Released the new version of ClamAV 0.101.3 with solution for the zip pump

ClamAV is an open source antivirus for Windows, GNU / Linux, BSD, Solaris, Mac OS X and other Unix-like operating systems.

ClamAV provides a number of antivirus tools specifically designed for email scanning. The ClamAV architecture is scalable and flexible thanks to a multi-threaded process. It has a powerful monitor integrated with the command line and tools to update the databases automatically. The project code is distributed under the GPLv2 license.

About the new version of ClamAV 0.101.3

Some days ago Cisco introduced a new corrective version of its free ClamAV 0.101.3 antivirus package with which a vulnerability was removed which could allow a denial of service through the transfer of a specially crafted zip file.

The problem is a variant of the zip bomb Non-recursive zip bomb also known as a kill or decompression bomb, which requires a lot of time and resources.

This is a malicious file designed to block or disable the program or system that reads it. It is often used to disable antivirus software to create an opening for more traditional viruses.

Rather than hijack the normal operation of the program, a zip bomb allows the program to function as intended, but the archive is carefully designed so that unpacking it requires an inordinate amount of time, disk space, or memory.

Most modern antivirus programs can detect if a file is a zip bomb, to avoid unpacking it.

The essence of the method is to put data in the file to achieve the maximum compression ratio for the zip format, approximately 28 million times. For example, a specially prepared 10MB zip file will unpack about 281TB of data and 46MB - 4.5PB.

Also also the new version of ClamAV 0.101.3 updated the built-in libmspack library, which removed the buffer overflows (CVE-2019-1010305), which caused the data leak when opening a specially crafted chm file.

At the same time, a new beta version of the new ClamAV 0.102 branch was also introduced, in which the functionality of transparent scanning of open files (on-access scan, file open check) is transferred from clamd to a separate clamonacc process, implemented by analogy with clamdscan and clamav-milter.

The specified change made it possible to organize clamd's work as a regular user without the need for root privileges.

In addition to this, file support (ESTsoft) and the redesigned freshclam program were also added, which added support for HTTPS and the ability to work with mirrors that process requests on network ports other than 80.

How to install ClamAV in Ubuntu and derivatives?

For those who are interested in being able to install this antivirus on their system, they can do it in a fairly simple way and that is ClamAV is found within the repositories of most Linux distributions.

In the case of Ubuntu and its derivatives, you can install it from the terminal or from the system software center.

If you choose to install with the Software Center, you only have to search for "ClamAV" and the antivirus should appear and the option to install it.

Now, for those who choose the option to install from the terminal they should only open one on their system (you can do it with the shortcut Ctrl + Alt + T) and in it they only have to type the following command:

sudo apt-get install clamav

And ready with it, they will already have this antivirus installed on their system

Like all antivirus, ClamAV also has its database which it downloads and takes to make comparisons in a “definitions” file. This file is a list that informs the scanner about questionable items.

From time to time it is important to update this file, to do this in the terminal, simply run:

sudo freshclam