Cisco recently announced the release of a major new version of the free antivirus suite Clam AV 0.105.0 and has also released ClamAV patch versions 0.104.3 and 0.103.6 with vulnerabilities and bug fixes.
For those unaware of ClamAV you should know that this is an open source antivirus and multiplatform (It has versions for Windows, GNU / Linux, BSD, Solaris, Mac OS X and other Unix-like operating systems).
ClamAV 0.105 Main New Features
In this new version of ClamAV 0.105.0 that is presented, ClamScan and ClamDScan now have a built-in process memory scan capability. This feature is ported from the ClamWin package and is specific to the Windows platform.
Besides that, runtime components have been updated to execute bytecode based on LLVM. To increase scanning performance compared to the default bytecode interpreter, a JIT compilation mode is proposed. Support for older versions of LLVM has been discontinued, now you can use LLVM versions from 8 to 12 to work.
It is also highlighted that added a GenerateMetadataJson setting to Clamd which is equivalent to the “–gen-json” option in clamscan and causes metadata about the progress of the scan to be written to the metadata.json file in JSON format.
Moreover, the ability to build using the external TomsFastMath library is provided (libtfm), enabled using the options "-D ENABLE_EXTERNAL_TOMSFASTMATH=ON", "-D TomsFastMath_INCLUDE_DIR= » and «-D TomsFastMath_LIBRARY= ». The included copy of the TomsFastMath library has been updated to version 0.13.1.
Utility Freshclam has improved ReceiveTimeout handling behavior, which now aborts only stuck downloads and does not interrupt active slow downloads with data transfer over bad links.
It is also highlighted that a compiler for the Rust language is included among the required dependencies For the construction. The build requires at least Rust 1.56. The necessary Rust dependency libraries are included in the main ClamAV package.
The code for the incremental update of the database file (CDIFF) has been rewritten in Rust. The new implementation made it possible to significantly speed up the application of updates that remove a large number of signatures from the database. This is the first module rewritten in Rust.
The maximum line size in configuration files freshclam.conf and clamd.conf increased from 512 to 1024 characters (When specifying access tokens, the DatabaseMirror parameter could exceed 512 bytes.)
To identify images used for phishing or malware distribution, a new type of logical signature is supported, which uses the fuzzy hashing method, which allows similar objects to be identified with a certain degree of probability.
Of the other changes that stand out from this new version:
- Default limits have been increased.
- To generate a fuzzy hash for an image, you can use the "sigtool --fuzzy-img" command.
- Added “–memory”, “–kill”, and “–unload” options to ClamScan and ClamDScan on the Windows platform.
- Added support for building ClamdTop using the ncursesw library in the absence of ncurses.
- Fixed vulnerabilities
Finally for those interested in knowing more about it About this new corrective version, you can check the details In the following link.
How to install ClamAV 0.105.0 in Ubuntu and derivatives?
For those who are interested in being able to install this antivirus on their system, they can do it in a fairly simple way and that is ClamAV is found within the repositories of most Linux distributions.
In the case of Ubuntu and its derivatives, users of these can install it from the terminal or from the system software center. If you choose to install with the Software Center, you just have to search for "ClamAV" and you should see the antivirus and the option to install it.
Now, for those who choose the option to install from the terminal they should only open one on their system (you can do it with the shortcut Ctrl + Alt + T) and in it they only have to type the following command:
sudo apt-get install clamav
And ready with it, they will have this antivirus installed on their system. Now as in all antivirus, ClamAV also has its database which downloads and takes to make comparisons in a "definitions" file. This file is a list that informs the scanner about questionable items.
Every so often it is important to be able to update this file, which we can update from the terminal, to do this simply execute:
sudo freshclam
Uninstall ClamAV
If for any reason you want to remove this antivirus from your system, just type the following in a terminal:
sudo apt remove --purge clamav