Free antivirus software has become even more convenient and secure.
After 6 months of development, Cisco has announced the release of a new version of its free antivirus software ClamAV 1.3.0, which became part of Cisco after it was acquired by Sourcefire in 2013, the company that developed ClamAV and Snort. In addition to the stable version of ClamAV 1.3.0, security updates 1.2.2 and 1.0.5 have also been released. Here are the key improvements and changes made in the new versions:
Version 1.3.0:
Versions 1.2.2 and 1.0.5:
New versions are available for download on the official ClamAV page, on the GitHub releases page, and via the Docker Hub, including Alpine and Debian-based multiarch images.
After 6 months of development, Cisco has announced the release of a new version of its free antivirus software ClamAV 1.3.0, which became part of Cisco after it was acquired by Sourcefire in 2013, the company that developed ClamAV and Snort. In addition to the stable version of ClamAV 1.3.0, security updates 1.2.2 and 1.0.5 have also been released. Here are the key improvements and changes made in the new versions:
Version 1.3.0:
- Added support for extracting and scanning attachments in Microsoft OneNote files. This feature is enabled by default, but can be disabled via the command line, the clamd.conf configuration file, libclamav settings, or changes to the daily.cfg configuration.
- Improved compatibility with the Haiku operating system (BeOS-like).
- ClamD checks for the specified temporary directory at startup, displaying an error message and exiting with exit code 1 if it is not present.
- Extended support for static libraries when building with CMake, including libclamav_rust, libclammspack, libclamunrar_iface, and libclamunrar.
- Added file type recognition for compiled Python (. pyc) files, improving data typing during scanning.
- Improved support for decrypting PDF files with empty passwords.
- Various minor improvements and typo fixes.
- Bug fixes, including warnings when scanning some HTML files, fixes for an eternal loop in ClamOnAcc when there is no tracked directory, and a possible crash when processing VBA files on HP-UX / IA 64bit.
Versions 1.2.2 and 1.0.5:
- CVE-2024-20290: Fixed a Heap Overflow vulnerability in the OLE2 file analyzer that could lead to a Denial of Service (DoS) condition.
- CVE-2024-20328: fixed a command injection vulnerability in the VirusEvent function of the ClamD service. The problem was fixed by disabling support for the string formatting parameter '%f' in VirusEvent, which was replaced with the name of the infected file.
New versions are available for download on the official ClamAV page, on the GitHub releases page, and via the Docker Hub, including Alpine and Debian-based multiarch images.
