> > https://blog.clamav.net/2021/02/clamav-01031-patch-release.html > <https://blog.clamav.net/2021/02/clamav-01031-patch-release.html> > > ClamAV 0.103.1 patch release > > ClamAV 0.103.1 is out now. Users can head over to clamav.net/downloads > <https://www.clamav.net/downloads> to download the release materials. > The latest version of ClamAV contains the following fixes and improvements: > > Notable changes > > Added a new scan option to alert on broken media (graphics) file formats. > > This feature mitigates the risk of malformed media files intended to exploit > vulnerabilities in other software. At present, media validation exists for > JPEG, TIFF, PNG and GIF files. To enable this feature, set AlertBrokenMedia > yes in clamd.conf for use with ClamD, or use the --alert-broken-media option > when using ClamScan. These options are disabled by default in this patch > release but may be enabled in a subsequent release. > > Application developers may enable this scan option by enabling > CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field. > Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF and PNG typing behavior. > BMP and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS because > ClamAV does not yet have BMP or JPEG 2000 format-checking capabilities. > Bug fixes > > Fixed PNG parser logic bugs that caused an excess of parsing errors and fixed > a stack exhaustion issue affecting some systems when scanning PNG files. PNG > file type detection was disabled via signature database update for ClamAV > version 0.103.0 to mitigate the effects from these bugs. > Fixed an issue where PNG and GIF files no longer work with Target:5 graphics > signatures if detected as CL_TYPE_PNG or CL_TYPE_GIF rather than as > CL_TYPE_GRAPHICS. Target types now support up to 10 possible file types to > make way for additional graphics types in future releases. > Fixed ClamOnAcc's --fdpass option. > > File descriptor passing (or "FD-passing") is a mechanism by which ClamOnAcc > and ClamDScan may transfer an open file to ClamD to scan, even if ClamD is > running as a non-privileged user and wouldn't otherwise have read-access to > the file. This enables ClamD to scan all files without having to run ClamD as > root. If possible, ClamD should never be run as root to mitigate the risk in > case ClamD is somehow compromised while scanning malware. > > Interprocess file descriptor passing for ClamOnAcc was broken since version > 0.102.0 due to a bug introduced by the switch to cURL for communicating with > ClamD. On Linux, passing file descriptors from one process to another is > handled by the kernel, so we reverted ClamOnAcc to use standard system calls > for socket communication when FD-passing is enabled. > Fixed a ClamOnAcc stack corruption issue on some systems when using an older > version of libcurl. Patch courtesy of Emilio Pozuelo Monfort. > Allow ClamScan and ClamDScan scans to proceed even if the realpath lookup > failed. This alleviates an issue on Windows scanning files hosted on > file-systems that do not support the GetMappedFileNameW() API, such as on > ImDisk RAM-disks. > Fixed FreshClam's --on-update-execute=EXIT_1 temporary directory cleanup > issue. > ClamD's log output and VirusEvent feature now provide the scan target's file > path instead of a file descriptor. The ClamD socket API for submitting a scan > by FD-passing doesn't include a file path. This feature works by looking up > the file path by the file descriptor. This feature works on Mac and Linux but > is not yet implemented for other UNIX operating systems. FD-passing is not > available for Windows. > Fixed an issue where FreshClam database validation didn't work correctly when > run in daemon mode on Linux/Unix. > Fixed scan speed performance issues accidentally introduced in ClamAV 0.103.0 > caused by hashing file maps more than once when parsing a file as a new type, > and caused by frequent scanning of non-HTML text data with the HTML parser. > Other improvements > > Scanning JPEG, TIFF, PNG and GIF files will no longer return "parse" errors > when file format validation fails. Instead, the scan will alert with the > "Heuristics.Broken.Media" signature prefix and a descriptive suffix to > indicate the issue, provided that the "alert broken media" feature is enabled. > GIF format validation will no longer fail if the GIF image is missing the > trailer byte, as this appears to be a relatively common issue in otherwise > functional GIFs. > Added a TIFF dynamic configuration (DCONF) option that was missing. This will > allow us to disable TIFF format validation via signature database update in > the event that it proves to be problematic. This feature already exists for > many other file types. > Acknowledgments > > The ClamAV team thanks Emilio Pozuelo Monfort for their code submissions.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml