The release date for ClamAV 0.96 RC 1 has been moved up to March 10th, 2010. With that in mind, I wanted to take a moment to highlight some of the new features we've been working on and a new product for ClamAV Windows users. Additionally, I'd like to encourage users to try out the RC when its released on March 10th to help us find bugs before the final release.
First up, let's talk about 0.96 and some of its major new features. 1. The Bytecode Interpreter - The Bytecode Interpreter allows ClamAV sig-makers to create very complex AV signatures for complex pieces of malware. This is a pretty major addition to the detection technologies inside of ClamAV. 2. Native Windows Support - ClamAV will now build natively under Visual Studio. This will allow 3rd Party application developers on windows to easily integrate LibClamAV into their applications. 3. UPX 3.0 unpacking support - Add support to decompressing UPX version 3.0 packed applications. 4. 7zip archive support - Add support for decompressing 7zip archives and inspecting their contents. 5. OSX Mach-O support - Add support for parsing OSX Mach-O binaries files and intelligently inspecting their contents 6. 64-bit ELF support - Add support for intelligently parsing and detecting malware in 64-Bit ELF binaries. 7. InstallShield archives support - Add support for unpacking and inspecting the contents of InstallShield archives. 8. CPIO archive support - Add support for unpacking and inspecting the contents of CPIO archives. 9. Heuristic improvements - Improve the PE heuristics detection engine by adding support of bogus icons and fake PE header information. In a nutshell, ClamAV can now detect malware that tries to disguise itself as a harmless application by using the most common Windows program icons. 10. Performance improvements - Overall performance improvements and memory optimizations for a better overall resource utilization experience. 11. Signature Improvements ? Logical signature improvements to allow referencing groups of signatures. Additionally, improvements to wildcard matching on word boundaries and newlines. And that's not all.... We've partnered up with Immunet (www.immunet.com) to leverage their Cloud-Based and community based detection network. As part of this partnership Immunet has helped us produce a lightweight, simple, and easy to use desktop AV product for Windows. This new product is called ClamAV for Windows. I know somewhat uncreative, but we focused all our creative talents on the technology and not the name. For a complete list of features, how it works, and other details please visit http://www.clamav.net/about/win32/ If you just want to try it out now, go here to download this new product http://www.clamav.net/win32/clam-latest-32.exe - 32 Bit http://www.clamav.net/win32/clam-latest-64.exe - 64 Bit Cheers, -- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
