ClamAV 1.5.0 beta

Szerszám

Internetes levelezés üzemeltetésével foglalkozók egykori alapvető szerszáma, a ClamAV új béta kiadással jelentkezett. Nagyobb változások:

  • Added checks to determine if an OLE2-based Microsoft Office document is encrypted.
  • Added the ability to record URLs found in HTML if the generate-JSON-metadata feature is enabled. Also adds an option to disable this in case you want the JSON metadata feature but don't want to record HTML URL's. The ClamScan command-line option is “--json-store-html-urls=no”. The clamd.conf config option is “JsonStoreHTMLUrls no”.
  • Added regex support for the clamd.conf OnAccessExcludePath config option. This change courtesy of GitHub user b1tg.
  • Added FIPS-compliant CVD signing/verification with external .sign files.
    Freshclam will now attempt to download external signature files to accompany existing .cvd databases and .cdiff patch files. Sigtool now has commands to sign and verify using the external signatures.

    ClamAV now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install path is configurable. The CMake option to configure the CVD certs directory is “-D CVD_CERTS_DIRECTORY=PATH”. 

    Added sign/verify commands to Sigtool.

    New options to set an alternative CVD certs directory:
    - The command-line option for Freshclam, ClamD, ClamScan, and Sigtool is: --cvdcertsdir PATH
    - The environment variable for Freshclam, ClamD, ClamScan, and Sigtool is: CVD_CERTS_DIR

    The config option for Freshclam and ClamD is: CVDCertsDirectory PATH

    Added two new APIs to the public clamav.h header:
    extern cl_error_t cl_cvdverify_ex(const char *file, 
                                      const char *certs_directory);
    extern cl_error_t cl_cvdunpack_ex(const char *file, 
                                      const char *dir, 
                                      bool dont_verify, 
                                      const char *certs_directory); 

    The original cl_cvdverify and cl_cvdunpack are deprecated. 

    Added a cl_engine_field enum option CL_ENGINE_CVDCERTSDIR. You may set this option with cl_engine_set_str and get it with cl_engine_get_str to override the compiled in default CVD certs directory.

    Thank you to Mark Carey at SAP for inspiring work on this feature with an initial proof of concept for external-signature FIPS compliant CVD signing. 

( bennyh | 2025. 04. 02., sze – 09:33 )

Amúgy levelező, fájlszerver és jogszabályi megfelelés mellett mire jó még a ClamAV? Láttam régen Windows klienst is, de akkor már inkább a Defender :D

Minden ilyennek a rákfenéje, hogy mennyire karbantartott a def/szignatúra adatbázisa. Szerintem az kb. beárazza, hogy pl. egy kereskedelmi UTM termékben a ClamAV ingyenesen elérhető, de van mellett fizetős AV motor is.

trey @ gépház