Updated: clamav-0.96-1

Reini Urban rurban@x-ray.at
Mon Apr 26 23:30:00 GMT 2010


I've made a new version of clamav available for installation,
including, libclamav6, libclamav-devel, clamav-db.
This is a feature release keeping the same dll version. Nice.
Run freshclam after the update.

Problems:
* Spurious "LibClamAV Warning: fmap_aging: kernel hates you" messages.
* Huge package size: cygclamav-6.dll went from 720KB to 10MB
   stripped, because llvm is linked statically.
   clamav-db went from 23.9MB to 24.1MB. There's a new
   bytecode.cvd archive, which you will download with freshclam.
* Possible new false positives:
   Due to the new llvm-based bytecode interpreter some false
   positives with unstripped/hyphened SSN data were reported.
   Also PS and PDF files have been reported as false positives on the
   clamav-devel list.

Project description:
Clam AntiVirus is an anti-virus toolkit. It provides a number of
utilities, including a flexible and scalable multi-threaded daemon, a
commandline scanner, and a tool for automatic database updates. The
core of the package is an anti-virus engine available as a shared
library.

               *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, please
use the automated form at:

http://cygwin.com/lists.html#subscribe-unsubscribe

If this does not work, then look at the "List-Unsubscribe: " tag in the
email header of this message.  Send email to the address specified
there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com

If you need more information on unsubscribing, start reading here:

http://sourceware.org/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.

======================================================================

Cygwin changes:
----- version 0.96-1 -----
* lndirs ${B}/libclamav/c++/llvm
* DIRENT_MISSING_D_INO check is now ignored upstream.
   Only cygwin-1.7 supported
* still libclamav6
* adapted libclamav6.hint dependencies
* cygport falsely reports a libtool check error on postinstall.
   I changed this locally from error to warn.

New major upstream features:

1. The Bytecode Interpreter - The Bytecode Interpreter allows ClamAV 
sig-makers to create very complex AV signatures for complex pieces of 
malware.  This is a pretty major addition to the detection technologies 
inside of ClamAV.

2. Native Windows Support - ClamAV will now build natively under Visual 
Studio. This will allow 3rd Party application developers on windows to 
easily integrate LibClamAV into their applications.

3. UPX 3.0 unpacking support - Add support to decompressing UPX version 
3.0 packed applications.

4. 7zip archive support - Add support for decompressing 7zip archives 
and inspecting their contents.

5. OSX Mach-O support - Add support for parsing OSX Mach-O binaries 
files and intelligently inspecting their contents

6. 64-bit ELF support - Add support for intelligently parsing and 
detecting malware in 64-Bit ELF binaries.

7. InstallShield archives support - Add support for unpacking and 
inspecting the contents of InstallShield archives.

8. CPIO archive support - Add support for unpacking and inspecting the 
contents of CPIO archives.

9. Heuristic improvements - Improve the PE heuristics detection engine 
by adding support of bogus icons and fake PE header information. In a 
nutshell, ClamAV can now detect malware that tries to disguise itself as 
a harmless application by using the most common Windows program icons.

10. Performance improvements - Overall performance improvements and 
memory optimizations for a better overall resource utilization experience.

11. Signature Improvements - Logical signature improvements to allow 
referencing groups of signatures.  Additionally, improvements to 
wildcard matching on word boundaries and newlines.




More information about the Cygwin-announce mailing list