ClamAV 0.97.5 has been released!

Just released is version 0.97.5 of ClamAV.  Below is the changelog:

Fri Jun 1 13:15:50 EST 2012 (dar)
---------------------------------
 * libclamav: Scan output at end of truncated tar (bb#4625) 

Wed May 30 17:27:00 EST 2012 (dar)
----------------------------------
 * libclamav: Fix handling of tar file with malformed header
         (bb#4627)

Fri May 25 13:05:40 EST 2012 (dar)
----------------------------------
 * libclamav: Scan chm with invalid handling (bb#4626)

Thu May 10 15:45:56 CEST 2012 (tk)
----------------------------------
 * freshclam: give custom dbs higher priority during update

Tue May  8 15:31:51 CEST 2012 (acab)
------------------------------------
 * libclamav: detect read races and abort the scan with an error
       (bb#4669)

Tue Apr 10 17:04:20 CEST 2012 (tk)
----------------------------------
 * libclamav/pe.c: drop old header check (bb#4699)

We are currently experiencing some problems updating our freshmeat account, however, in the meantime ClamAV, as always, is available from http://www.clamav.net

ClamAV vs. ContentIQ Test series

I wanted to call attention to a series of blog posts that Alain is writing over on the VRT blog about the ContentIQ test and ClamAV's results with that test.  Enjoy:

http://blog.talosintel.com/2012/02/clamav-vs-content-iq-test-part-1.html
http://blog.talosintel.com/2012/03/clamav-vs-content-iq-test-part-2.html
http://blog.talosintel.com/2012/04/clamav-vs-content-iq-test-part-3.html

Building a Computer Disaster Recovery Toolkit

In this article over at CNET, one of the things they discuss is using An Ubuntu Live CD, included with ClamAV to help repair infected computers.



Article here

ClamAV as a service on Windows with Kerio Connect / Mailserver

A quick blog post about installing ClamWin with Kerio Connect.

http://blog.campodoro.org/?p=269

ClamAV needs an Intern

The VRT is looking for an Intern to assist with the ClamAV and Razorback projects. If you are a C coder, we'd like to hear from you.

We are looking for resumes sent to research [at] sourcefire.com.  Please let us know that you are interested in the Intern position with the VRT, and that you saw the blog post here on the ClamAV blog!

On-access scanning for OS X

The ClamAuth kernel extension enables ClamAV to provide on-access scanning for Mac OS X 10.5 and later. 


The current version works in a passive mode only - ClamAV will log the detection but won't block access to the infected file. However, it's possible to perform special actions (eg. quarantine files) with the VirusEvent directive of clamd.

Usage
-----

1. Run ClamAuth_load to load the kernel extension (you can edit the script to change or add more paths that will be monitored).
2. Add "ClamAuth yes" to your clamd.conf (ClamAV 0.97.4) or "ScanOnAccess yes" (ClamAV-devel)
3. Start clamd with root privileges ('sudo /usr/local/sbin/clamd')

If clamd properly connects to the driver, you should see a line like this in the log file:

ClamAuth: Driver version: 0.3, protocol version: 2

ClamAV is now monitoring the paths specified in ClamAuth_load.



If you have any questions or feedback about this module please send it to the ClamAV mailing list here:
http://www.clamav.net/lang/en/ml/

ClamAV 0.97.4 has been released!

ClamAV 0.97.4 includes minor bugfixes, detection improvements and
initial support for on-access scanning under Mac OS X (see
contrib/ClamAuth).

This update is recommended for all users.

Wed Feb 29 18:35:45 CET 2012 (acab)
-----------------------------------
 * libclamav/bytecode.c: reset to BYTECODE_AUTO mode at db reload so that
    we don't fail to re-enable or re-disable it again
    (bb#3789)

Tue Jan 17 11:15:57 CET 2012 (acab)
-----------------------------------
 * misc: performance improvement for HP-UX PA-RISC - patch from 
  Michael Pelletier <michael.v.pelletier*raytheon.com> (bb#3926)

Fri Nov  4 00:52:21 CET 2011 (acab)
-----------------------------------
 * libclamav/pe.c: parse vinfo where varfileinfo occours before stringfileinfo
     (bb#3062)

Fri Mar  2 19:48:36 CET 2012 (tk)
---------------------------------
 * clamd: add support for on-access scanning on OS X with ClamAuth (beta)

