date:20210209

Re: [clamav-users] [When was 0.103.1 announced on this list?

2021-02-09 Thread Joel Esler (jesler) via clamav-users

Nothing to read into. I just forgot.  Life is good.

-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org

> On Feb 9, 2021, at 2:55 PM, Paul Kosinski  wrote:
> 
> Thanks.
> 
> It's good to know that my mail filtering isn't misbehaving (and that no
> "blackhat" is subtly attacking ClamAV).
> 
> 
> On Tue, 9 Feb 2021 18:37:26 +
> "Joel Esler (jesler)"  wrote:
> 
>> I forgot to announce it.  Sorry about that.
>> 
>> — 
>> Sent from my  iPad
>> 
>>> On Feb 9, 2021, at 10:14, Paul Kosinski via clamav-users 
>>>  wrote:
>>> 
>>> I save all the ClamAV mail, and couldn't find an announcement. 



smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [When was 0.103.1 announced on this list?

2021-02-09 Thread Paul Kosinski via clamav-users

Thanks.

It's good to know that my mail filtering isn't misbehaving (and that no
"blackhat" is subtly attacking ClamAV).


On Tue, 9 Feb 2021 18:37:26 +
"Joel Esler (jesler)"  wrote:

> I forgot to announce it.  Sorry about that.
> 
> — 
> Sent from my  iPad
> 
> > On Feb 9, 2021, at 10:14, Paul Kosinski via clamav-users 
> >  wrote:
> > 
> > I save all the ClamAV mail, and couldn't find an announcement. 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [SUSPECTED SPAM] When was 0.103.1 announced on this list?

2021-02-09 Thread Joel Esler (jesler) via clamav-users

I forgot to announce it.  Sorry about that.

— 
Sent from my  iPad

> On Feb 9, 2021, at 10:14, Paul Kosinski via clamav-users 
>  wrote:
> 
> I save all the ClamAV mail, and couldn't find an announcement. 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamAV® blog: ClamAV 0.103.1 patch release

2021-02-09 Thread Joel Esler (jesler) via clamav-users


> 
> https://blog.clamav.net/2021/02/clamav-01031-patch-release.html 
> 
> 
> ClamAV 0.103.1 patch release
> 
> ClamAV 0.103.1 is out now. Users can head over to clamav.net/downloads 
>  to download the release materials.
> The latest version of ClamAV contains the following fixes and improvements:
> 
> Notable changes
> 
>  Added a new scan option to alert on broken media (graphics) file formats.
> 
> This feature mitigates the risk of malformed media files intended to exploit 
> vulnerabilities in other software. At present, media validation exists for 
> JPEG, TIFF, PNG and GIF files. To enable this feature, set AlertBrokenMedia 
> yes in clamd.conf for use with ClamD, or use the --alert-broken-media option 
> when using ClamScan. These options are disabled by default in this patch 
> release but may be enabled in a subsequent release.
> 
> Application developers may enable this scan option by enabling 
> CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field.
> Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF and PNG typing behavior. 
> BMP and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS because 
> ClamAV does not yet have BMP or JPEG 2000 format-checking capabilities.
>  Bug fixes
> 
> Fixed PNG parser logic bugs that caused an excess of parsing errors and fixed 
> a stack exhaustion issue affecting some systems when scanning PNG files. PNG 
> file type detection was disabled via signature database update for ClamAV 
> version 0.103.0 to mitigate the effects from these bugs.
> Fixed an issue where PNG and GIF files no longer work with Target:5 graphics 
> signatures if detected as CL_TYPE_PNG or CL_TYPE_GIF rather than as 
> CL_TYPE_GRAPHICS. Target types now support up to 10 possible file types to 
> make way for additional graphics types in future releases.
> Fixed ClamOnAcc's --fdpass option.
> 
> File descriptor passing (or "FD-passing") is a mechanism by which ClamOnAcc 
> and ClamDScan may transfer an open file to ClamD to scan, even if ClamD is 
> running as a non-privileged user and wouldn't otherwise have read-access to 
> the file. This enables ClamD to scan all files without having to run ClamD as 
> root. If possible, ClamD should never be run as root to mitigate the risk in 
> case ClamD is somehow compromised while scanning malware.
> 
> Interprocess file descriptor passing for ClamOnAcc was broken since version 
> 0.102.0 due to a bug introduced by the switch to cURL for communicating with 
> ClamD. On Linux, passing file descriptors from one process to another is 
> handled by the kernel, so we reverted ClamOnAcc to use standard system calls 
> for socket communication when FD-passing is enabled.
> Fixed a ClamOnAcc stack corruption issue on some systems when using an older 
> version of libcurl. Patch courtesy of Emilio Pozuelo Monfort.
> Allow ClamScan and ClamDScan scans to proceed even if the realpath lookup 
> failed. This alleviates an issue on Windows scanning files hosted on 
> file-systems that do not support the GetMappedFileNameW() API, such as on 
> ImDisk RAM-disks.
> Fixed FreshClam's --on-update-execute=EXIT_1 temporary directory cleanup 
> issue.
> ClamD's log output and VirusEvent feature now provide the scan target's file 
> path instead of a file descriptor. The ClamD socket API for submitting a scan 
> by FD-passing doesn't include a file path. This feature works by looking up 
> the file path by the file descriptor. This feature works on Mac and Linux but 
> is not yet implemented for other UNIX operating systems. FD-passing is not 
> available for Windows.
> Fixed an issue where FreshClam database validation didn't work correctly when 
> run in daemon mode on Linux/Unix.
> Fixed scan speed performance issues accidentally introduced in ClamAV 0.103.0 
> caused by hashing file maps more than once when parsing a file as a new type, 
> and caused by frequent scanning of non-HTML text data with the HTML parser.
> Other improvements
> 
> Scanning JPEG, TIFF, PNG and GIF files will no longer return "parse" errors 
> when file format validation fails. Instead, the scan will alert with the 
> "Heuristics.Broken.Media" signature prefix and a descriptive suffix to 
> indicate the issue, provided that the "alert broken media" feature is enabled.
> GIF format validation will no longer fail if the GIF image is missing the 
> trailer byte, as this appears to be a relatively common issue in otherwise 
> functional GIFs.
> Added a TIFF dynamic configuration (DCONF) option that was missing. This will 
> allow us to disable TIFF format validation via signature database update in 
> the event that it proves to be problematic. This feature already exists for 
> many other file types.
> Acknowledgments
> 
> The ClamAV team thanks Emilio Pozuelo Monfort for their code submissions.


smime.p7s
Description: S/MIME cryptographic signature

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.1 patch release

2021-02-09 Thread Pablo Murillo


Great !

PNG - GIF files, problem solved !

On 2/9/2021 1:06 PM, Joel Esler (jesler) via clamav-users wrote:




https://blog.clamav.net/2021/02/clamav-01031-patch-release.html 




  ClamAV 0.103.1 patch release

ClamAV 0.103.1 is out now. Users can head over to 
clamav.net/downloads  to download 
the release materials.


The latest version of ClamAV contains the following fixes and 
improvements:



  Notable changes

  *  Added a new scan option to alert on broken media (graphics) file
formats.

This feature mitigates the risk of malformed media files intended
to exploit vulnerabilities in other software. At present, media
validation exists for JPEG, TIFF, PNG and GIF files. To enable
this feature, set AlertBrokenMedia yes in clamd.conf for use with
ClamD, or use the --alert-broken-media option when using
ClamScan. These options are disabled by default in this patch
release but may be enabled in a subsequent release.

Application developers may enable this scan option by enabling
CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit
field.

  * Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF and PNG
typing behavior. BMP and JPEG 2000 files will continue to detect
as CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG
2000 format-checking capabilities.


   Bug fixes

  * Fixed PNG parser logic bugs that caused an excess of parsing
errors and fixed a stack exhaustion issue affecting some systems
when scanning PNG files. PNG file type detection was disabled via
signature database update for ClamAV version 0.103.0 to mitigate
the effects from these bugs.

  * Fixed an issue where PNG and GIF files no longer work with
Target:5 graphics signatures if detected as CL_TYPE_PNG or
CL_TYPE_GIF rather than as CL_TYPE_GRAPHICS. Target types now
support up to 10 possible file types to make way for additional
graphics types in future releases.

  * Fixed ClamOnAcc's --fdpass option.

File descriptor passing (or "FD-passing") is a mechanism by which
ClamOnAcc and ClamDScan may transfer an open file to ClamD to
scan, even if ClamD is running as a non-privileged user and
wouldn't otherwise have read-access to the file. This enables
ClamD to scan all files without having to run ClamD as root. If
possible, ClamD should never be run as root to mitigate the risk
in case ClamD is somehow compromised while scanning malware.

Interprocess file descriptor passing for ClamOnAcc was broken
since version 0.102.0 due to a bug introduced by the switch to
cURL for communicating with ClamD. On Linux, passing file
descriptors from one process to another is handled by the kernel,
so we reverted ClamOnAcc to use standard system calls for socket
communication when FD-passing is enabled.

  * Fixed a ClamOnAcc stack corruption issue on some systems when
using an older version of libcurl. Patch courtesy of Emilio
Pozuelo Monfort.

  * Allow ClamScan and ClamDScan scans to proceed even if the
realpath lookup failed. This alleviates an issue on Windows
scanning files hosted on file-systems that do not support the
GetMappedFileNameW() API, such as on ImDisk RAM-disks.

  * Fixed FreshClam's --on-update-execute=EXIT_1 temporary directory
cleanup issue.

  * ClamD's log output and VirusEvent feature now provide the scan
target's file path instead of a file descriptor. The ClamD socket
API for submitting a scan by FD-passing doesn't include a file
path. This feature works by looking up the file path by the file
descriptor. This feature works on Mac and Linux but is not yet
implemented for other UNIX operating systems. FD-passing is not
available for Windows.

  * Fixed an issue where FreshClam database validation didn't work
correctly when run in daemon mode on Linux/Unix.

  * Fixed scan speed performance issues accidentally introduced in
ClamAV 0.103.0 caused by hashing file maps more than once when
parsing a file as a new type, and caused by frequent scanning of
non-HTML text data with the HTML parser.


  Other improvements

  * Scanning JPEG, TIFF, PNG and GIF files will no longer return
"parse" errors when file format validation fails. Instead, the
scan will alert with the "Heuristics.Broken.Media" signature
prefix and a descriptive suffix to indicate the issue, provided
that the "alert broken media" feature is enabled.

  * GIF format validation will no longer fail if the GIF image is
missing the trailer byte, as this appears to be a relatively
common issue in otherwise functional GIFs.

  * Added a TIFF dynamic configuration (DCONF) option that was
missing. This will allow us to disable TIFF format validation via
signature database update in the event that it proves to be

Re: [clamav-users] Updating ClamAV

2021-02-09 Thread Tamang, Prabin

Oh perfect, thank  you very much for information. I will wait for the packages 
to be released in the Epel and see how it goes.

Best,
Prabin

-Original Message-
From: clamav-users  On Behalf Of G.W. 
Haywood via clamav-users
Sent: Tuesday, February 9, 2021 10:29 AM
To: Prabin Tamang via clamav-users 
Cc: G.W. Haywood 
Subject: Re: [clamav-users] Updating ClamAV

Hi there,

On Tue, 9 Feb 2021, Prabin Tamang via clamav-users wrote:

> ... wondering if simply running "yum update clamav" will do the trick?

Under most circumstances I would expect that to be sufficient, yes.

> or Will i have to uninstall the current version of clamav and then get
> the new package and install it again?

It should be very rare for this to be necessary, and I'd consider it a failure 
of both upstream measures to retain backward compatibility and of the stated 
intent of the packaging system(s).  But stranger things have happened - usually 
it would be because of substantial changes in the capabilities of the package, 
or the way(s) that they are provided.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

 Notice: This email and any attachments may contain proprietary (Draper 
non-public) and/or export-controlled information of Draper. If you are not the 
intended recipient of this email, please immediately notify the sender by 
replying to this email and immediately destroy all copies of this email.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Updating ClamAV

2021-02-09 Thread G.W. Haywood via clamav-users


Hi there,

On Tue, 9 Feb 2021, Prabin Tamang via clamav-users wrote:


... wondering if simply running "yum update clamav" will do the trick?


