ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published

 Today, we are releasing the following critical patch versions for ClamAV:

• 0.103.8
• 0.105.2
• 1.0.1

ClamAV 0.104 has reached end-of-life according to the ClamAV End of Life (EOL) policy and will not be patched. Anyone using ClamAV 0.104 must switch to a supported version. All users should update as soon as possible to patch for the remote code execution vulnerability and remote information leak vulnerability.

Edit: We are aware that technical details for CVE-2023-20032 and a proof-of-concept sample to demonstrate the buffer overflow are publicly available.

The release files are available for download on ClamAV.net, on the Github Release page, and through Docker Hub.

1.0.1

ClamAV 1.0.1 is a critical patch release with the following fixes:

• CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

• CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

• Fix an allmatch detection issue with the preclass bytecode hook.

  • GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/825

• Update the vendored libmspack library to version 0.11alpha.

  • GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/828

0.105.2

ClamAV 0.105.2 is a critical patch release with the following fixes:

• CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

• CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

• Fixed an issue loading Yara rules containing regex strings with an escaped forward-slash (\/) followed by a colon (:).

  • GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/695

• Moved the ClamAV Docker files for building containers to a new Git repository. The Docker files are now in https://github.com/Cisco-Talos/clamav-docker. This change enables us to fix issues with the images and with the supporting scripts used to publish and update the images without committing changes directly to files in the ClamAV release branches.

  • GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/765

• Update the vendored libmspack library to version 0.11alpha.

  • GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/829

0.103.8

ClamAV 0.103.8 is a critical patch release with the following fixes:

• CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

• CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

• Update the vendored libmspack library to version 0.11alpha.

  • GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/830

ClamAV 0.103.7, 0.104.4 and 0.105.1 patch versions published

Today, we are releasing the following critical patch versions:

• 0.103.7
• 0.104.4
• 0.105.1

As a friendly reminder, 0.104.4 will be the last patch version for the 0.104 feature release per the ClamAV End-of-Life Policy. The 0.103 Long Term Support release will continue to receive patch versions until September 2023.

The release files are available for download on ClamAV.net or through Docker Hub.

ClamAV 0.105.0, 0.104.3, 0.103.6 released

The ClamAV 0.105.0 feature release is now stable and available for download on ClamAV.net or through Docker Hub.

Today, we're also publishing the 0.104.3 and 0.103.6 security patch versions, including several CVE fixes. These fixes have also been included in the 0.105 feature release. The source package and installer packages for these versions can be found under the "Previous Stable Releases" section of our Downloads page.

As a reminder, the 0.105 and 0.104 release files now include the following install packages:

• x86_64 and i686 RPM packages are compatible with RPM-based Linux distributions running glibc version 2.17 or newer.

• x86_64 and i686 DEB packages are compatible with Debian-based Linux distributions running glibc version 2.23 or newer.

• An x86_64/ARM64 macOS installer package is compatible with Intel and Apple M1 systems.

• x64 and win32 Windows packages are compatible with Windows 7 and newer.

Keep reading to find out what is in each version. 

ClamAV 0.103.1 patch release

ClamAV 0.103.1 is out now. Users can head over to clamav.net/downloads to download the release materials.

 

The latest version of ClamAV contains the following fixes and improvements:

Notable changes

•  Added a new scan option to alert on broken media (graphics) file formats.
  
  This feature mitigates the risk of malformed media files intended to exploit vulnerabilities in other software. At present, media validation exists for JPEG, TIFF, PNG and GIF files. To enable this feature, set AlertBrokenMedia yes in clamd.conf for use with ClamD, or use the --alert-broken-media option when using ClamScan. These options are disabled by default in this patch release but may be enabled in a subsequent release.
  
  Application developers may enable this scan option by enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field.
  

• Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF and PNG typing behavior. BMP and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG 2000 format-checking capabilities.
  

 Bug fixes

• Fixed PNG parser logic bugs that caused an excess of parsing errors and fixed a stack exhaustion issue affecting some systems when scanning PNG files. PNG file type detection was disabled via signature database update for ClamAV version 0.103.0 to mitigate the effects from these bugs.
  

