Thursday, November 19, 2015

ClamAV 0.99rc2 contains major new features and changes. YARA rules, 
Perl Compatible Regular Expressions, revamped on-access scanning
for Linux, and other new features join the many great features of ClamAV:

    - Processing of YARA rules(some limitations- see signatures.pdf).
    - Support in ClamAV logical signatures for many of the features
      added for YARA, such as Perl Compatible Regular Expressions,
      alternate strings, and YARA string attributes. See signatures.pdf
      for full details.
    - New and improved on-access scanning for Linux. See the recent blog
      post and clamdoc.pdf for details on the new on-access capabilities.
    - A new ClamAV API callback function that is invoked when a virus 
      is found. This is intended primarily for applications running in 
      all-match mode. Any applications using all-match mode must use 
      the new callback function to record and report detected viruses.    
    - Configurable default password list to attempt zip file decryption.
    - TIFF file support.
    - Upgrade Windows pthread library to 2.9.1.
    - A new signature target type for designating signatures to run
      against files with unknown file types.
    - Improved fidelity of the "data loss prevention" heuristic
      algorithm. Code supplied by Bill Parker.
    - Support for LZMA decompression within Adobe Flash files.
    - Support for MSO attachments within Microsoft Office 2003 XML files.
    - A new sigtool option(--ascii-normalize) allowing signature authors
      to more easily generate normalized versions of ascii files.
    - Windows installation directories changed from \Program Files\Sourcefire\
      ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.

PLEASE NOTE:  If you are using clamd on-access scanning or have applications
using all-match mode, you will want to review the changes and make any necessary
adjustments before using ClamAV 0.99. Users of windows binaries need to be
aware of the change of installation directories.

Thank you to the ClamAV community members who sent patches and bug reports
included for ClamAV 0.99:

Steve Basford
Sebastian Andrzej Siewior
Bill Parker
Andreas Schulze
Yann E. Morin
Andreas Cadhalpun
Dmitry Marakasov
Michael Pelletier
Felix Groebert

You can download ClamAV 0.99rc2 from the ClamAV downloads site.  As a reminder, in an upcoming release, we will cease updating the SourceForge release site for ClamAV.  Please start downloading directly from ClamAV.net now.