Under most circumstances I would expect that to be sufficient, yes.


or Will i have to uninstall the current version of clamav and then
get the new package and install it again?


It should be very rare for this to be necessary, and I'd consider it a
failure of both upstream measures to retain backward compatibility and
of the stated intent of the packaging system(s).  But stranger things
have happened - usually it would be because of substantial changes in
the capabilities of the package, or the way(s) that they are provided.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] When was 0.103.1 announced on this list?

2021-02-09 Thread Tamang, Prabin

I do not know when it was announced but if  you go to the ClamAV website and 
under downloads there is the newer version available which was released on the 
3rd of Feb [This month]

-Original Message-
From: clamav-users  On Behalf Of Paul 
Kosinski via clamav-users
Sent: Tuesday, February 9, 2021 10:13 AM
To: clamav-users@lists.clamav.net
Cc: Paul Kosinski 
Subject: [clamav-users] When was 0.103.1 announced on *this* list?

I save all the ClamAV mail, and couldn't find an announcement.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

 Notice: This email and any attachments may contain proprietary (Draper 
non-public) and/or export-controlled information of Draper. If you are not the 
intended recipient of this email, please immediately notify the sender by 
replying to this email and immediately destroy all copies of this email.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] When was 0.103.1 announced on this list?

2021-02-09 Thread Paul Kosinski via clamav-users

I save all the ClamAV mail, and couldn't find an announcement. 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Updating ClamAV

2021-02-09 Thread Prabin Tamang via clamav-users

Good morning,
OS: RHEL8.3

I had installed the clamav from  an epel release by taking the packages
individually rather than downloading the entire epel
and now, few days ago there was an update release on clamav from 0.103.0 to
0.103.1, but when I run "yum update clamav" it does not update to the
latest version!!

My guess is that in epel release, a newer version of the clamav package has
not been listed yet, but I was just wondering if simply running "yum update
clamav" will do the trick?
or Will i have to uninstall the current version of clamav and then get the
new package and install it again?

Best,
Prabin

-- 
Thank you,
Prabin Tamang

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Updating ClamAV

2021-02-09 Thread Tamang, Prabin

Good morning,

OS: RedHat 8

I had installed the clamav from an epel release by taking the packages 
individually rather than downloading the entire epel
And now, few days ago there was an update release on clamav from 0.103.0 to 
0.103.1, but when I run "yum update clamav" it does not update to the latest 
version!!

My guess is that in epel, newer version of clamav package has not been listed 
yet, but I was just wondering if simply running  "yum update clamav" will do 
the job once the new version of clamav is posted in the epel?
Or will I have to uninstall the current version of clamav, then get the package 
from the epel and the do the installation process again?

Any help will be much appreciated, thank you :)

Best,
Prabin Tamang| Linux System Administrator, Enterprise System
555 Technology Square | Cambridge, MA 02139-3563
phone: 617-721-5833 | Email: ptam...@draper.com


Notice: This email and any attachments may contain proprietary (Draper 
non-public) and/or export-controlled information of Draper. If you are not the 
intended recipient of this email, please immediately notify the sender by 
replying to this email and immediately destroy all copies of this email.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [When was 0.103.1 announced on this list?

Re: [clamav-users] [When was 0.103.1 announced on this list?

Re: [clamav-users] [SUSPECTED SPAM] When was 0.103.1 announced on this list?

[clamav-users] ClamAV® blog: ClamAV 0.103.1 patch release

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.1 patch release

Re: [clamav-users] Updating ClamAV

Re: [clamav-users] Updating ClamAV

Re: [clamav-users] When was 0.103.1 announced on this list?

[clamav-users] When was 0.103.1 announced on this list?

[clamav-users] Updating ClamAV

[clamav-users] Updating ClamAV

11 matches

Site Navigation

Mail list logo

Footer information