ClamAV 0.104.1 arrives with a lot of fixes

Cisco released in a blog post a significant new version of the antivirus suite ClamAV 0.104.1 in which several important changes have been made and above all a large number of corrections.

For those who do not know ClamAV you should know that this is an open source antivirus and multiplatform (It has versions for Windows, GNU / Linux, BSD, Solaris, Mac OS X and other Unix-like operating systems).

Main new features of ClamAV 0.104.1

In this new version of the antivirus the FreshClam utility has implemented an activity suspension for 24 hours after receiving a response with a 403 code from the server. The change is intended to reduce the load on the content delivery network of clients blocked due to too frequent update requests.

It is also highlighted that Reworked logic for recursive verification and data extraction from nested files, in addition to that new restrictions were added in the definition of attached files when scanning each file.

On the other hand, it is noted that a mention of the base name of the virus was added to the text of the warnings about exceeding the limits during the scan, such as Heuristics.Limits.Exceeded.MaxFileSize, to determine the correlation between the virus and the crash.

The ‘Heuristics.Email.ExceedsMax. * »Have been renamed to« Heuristics.Limits.Exceeded. * »To unify the names.
Fixed issues that caused memory leaks and crashes.

What’s more fixed an issue where email related scan limits alerted even when the –alert-exceeds-max parsing option “AlertExceedsMax” () was not enabled and fixes an issue in the Zip parser where exceeding the “MaxFiles” limit or the “MaxFileSize” limit would abort the scan but not alert . Aaron Leliaert and Max Allan independently identified and reported Zip scan limit issues.

Of the other changes that stand out:

  • Fixed a leak in the email scanner when using the scan option. –Gen-json
  • Fixed an issue where failure to log metadata to the email scanner when using the scan option could cause the email scanner to cancel the scan early and not be able to extract and scan additional content. –Gen-json
  • Fixed a filename memory leak in the Zip parser.
  • Addresses an issue where certain signature patterns can cause a crash or cause unwanted matches on some systems when converting characters to uppercase if a single-byte UTF-8 unicode grapheme is converted to a multi-byte grapheme.

Finally for those interested in knowing more about it About this new corrective version, you can check the details In the following link.

How to install ClamAV 0.104.0 in Ubuntu and derivatives?

For those who are interested in being able to install this antivirus on their system, they can do it in a fairly simple way and that is ClamAV is found within the repositories of most Linux distributions.

In the case of Ubuntu and its derivatives, users of these can install it from the terminal or from the system software center. If you choose to install with the Software Center, you just have to search for “ClamAV” and you should see the antivirus and the option to install it.

Now, for those who choose the option of being able to perform the installation from the terminal they should only open one on their system (you can do it with the shortcut Ctrl + Alt + T) and in it they only have to type the following command:

sudo apt-get install clamav

And ready with it, they will already have this antivirus installed on their system. Now as in all antivirus, ClamAV also has its database which downloads and takes to make comparisons in a “definitions” file. This file is a list that informs the scanner about questionable items.

Every so often it is important to be able to update this file, which we can update from the terminal, to do this simply execute:

sudo freshclam

Uninstall ClamAV

If for any reason you want to remove this antivirus from your system, just type the following in a terminal:

sudo apt remove --purge clamav

Add Comment