Dear ClamAV users, the development version of ClamAV is ready for general testing! New mechanisms have already proved very nasty to Internet worms successfully protecting against the new versions R, S, T, U, V and W of the infamous Mydoom worm and detecting them as Worm.Mydoom.Gen before they were analysed and specific signatures added by the ClamAV database maintainers. That means servers running the new version of ClamAV have detected and blocked 100% of Mydoom attacks! New features in this release include: -) libclamav + Portable Executable analyser (CL_SCAN_PE) featuring: o UPX decompression (all versions) o Petite decompression (2.x) o FSG decompression (1.3, 1.31, 1.33) o detection of broken executables (CL_SCAN_BLOCKBROKEN) + new, memory efficient, pattern matching algorithm (multipattern variant of Boyer-Moore) - it"s now primary matcher and Aho-Corasick is only used for regular expression extended signatures + new signature format with advanced target type and offset specification + support for MD5 based signatures + extended regular expression scanner + added support for MS cabinet files + added support for CHM files + added support for POSIX tar archives + scanning inside PowerPoint documents + HTML normaliser with support for decoding of MS Script Encoder code + great improvements in e-mail scanner (now handles even more worm tricks) + new method of mail files detection + all e-mail attachments are now scanned (previously only the first ten attachments were scanned) + added support for scanning URLs in e-mails (CL_SCAN_MAILURL) + detection of Worm.Mydoom.M.log + updated API (still backward compatible but please consult clamdoc.pdf (Section 6) and adapt your software) -) clamd + new directive ScanHTML (enables HTML normalisator and ScrEnc decoder) + new directive ScanPE (win32 executable analyser and decompressor) + new directive DetectBrokenExecutables (try to detect broken executables and mark them as Broken.Executable) + new directive MailFollowURLs (try to download and scan files from URLs in mails. BE CAREFUL! DO NOT ENABLE IT ON LOADED MAIL SERVERS) + new directive ArchiveBlockMax (archives that exceed limits will be marked as viruses) + clamav.conf was renamed clamd.conf -) clamscan + mail files are scanned by default, use --no-mail to disable it + new option --no-html (disables HTML normalisator) + new option --no-pe (disables PE analyser) + new option --detect-broken + new option --block-max + new option --mail-follow-urls (download and scan files from URLs in mails) -) clamdscan + now prints warnings if some activated command line options are only supported by clamscan + added support for archive scanning in stdin mode -) clamav-milter + improved template file format + quarantined file names now contain virus names + initial support for SESSION mode of clamd -) freshclam: + new directive DNSDatabaseInfo that enables ultra lightweight version verification method through DNS (using TXT records). Based on idea by Christopher X. Candreva and enabled by default. (see http://www.gossamer-threads.com/lists/clamav/users/11102) + new option --no-dns (quick option to disable DNS method without editing freshclam.conf) -) sigtool + removed ability of automatic signature generation (use MD5 sums to create your own signatures, see signatures.pdf for details) + new option --md5 + new option --html-normalise (saves HTML normalisation and decryption results in three html files in current directory) -) configure: + new option --disable-gethostbyname_r (try enabling it if clamav-milter compilation fails) + new option --disable-dns (try enabling it if freshclam compilation fails) + extended regular expression scanner -) documentation + included new Mac OS X installation instructions + official documentation rewritten and outdated docs removed -) new 3rd party software with support for ClamAV: + OdeiaVir - an e-mail filter for qmail and Exim + ClamSMTP - a lightweight (written in C) and simple filter for Postfix + Protea AntiVirus Tools - a virus filter for Lotus Domino + PTSMail Utilities - an e-mail filter for Sendmail + mxGuard for IMail - a mail filter for Ipswitch IMail (W32) + Zabit - a content and attachment filter for qmail + BeClam - ClamAV port for BeOS + clamXav - a virus scanner with GUI for Mac OS X Special thanks to aCaB for his work on UPX, FSG and Petite decompressors. Thanks to good reaction times on new threats, ClamAV was awarded as best security tool for 2004 by Linux Journal. Quoting from http://www.linuxjournal.com/article.php?sid=7564 : "...With this year"s outbreak of e-mail worms for non-Linux platforms, ClamAV has been getting quite a workout, and Linux admins on mailing lists report that database update times are keeping up with or beating the proprietary alternatives."
-- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users