Cisco Releases Free Antivirus Package ClamAV 1.3.0

After six months of development, Cisco has released a new version of ClamAV, a free antiviral package. The project, which includes ClamAV and Snort, was acquired by Cisco in 2013. The project code is distributed under the GPLV2 license.

The latest release, ClamAV 1.3.0, is classified as a non-LTS (Long Term Support) branch. Non-LTS branches are typically supported for at least four months after the release of the next branch. Users will also have the ability to load the signature base for non-LTS branches within the same timeframe.

Key improvements in ClamAV 1.3.0 include:

  • Added support for extracting and verifying investments used in Microsoft OneNote files. This feature is enabled by default but can be disabled by configuring “Scanonenote no” in Clamd.conf or using the command line option “-scan-onenote = no”.
  • ClamAV now supports assembly in the Beos-like operating system Haiku.
  • Clamd now checks for the existence of the directory specified in the Clamd.conf file for temporary files. If the directory does not exist, an error will be displayed.
  • The installation of static libraries LIBCLAMAV_RUST, LIBCLAMMSPACK, LIBCLAMUNRAR_IFACE, and LIBCLAMUNRAR has been added when setting up the assembly of static libraries in CMAKE.
  • Support for compiled Python scenarios (.pyc) has been implemented. The file type is passed as a string parameter Cl_type_python_compied.
  • Improved support for decoding PDF documents with empty passwords.

In addition, updates have been released for previous branches 1.2.2 and 1.0.5, addressing two vulnerabilities that affect branches 0.104, 0.105, 1.0, 1.1, and 1.2:

  • cve-2024-20328: This vulnerability allowed for command substitution in the implementation of the Virusevent command in the Clamd service. The details of the vulnerability have not been disclosed yet, but it is known that the issue can be resolved by disabling support for the formatting parameter of the line ‘%f’.
  • cve-2024-20290: This vulnerability involved a buffer overflow in the code of file analysis with contents in Ole2 format. A remote
/Reports, release notes, official announcements.