File: README

package info (click to toggle)
clamav 0.84-2.sarge.17
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 9,860 kB
  • ctags: 3,809
  • sloc: ansic: 40,520; sh: 9,258; cpp: 937; makefile: 555; perl: 131
file content (1420 lines) | stat: -rw-r--r-- 56,528 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
Note: This README/NEWS file refers to the source tarball. Some things described
here may not be available in binary packages.
--

0.84
----

This version improves detection of JPEG (MS04-028) based exploits, introduces
support for TNEF files and new detection mechanisms. Various bugfixes
(including problems with scanning of digest mail files) and improvements
have been made.


** We encourage users to help testing the development versions, now with **
** rewritten RAR code and support for 3.0 archives!			 **
**		    http://www.clamav.net/snapshot/			 **


-) libclamav:
    + JPEG exploit detector now also checks embedded Photoshop thumbnail images
    + archive meta-data scanner (improves malware detection within encrypted
      archives)
    + support for TNEF (winmail.dat) decoding
    + support for all tar archive formats
    + MD5 implementation replaced with a slightly faster one
    + improved database reloading with reference counter
    + database updateable false positive eliminator
    + speed improvements
    + various bugfixes

-) clamd:
    + VirusEvent now sets CLAM_VIRUSEVENT_FILENAME and CLAM_VIRUSEVENT_VIRUSNAME
      environment variables

-) clamav-milter:
    + improved database update detection when not --external

-) clamscan:
    + new options --include-dir and exclude-dir
    + new option --max-dir-recursion

-) freshclam:
    + new directive LocalIPAddress

-) contrib:
    + clamdmon 1.0 - clamdwatch replacement written in C

-) 3rd party software:
    + hMailServer - open source e-mail server for Microsoft Window
    + pop3.proxy - proxy server for the POP3 protocol
    + HTTP Anti Virus Proxy
    + SmarterMail Filter - ClamAV based plugin for SmarterMail Mail Server
    + smf-clamd - small & fast virus filter for Sendmail
    + Squidclam - replacement for SquidClamAV-Redirector.py written in C
    + QtClamAVclient - remote clamd client based on the Qt Toolkit
    + qpsmtp - flexible smtpd daemon written in Perl

News:

Palo Alto, Calif. March 31st 2005 - Clam AntiVirus, the leading Open Source
antivirus toolkit, and Sensory Networks, the leading provider of hardware
acceleration for network security applications, announced a partnership
to provide hardware acceleration support for the Clam AntiVirus suite.
[...]
Support for Sensory Networks' NodalCore acceleration in ClamAV will be
available in version 0.90 of the software suite in Q3 2005. For more
information please visit:
http://www.clamav.net/partners/partner-sn.html
http://www.sensorynetworks.com/


The ClamAV project announces the opening of the official merchandise store:

http://www.cafepress.com/clamav/

A big thank you to Finndesign (http://www.finndesign.fi) which
volunteered to design the whole line of products, including:

- t-shirts (for women and men)
- golf shirt
- sweatshirt
- coffee mug
- mousepad
- stickers
- scrapbook

By purchasing our merchandise, you contribute to the development of ClamAV.

--
The ClamAV team (http://www.clamav.net/team.html)


0.83
----

Due to a high number of bad files produced by broken software, the MS05-002
exploit detector now only checks specific RIFF files. This version also fixes
a stability problem of clamav-milter/clamd and improves e-mail scanning.

--
The ClamAV team (http://www.clamav.net/team.html)

0.82
----

This release adds generic detection of MS05-002 ("Vulnerability in Cursor and
Icon Format Handling Could Allow Remote Code Execution") based exploits.
Fixes include correct attachment scanning in e-mails generated by some
Internet worms (broken in 0.81), removed false positive "Suspect.Zip"
warning on non-standard zip archives created by ICEOWS, better proxy support
in freshclam, and speed improvements.

--
The ClamAV team (http://www.clamav.net/team.html)


0.81
----

Scan engine improvements were made. The internal mail scanner now supports
multipart/partial messages, and support for decoding non-standard mail files
was greatly enhanced. clamav-milter by default uses libclamav and scans emails
itself without the use of clamd. libclamav can now extract RFC2397 encoded
data within HTML documents, block zip archives with modified information in
local header, and scan HQX files. PE file structure rebuilding from compressed
executables was improved.

