Jun 23, 2016 - Red Hat – Kernel Panic after yum update – Hyper-V. You might run into an issue where on boot, the system kernel panics. Zcashd wallet without losing your wallet addresses Install php and fastcgi on CentOS 7. Plesk postfix PowerShell qmail r1soft Red Hat RedHat Security sendmail smtp. Mar 26, 2018 - On this page • • • • • • The Perfect Server - CentOS 6.5 x86_64 (Apache2, Dovecot, ISPConfig 3) Version 1.0 Author: Falko Timme, updated.
# rpm -qil clamav Name: clamav Version: 0.98.4 Release: 1.el7 Architecture: x8664 Install Date: Tue 18 Nov 2014 10:23:01 AM CET Group: Applications/File Size: 2306673 License: GPLv2 Signature: RSA/SHA256, Sat 26 Jul 2014 12:50:58 AM CEST, Key ID 6a2faea2352c64e5 Source RPM: clamav-0.98.4-1.el7.src.rpm Build Date: Wed 23 Jul 2014 11:35:56 PM CEST Build Host: buildhw-02.phx2.fedoraproject.org Relocations: (not relocatable) Packager: Fedora Project Vendor: Fedora Project URL: Summary: End-user tools for the Clam Antivirus scanner Description: Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet.
The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. # vim /etc/cron.d/clamav-update ## Adjust this line. MAILTO=root ## It is ok to execute it as root; freshclam drops privileges and becomes ## user 'clamupdate' as soon as possible # Django: 2014-11-15 # default: alle 3 Stunden # 0./3. root /usr/share/clamav/freshclam-sleep 0./3. root /usr/share/clamav/freshclam-sleep # vim /etc/sysconfig/freshclam ## When changing the periodicity of freshclam runs in the crontab, ## this value must be adjusted also.
Its value is the timespan between ## two subsequent freshclam runs in minutes. For the default ## ## 0./3.
## ## crontab line, the value is 180 (minutes). # FRESHCLAMMOD= ## A predefined value for the delay in seconds. By default, the value is ## calculated by the 'hostid' program.
This predefined value guarantees ## constant timespans of 3 hours between two subsequent freshclam runs. ## ## This option accepts two special values: ## 'disabled-warn'. Disables the automatic freshclam update and ## gives out a warning ## 'disabled'. Disables the automatic freshclam silently # FRESHCLAMDELAY= ###!!!!! REMOVE ME!!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid ### REMOVE ME: network access without prior activation # # Django: 2014-11-15 # default: FRESHCLAMDELAY=disabled-warn # REMOVE ME # curl -O% Total% Received% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68 100 68 0 0 155 0 -:-:- -:-:- -:-:- 155 # clamscan -infected -remove -recursive./eicar.com: Eicar-Test-Signature FOUND./eicar.com: Removed. SCAN SUMMARY - Known viruses: 3418320 Engine version: 0.98.4 Scanned directories: 9 Scanned files: 14 Infected files: 1 Data scanned: 0.27 MB Data read: 0.14 MB (ratio 1.94:1) Time: 11.733 sec (0 m 11 s). # less /usr/share/doc/clamav-0.98.4/README Note: This README/NEWS file refers to the source tarball. Some things described here may not be available in binary packages. 0.98.4 - ClamAV 0.98.4 is a bug fix release. The following issues are now resolved: - Various build problems on Solaris, OpenBSD, AIX.
Crashes of clamd on Windows and Mac OS X platforms when reloading the virus signature database. Infinite loop in clamdscan when clamd is not running.
Freshclam failure on Solaris 10. Buffer underruns when handling multi-part MIME email attachments. Configuration of OpenSSL on various platforms. Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1. Linking issues with libclamunrar Thanks to the following individuals for testing, writing patches, and initiating quality improvements in this release: Tuomo Soini Scott Kitterman Jim Klimov Curtis Smith Steve Basford Martin Preen Lars Hecking Stuart Henderson Ismail Paruk Larry Rosenbaum Dave Simonson Sebastian Andrzej Siewior 0.98.2 - Here are the new features and improvements in ClamAV 0.98.3: - Support for common raw disk image formats using 512 byte sectors, specifically GPT, APM, and MBR partitioning.
Experimental support of OpenIOC files. ClamAV will now extract file hashes from OpenIOC files residing in the signature database location, and generate ClamAV hash signatures. ClamAV uses no other OpenIOC features at this time. No OpenIOC files will be delivered through freshclam.
