ClamAV 1.5 has been released today as a major update for this open-source, free, and cross-platform antivirus engine for detecting trojans, viruses, malware, and other malicious threats.
Highlights of ClamAV 1.5 include checks to determine if an OLE2-based MS Office document is encrypted, regex support for the clamd.conf OnAccessExcludePath configuration option, as well as CVD signing and verification using external .sign files, along with new options to set an alternative CVD certs directory.
“Freshclam will now attempt to download external signature files to accompany existing .cvd databases and .cdiff patch files. Sigtool now has commands to sign and verify using the external signatures,” said the devs. “ClamAV now installs a ‘certs’ directory in the app config directory (e.g., /etc/certs). The install path is configurable.”
ClamAV 1.5 also adds the ability to record URIs found in HTML and PDF files when the “generate-JSON-metadata” feature is enabled, along with new options (--json-store-html-uris=no and --json-store-pdf-uris=no) to disable this functionality in case you want the JSON metadata feature but don’t want to record HTML and PDF URIs.
Furthermore, this release adds an option to enable FIPS-like limits to disable the MD5 and SHA1 cryptographic hashes from being used for verifying digital signatures or for trusting a file when checking for false positives (FPs). Also, ClamAV will now attempt to detect if FIPS-mode is enabled.
“This change mitigates safety concerns over the use of MD5 and SHA1 algorithms to trust files and is required to enable ClamAV to operate legitimately in FIPS-mode enabled environments,” explained the devs. ClamAV may still calculate MD5 or SHA1 hashes as needed for detection purposes or for informational purposes in FIPS-enabled environments and when the FIPS-limits option is enabled.
On top of that, ClamAV 1.5 upgrades the clean-file scan cache to use the SHA2-256 algorithm, adds an option to disable select administrative commands, improves the precision of the bytes-scanned and bytes-read counters, adds hash and file-type in/out CLI options, and adds new scan functions.
Among other changes, ClamAV 1.5 improves support for extracting malformed ZIP archives, adds file type recognition for an initial set of AI model file types, adds support for inline comments in ClamAV configuration files, and adds support for creating .cdiff and .script patch files for CVDs that have underscores in the CVD name.
Under the hood, this release improves support for compiling on Solaris and GNU/Hurd systems, as well as support for linking with the NCurses library dependency when libtinfo is built as a separate library. Of course, numerous bugs were fixed, so check out the release notes for more details.
You can download ClamAV 1.5 right now from the official website as a source tarball or as DEB and RPM binaries for Debian/Ubuntu or Red Hat Enterprise Linux-based distributions from the project’s GitHub page. Of course, you can also install ClamAV from your distro’s stable repositories.
Image credits: Logo by the ClamAV project (edited by Marius Nestor)
