ClamAV 1.2 arrives with increased size of scanned files, improvements and more

Darkcrizt

4 minutes

ClamAV

ClamAV is an open source antivirus software

After four months of development, since the last major release, Cisco released the release of the new version of ClamAV 1.2, a version that is classified as a regular (non-LTS) branch, whose updates are released at least 4 months after the first release of the next branch.

For those unaware of ClamAV you should know that this is an open source antivirus and multiplatform (It has versions for Windows, GNU / Linux, BSD, Solaris, Mac OS X and other Unix-like operating systems).

ClamAV 1.2 Main New Features

In this new version that is presented of ClamAV 1.2, one of the main changes that stands out is in the MaxScanSize parameter, which limits the maximum size of the scanned data when scanning an archive or compressed file and which now it can take a value greater than 4 GB. It is worth mentioning that by default the limit is still set to 2 GB, but you can use the option "--alert-exceeds-maxor the "AlertExceedsMax" setting to display a warning if files are ignored by size).

Another of the changes that stands out in ClamAV 1.2 is that now In all configurations that specify file sizes, the ability has been added de use the endings "G" and "g" to indicate gigabytes. For example, you can set "MaxScanSize 10G» or run ClamScan with «--max-scansize=10g«.

In addition to this, in we can also find that the ability to use a PEM file with a client certificate for authentication when connecting to a non-public mirror in the Freshclam app. Environment variables were also added FRESHCLAM_CLIENT_CERT, FRESHCLAM_CLIENT_KEY, and FRESHCLAM_CLIENT_KEY_PASSWD to connect a certificate.

Of the other changes that stand out of this new version:

  • Added CacheSize configuration parameter and command line option «--cache-size» to configure the cache size of verified files.
  • Increasing the cache may increase scanning performance, but will increase RAM consumption.
  • Added the ability to extract data from UDF (Universal Disk Format) images.
  • UDF files with BEA01 (initial extended area descriptor) metadata are supported.
  • The systemd service has been added to periodically update the virus signature database using Freshclam, without running this utility in the background. The service supports registration, editing of the startup program using the command «systemctl edit» and the state audit.

Last but not least, it is also worth mentioning that the corrective versions that were also formed With this release of ClamAV 1.2, update the library "libclamunrar", based on the unrar project code, in which a critical vulnerability was recently identified (CVE-2023-40477), which allows code execution to be achieved by processing specially crafted rar files. The vulnerability affected the proprietary Windows product WinRAR, but so far there is no confirmation that it does not affect the unrar library, which includes code from the same developers.

finally if you are interested in knowing more about it, you can check the details In the following link.

How to install ClamAV in Ubuntu and derivatives?

For those who are interested in being able to install this antivirus on their system, they can do it in a fairly simple way and that is ClamAV is found within the repositories of most Linux distributions.

In the case of Ubuntu and its derivatives, you can install it from the terminal or from the system software center. If you choose to install with the Software Center, you just have to search for "ClamAV" and you should see the antivirus and the option to install it.

Now, for those who choose the option to install from the terminal They only have to open one on their system (they can do it with the Ctrl + Alt + T key shortcut) and in it they only have to type the following command:

sudo apt-get install clamav

And ready with it, they will have this antivirus installed on their system. Now as in all antivirus, ClamAV also has its database which downloads and takes to make comparisons in a "definitions" file. This file is a list that informs the scanner about questionable items.

Every so often it is important to be able to update this file, which we can update from the terminal, to do this simply execute:

sudo freshclam

Uninstall ClamAV

If for any reason you want to remove this antivirus from your system, just type the following in a terminal:

sudo apt remove --purge clamav

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.