See openioc.org and iocbucket.com for additional information about OpenIOC. All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop) now support IPV6 addresses and configuration parameters. Use OpenSSL file hash functions for improved performance.
OpenSSL is now prerequisite software for ClamAV 0.98.2. Improved detection of malware scripts within image files. Issue reported by Maarten Broekman. Change to circumvent possible denial of service when processing icons within specially crafted PE files. Icon limits are now in place with corresponding clamd and clamscan configuration parameters.
This issue was reported by Joxean Koret. Improvements to the fidelity of the ClamAV pattern matcher, an issue reported by Christian Blichmann. Opt-in collection of statistics. Statistics collected are: sizes and MD5 hashes of files, PE file section counts and section MD5 hashes, and names and counts of detected viruses. Enable statistics collection with the -enable-stats clamscan flag or StatsEnabled clamd configuration parameter.
Improvements to ClamAV build process, unit tests, and platform support with assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman, and Dave Simonson. Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.
ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation improvements. Thanks to the following ClamAV community members for sending patches or reporting bugs and issues that are addressed in ClamAV 0.98.2: Sebastian Andrzej Siewior Scott Kitterman Joxean Koret Arkadiusz Miskiewicz Dave Simonson Maarten Broekman Christian Blichmann - REGARDING OPENSSL In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two.
You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. 0.98.1 - ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and quality improvements. These include: - Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format. Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
XAR format is commonly used for software packaging, such as PKG and RPM, as well as general archival. Decompression and scanning of files in 'Xz' compression format. Recognition of Open Office XML formats.
Improvements and fixes to extraction and scanning of ole formats. Option to force all scanned data to disk. This impacts only a few file types where some embedded content is normally scanned in memory. Enabling this option ensures that a file descriptor exists when callback functions are used, at a small performance cost.
This should only be needed when callback functions are used that need file access. Various improvements to ClamAV configuration, support of third party libraries, and unit tests.
0.98 - ClamAV 0.98 includes many new features, across all the different components of ClamAV. There are new scanning options, extensions to the libclamav API, support for additional filetypes, and internal upgrades. Signature improvements: New signature targets have been added for PDF files, Flash files and Java class files. (NOTE: Java archive files (JAR) are not part of the Java target.) Hash signatures can now specify a '.' (wildcard) size if the size is unknown.
Using wildcard size requires setting the minimum engine FLEVEL to avoid backwards compatibility issues. For more details read the ClamAV Signatures guide. Scanning enhancements: New filetypes can be unpacked and scanned, including ISO9660, Flash, and self-extracting 7z files.
PDF handling is now more robust and better handles encrypted PDF files. Authenticode: ClamAV is now aware of the certificate chains when scanning signed PE files. When the database contains signatures for trusted root certificate authorities, the engine can whitelist PE files with a valid signature. The same database file can also include known compromised certificates to be rejected! This feature can also be disabled in clamd.conf (DisableCertCheck) or the command-line (nocerts). New options: Several new options for clamscan and clamd have been added.
For example, ClamAV can be set to print infected files and error files, and suppress printing OK results. This can be helpful when scanning large numbers of files. This new option is '-o' for clamscan and 'LogClean' for clamd. Check clamd.conf or the clamscan help message for specific details. New callbacks added to the API: The libclamav API has additional hooks for developers to use when wrapping ClamAV scanning. These function types are prefixed with 'clcb' and allow developers to add logic at certain steps of the scanning process without directly modifying the library.
For more details refer to the clamav.h file. More configurable limits: Several hardcoded values are now configurable parameters, providing more options for tuning the engine to match your needs. Check clamd.conf or the clamscan help message for specific details. Performance improvements: This release furthers the use of memory maps during scanning and unpacking, continuing the conversion started in prior releases.
Complex math functions have been switched from libtommath to tomsfastmath functions. The A/C matcher code has also been optimized to provide a speed boost. Support for on-access scanning using Clamuko/Dazuko has been replaced with fanotify. Accordingly, clamd.conf settings related to on-access scanning have had Clamuko removed from the name.
Clamuko-specific configuration items have been marked deprecated and should no longer be used. There are also fixes for other minor issues and code quality changes. Please see the ChangeLog file for details. The ClamAV team (0.97.8 - ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to Felix Groebert of the Google Security Team for finding and reporting these issues.
