Univention Bugzilla – Bug 33995
Update ClamAV to 0.98.1 (3.2)
Last modified: 2014-07-14 10:49:36 CEST
+++ This bug was initially created as a clone of Bug #33994 +++ We should update ClamAV to 0.98.1: – Signature improvements: New signature targets have been added for PDF files, Flash files and Java class files. (NOTE: Java archive files (JAR) are not part of the Java target.) Hash signatures can now specify a ’*’ (wildcard) size if the size is unknown. Using wildcard size requires setting the minimum engine FLEVEL to avoid backwards compatibility issues. For more details read the ClamAV Signatures guide. – Scanning enhancements: New filetypes can be unpacked and scanned, including ISO9660, Flash, and self-extracting 7z files. PDF handling is now more robust and better handles encrypted PDF files. – Authenticode: ClamAV is now aware of the certificate chains when scanning signed PE files. When the database contains signatures for trusted root certificate authorities, the engine can whitelist PE files with a valid signature. The same database file can also include known compromised certificates to be rejected! This feature can also be disabled in clamd.conf (DisableCertCheck) or the command-line (nocerts). – New options: Several new options for clamscan and clamd have been added. For example, ClamAV can be set to print infected files and error files, and suppress printing OK results. This can be helpful when scanning large numbers of files. This new option is ”-o” for clamscan and “LogClean” for clamd. Check clamd.conf or the clamscan help message for specific details. – New callbacks added to the API: The libclamav API has additional hooks for developers to use when wrapping ClamAV scanning. These function types are prefixed with “clcb_” and allow developers to add logic at certain steps of the scanning process without directly modifying the library. For more details refer to the clamav.h file. – More configurable limits: Several hardcoded values are now configurable parameters, providing more options for tuning the engine to match your needs. Check clamd.conf or the clamscan help message for specific details. – Performance improvements: This release furthers the use of memory maps during scanning and unpacking, continuing the conversion started in prior releases. Complex math functions have been switched from libtommath to tomsfastmath functions. The A/C matcher code has also been optimized to provide a speed boost. – Support for on-access scanning using Clamuko/Dazuko has been replaced with fanotify. Accordingly, clamd.conf settings related to on-access scanning have had Clamuko removed from the name. Clamuko-specific configuration items have been marked deprecated and should no longer be used. Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format. - Extraction, decompression, and scanning of files within Extensible Archive (XAR) format. XAR format is commonly used for software packaging, such as PKG and RPM, as well as general archival. - Decompression and scanning of files in “Xz” compression format. - Improvements and fixes to extraction and scanning of ole formats. - Option to force all scanned data to disk. This impacts only a few file types where some embedded content is normally scanned in memory. Enabling this option ensures that a file descriptor exists when callback functions are used, at a small performance cost. This should only be needed when callback functions are used that need file access. - Various improvements to ClamAV configuration, support of third party libraries, and unit tests.
Update clamav to 0.98.1 in errata3.2-2. Short test with univention-mail-server and the eicar test virus was successful -> swaks -t test1@w2k12.test -s localhost --body \ 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' YAML: 2014-06-17-clamav.yaml
(In reply to Felix Botner from comment #1) > Update clamav to 0.98.1 in errata3.2-2. Short test with > univention-mail-server and the eicar test virus was successful OK > YAML: 2014-06-17-clamav.yaml OK
http://errata.univention.de/ucs/3.2/146.html