Bug 33995 - Update ClamAV to 0.98.1 (3.2)
Update ClamAV to 0.98.1 (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: clamav
UCS 3.0
Other Linux
: P5 normal (vote)
: UCS 3.2-2-errata
Assigned To: Felix Botner
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-27 07:41 CET by Moritz Muehlenhoff
Modified: 2014-07-14 10:49 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-01-27 07:41:04 CET
+++ This bug was initially created as a clone of Bug #33994 +++

We should update ClamAV to 0.98.1:

     – Signature improvements: New signature targets have been added for
    PDF files, Flash files and Java class files. (NOTE: Java archive files
    (JAR) are not part of the Java target.) Hash signatures can now specify
    a ’*’ (wildcard) size if the size is unknown. Using wildcard size
    requires setting the minimum engine FLEVEL to avoid backwards
    compatibility issues. For more details read the ClamAV Signatures
    guide.

    – Scanning enhancements: New filetypes can be unpacked and scanned,
    including ISO9660, Flash, and self-extracting 7z files. PDF
    handling is now more robust and better handles encrypted PDF files. 

    – Authenticode: ClamAV is now aware of the certificate chains when
    scanning signed PE files. When the database contains signatures for
    trusted root certificate authorities, the engine can whitelist
    PE files with a valid signature. The same database file can also
    include known compromised certificates to be rejected! This
    feature can also be disabled in clamd.conf (DisableCertCheck) or
    the command-line (nocerts). 

    – New options: Several new options for clamscan and clamd have been
    added. For example, ClamAV can be set to print infected files and
    error files, and suppress printing OK results. This can be helpful
    when scanning large numbers of files. This new option is ”-o” for
    clamscan and “LogClean” for clamd. Check clamd.conf or the clamscan
    help message for specific details. 


    – New callbacks added to the API: The libclamav API has additional hooks
    for developers to use when wrapping ClamAV scanning. These function
    types are prefixed with “clcb_” and allow developers to add logic at
    certain steps of the scanning process without directly modifying the
    library. For more details refer to the clamav.h file. 


    – More configurable limits: Several hardcoded values are now configurable
    parameters, providing more options for tuning the engine to match your
    needs. Check clamd.conf or the clamscan help message for specific
    details. 


    – Performance improvements: This release furthers the use of memory maps
    during scanning and unpacking, continuing the conversion started in
    prior releases. Complex math functions have been switched from
    libtommath to tomsfastmath functions. The A/C matcher code has also
    been optimized to provide a speed boost. 


    – Support for on-access scanning using Clamuko/Dazuko has been replaced
    with fanotify. Accordingly, clamd.conf settings related to on-access
    scanning have had Clamuko removed from the name. Clamuko-specific
    configuration items have been marked deprecated and should no longer
    be used.

 Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.
- Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
XAR format is commonly used for software packaging, such as PKG and RPM, as well as
general archival.
- Decompression and scanning of files in “Xz” compression format.
- Improvements and fixes to extraction and scanning of ole formats.
- Option to force all scanned data to disk. This impacts only a few file types where
some embedded content is normally scanned in memory. Enabling this option
ensures that a file descriptor exists when callback functions are used, at a small
performance cost. This should only be needed when callback functions are used
that need file access.
- Various improvements to ClamAV configuration, support of third party libraries,
and unit tests.
Comment 1 Felix Botner univentionstaff 2014-06-17 12:35:21 CEST
Update clamav to 0.98.1 in errata3.2-2. Short test with univention-mail-server and the eicar test virus was successful

-> swaks -t test1@w2k12.test -s localhost --body \
'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'

YAML: 2014-06-17-clamav.yaml
Comment 2 Janek Walkenhorst univentionstaff 2014-07-11 17:47:15 CEST
(In reply to Felix Botner from comment #1)
> Update clamav to 0.98.1 in errata3.2-2. Short test with
> univention-mail-server and the eicar test virus was successful
OK

> YAML: 2014-06-17-clamav.yaml
OK
Comment 3 Moritz Muehlenhoff univentionstaff 2014-07-14 10:49:36 CEST
http://errata.univention.de/ucs/3.2/146.html