luca at clamav
Oct 17, 2004, 10:37 AM
Post #1 of 1
(4803 views)
Permalink
|
Dear ClamAV users,
the new stable release introduces the following new features and improvements:
-) libclamav
+ Portable Executable analyser (CL_SCAN_PE) featuring:
o UPX decompression (all versions)
o Petite decompression (2.x)
o FSG decompression (1.3, 1.31, 1.33)
o detection of broken executables (CL_SCAN_BLOCKBROKEN)
+ new, memory efficient, pattern matching algorithm (multipattern variant
of Boyer-Moore) - it's now primary matcher and Aho-Corasick is only used
for regular expression extended signatures
+ new signature format with advanced target type and offset specification
+ support for MD5 based signatures
+ extended regular expression scanner
+ added support for MS cabinet files
+ added support for CHM files
+ added support for POSIX tar archives
+ scanning inside PowerPoint documents
+ HTML normaliser with support for decoding of MS Script Encoder code
+ great improvements in e-mail scanner (now handles even more worm tricks)
+ new method of mail files detection
+ all e-mail attachments are now scanned (previously only the first ten
attachments were scanned)
+ added support for scanning URLs in e-mails (CL_SCAN_MAILURL)
+ detection of Worm.Mydoom.M.log
+ updated API (still backward compatible but please consult Section 6 of
clamdoc.pdf and adapt your software)
+ faster base64 decoding
+ support for GNU tar files
+ updated on-access scanner
-) clamd
+ new directive ScanHTML (enables HTML normalisator and ScrEnc decoder)
+ new directive ScanPE (win32 executable analyser and decompressor)
+ new directive DetectBrokenExecutables (try to detect broken executables
and mark them as Broken.Executable)
+ new directive MailFollowURLs (try to download and scan files from URLs
in mails. BE CAREFUL! DO NOT ENABLE IT ON LOADED MAIL SERVERS)
+ new directive ArchiveBlockMax (archives that exceed limits will be
marked as viruses)
+ clamav.conf was renamed to clamd.conf
-) clamscan
+ mail files are scanned by default, use --no-mail to disable it
+ new option --no-html (disables HTML normalisator)
+ new option --no-pe (disables PE analyser)
+ new option --detect-broken
+ new option --block-max
+ new option --mail-follow-urls (download and scan files from URLs in mails)
-) clamdscan
+ now prints warnings if some activated command line options are only
supported by clamscan
+ added support for archive scanning in stdin mode
-) clamav-milter
+ improved template file format
+ quarantined file names now contain virus names
+ initial support for SESSION mode of clamd
-) freshclam:
+ new directive DNSDatabaseInfo that enables ultra lightweight version
verification method through DNS (using TXT records). Based on idea by
Christopher X. Candreva and enabled by default.
(see http://www.gossamer-threads.com/lists/clamav/users/11102)
+ new option --no-dns (quick option to disable DNS method without editing
freshclam.conf)
-) sigtool
+ removed ability of automatic signature generation (use MD5 sums to
create your own signatures, see signatures.pdf for details)
+ new option --md5
+ new option --html-normalise (saves HTML normalisation and decryption
results in three html files in current directory)
-) configure:
+ new option --disable-gethostbyname_r (try enabling it if clamav-milter
compilation fails)
+ new option --disable-dns (try enabling it if freshclam compilation fails)
+ extended regular expression scanner
-) documentation
+ included new Mac OS X installation instructions
+ official documentation rewritten and outdated docs removed
We encourage our users to take advantage of our new mirror structure. In order
to download the database from the closest mirror you should configure freshclam
to use db.XY.clamav.net where XY is your country code (see
http://www.iana.org/cctld/cctld-whois.htm for the full list). Please add
the following lines to freshclam.conf:
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.XY.clamav.net
DatabaseMirror database.clamav.net
DNSDatabaseInfo enables database and software version verification through
DNS TXT records, and the second database mirror acts as a fallback in case
a connection to the first mirror fails for some reason.
--
The ClamAV team (http://www.clamav.net/team.html)
--
Luca Gibelli (luca [at] clamav) - http://www.ClamAV.net - A GPL virus scanner
PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582
PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce
|
