- New version: 1.5.1:
* Fixed a significant performance issue when scanning some PE
files.
* Fixed an issue recording file entries from a ZIP archive
central directory which resulted in
"Heuristics.Limits.Exceeded.MaxFiles" alerts when using the
ClamScan --alert-exceeds-max command line option or ClamD
AlertExceedsMax config file option.
* Improved performance when scanning TNEF email attachments.
* Fixed an issue with recording metadata for OOXML office
documents.
* Fixed an issue with signature matches for VBA in OLE2 office
documents.
* Loosened overly restrictive rules for embedded file
identification and increased the limit for finding PE files
embedded in other PE files.
* Fixed an issue with extracting some RAR archives embedded in
other files.
* Fixed an issue with calculating fuzzy hashes affecting some
images by updating the version for several Rust library
dependencies.
- Add json-c-json-c-0.18-20240915.tar.gz and link it statically
into libclamav on SLE-12, because version 0.12 is too old.
- New version 1.5.0:
* Added checks to determine if an OLE2-based Microsoft Office
document is encrypted.
* Added the ability to record URIs found in HTML if the
generate-JSON-metadata feature is enabled.
* Added the ability to record URIs found in PDFs if the
generate-JSON-metadata feature is enabled.
* Added regex support for the clamd.conf OnAccessExcludePath
config option.
* Added CVD signing/verification with external .sign files.
* Freshclam, ClamD, ClamScan, and Sigtool: Added an option to
enable FIPS-like limits disabling MD5 and SHA1 from being used
for verifying digital signatures or for being used to trust a
file when checking for false positives
* ClamD: Added an option to disable select administrative
commands including SHUTDOWN, RELOAD, STATS and VERSION.
* libclamav: Added extended hashing functions with a "flags"
parameter that allows the caller to choose if they want to
bypass FIPS hash algorithm limits.
* See the release announcement for the full list of changes:
https://blog.clamav.net/2025/10/clamav-150-released.html
- Obsoleted patches:
* clamav-freshclam_test.patch
* clamav-disable-administrative-commands.patch
* clamav-fips.patch
- Use macros for library versions
- Remove service symlinks: rcclamd, rcfreshclam, rcclamav-milter,
and clamonacc.
- Use rust 1.86 for SLE-12 and SLE-15-SP2.
OBS-URL: https://build.opensuse.org/request/show/1311754
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=136
* Fixed a significant performance issue when scanning some PE
files.
* Fixed an issue recording file entries from a ZIP archive
central directory which resulted in
"Heuristics.Limits.Exceeded.MaxFiles" alerts when using the
ClamScan --alert-exceeds-max command line option or ClamD
AlertExceedsMax config file option.
* Improved performance when scanning TNEF email attachments.
* Fixed an issue with recording metadata for OOXML office
documents.
* Fixed an issue with signature matches for VBA in OLE2 office
documents.
* Loosened overly restrictive rules for embedded file
identification and increased the limit for finding PE files
embedded in other PE files.
* Fixed an issue with extracting some RAR archives embedded in
other files.
* Fixed an issue with calculating fuzzy hashes affecting some
images by updating the version for several Rust library
dependencies.
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=295
* Added checks to determine if an OLE2-based Microsoft Office
document is encrypted.
* Added the ability to record URIs found in HTML if the
generate-JSON-metadata feature is enabled.
* Added the ability to record URIs found in PDFs if the
generate-JSON-metadata feature is enabled.
* Added regex support for the clamd.conf OnAccessExcludePath
config option.
* Added CVD signing/verification with external .sign files.
* Freshclam, ClamD, ClamScan, and Sigtool: Added an option to
enable FIPS-like limits disabling MD5 and SHA1 from being used
for verifying digital signatures or for being used to trust a
file when checking for false positives
* ClamD: Added an option to disable select administrative
commands including SHUTDOWN, RELOAD, STATS and VERSION.
* libclamav: Added extended hashing functions with a "flags"
parameter that allows the caller to choose if they want to
bypass FIPS hash algorithm limits.
* See the release announcement for the full list of changes:
https://blog.clamav.net/2025/10/clamav-150-released.html
- Obsoleted patches:
* clamav-freshclam_test.patch
* clamav-disable-administrative-commands.patch
* clamav-fips.patch
- Use macros for library versions
- Remove service symlinks: rcclamd, rcfreshclam, rcclamav-milter,
and clamonacc.
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=293
- New version 1.4.3:
ClamAV 1.4.3 is a patch release with the following fixes:
* CVE-2025-20260, bsc#1245054: Fixed a possible buffer overflow
write bug in the PDF file parser that could cause a
denial-of-service (DoS) condition or enable remote code
execution. This issue only affects configurations where both:
- The max file-size scan limit is set greater than or equal to 1024MB.
- The max scan-size scan limit is set greater than or equal to 1025MB.
The code flaw was present prior to version 1.0.0, but a change in
version 1.0.0 that enables larger allocations based on untrusted data
made it possible to trigger this bug.
This issue affects all currently supported versions.
* CVE-2025-20234, bsc#1245055: Fixed a possible buffer overflow
read bug in the UDF file parser that may write to a temp file
and thus disclose information, or it may crash and cause a
denial-of-service (DoS) condition.
This issue was introduced in version 1.2.0.
* Fixed a possible use-after-free bug in the Xz decompression module in
the bundled lzma-sdk library.
This issue was fixed in the lzma-sdk version 18.03. ClamAV bundles a
copy of the lzma-sdk with some performance changes specific to
libclamav, plus select bug fixes like this one in lieu of a full
upgrade to newer lzma-sdk.
This issue affects all ClamAV versions at least as far back as 0.99.4.
* Windows: Fixed a build install issue when a DLL dependency such as
libcrypto has the exact same name as one provided by the Windows
operating system.
- Renew clamav.keyring
OBS-URL: https://build.opensuse.org/request/show/1287162
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=134
- New version 1.4.3:
ClamAV 1.4.3 is a patch release with the following fixes:
* CVE-2025-20260: Fixed a possible buffer overflow write bug in the
PDF file parser that could cause a denial-of-service (DoS) condition
or enable remote code execution.
This issue only affects configurations where both:
- The max file-size scan limit is set greater than or equal to 1024MB.
- The max scan-size scan limit is set greater than or equal to 1025MB.
The code flaw was present prior to version 1.0.0, but a change in
version 1.0.0 that enables larger allocations based on untrusted data
made it possible to trigger this bug.
This issue affects all currently supported versions.
* CVE-2025-20234: Fixed a possible buffer overflow read bug in the UDF
file parser that may write to a temp file and thus disclose information,
or it may crash and cause a denial-of-service (DoS) condition.
This issue was introduced in version 1.2.0.
* Fixed a possible use-after-free bug in the Xz decompression module in
the bundled lzma-sdk library.
This issue was fixed in the lzma-sdk version 18.03. ClamAV bundles a
copy of the lzma-sdk with some performance changes specific to
libclamav, plus select bug fixes like this one in lieu of a full
upgrade to newer lzma-sdk.
This issue affects all ClamAV versions at least as far back as 0.99.4.
* Windows: Fixed a build install issue when a DLL dependency such as
libcrypto has the exact same name as one provided by the Windows
operating system.
- Renew clamav.keyring
OBS-URL: https://build.opensuse.org/request/show/1287021
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=285
Add missing bug and CVE references
- New version 1.4.2:
* CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow
read bug in the OLE2 file parser that could cause a
denial-of-service (DoS) condition.
