ClamAV 1.0.0 has already been released and these are its news

ClamAV

ClamAV is an open source antivirus software

Cisco unveiled the launch of a new version of the antivirus package ClamAV 1.0.0, which version is notable for switching to the traditional "Major.Minor.Patch" release numbering (instead of 0.Version.Patch).

The importantThe version change is also due to changes in the libclamav library which break ABI compatibility by removing the CLAMAV_PUBLIC namespace, changing the type of arguments in the cl_strerror function, and including symbols for the Rust language in the namespace.

Branch 1.0.0 is classified as long-term support (LTS) and is maintained for three years. The release of ClamAV 1.0.0 will replace the previous LTS branch of ClamAV 0.103, for which updates with fixes for vulnerabilities and critical issues will be released until September 2023.

Updates for regular non-LTS branches are released at least 4 months after the first release of the next branch. The ability to download the signature database for non-LTS locations is also provided for at least another 4 months after the launch of the next location.

ClamAV 1.0 Main New Features

In this new version that comes from ClamAV 1.0.0 the code was rewritten with the implementation of the all matches mode, in which all matches in the file are determined, i.e. scanning continues after the first match. the new code it is marked as more reliable and easier to maintain.

The new implementation also removes a number of misconceptions that appear when signatures are verified in full match mode. Added tests to verify the correctness of the behavior of all matches.

In addition to this, it is also highlighted that significantly sped up unit test compilation for the libclamav-Rust library. ClamAV modules written in Rust are now integrated into a shared directory with ClamAV.

Restrictions have been minimized when checking overlapping records in ZIP archives, which made it possible to get rid of false warnings when processing slightly modified, but not malicious JAR files.

In addition to that, the build defines the minimum and maximum supported versions of LLVM. Trying to build with a version that is too old or too new will now result in an error warning about compatibility issues.

Compiling with your own RPATH list is allowed (list of directories from which shared libraries are loaded), which allows executable files to be moved to another location after they are compiled in the development environment.

Of the other changes that stand out from the new version:

  • Added support for decrypting read-only OLE2-based XLS files encrypted with a default password.
  • The clcb_file_inspection() callback was added to the API to connect controllers that inspect the contents of files, including those extracted from files.
  • The cl_cvdunpack() function has been added to the API for unpacking signature files in CVD format.
    The scripts for building docker images with ClamAV have been moved to a separate clamav-docker repository.
  • The docker image includes header files for the C library.
  • Added controls to limit the level of recursion when extracting objects from PDF documents.
  • The limit on the amount of memory allocated when processing untrusted input data has been increased, and a warning has been generated when this limit is exceeded.

finally if you are interested in knowing more about it, you can check the details In the following link.

How to install ClamAV in Ubuntu and derivatives?

For those who are interested in being able to install this antivirus on their system, they can do it in a fairly simple way and that is ClamAV is found within the repositories of most Linux distributions.

In the case of Ubuntu and its derivatives, you can install it from the terminal or from the system software center. If you choose to install with the Software Center, you just have to search for "ClamAV" and you should see the antivirus and the option to install it.

Now, for those who choose the option to install from the terminal They only have to open one on their system (they can do it with the Ctrl + Alt + T key shortcut) and in it they only have to type the following command:

sudo apt-get install clamav

And ready with it, they will have this antivirus installed on their system. Now as in all antivirus, ClamAV also has its database which downloads and takes to make comparisons in a "definitions" file. This file is a list that informs the scanner about questionable items.

Every so often it is important to be able to update this file, which we can update from the terminal, to do this simply execute:

sudo freshclam

Uninstall ClamAV

If for any reason you want to remove this antivirus from your system, just type the following in a terminal:

sudo apt remove --purge clamav

A comment, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Z3R0 said

    You are missing the daemon in the installation:
    sudo apt install clamav clamav-daemon

    To update the antivirus, you must first stop the program:
    sudo systemctl stop clamav-freshclam
    sudo freshclam

    And finally we start the service:
    sudo systemctl start clamav-freshclam

    A greeting!