./security/clamav, Anti-virus toolkit

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.103.12nb3, Package name: clamav-0.103.12nb3, Maintainer: pkgsrc-users

Clam AntiVirus is an anti-virus toolkit written from scratch. It is licensed
under GNU GPL2 and uses the virus database from OpenAntiVirus, which is an
another free anti-virus project. In contrast to OpenAntiVirus (which is written
in Java), Clam AntiVirus is written entirely in C and its database is KEPT UP
TO DATE. It also detects polymorphic viruses as well.

DEINSTALL [+/-]

Required to run:
[textproc/libxml2] [www/curl] [security/openssl] [devel/gmp] [devel/libltdl] [textproc/json-c] [devel/pcre2] [archivers/libmspack]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 16120.786 KB

Version history: (Expand)

CVS history: (Expand)


   2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2429) 
Log message:
*: recursive bump for icu 76 shlib major version bump
   2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2426) 
Log message:
*: revbump for icu downgrade
   2024-11-01 01:54:33 by Thomas Klausner | Files touched by this commit (2427) 
Log message:
*: recursive bump for icu 76.1 shlib bump
   2024-09-05 17:10:15 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
security/clamav: update to 0.103.12

0.103.12 (2024-09-04)

ClamAV 0.103.12 is a patch release with the following fixes:

- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506):
  Changed the logging module to disable following symlinks on Linux and Unix
  systems so as to prevent an attacker with existing access to the 'clamd' or
  'freshclam' services from using a symlink to corrupt system files.

  This issue affects all currently supported versions. It will be fixed in:
  - 1.4.1
  - 1.3.2
  - 1.0.7
  - 0.103.12

  Thank you to Detlef for identifying this issue.

- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505):
  Fixed a possible out-of-bounds read bug in the PDF file parser that could
  cause a denial-of-service (DoS) condition.

  This issue affects all currently supported versions. It will be fixed in:
  - 1.4.1
  - 1.3.2
  - 1.0.7
  - 0.103.12

  Thank you to OSS-Fuzz for identifying this issue.

- ClamOnAcc: Fixed an infinite loop when a watched directory does not exist.
  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1198)

- Fixed a bug causing CVDs downloaded by the `DatabaseCustomURL` Freshclam
  config option to be pruned and then re-downloaded with every update.
  Also added the new 'valhalla' database name to the list of optional databases
  in preparation for future work.
  - Backport of [GitHub pull \ 
request](https://github.com/Cisco-Talos/clamav/pull/1233)

- Fixed an unaligned pointer dereference issue on select architectures.
  Fix courtesy of Sebastian Andrzej Siewior.
  - Backport of [GitHub pull \ 
request](https://github.com/Cisco-Talos/clamav/pull/1293)
   2024-05-29 18:35:19 by Adam Ciarcinski | Files touched by this commit (1929) | Package updated
Log message:
revbump after icu and protobuf updates
   2024-05-16 08:15:47 by Thomas Klausner | Files touched by this commit (692) 
Log message:
*: recursive bump for gnutls p11-kit option

(existing installations need the bl3.mk included, but it's now only
optionally included)
   2023-12-07 18:51:49 by Greg Troxel | Files touched by this commit (1) 
Log message:
security/clamav: Drop MESSAGE

as redundant with upstream documentation.
   2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) 
Log message:
*: recursive bump for icu 74.1