blogblog.com/img/icon18_email.gif"></a></span><span \
class="item-control blog-admin pid-1576609568"><a \
href="https://www.blogger.com/post-edit.g?blogID=2366689974368239573&postID=7375039653997449903&from=pencil" \
title="Edit Post"><img alt="" class="icon-action" width="18" height="18" \
src="https://img2.blogblog.com/img/icon18_edit_allbkg.gif"></a><br> \
</span></span></div> <span class="post-labels">Labels: <a \
href="https://blog.clamav.net/search/label/0.103.6" rel="tag"> 0.103.6</a>, <a \
href="https://blog.clamav.net/search/label/0.104.3" rel="tag">0.104.3</a>, <a \
href="https://blog.clamav.net/search/label/0.105.0" rel="tag">0.105.0</a>, <a \
href="https://blog.clamav.net/search/label/clamav" rel="tag"> clamav</a>, <a \
href="https://blog.clamav.net/search/label/patch" rel="tag">patch</a>, <a \
href="https://blog.clamav.net/search/label/patch%20release" rel="tag">patch \
release</a>, <a href="https://blog.clamav.net/search/label/release" \
rel="tag">release</a></span></div> <br>
</div>
<div><br>
<div id="Signature">
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> </div>
</div>
</div>
</div>
</body>
</html>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--===============6725266147097801811==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic