After more than a year of development, Cisco has published the release of a free antivirus package ClamAV 1.5.0. The project passed into the hands of Cisco in 2013 after purchasing Sourcefire, the company developing ClamAV and Snort. The project code is distributed under the GPLv2 license. Branch 1.5.0 is classified as a regular (non-LTS) branch, updates to which are published at least 4 months after the first release of the next branch. The ability to download the signature database for non-LTS branches is also provided for at least another 4 months after the release of the next branch.
Key changes in ClamAV 1.5:
- Added a check that identifies encrypted Microsoft Office documents.
- Added the ability to extract links present in processed HTML and PDF files. Links are output in JSON format when JSON metadata generation mode is active. The feature can be disabled via the ClamScan command line options “–json-store-html-uris=no” and “–json-store-pdf-uris=no”, the “JsonStoreHTMLURIs no” and “JsonStorePDFURIs no” directives in clamd.conf, or environment variables CL_SCAN_GENERAL_STORE_HTML_URIS and CL_SCAN_GENERAL_STORE_PDF_URIS.
- In the “OnAccessExcludePath” setting, specifying file path exclusion masks using regular expressions is allowed.
- Added support verification and digital signature of signature database archives (CVD) and database changes (CDIFF) using external files with the “.sign” extension, which are automatically loaded by the Freshclam utility along with cvd databases and cdiff patches. To verify and generate signatures, you can use the “sigtool verify” and “sigtool sign” commands. The certificates used are installed by default in the “/etc/certs” directory, which can be changed during build via the “-D CVD_CERTS_DIRECTORY=PATH” option, the CVDCertsDirectory setting, the CVD_CERTS_DIR environment variable, or a command line parameter “–cvdcertsdir PATH”.
- Added the ability to disable unreliable MD5 and SHA1 hashing algorithms when verifying by digital signature and checking false positives for trustworthy files in Freshclam, ClamD, ClamScan and Sigtool. Disabling MD5 and SHA1 is done through the “FIPSCryptoHashLimits” setting or the “–fips-limits” option
- In the implementation of the verified files cache, the SHA2-256 algorithm is used instead of MD5.
- Settings have been added to Clamd EnableShutdownCommand, EnableReloadCommand, EnableStatsCommand and EnableVersionCommand to disable processing of shutdown, restart, statistics and version commands.
- Added additional functions to libclamav for operations scanning, advanced functions for working with hashes, options for managing recursive traversal of the directory with temporary files. For each scanned object, a unique object identifier is used.
/Reports, release notes, official announcements.