The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:
ClamAV platform support changes
We now provide ARM64 packages for Windows. We are not able to provide ARM64/aarch64 Linux packages for this release.
Regarding future versions
ClamAV 1.4.0
ClamAV 1.4.0 includes the following improvements and changes:
Major changes
Added support for extracting ALZ archives. The new ClamAV file type for ALZ archives is
CL_TYPE_ALZ. Added a DCONF option to enable or disable ALZ archive support.Tip: DCONF (Dynamic CONFiguration) is a feature that allows for some configuration changes to be made via ClamAV
.cfg"signatures".Added support for extracting LHA/LZH archives. The new ClamAV file type for LHA/LZH archives is
CL_TYPE_LHA_LZH. Added a DCONF option to enable or disable LHA/LZH archive support.Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document.
New ClamScan options:
--scan-image[=yes(*)/no] --scan-image-fuzzy-hash[=yes(*)/no]New ClamD config options:
ScanImage yes(*)/no ScanImageFuzzyHash yes(*)/noNew libclamav scan options:
options.parse &= ~CL_SCAN_PARSE_IMAGE; options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH;Added a DCONF option to enable or disable image fuzzy hashing support.
Other improvements
Added cross-compiling instructions for targeting ARM64/aarch64 processors for Windows and Linux.
Improved the Freshclam warning messages when being blocked or rate limited to include the Cloudflare Ray ID, which helps with issue triage.
Removed unnecessary memory allocation checks when the size to be allocated is fixed or comes from a trusted source. We also renamed internal memory allocation functions and macros, so it is more obvious what each function does.
Improved the Freshclam documentation to make it clear that the
--datadiroption must be an absolute path to a directory that already exists, is writable by Freshclam, and is readable by ClamScan and ClamD.Added an optimization to avoid calculating the file hash if the clean file cache has been disabled. The file hash may still be calculated as needed to perform hash-based signature matching if any hash-based signatures exist that target a file of the same size, or if any hash-based signatures exist that target "any" file size.
Added an improvement to the SystemD service file for ClamOnAcc so that the service will shut down faster on some systems.
Added a CMake build dependency on the version map files so that the build will re-run if changes are made to the version map files. Work courtesy of Sebastian Andrzej Siewior.
Added an improvement to the CMake build so that the RUSTFLAGS settings are inherited from the environment. Work courtesy of liushuyu.
Bug fixes
Silenced confusing warning message when scanning some HTML files.
Fixed minor compiler warnings.
Since the build system changed from Autotools to CMake, ClamAV no longer supports building with configurations where bzip2, libxml2, libz, libjson-c, or libpcre2 are not available. Libpcre is no longer supported in favor of libpcre2. In this release, we removed all the dead code associated with those unsupported build configurations.
Fixed assorted typos. Patch courtesy of RainRat.
Added missing documentation for the ClamScan
--force-to-diskoption.Fixed an issue where ClamAV unit tests would prefer an older libclamunrar_iface library from the install path, if present, rather than the recently compiled library in the build path.
Fixed a build issue on Windows with newer versions of Rust. Also upgraded GitHub Actions imports to fix CI failures. Fixes courtesy of liushuyu.
Fixed an unaligned pointer dereference issue on select architectures. Fix courtesy of Sebastian Andrzej Siewior.
Fixed a bug that prevented loading plaintext (non-CVD) signature files when using the
--fail-if-cvd-older-than=DAYS/FailIfCvdOlderThanoption. Fix courtesy of Bark.
Acknowledgments
Special thanks to the following people for code contributions and bug reports:
- Bark
- liushuyu
- Sebastian Andrzej Siewior
- RainRat
ClamAV Bytecode Compiler 1.4.0
➕ Upgrade bytecode compiler project to LLVM 16.
- The bytecode compiler project now builds multiple shared object files, instead of just one with all of the passes. This is due to running with the "new" pass manager, instead of running with the legacy pass manager, as before. See https://llvm.org/docs/NewPassManager.html and https://blog.llvm.org/posts/2021-03-26-the-new-pass-manager/ for more details.
- The bytecode compiler currently uses (deprecated) non-opaque pointers. Updating to all opaque pointers will be required for the next release. See https://llvm.org/docs/OpaquePointers.html for more information.
🌌 New Requirements:
- LLVM 16
- Clang 16
