Thursday, March 1, 2018

ClamAV 0.99.4 has been released!

Join us as we welcome ClamAV 0.99.4 to the family!

0.99.4 Release Notes

0.99.4 is a security patch release, quick on the heels of the 0.99.3 security patch release.  This is a renewal of our commitment to the ClamAV community for timely fixes to critical issues.

0.99.4 addresses a few outstanding vulnerability bugs.  It includes fixes for:

There are also a few bug fixes that were not assigned CVE’s, but were important enough to address while we had the chance.  One of these was the notorious file descriptor exhaustion bug that caused outages late last January.

In addition to the above, 0.99.4 fixes:

  • CVE-2018-0202 
    • Two newly reported vulnerabilities in the PDF parsing code. 
  • GCC 6, C++11 compatibility issues. 

A big "thank you" to everyone out there contributing patches, bug reports, and helping support the ClamAV community via our mailing lists and IRC channel.

Thank you to the following ClamAV community members for your code submissions and bug reports!

Alberto Garcia
Bernhard Vogel
Francisco Oca
Hanno Böck
Jeffrey Yasskin
Keith Jones
Suleman Ali

Stay tuned for the upcoming 0.100.0 release candidate!


  1. MacPorts having trouble downloading the release, Joel. All mirrors timing out.

  2. We do not control the port in Macports for ClamAV.