• Fixed an issue where PNG and GIF files no longer work with Target:5 graphics signatures if detected as CL_TYPE_PNG or CL_TYPE_GIF rather than as CL_TYPE_GRAPHICS. Target types now support up to 10 possible file types to make way for additional graphics types in future releases.
  

• Fixed ClamOnAcc's --fdpass option.
  
  File descriptor passing (or "FD-passing") is a mechanism by which ClamOnAcc and ClamDScan may transfer an open file to ClamD to scan, even if ClamD is running as a non-privileged user and wouldn't otherwise have read-access to the file. This enables ClamD to scan all files without having to run ClamD as root. If possible, ClamD should never be run as root to mitigate the risk in case ClamD is somehow compromised while scanning malware.
  
  Interprocess file descriptor passing for ClamOnAcc was broken since version 0.102.0 due to a bug introduced by the switch to cURL for communicating with ClamD. On Linux, passing file descriptors from one process to another is handled by the kernel, so we reverted ClamOnAcc to use standard system calls for socket communication when FD-passing is enabled.
  

• Fixed a ClamOnAcc stack corruption issue on some systems when using an older version of libcurl. Patch courtesy of Emilio Pozuelo Monfort.
  

• Allow ClamScan and ClamDScan scans to proceed even if the realpath lookup failed. This alleviates an issue on Windows scanning files hosted on file-systems that do not support the GetMappedFileNameW() API, such as on ImDisk RAM-disks.
  

• Fixed FreshClam's --on-update-execute=EXIT_1 temporary directory cleanup issue.

• ClamD's log output and VirusEvent feature now provide the scan target's file path instead of a file descriptor. The ClamD socket API for submitting a scan by FD-passing doesn't include a file path. This feature works by looking up the file path by the file descriptor. This feature works on Mac and Linux but is not yet implemented for other UNIX operating systems. FD-passing is not available for Windows.
  

• Fixed an issue where FreshClam database validation didn't work correctly when run in daemon mode on Linux/Unix.

• Fixed scan speed performance issues accidentally introduced in ClamAV 0.103.0 caused by hashing file maps more than once when parsing a file as a new type, and caused by frequent scanning of non-HTML text data with the HTML parser.
  

Other improvements

• Scanning JPEG, TIFF, PNG and GIF files will no longer return "parse" errors when file format validation fails. Instead, the scan will alert with the "Heuristics.Broken.Media" signature prefix and a descriptive suffix to indicate the issue, provided that the "alert broken media" feature is enabled.
  

• GIF format validation will no longer fail if the GIF image is missing the trailer byte, as this appears to be a relatively common issue in otherwise functional GIFs.
  

• Added a TIFF dynamic configuration (DCONF) option that was missing. This will allow us to disable TIFF format validation via signature database update in the event that it proves to be problematic. This feature already exists for many other file types.
  

Acknowledgments

The ClamAV team thanks Emilio Pozuelo Monfort for their code submissions.

ClamAV 0.102.4 security patch released

ClamAV 0.102.4 is out now. Users can head over to clamav.net/downloads to download the release materials.

ClamAV 0.102.4 is a bug patch release to address the following issues:

CVE-2020-3350

Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc.

For more information about AV quarantine attacks using links, see RACK911 Lab's report.

CVE-2020-3327

Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue.

CVE-2020-3481

Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions.

We will be publishing a release candidate for version 0.103.0 in the next couple of weeks. Stay tuned!

ClamAV 0.102.2 security patch released

Today, we're publishing 0.102.2. Navigate to ClamAV's downloads page to download the release materials.

0.102.2

ClamAV 0.102.2 is a security patch release to address the following issues.

• CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash.
• Significantly improved the scan speed of PDF files on Windows.
• Re-applied a fix to alleviate file access issues when scanning RAR files in downstream projects that use libclamav where the scanning engine is operating in a low-privilege process. This bug was originally fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0.
• Fixed an issue where freshclam failed to update if the database version downloaded is one version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file.
• Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The ReceiveTimeout had caused needless database update failures for users with slower internet connections.
• Correctly display the number of kilobytes (KiB) in progress bar and reduced the size of the progress bar to accommodate 80-character width terminals.
• Fixed an issue where running freshclam manually causes a daemonized freshclam process to fail when it updates because the manual instance deletes the temporary download directory. The freshclam temporary files will now download to a unique directory created at the time of an update instead of using a hardcoded directory created/destroyed at the program start/exit.
• Fix for freshclam's OnOutdatedExecute config option.
• Fixes a memory leak in the error condition handling for the email parser.
• Improved bound checking and error handling in ARJ archive parser.
• Improved error handling in PDF parser.
• Fix for memory leak in byte-compare signature handler.
• Updates to the unit test suite to support libcheck 0.13.
• Updates to support autoconf 2.69 and automake 1.15.