Wed Feb 29 17:02:18 EET 2012 (edwin)
------------------------------------
 * libclamav/bytecode_api*: Fix Sparc crash (bb #4324)

Tue Feb  7 23:23:48 CET 2012 (tk)
---------------------------------
 * libclamav: fix bytecode whitelisting

Wed Jan 25 18:56:44 CET 2012 (tk)
---------------------------------
 * libclamav: fix macro detection in OLE2BlockMacros (bb#4269)

Thu Dec  1 15:07:49 CET 2011 (tk)
---------------------------------
 * libclamav/readdb.c: allow comments in all db files (bb#3930)

Fri Nov 18 15:23:50 CET 2011 (tk)
---------------------------------
 * libclamav/scanners.c: use lsigs when scanning vba data (bb#3922)

Fri Nov 18 15:48:59 EET 2011 (edwin)
-----------------------------------
 * libclamav/matcher-hash.c: Fix SIGBUS on PA-RISC (big-endian) architectures (bb #3894).

Download : http://downloads.sourceforge.net/clamav/clamav-0.97.4.tar.gz
PGP sig  : http://downloads.sourceforge.net/clamav/clamav-0.97.4.tar.gz.sig
Bugfixes : http://www.clamav.net/release-info/bugs/0.97.4
ChangeLog: http://www.clamav.net/release-info/changelog/0.97.4

Are you a ninja? Want to become one?

Then we want to talk to you! While you can look up the different openings that the Vulnerability Research Team (VRT) has, what you won't see if why you should choose Sourcefire for your next job. This is why I love working here, in no particular order:

1. The people. We come from different backgrounds and bring a wealth of talent and knowledge to the table. Most of us were using computers pre-Internet before we were 10 years old. Back then, our friends were just happy to have a gaming console and didn't see the point of having a computer. We are curious by nature and didn't stop learning when we got our various degrees. When you engage in conversation with the VRT, be assured that there will be someone who knows at least as much as you on any topic. The VRT is made of smart, smart! individuals and we are looking for people who are driven and can fit in the team culture.

2. Open-source philosophy. Whether it's ClamAV, Snort, or Razorback (and their respective signatures/rules), we believe in letting users see and understand what we do, how we do it, and why we do it. This pushes us to excel at our job and always put the customer first.

3. Fun work environment. We are productive and have crunch times, yet we always know how to have fun. Do you know what "tea time" is? "Truffle shuffle"? "Hit box!"? Do you know what it is "to be slothed"? What does it mean when someone calls "car"? Who's the "grammar police"? Come find out :-)

4. Hobbies. If you like biking, riding motorcycles, playing the guitar, photography, playing tennis or soccer, you will likely find an after-hours hangout buddy with similar interest in the VRT.

5. Lunch. Delivered to you every day between 12PM and 2PM. Just choose what you like from 3 different and rotating restaurant menus and lookout for the the daily email that says that your lunch has arrived. For free. Yup, just like that (well technically it's part of your benefits).

6. Training. Whether you want to informally learn about malware or vulnerability research, attend a conference or a week-long training, or formally work towards a Bachelor's or Master's degree, we'll hook you up.

7. Leadership and Innovation. Snort is the de facto standard for Intrusion Detection and Prevention. ClamAV sets the standard for open-source antivirus and anti-malware solutions. Razorback advances complex threat detection and protection.

I could really go on and on about why you should choose us. If you think you have the right skills, if you think you can grow and most importantly if you are driven, contact us with your resume at research at sourcefire dot com.

Open Source Fact and Fiction: Sourcefire Stays True To Its Roots

Open Source Fact and Fiction: Sourcefire Stays True To Its Roots

Alan Shimel writes a great article about our new product FireAMP, and it's roots, not only with ClamAV but many other OpenSource technologies. It's a quick read, but really shows what we are trying to do here at Sourcefire and how OpenSource is not only the foundation of our products, but really, is baked into everything that we do here.

ClamAV 0.97.3 installation guide on Mac OS X has been posted!

Thanks to Christoph Murauer for an excellent guide to installing ClamAV 0.97.3 on Mac OS X!

Check out Christoph's ClamAV 0.97.3 install guide here.

Thanks to all of our ClamAV community contributors on their documentation, if you'd like to contribute some documentation, please feel free to contact me at joel@snort.org.

As always Snort.org makes no warranty or edits to submitted documentation, and we'd like to thank the contributors of the documentation for their time.