./security/clamav, Anti-virus toolkit

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.103.1nb2, Package name: clamav-0.103.1nb2, Maintainer: pkgsrc-users

Clam AntiVirus is an anti-virus toolkit written from scratch. It is licensed
under GNU GPL2 and uses the virus database from OpenAntiVirus, which is an
another free anti-virus project. In contrast to OpenAntiVirus (which is written
in Java), Clam AntiVirus is written entirely in C and its database is KEPT UP
TO DATE. It also detects polymorphic viruses as well.

DEINSTALL [+/-]

Required to run:
[textproc/libxml2] [www/curl] [security/openssl] [devel/gmp] [devel/libltdl] [textproc/json-c] [devel/pcre2] [archivers/libmspack]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 4520c0c574362beba35b947ca8d0fa0823f93b1f
RMD160: a5234d1b022ae9dbaba681e7dd611a82d8e9e67e
Filesize: 13056.437 KB

Version history: (Expand)


CVS history: (Expand)


   2021-04-21 15:25:34 by Adam Ciarcinski | Files touched by this commit (864)
Log message:
revbump for boost-libs
   2021-04-21 13:43:04 by Adam Ciarcinski | Files touched by this commit (1822)
Log message:
revbump for textproc/icu
   2021-02-28 18:14:10 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
security/clamav: update to 0.103.1

0.103.1 (2021-01-31)

ClamAV 0.103.1 is a patch release with the following fixes and improvements.

Notable changes

* Added a new scan option to alert on broken media (graphics) file formats.
  This feature mitigates the risk of malformed media files intended to
  exploit vulnerabilities in other software.  At present media validation
  exists for JPEG, TIFF, PNG, and GIF files.  To enable this feature, set
  AlertBrokenMedia yes in clamd.conf, or use the --alert-broken-media option
  when using clamscan.  These options are disabled by default in this patch
  release, but may be enabled in a subsequent release.  Application
  developers may enable this scan option by enabling
  CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field.

* Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing behavior.
  BMP and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS
  because ClamAV does not yet have BMP or JPEG 2000 format checking
  capabilities.

Bug fixes

* Fixed PNG parser logic bugs that caused an excess of parsing errors and
  fixed a stack exhaustion issue affecting some systems when scanning PNG
  files.  PNG file type detection was disabled via signature database update
  for ClamAV version 0.103.0 to mitigate the effects from these bugs.

* Fixed an issue where PNG and GIF files no longer work with Target:5
  graphics signatures if detected as CL_TYPE_PNG/GIF rather than as
  CL_TYPE_GRAPHICS.  Target types now support up to 10 possible file types
  to make way for additional graphics types in future releases.

* Fixed clamonacc's --fdpass option.

* File descriptor passing (or "fd-passing") is a mechanism by which
  clamonacc and clamdscan may transfer an open file to clamd to scan, even
  if clamd is running as a non-privileged user and wouldn't otherwise have
  read-access to the file.  This enables clamd to scan all files without
  having to run clamd as root.  If possible, clamd should never be run as
  root so as to mitigate the risk in case clamd is somehow compromised while
  scanning malware.

* Interprocess file descriptor passing for clamonacc was broken since
  version 0.102.0 due to a bug introduced by the switch to curl for
  communicating with clamd.  On Linux, passing file descriptors from one
  process to another is handled by the kernel, so we reverted clamonacc to
  use standard system calls for socket communication when fd passing is
  enabled.

* Fixed a clamonacc stack corruption issue on some systems when using an
  older version of libcurl.  Patch courtesy of Emilio Pozuelo Monfort.

* Allow clamscan and clamdscan scans to proceed even if the realpath lookup
  failed.  This alleviates an issue on Windows scanning files hosted on
  file- systems that do not support the GetMappedFileNameW() API such as on
  ImDisk RAM-disks.

* Fixed freshclam --on-update-execute=EXIT_1 temporary directory cleanup
  issue.

* clamd's log output and VirusEvent now provide the scan target's file path
  instead of a file descriptor.  The clamd socket API for submitting a scan
  by FD-passing doesn't include a file path, this feature works by looking
  up the file path by file descriptor.  This feature works on Mac and Linux
  but is not yet implemented for other UNIX operating systems.  FD-passing
  is not available for Windows.

* Fixed an issue where freshclam database validation didn't work correctly
  when run in daemon mode on Linux/Unix.

Other improvements

* Scanning JPEG, TIFF, PNG, and GIF files will no longer return "parse"
  errors when file format validation fails.  Instead, the scan will alert
  with the "Heuristics.Broken.Media" signature prefix and a descriptive
  suffix to indicate the issue, provided that the "alert broken media"
  feature is enabled.

* GIF format validation will no longer fail if the GIF image is missing the
  trailer byte, as this appears to be a relatively common issue in otherwise
  functional GIF files.

* Added a TIFF dynamic configuration (DCONF) option, which was missing.
  This will allow us to disable TIFF format validation via signature
  database update in the event that it proves to be problematic.  This
  feature already exists for many other file types.