0.97.7 - ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for finding and reporting these issues. 0.97.6 - ClamAV 0.97.6 includes minor bug fixes and detection improvements. ClamAV 0.97.6 corrects bug 5252 'CLEFORMAT: Bad format or broken data ERROR reported as scan result.'
0.97.5 - ClamAV 0.97.5 addresses possible evasion cases in some archive formats (CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability issues in portions of the bytecode engine. This release is recommended for all users. 0.97.4 - ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial support for on-access scanning under Mac OS X (see contrib/ClamAuth). This update is recommended for all users.
0.97.3 - ClamAV 0.97.3 is a minor bugfix release and is recommended for all users. Please refer to the ChangeLog file for details.
0.97.2 - ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing detection, hash matcher, and other minor issues. Please see the ChangeLog file for details. Announcement.
The ClamAV project is launching a new service called 'Third Party web interface'. It will allow selected individuals/organizations to publish ClamAV Virus Databases (CVD) through the ClamAV mirror network. If you choose to publish your signatures through our Third Party web interface you will benefit from the following: - before publishing the signatures, we will test them for false positives against our false positive file collection. before publishing the signatures, we'll verify that the latest two major versions of ClamAV can load them correctly. the signatures will be digitally signed and packaged into a single.cvd compressed file.
there will be no '.UNOFFICIAL' suffix in the detection names. a custom prefix will be added to the detection names, identifying the organization which published the signature. updates will be distributed both as full CVD files and cdiff incremental updates. Users will benefit from lower network traffic.
the.cvd and.cdiff files will be distributed through the ClamAV mirror network. the service should result in faster remediation of false positives. ClamAV users will be able to download the third party databases using freshclam, by adding a single line to freshclam.conf, what should make signature maintenance significantly easier. The service is still in beta, you are welcome to contact Luca Gibelli if you intend to join the beta program.
We especially welcome those who already distribute their own unofficial signatures to join. A list of databases distributed by the new service will be available at We will be happy to answer any questions you might have. The ClamAV team (0.97.1 - This is a bugfix release recommended for all users. Please refer to the ChangeLog file for details.
The ClamAV team (0.97 - ClamAV 0.97 brings many improvements, including complete Windows support (all major components compile out-of-box under Visual Studio), support for signatures based on SHA1 and SHA256, better error detection, as well as speed and memory optimizations. The complete list of changes is available in the ChangeLog file.
For upgrade notes and tips please see: With Sourcefire, Inc. Acquisition of Immunet Corp., ClamAV for Windows 3.0 has been renamed Immunet 3.0, powered by ClamAV.
This release contains the fully integrated LibClamAV 0.97 engine for offline, OnDemand, and OnAccess scanning. Immunet 3.0 users can now utilize the full power of the LibClamAV engine, all the ClamAV signatures, and creation of custom signatures on any platform running Immunet 3.0, powered by ClamAV. If you run Windows systems in your environment and need an AV solution to protect them, give Immunet 3.0, powered by ClamAV a try; you can download it from - The ClamAV team (0.96.5 - ClamAV 0.96.5 includes bugfixes and minor feature enhancements, such as improved handling of detection statistics, better file logging, and support for custom database URLs in freshclam. Please refer to the ChangeLog for details. The ClamAV team (0.96.4 - ClamAV 0.96.4 is a bugfix release recommended for all users. The ClamAV team (0.96.3 - This release fixes problems with the PDF parser and the internal bzip2 library. A complete list of changes is available in the Changelog file.
The ClamAV team (0.96.2 - ClamAV 0.96.2 brings a new PDF parser, performance and memory improvements, and a number of bugfixes and minor enhancements. This upgrade is recommended for all users. 0.96.1 - This is a bugfix release, please refer to the ChangeLog for the complete list of changes. The ClamAV team (0.96 - This release of ClamAV introduces new malware detection mechanisms and other significant improvements to the scan engine. The key features include: - The Bytecode Interpreter: the interpreter built into LibClamAV allows the signature writers to create and distribute very complex detection routines and remotely enhance the scanner's functionality - Heuristic improvements: improve the PE heuristics detection engine by adding support of bogus icons and fake PE header information. In a nutshell, ClamAV can now detect malware that tries to disguise itself as a harmless application by using the most common Windows program icons.
