Few days ago se announced the release of a new corrective version of the popular free antivirus package ClamAV 0.103.2 and among the vulnerabilities corrected, most of them are focused on the Windows version and problems with the PNG image format.
For those unaware of ClamAV you should know that this is an open source antivirus and multiplatform (It has versions for Windows, GNU / Linux, BSD, Solaris, Mac OS X and other Unix-like operating systems).
Main new features of ClamAV 0.103.2
In this new version presented, a change that is not security observed is the deactivation of the «Safe browsing» configuration, which has become a stub that does not run due to a change by Google in the access conditions to the Safe Browsing API.
In addition to the utility FreshClam has improved the handling of HTTP codes 304, 403 and 429, and you have returned the mirrors.dat file to the directory with the database, as FreshClam had problems with a failure in daemon mode if a HTTP 403 is received because the result will not change if you try again later and also with a flag Post retry timeout so that FreshClam does not attempt to update after receiving an HTTP 429 response until the post retry timeout has expired.
Also in FreshClam post file mirrors.dat added in the database directory. This new mirrors.dat file will store: a randomly generated UUID for the FreshClam user agent.
Regarding the vulnerabilities fixed In this new version, the following are mentioned:
- CVE-2021-1386: elevation of privilege on Windows platform due to unsafe loading of UnRAR DLL (a local user can put his DLL under the guise of an UnRAR library and have the code executed with system privileges).
- CVE-2021-1252: Infinite loop fix for Excel XLM parser. It affects only 0.103.0 and 0.103.1.
- CVE-2021-1404: Correction of excessive reading of the PDF parser buffer; possible accident. It affects only 0.103.0 and 0.103.1.
- CVE-2021-1405: Fix for NULL dereference blocking of mail parser. It affects 0.103.1 and earlier.
- Addresses a possible memory leak in the PNG parser.
- Fix ClamOnAcc scan on file creation race condition so files are scanned after writing their content.
- Fixed FreshClam mirror sync issue where a downloaded database is “older than advertised version”.
Finally for those interested in knowing more about it About this new corrective version, you can check the details In the following link.
How to install ClamAV 0.103.0 on Ubuntu and derivatives?
For those who are interested in being able to install this antivirus on their system, they can do it in a fairly simple way and that is ClamAV is found within the repositories of most Linux distributions.
In the case of Ubuntu and its derivatives, you can install it from the terminal or from the system software center. If you choose to install with the Software Center, you just have to search for “ClamAV” and you should see the antivirus and the option to install it.
Now, for those who choose the option to install from the terminal they should only open one on their system (you can do it with the shortcut Ctrl + Alt + T) and in it they only have to type the following command:
sudo apt-get install clamav
And ready with it, they will already have this antivirus installed on their system. Now as in all antivirus, ClamAV also has its database which downloads and takes to make comparisons in a “definitions” file. This file is a list that informs the scanner about questionable items.
Every so often it is important to be able to update this file, which we can update from the terminal, to do this simply execute: