Subject: CVS commit: pkgsrc/security/clamav
From: Takahiro Kambe
Date: 2020-09-19 15:41:42
Message id:

Log Message:
security/clamav: update to 0.103.0

Update clamav package to 0.103.0.

Quote from release announce:

ClamAV 0.103.0 highlights

With your feedback on the previous candidates, we've fixed these additional

* The freshclam PID file was not readable by other users in previous release
  candidates but is now readable by all.
* An issue with how freshclam was linked with the autotools build system
  caused SysLog settings to be ignored.
* The real-path checks introduced to clamscan and clamdscan in 0.102.4 broke
  scanning of some files with Unicode filenames and files on network shares
  for Windows users.

Thanks to the users for your help in fixing these bugs.

Major changes

* clamd can now reload the signature database without blocking
  scanning. This multi-threaded database reload improvement was made
  possible thanks to a community effort.

* Non-blocking database reloads are now the default behavior. Some systems
  that are more constrained on RAM may need to disable non-blocking reloads,
  as it will temporarily consume double the amount of memory. We added a new
  clamd config option ConcurrentDatabaseReload, which may be set to no.

Special thanks to those who made this feature a reality:

* Alberto Wu
* Alexander Sulfrian
* Arjen de Korte
* David Heidelberg
* Ged Haywood
* Julius Plenz
* Michael Orlitzky

Notable changes

* The DLP module has been enhanced with additional credit card ranges and a
  new engine option that allows ClamAV to alert only on credit cards (and
  not, for instance, gift cards) when scanning with the DLP module. John
  Schember developed this feature, with input from Alexander Sulfrian.
* We added support for Adobe Reader X PDF encryption and overhauled the
  PNG-scanning tool to detect PNG-specific exploits. We also made a major
  change to GIF parsing that now makes it more tolerant of problematic files
  and adds the ability to scan overlays, all thanks to work and patches
  submitted by Aldo Mazzeo.
* clamdtop.exe is now available for Windows users. The functionality is
  somewhat limited when compared to clamdtop on Linux. PDCurses is required
  to build clamdtop.exe for ClamAV on Windows.
* The phishing detection module will now print "Suspicious link found!"
  along with the "Real URL" and "Display URL" each time \ 
ClamAV detects
  phishing. In a future version, we would like to print out alert-related
  metadata like this at the end of a scan, but for now, this detail will
  help users understand why a given file is being flagged as phishing.
* Added new *experimental* CMake build tooling. CMake is not yet recommended
  for production builds. Our team would appreciate any assistance improving
  the CMake build tooling so we can one day deprecate autotools and remove
  the Visual Studio solutions.

	- Please see the new CMake installation instructions found in
 for detailed instructions on how to build ClamAV
          with CMake.

* Added --ping and --wait options to the clamdscan and clamonacc client

* The --ping (-p) command will attempt to ping clamd up to a specified
   maximum number of attempts at an optional interval. If the interval isn't
   specified, a default one-second interval is used. It will exit with
   status code `0` when it receives a PONG from clamd or status code `21` if
   the timeout expires before it receives a response.