Signature Improvements: logical signature improvements to allow more detailed matching and referencing groups of signatures. Additionally, improvements to wildcard matching on word boundaries and newlines. Support for new archives: 7zip, InstallShield and CPIO. LibClamAV can now transparently unpack and inspect their contents. Support for new executable file formats: 64-bit ELF files and OS X Universal Binaries with Mach-O files. Additionally, the PE module can now decompress and inspect executables packed with UPX 3.0. Support for DazukoFS in clamd - Performance improvements: overall performance improvements and memory optimizations for a better overall resource utilization experience.
Native Windows Support: ClamAV will now build natively under Visual Studio. This will allow 3rd Party application developers on Windows to easily integrate LibClamAV into their applications. The complete list of changes is available in the ChangeLog file. For upgrade notes and tips please see: - The ClamAV team (0.95.3 - ClamAV 0.95.3 is a bugfix release recommended for all users. Please refer to the ChangeLog included in the source distribution for the list of changes. The ClamAV team (0.95.2 - This version improves handling of archives, adds support for -file-list in clamscan and clamdscan, and fixes various issues found in previous releases. The ClamAV team (0.95.1 - This is a bugfix release only, please see the ChangeLog for details.
The ClamAV team (0.95 - ClamAV 0.95 introduces many bugfixes, improvements and additions. To make the transition easier, we put various tips and upgrade notes on this page: For detailed list of changes and bugfixes, please see the ChangeLog. The following are the key features of this release: - Google Safe Browsing support: in addition to the heuristic and signature based phishing detection mechanisms already available in ClamAV, the scanner can now make use of the Google's blacklists of suspected phishing and malware sites. The ClamAV Project distributes a constantly updated Safe Browsing database, which can be automatically fetched by freshclam.
For more information, please see freshclam.conf(5) and - New clamav-milter: The program has been redesigned and rewritten from scratch. The most notable difference is that the internal mode has been dropped which means that now a working clamd companion is required. The milter now also has its own configuration file.
Clamd extensions: The protocol has been extended to lighten the load that clamd puts on the system, solve limitations of the old protocol, and reduce latency when signature updates are received. For more information about the new extensions please see the official documentation and the upgrade notes. Improved API: The API used to program ClamAV's engine (libclamav) has been redesigned to use modern object-oriented techniques and solves various API/ABI compatibility issues between old and new releases. You can find more information in Section 6 of clamdoc.pdf and in the upgrade notes.
ClamdTOP: This is a new program that allows system administrators to monitor clamd. It provides information about the items in the clamd's queue, clamd's memory usage, and the version of the signature database, all in real-time and in nice curses-based interface. Memory Pool Allocator: Libclamav now includes its own memory pool allocator based on memory mapping. This new solution replaces the traditional malloc/free system for the copy of the signatures that is kept in memory. As a result, clamd requires much less memory, particularly when signature updates are received and the database is loaded into memory. Unified Option Parser: Prior to version 0.95 each program in ClamAV's suite of programs had its own set of runtime options. The new general parser brings consistency of use and validation to these options across the suite.
Some command line switches of clamscan have been renamed (the old ones will still be accepted but will have no effect and will result in warnings), please see clamscan(1) and clamscan -help for the details. The ClamAV team (0.94.2 - This is a bugfix release, please refer to the ChangeLog for a complete list of changes. The ClamAV team (0.94.1 - ClamAV 0.94.1 fixes some issues that were found in previous releases and includes one new feature, 'Malware Statistics Gathering.'
This is an optional feature that allows ClamAV users optionally to submit statistics to us about what they detect in the field. We will then use these data to determine what types of malware are the most detected in the field and in what geographic area they are. It will also allow us to publish summary data on www.clamav.net where our users will be able to monitor the latest threats. You can help us by enabling SubmitDetectionStats in freshclam.conf. For more details, please refer to the ChangeLog and - The ClamAV team (0.94 - Sourcefire and the ClamAV team are pleased to announce the release of ClamAV 0.94. The following are the key features and improvements of this version: - Logical Signatures: The logical signature technology uses operators such as AND, OR and NOT to allow the combination of more than one signature into one entry in the signature database resulting in more detailed and flexible pattern matching. Anti-phishing Technology: Users can now change the priority and reporting of ClamAV's heuristic anti-phishing scanner within the detection engine process.
They can choose whether, when scanning a supicious file, ClamAV should stop scanning and report the phish, or continue to scan in case the file contains other malware (clamd: HeuristicScanPrecedence, clamscan: -heuristic-scan-precedence) - Disassembly Engine: The initial version of the disassembly engine improves ClamAV's detection abilities.