This document tracks the evolution of the ClamAV antivirus and explains why keeping it up to date is crucial. It only includes major changes that significantly impact the security of your information system if you use ClamAV.
If you're running an outdated version of ClamAV, this document will show you all the improvements and vulnerability fixes you're missing out on.
Fixed a significant performance issue when scanning some PE files
Fixed an issue recording file entries from a ZIP archive central directory
Improved performance when scanning TNEF email attachments
Fixed an issue with recording metadata for OOXML office documents
Fixed an issue with signature matches for VBA in OLE2 office documents
Loosened overly restrictive rules for embedded file identification and increased the limit for finding PE files embedded in other PE files
Fixed an issue with extracting some RAR archives embedded in other files
Fixed an issue with calculating fuzzy hashes affecting some images by updating the version for several Rust library dependencies
ClamAV 1.5.0
ClamAV is better at extracting malformed zip archives, preventing malware from hiding in malformed zip files.
ClamAV is better at scanning embedded files.
Bug fixes : A bug has been fixed in inflate64 module, a stack buffer overflow bug has been fixed in the phishing signature load process, and an infinite loop has been fixed when scanning some email files in debug-mode.
Improvements : the email multipart message parser has been cleaned.
ClamAV can now decompress ALZip archives. ALZip was created in 1999 by the South Korean company ESTsoft. Malware can no longer hide in .alz files.
ClamAV can now decompress LHA/LZH archives. This archive format was created in 1988, was highly popular among Amiga computers, and is still in use today. Malware can no longer hide in .lha or .lzh files.