Special thanks to the following people for code contributions and bug reports:

•     Antoine Deschênes
•     Eric Lindblad
•     Gianluigi Tiesi
•     Tuomo Soini

Please join us on the ClamAV mailing lists for further discussion. Thanks!

ClamAV 0.101.2 and 0.100.3 patches have been released!

ClamAV 0.101.2

ClamAV 0.101.2 is a patch release to address a handful of security related bugs.

This patch release is being released alongside the 0.100.3 patch so that users
who are unable to upgrade to 0.101 due to libclamav API changes are protected.

This release includes 3 extra security related bug fixes that do not apply to
prior versions.  In addition, it includes a number of minor bug fixes and
improvements.

- Fixes for the following vulnerabilities affecting 0.101.1 and prior:
  - CVE-2019-1787:
    An out-of-bounds heap read condition may occur when scanning PDF
    documents. The defect is a failure to correctly keep track of the number
    of bytes remaining in a buffer when indexing file data.
  - CVE-2019-1789:
    An out-of-bounds heap read condition may occur when scanning PE files
    (i.e. Windows EXE and DLL files) that have been packed using Aspack as a
    result of inadequate bound-checking.
  - CVE-2019-1788:
    An out-of-bounds heap write condition may occur when scanning OLE2 files
    such as Microsoft Office 97-2003 documents. The invalid write happens when
    an invalid pointer is mistakenly used to initialize a 32bit integer to
    zero. This is likely to crash the application.

- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:
  - CVE-2019-1786:
    An out-of-bounds heap read condition may occur when scanning malformed PDF
    documents as a result of improper bounds-checking.
  - CVE-2019-1785:
    A path-traversal write condition may occur as a result of improper input
    validation when scanning RAR archives. Issue reported by aCaB.
  - CVE-2019-1798:
    A use-after-free condition may occur as a result of improper error
    handling when scanning nested RAR archives. Issue reported by David L.

- Fixes for the following assorted bugs:
  - Added checks to prevent shifts from causing undefined behavior in HTML
    normalizer, UPX unpacker, ARJ extractor, CPIO extractor, OLE2 parser,
    LZW decompressor used in the PDF parser, Xz decompressor, and UTF-16 to
    ASCII transcoder.
  - Added checks to prevent integer overflow in UPX unpacker.
  - Fix for minor memory leak in OLE2 parser.
  - Fix to speed up PDF parser when handling truncated (or malformed) PDFs.
  - Fix for memory leak in ARJ decoder failure condition.
  - Fix for potential memory and file descriptor leak in HTML normalization code.

- Removed use of problematic feature that converted file descriptors to
  file paths. The feature was intended to improve performance when scanning
  file types, notably RAR archives, for which the API requires a file path.
  This feature caused issues in environments where the ClamAV engine is run
  in a low-permissions or sandboxed process. RAR archives are still supported
  with this change, but performance may suffer slightly if the file path is not
  provided in calls to `cl_scandesc_callback()`.
  - Added filename and tempfile names to scandesc calls in clamd.
  - Added general scan option `CL_SCAN_GENERAL_UNPRIVILEGED` to treat the scan
    engine as unprivileged, meaning that the scan engine will not have read
    access to the file. Provided file paths are for logging purposes only.
  - Added ability to create a temp file when scanning RAR archives when the
    process does not have read access to the file path provided (i.e.
    unprivileged is set, or an access check fails).

Thank you to the Google OSS-Fuzz project for identifying and reporting many of
the bugs patched in this release.

Additional thanks to the following community members for submitting bug reports:

- aCaB
- David L.

