./security/clamav, Anti-virus toolkit

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.101.2nb1, Package name: clamav-0.101.2nb1, Maintainer: pkgsrc-users

Clam AntiVirus is an anti-virus toolkit written from scratch. It is licensed
under GNU GPL2 and uses the virus database from OpenAntiVirus, which is an
another free anti-virus project. In contrast to OpenAntiVirus (which is written
in Java), Clam AntiVirus is written entirely in C and its database is KEPT UP
TO DATE. It also detects polymorphic viruses as well.

DEINSTALL [+/-]

Required to run:
[textproc/libxml2] [www/curl] [devel/gmp] [devel/libltdl] [textproc/json-c] [devel/pcre2] [archivers/libmspack]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 6545fc72fbc4e3e8b7e845e08edd0a36142d033e
RMD160: 53fddb9858c49c8b11654b204cf2e5938e193a7c
Filesize: 21213.801 KB

Version history: (Expand)


CVS history: (Expand)


   2019-09-06 11:22:49 by Jonathan Perkin | Files touched by this commit (1)
Log message:
clamav: Disable mapfile on SunOS.

There are a couple of functions that aren't defined, and this is easier than
patching (and doesn't impact other OS).
   2019-08-22 14:23:56 by Ryo ONODERA | Files touched by this commit (678)
Log message:
Recursive revbump from boost-1.71.0
   2019-08-05 16:44:20 by Patrick Welche | Files touched by this commit (8) | Package updated
Log message:
Update clamav to 0.101.2

Remove rar support to workaround PR pkg/54420

  This release includes 3 extra security related bug fixes that do not
   apply to prior versions. In addition, it includes a number of minor bug
   fixes and improvements.
     * Fixes for the following vulnerabilities affecting 0.101.1 and
       prior:
          + CVE-2019-1787: An out-of-bounds heap read condition may occur
            when scanning PDF documents. The defect is a failure to
            correctly keep track of the number of bytes remaining in a
            buffer when indexing file data.
          + CVE-2019-1789: An out-of-bounds heap read condition may occur
            when scanning PE files (i.e. Windows EXE and DLL files) that
            have been packed using Aspack as a result of inadequate
            bound-checking.
          + CVE-2019-1788: An out-of-bounds heap write condition may occur
            when scanning OLE2 files such as Microsoft Office 97-2003
            documents. The invalid write happens when an invalid pointer
            is mistakenly used to initialize a 32bit integer to zero. This
            is likely to crash the application.
     * Fixes for the following ClamAV vulnerabilities:
          + CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
            feature that could allow an unauthenticated, remote attacker
            to cause a denial of service (DoS) condition on an affected
            device. Reported by Secunia Research at Flexera.
          + Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
            code. Reported by Alex Gaynor.
     * Fixes for the following vulnerabilities in bundled third-party
       libraries:
          + CVE-2018-14680: An issue was discovered in mspack/chmd.c in
            libmspack before 0.7alpha. It does not reject blank CHM
            filenames.
          + CVE-2018-14681: An issue was discovered in kwajd_read_headers
            in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
            header extensions could cause a one or two byte overwrite.
          + CVE-2018-14682: An issue was discovered in mspack/chmd.c in
            libmspack before 0.7alpha. There is an off-by-one error in the
            TOLOWER() macro for CHM decompression.
          + Additionally, 0.100.2 reverted 0.100.1's patch for
            CVE-2018-14679, and applied libmspack's version of the fix in
            its place.
     * Fixes for the following CVE's:
          + CVE-2017-16932: Vulnerability in libxml2 dependency (affects
            ClamAV on Windows only).
          + CVE-2018-0360: HWP integer overflow, infinite loop
            vulnerability. Reported by Secunia Research at Flexera.
          + CVE-2018-0361: ClamAV PDF object length check, unreasonably
            long time to parse relatively small file. Reported by aCaB.

For the full release notes, see:
https://github.com/Cisco-Talos/clamav-d … .2/NEWS.md
   2019-07-21 00:46:59 by Thomas Klausner | Files touched by this commit (595)
Log message:
*: recursive bump for nettle 3.5.1
   2019-07-01 06:08:55 by Ryo ONODERA | Files touched by this commit (669)
Log message:
Recursive revbump from boost-1.70.0
   2019-05-04 18:12:01 by Roland Illig | Files touched by this commit (1)
Log message:
security/clamav: remove unrecognized configure option --disable-clamav
   2019-04-13 10:48:22 by Ryosuke Moro | Files touched by this commit (2)
Log message:
clamav: remove patch-ag
already #ifdef-ed
   2018-12-13 20:52:27 by Adam Ciarcinski | Files touched by this commit (668)
Log message:
revbump for boost 1.69.0