(bsc#1103032: CVE-2018-14679)
- Update to 0.103.7 (bsc#1202986)
(the clamscan --gen-json option) is enabled. (bsc#1194731)
clamdscan, and clamonacc. (bsc#1174255)
parser in versions affected by the vulnerability. (bsc#1174250)
a crash. (bsc#1171981)
* CVE-2012-6706 (bsc#1045315)
* CVE-2017-6419 (bsc#1052449)
* CVE-2017-11423 (bsc#1049423)
* CVE-2018-0202 (bsc#1083915)
- Update to version 0.99.1 (bsc#969814)
(bnc#906770, CVE-2014-9050)
OBS-URL: https://build.opensuse.org/request/show/1239891
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=129
* [CVE-2024-20506, bsc#1230162]: Changed the logging module to
disable following symlinks on Linux and Unix systems so as to
prevent an attacker with existing access to the 'clamd' or
'freshclam' services from using a symlink to corrupt system
files.
* [CVE-2024-20505, bsc#1230161]: Fixed a possible out-of-bounds
read bug in the PDF file parser that could cause a
denial-of-service (DoS) condition.
* https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
- New version 1.4.0:
* Added support for extracting ALZ archives.
* Added support for extracting LHA/LZH archives.
* Added the ability to disable image fuzzy hashing, if needed.
For context, image fuzzy hashing is a detection mechanism
useful for identifying malware by matching images included with
the malware or phishing email/document.
* https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=264
- New version 1.3.2:
* CVE-2024-20506: Changed the logging module to disable following
symlinks on Linux and Unix systems so as to prevent an attacker
with existing access to the 'clamd' or 'freshclam' services from
using a symlink to corrupt system files.
* CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF
file parser that could cause a denial-of-service condition.
* Removed unused Python modules from freshclam tests including
deprecated 'cgi' module that is expected to cause test failures in
Python 3.13.
* Fix unit test caused by expiring signing certificate.
* Fixed a build issue on Windows with newer versions of Rust. Also
upgraded GitHub Actions imports to fix CI failures.
* Fixed an unaligned pointer dereference issue on select architectures.
* Fixes to Jenkins CI pipeline.
- Remove upstreamed 1305.patch
OBS-URL: https://build.opensuse.org/request/show/1198813
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=263
* CVE-2024-20380: Fixed a possible crash in the HTML file parser
that could cause a denial-of-service (DoS) condition.
* Updated select Rust dependencies to the latest versions.
* Fixed a bug causing some text to be truncated when converting
from UTF-16.
* Fixed assorted complaints identified by Coverity static
analysis.
* Fixed a bug causing CVDs downloaded by the DatabaseCustomURL
Freshclam config option to be pruned and then re-downloaded
with every update.
* Added the new 'valhalla' database name to the list of optional
databases in preparation for future work.
- Drop clamav-disable-yara.patch as yara cannot be disabled anymore
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=254
- New version: 1.3.0:
* Added support for extracting and scanning attachments found in
Microsoft OneNote section files. OneNote parsing will be
enabled by default, but may be optionally disabled.
* Added file type recognition for compiled Python (`.pyc`) files.
* Improved support for decrypting PDFs with empty passwords.
* Fixed a warning when scanning some HTML files.
* ClamOnAcc: Fixed an infinite loop when a watched directory
does not exist.
* ClamOnAcc: Fixed an infinite loop when a file has been deleted
before a scan.
- Use %patch -P N instead of deprecated %patchN.
- New version: 1.2.0:
* Added support for extracting Universal Disk Format (UDF)
partitions.
* Added an option to customize the size of ClamAV's clean file
cache.
* Raised the MaxScanSize limit so the total amount of data
scanned when scanning a file or archive may exceed 4 gigabytes.
* Added ability for Freshclam to use a client certificate PEM
file and a private key PEM file for authentication to a private
mirror.
* Fix an issue extracting files from ISO9660 partitions where the
files are listed in the plain ISO tree and there also exists an
empty Joliet tree.
* PID and socket are now located under /run/clamav/clamd.pid and
/run/clamav/clamd.sock .
* bsc#1211594: Fixed an issue where ClamAV does not abort the
signature load process after partially loading an invalid
signature.
OBS-URL: https://build.opensuse.org/request/show/1161540
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=252
