Wednesday, August 23, 2017

This morning, we became aware of an issue with our ClamAV mirror infrastructure that was causing some freshclam instances to fail when trying to download the current updates.

This was a result of one of our mirror sync hosts experiencing an issue.  This was resolved by stopping and restarting all services on the machine.

Currently the sync server is healthy, and all requests should be handled normally.

We apologize for any inconvenience this may have caused, and are working to prevent this from occurring in the future.

Thursday, August 3, 2017

Join us as we welcome ClamAV 0.99.3 beta for testing!  Be sure and grab the beta release on our official ClamAV download site.

Welcome to ClamAV 0.99.3. In this release, we have included many code
submissions from the ClamAV community:

  • Interfaces to the Prelude SIEM open source package for collecting ClamAV virus events.
  • Visual Studio 2015 for building Microsoft Windows binaries.
  • Support libmspack internal code or as a shared object library. The internal library is the default and contains additional integrity checks.
  • Linking with openssl 1.1.0.
  • Numerous code patches, typos, and compiler warning fixes.

Additionally, we have introduced important changes and new features in
ClamAV 0.99.3, including:

  • Deprecating internal LLVM code support. The configure script has changed to search the system for an installed instance of the LLVM development libraries, and to otherwise use the bytecode interpreter for ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for executing bytecode signatures, please ensure that the LLVM development package at version 3.6 or lower is installed. Using the deprecated LLVM code is possible with the command: './configure --with-system-llvm=no', but it no longer compile on all platforms.
  • Compute and check PE import table hash (a.k.a. "imphash") signatures.
  • Support file property collection and analysis for MHTML files.
  • Raw scanning of PostScript files.
  • Fix clamsubmit to use the new virus and false positive submission web interface.
  • Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when size limitations are exceeded.
  • Improve decoders for PDF files.

The ClamAV community thanks the following individuals for their ClamAV 0.99.3 code submissions:

Sebastian Andrzej Siewior
Keith Jones
Bill Parker
Chris Miserva
Daniel J. Luke
Matthew Boedicker
Michael Pelletier
Anthony Chan
Stephen Welker

Following are issues discovered during release testing. For additional information, please review the corresponding tickets on

11879 - cli_scanmscan() Failed to extract 4 in Windows beta when scanning cab files
11882 - ./configure does not automatically detect libxml2 on FreeBSD 10.3 and 11.0
11884 - 'sudo make install' on FreeBSD 10.3 and 11.0 leaves files owned by root, subsequent make command fails
11885 - clamsubmit not building on FreeBSD 10.3 and 11.0
11887 - Failures of 'make check VG=1' on FreeBSD 10.3 and 11.0

We ask that feedback be provided via the ClamAV mailing lists.