ClamAV 0.100.3

ClamAV 0.100.3 is a patch release to address a few security related bugs.

This patch release is being released alongside the 0.101.2 patch so that users
who are unable to upgrade to 0.101 due to libclamav API changes are protected.

The bug fixes in this release are limited to security-related bugs only.
Users are encouraged to upgrade to 0.101.2 for additional improvements.

- Fixes for the following vulnerabilities:
  - CVE-2019-1787:
    An out-of-bounds heap read condition may occur when scanning PDF
    documents. The defect is a failure to correctly keep track of the number
    of bytes remaining in a buffer when indexing file data.
  - CVE-2019-1789:
    An out-of-bounds heap read condition may occur when scanning PE files
    (i.e. Windows EXE and DLL files) that have been packed using Aspack as a
    result of inadequate bound-checking.
  - CVE-2019-1788:
    An out-of-bounds heap write condition may occur when scanning OLE2 files
    such as Microsoft Office 97-2003 documents. The invalid write happens when
    an invalid pointer is mistakenly used to initialize a 32bit integer to
    zero. This is likely to crash the application.

Thank you to the Google OSS-Fuzz project for identifying and reporting the bugs
patched in this release.

Both of these can be found on ClamAV's downloads site, with 0.101.2 as the main release and 0.100.3 under "Previous Stable Releases"

ClamAV 0.101.1 Patch has been released

ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0 specifically for developers that depend on libclamav. The issue in 0.101.0 is that clamav.h required supporting headers that were not provided on make install. To address this issue, the internal cltypes.h header has been replaced by a clamav-types.h that is generated on ./configure and will be installed alongside clamav.h.

Other changes

Increased the default CommandReadTimeout to reduce the chance of mail loss if using clamav-milter with the TCP socket. Contribution by Scott Kitterman. Fixes for --with-libjson and --with-libcurl to correctly accept library install path arguments.

Acknowledgements

 The ClamAV team thanks the following individuals for their code submissions: Scott Kitterman

Known Issues

Some users have observed crashes the first time running freshclam after upgrading from 0.100 to 0.101. We haven't yet tracked down the source of the issue, but have found that the issue resolves itself and that subsequent calls to freshclam work as expected.

Please download and update to 0.101.1, send us your feedback on ClamAV-Users. 

Libclamav missing headers issue; Upcoming ClamAV 0.101.1 patch

Earlier this month we wrote to the ClamAV users and developers mailing lists to disclose an issue with ClamAV 0.101.0. To reach a larger audience, we are re-posting those details here.

Shortly after the 0.101.0 release was published, we discovered an issue in ClamAV 0.101.0 impacting software developers and software package maintainers that integrate libclamav into other products on Unix/Linux systems. This issue causes an error when a user attempts to compile against a system-installed libclamav. 

We have a fix staged and nearly ready to be published. The fix will be published shortly after the start of 2019 in the ClamAV 0.101.1 patch release. This delay is necessary in order to fully test the fix and complete the due diligence required when creating a new build, accounting for delays that the holiday season brings. We apologize for the inconvenience.

Here are some additional details about this patch:

• ClamAV uses a lot of mixed integer variable types internally. The preferred types are standard int types (eg int8_t, uint64_t, size_t, ptrdiff_t, etc).
• As an ongoing effort to make variable types more consistent throughout the code base, we made the mistake of including the `cltypes.h` header file in `clamav.h`, which is not only used internally, but defines the public libclamav API. Because neither the `cltypes.h` header, nor the supporting `clamav-config.h` header are provided when installing libclamav to a system, applications built with a system-installed libclamav from version 0.101.0 will fail to compile.
• To resolve the issue, we will be replacing `cltypes.h` with a new `clamav-types.h` file that is generated when the user runs `./configure.` This will be installed alongside `clamav.h` when the user runs `make install.` This will ensure that `clamav.h` has access to the necessary integer types on all operating systems and architectures.
• To mitigate similar issues in the future, we have added a test to our build-acceptance suite to test building an application against a system-installed libclamav library.

ClamAV 0.100.1 has been released!

ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.

• Fixes for the following CVE's:
  • CVE-2017-16932: Vulnerability in libxml2 dependency (affects ClamAV on Windows only).  (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932)
  • CVE-2018-0360: HWP integer overflow, infinite loop vulnerability. Reported by Secunia Research at Flexera. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0360)
  • CVE-2018-0361: ClamAV PDF object length check, unreasonably long time to parse relatively small file. Reported by aCaB. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0361)
• Fixes for a few additional bugs:
  • Buffer over-read in unRAR code due to missing max value checks in table initialization. Reported by Rui Reis.
  • Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck.
  • PDF parser bugs reported by Alex Gaynor.
    • Buffer length checks when reading integers from non-NULL terminated strings.
    • Buffer length tracking when reading strings from dictionary objects.
• HTTPS support for clamsubmit.
• Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only. Patch provided by Guilherme Benkenstein.

Thank you to the following ClamAV community members for your code submissions and bug reports!

• aCaB
• Alex Gaynor
• Guilherme Benkenstein
• Hanno Böck
• Rui Reis
• Laurent Delosieres, Secunia Research at Flexera

ClamAV 0.97.8 has been released!

Dear ClamAV users,


"ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to Felix Groebert of the Google Security Team for finding and reporting these issues."


Download: http://downloads.sourceforge.net/clamav/clamav-0.97.8.tar.gz 
PGP sig: http://downloads.sourceforge.net/clamav/clamav-0.97.8.tar.gz.sig
ChangeLog: https://github.com/vrtadmin/clamav-devel/blob/0.97/ChangeLog

--
The ClamAV team (http://www.clamav.net/lang/en/about/team/

ClamAV 0.97.7 has been released!

Dear ClamAV users,


"ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for finding and reporting these issues."


Download: http://downloads.sourceforge.net/clamav/clamav-0.97.7.tar.gz 
PGP sig: http://downloads.sourceforge.net/clamav/clamav-0.97.7.tar.gz.sig
ChangeLog: https://github.com/vrtadmin/clamav-devel/blob/0.97/ChangeLog

--
The ClamAV team (http://www.clamav.net/lang/en/about/team/

Windows versions of ClamAV 0.97.6 posted!

All:

If you are a Windows user of ClamAV, you'll be happy to know that we have released the Windows builds for ClamAV 0.97.6 to our Sourceforge site here:

http://sourceforge.net/projects/clamav/files/clamav/win32/0.97.6/

Please feel free to download, use, and provide feedback via the ClamAV-Users list here:

http://lists.clamav.net/mailman/listinfo/clamav-users

Thanks!

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

ClamAV 0.97.6 has been released.

Dear ClamAV users,

ClamAV 0.97.6 includes minor bug fixes and detection improvements.

Download: http://downloads.sourceforge.net/clamav/clamav-0.97.6.tar.gz
PGP sig: http://downloads.sourceforge.net/clamav/clamav-0.97.6.tar.gz.sig
ChangeLog: https://github.com/vrtadmin/clamav-devel/blob/0.97/ChangeLog

--

The ClamAV team (http://www.clamav.net/lang/en/about/team/)

ClamAV 0.97.5 has been released!

Just released is version 0.97.5 of ClamAV.  Below is the changelog:

Fri Jun 1 13:15:50 EST 2012 (dar)
---------------------------------
 * libclamav: Scan output at end of truncated tar (bb#4625) 

Wed May 30 17:27:00 EST 2012 (dar)
----------------------------------
 * libclamav: Fix handling of tar file with malformed header
         (bb#4627)

Fri May 25 13:05:40 EST 2012 (dar)
----------------------------------
 * libclamav: Scan chm with invalid handling (bb#4626)

Thu May 10 15:45:56 CEST 2012 (tk)
----------------------------------
 * freshclam: give custom dbs higher priority during update

Tue May  8 15:31:51 CEST 2012 (acab)
------------------------------------
 * libclamav: detect read races and abort the scan with an error
       (bb#4669)

Tue Apr 10 17:04:20 CEST 2012 (tk)
----------------------------------
 * libclamav/pe.c: drop old header check (bb#4699)

We are currently experiencing some problems updating our freshmeat account, however, in the meantime ClamAV, as always, is available from http://www.clamav.net

ClamAV 0.97.4 has been released!