Acknowledgements

The ClamAV team thanks the following individuals for their code submissions:

Emilio Pozuelo Monfort
   2020-11-05 10:09:30 by Ryo ONODERA | Files touched by this commit (1814)
Log message:
*: Recursive revbump from textproc/icu-68.1
   2020-09-19 15:41:42 by Takahiro Kambe | Files touched by this commit (11) | Package updated
Log message:
security/clamav: update to 0.103.0

Update clamav package to 0.103.0.

Quote from release announce:

ClamAV 0.103.0 highlights

With your feedback on the previous candidates, we've fixed these additional
issues:

* The freshclam PID file was not readable by other users in previous release
  candidates but is now readable by all.
* An issue with how freshclam was linked with the autotools build system
  caused SysLog settings to be ignored.
* The real-path checks introduced to clamscan and clamdscan in 0.102.4 broke
  scanning of some files with Unicode filenames and files on network shares
  for Windows users.

Thanks to the users for your help in fixing these bugs.

Major changes

* clamd can now reload the signature database without blocking
  scanning. This multi-threaded database reload improvement was made
  possible thanks to a community effort.

* Non-blocking database reloads are now the default behavior. Some systems
  that are more constrained on RAM may need to disable non-blocking reloads,
  as it will temporarily consume double the amount of memory. We added a new
  clamd config option ConcurrentDatabaseReload, which may be set to no.

Special thanks to those who made this feature a reality:

* Alberto Wu
* Alexander Sulfrian
* Arjen de Korte
* David Heidelberg
* Ged Haywood
* Julius Plenz
* Michael Orlitzky

Notable changes

* The DLP module has been enhanced with additional credit card ranges and a
  new engine option that allows ClamAV to alert only on credit cards (and
  not, for instance, gift cards) when scanning with the DLP module. John
  Schember developed this feature, with input from Alexander Sulfrian.
* We added support for Adobe Reader X PDF encryption and overhauled the
  PNG-scanning tool to detect PNG-specific exploits. We also made a major
  change to GIF parsing that now makes it more tolerant of problematic files
  and adds the ability to scan overlays, all thanks to work and patches
  submitted by Aldo Mazzeo.
* clamdtop.exe is now available for Windows users. The functionality is
  somewhat limited when compared to clamdtop on Linux. PDCurses is required
  to build clamdtop.exe for ClamAV on Windows.
* The phishing detection module will now print "Suspicious link found!"
  along with the "Real URL" and "Display URL" each time \ 
ClamAV detects
  phishing. In a future version, we would like to print out alert-related
  metadata like this at the end of a scan, but for now, this detail will
  help users understand why a given file is being flagged as phishing.
* Added new *experimental* CMake build tooling. CMake is not yet recommended
  for production builds. Our team would appreciate any assistance improving
  the CMake build tooling so we can one day deprecate autotools and remove
  the Visual Studio solutions.

	- Please see the new CMake installation instructions found in
          INSTALL.cmake.md for detailed instructions on how to build ClamAV
          with CMake.

* Added --ping and --wait options to the clamdscan and clamonacc client
  applications.

* The --ping (-p) command will attempt to ping clamd up to a specified
   maximum number of attempts at an optional interval. If the interval isn't
   specified, a default one-second interval is used. It will exit with
   status code `0` when it receives a PONG from clamd or status code `21` if
   the timeout expires before it receives a response.
   2020-09-17 18:16:38 by Jonathan Perkin | Files touched by this commit (1)
Log message:
clamav: Explicitly set SMF_METHODS.

RCD_SCRIPTS changes depending on configured options, and clamav-milter
is launched directly from the manifest without a separate method script.
   2020-09-14 18:54:35 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
security/clamav: add clamav-milter startup script

Add clamav-milter startup script.

Bump PKGREVISION.
   2020-07-17 06:48:32 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
security/clamav: update to 0.102.4

Update clamav to 0.102.4.

## 0.102.4

ClamAV 0.102.4 is a bug patch release to address the following issues.

- [CVE-2020-3350](https://cve.mitre.org/cgi-bin/cvename.c … -2020-3350):
  Fix a vulnerability wherein a malicious user could replace a scan target's
  directory with a symlink to another path to trick clamscan, clamdscan, or
  clamonacc into removing or moving a different file (eg. a critical system
  file). The issue would affect users that use the --move or --remove options
  for clamscan, clamdscan, and clamonacc.

  For more information about AV quarantine attacks using links, see the
  [RACK911 Lab's \ 
report](https://www.rack911labs.com/research/ex … s-software).

- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.c … -2020-3327):
  Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that
  could cause a Denial-of-Service (DoS) condition. Improper bounds checking
  results in an out-of-bounds read which could cause a crash.
  The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly
  resolves the issue.

- [CVE-2020-3481](https://cve.mitre.org/cgi-bin/cvename.c … -2020-3481):
  Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3
  could cause a Denial-of-Service (DoS) condition. Improper error handling
  may result in a crash due to a NULL pointer dereference.
  This vulnerability is mitigated for those using the official ClamAV
  signature databases because the file type signatures in daily.cvd
  will not enable the EGG archive parser in versions affected by the
  vulnerability.