ClamAV 0.97.4 includes minor bugfixes, detection improvements and
initial support for on-access scanning under Mac OS X (see
contrib/ClamAuth).

This update is recommended for all users.

Wed Feb 29 18:35:45 CET 2012 (acab)
-----------------------------------
 * libclamav/bytecode.c: reset to BYTECODE_AUTO mode at db reload so that
    we don't fail to re-enable or re-disable it again
    (bb#3789)

Tue Jan 17 11:15:57 CET 2012 (acab)
-----------------------------------
 * misc: performance improvement for HP-UX PA-RISC - patch from 
  Michael Pelletier <michael.v.pelletier*raytheon.com> (bb#3926)

Fri Nov  4 00:52:21 CET 2011 (acab)
-----------------------------------
 * libclamav/pe.c: parse vinfo where varfileinfo occours before stringfileinfo
     (bb#3062)

Fri Mar  2 19:48:36 CET 2012 (tk)
---------------------------------
 * clamd: add support for on-access scanning on OS X with ClamAuth (beta)

Wed Feb 29 17:02:18 EET 2012 (edwin)
------------------------------------
 * libclamav/bytecode_api*: Fix Sparc crash (bb #4324)

Tue Feb  7 23:23:48 CET 2012 (tk)
---------------------------------
 * libclamav: fix bytecode whitelisting

Wed Jan 25 18:56:44 CET 2012 (tk)
---------------------------------
 * libclamav: fix macro detection in OLE2BlockMacros (bb#4269)

Thu Dec  1 15:07:49 CET 2011 (tk)
---------------------------------
 * libclamav/readdb.c: allow comments in all db files (bb#3930)

Fri Nov 18 15:23:50 CET 2011 (tk)
---------------------------------
 * libclamav/scanners.c: use lsigs when scanning vba data (bb#3922)

Fri Nov 18 15:48:59 EET 2011 (edwin)
-----------------------------------
 * libclamav/matcher-hash.c: Fix SIGBUS on PA-RISC (big-endian) architectures (bb #3894).

Download : http://downloads.sourceforge.net/clamav/clamav-0.97.4.tar.gz
PGP sig  : http://downloads.sourceforge.net/clamav/clamav-0.97.4.tar.gz.sig
Bugfixes : http://www.clamav.net/release-info/bugs/0.97.4
ChangeLog: http://www.clamav.net/release-info/changelog/0.97.4

ClamAV 0.97.3 has been released!

Just released is version 0.97.3 of ClamAV.  The following changes are noted in the ChangeLog distributed with the package:

Mon Oct 10 14:41:48 CEST 2011 (tk)
* freshclam/manager.c: fix error when compiling without DNS support (bb#3056)

Sat Oct  8 12:19:49 EEST 2011 (edwin)
* libclamav/pdf.c: flag and dump PDF objects with /Launch (bb #3514)

Sat Oct  8 12:10:13 EEST 2011 (edwin)
* libclamav/bytecode.c,bytecode_api.c: fix recursion level crash (bb #3706).

Tue Aug  2 17:03:33 CEST 2011 (tk)
* docs: clarify behavior of --scan-*/Scan* options (bb#3134)

Mon Jul 25 16:09:19 EEST 2011 (edwin)
* libclamav/bytecode_vm.c: fix opcode 20 error (bb #3100)

Thu Sep 15 14:44:11 CEST 2011 (tk)
* freshclam: fix pidfile removal (bb#3499)

Sun Aug 21 17:05:24 EEST 2011 (edwin)
* libclamav/pdf.c:  fix incorrect blocking of some encrypted PDF with empty user passwords. (bb #3364)

Wed Aug  3 15:41:28 CEST 2011 (tk)
* sigtool/sigtool.c: fix calculation of max signature length

You can download the newest version of ClamAV by visiting the ClamAV.net website, or at the following download links:

Download : http://downloads.sourceforge.net/clamav/clamav-0.97.3.tar.gz

PGP sig  : http://downloads.sourceforge.net/clamav/clamav-0.97.3.tar.gz.sig

Bugfixes : http://www.clamav.net/release-info/bugs/0.97.3

ChangeLog: http://www.clamav.net/release-info/changelog/0.97.3