Important note to clamdwatch users: please upgrade to the latest version
(contrib/clamdwatch) as soon as possible.

-) libclamav:
    + major improvements in the mail scanning engine:
	o support for multipart/partial messages
	o improved support for non-standard quoted-printable attachments
	o in some situations it will try to guess a correct mode (e.g.
	  a good type for an incorrect content-type, a best guess for an
	  unknown encoding type, etc.)
	o handling of RFC822 comments in the commands (e.g.: Co(foo)ntent-Type:
	  text/plain)
	o better recovery if memory softlimit is hit
	o new test code that decodes emails without parsing them first (must
	  be enabled manually before compilation)

    + support for extracting RFC2397 encoded data within HTML documents
    + blocking of zip archives with modified information in local header
    + improved PE structure rebuilding from compressed executables
    + improved support for zip archives
    + support for Mac's HQX file format
    + stability and (minor) security fixes
    + a lot of minor improvements, including support for new platforms

-) clamd:
    + new directive ExitOnOOM (stop the deamon when libclamav reports an out of
      memory condition)
    + new directives StreamMinPort and StreamMaxPort (port range specification
      for a stream mode)
    + support for passing of file descriptors

-) clamdscan:
    + added support for --move and --remove

-) clamav-milter:
    + by default uses libclamav to scan e-mails
    + new option --external (enables the use of clamd)
    + various optimisations

-) freshclam:
    + the DNS mode is now enabled by default (no need for DNSDatabaseInfo in
      freshclam.conf)
    + --no-dns uses a If-Modified-Since method instead of a range GET
    + added support for AllowSupplementaryGroups

-) sigtool:
    + new options --vba and --vba-hex (extract VBA/Word6 macros and optionally
      display the corresponding hex values; Word6 binary code will be
      disassembled)

-) The list of third party programs with support for ClamAV is growing
   rapidly. Here are the latest additions (see clamdoc.pdf for details):

    + AVScan - a libclamav based GUI a-v scanner for Unix
    + clamailfilter - a Python script that provides a-v scanning via procmailrc
    + ClamAVPlugin - A ClamAV plugin for SpamAssassin 3.x
    + ClamCour - an e-mail filter for Courier
    + clamfilter - a small, secure, and efficient content filter for Postfix
    + ClamMail - an anti-virus POP3 proxy for Windows
    + ClamShell - a Java GUI for clamscan
    + ClamTk - a perl-tk GUI for ClamAV
    + clapf - a virus scanning and antispam content filter for Postfix
    + D bindings for ClamAV - ClamAV bindings for the D programming language
    + Frox - a transparent FTP proxy
    + KMail - a fully-featured email client now supports ClamAV out of box
    + Mail Avenger - a highly-configurable SMTP server with a-v support
    + Mailnees - a mail content filter for Sendmail and Postfix
    + Maverix - anti-spam and anti-virus solution for AOLServer
    + Moodle - scan files submitted by students for viruses!
    + php-clamav - scan files from within PHP
    + pymavis - a powerful email parser, similar to the old amavis-perl
    + QClam - a simple program to plug ClamAV to a qmail mailbox
    + qmailmrtg7 - display graphs of viruses found by ClamAV
    + qSheff - an e-mail filter for qmail
    + SafeSquid - a feature rich content filtering internet proxy
    + Scrubber - a server-side daemon for filtering mail content
    + simscan - an e-mail and spam filter for qmail
    + smtpfilter - scan SMTP session for viruses
    + snort-inline - scan your network traffic for viruses with ClamAV
    + SquidClamAV Redirector - a Squid helper script which adds virus scanning 
    + WRAVLib - a library for a-v integration with Mono/.NET applications

--
The ClamAV team (http://www.clamav.net/team.html)


0.80
----

Stable version. Please read the release notes for the candidate versions below.

--
The ClamAV team (http://www.clamav.net/team.html)


0.80rc4
-------

Improvements in this release include better JPEG exploit verification,
faster base64 decoding, support for GNU tar files, updated on-access scanner,
and others.

--
The ClamAV team (http://www.clamav.net/team.html)

0.80rc3
-------

This release candidate eliminates possible false positive alerts in UPX/FSG
compressed files and clarifies behaviour of default actions in clamd and
freshclam.

We encourage users to take advantage of our new mirror structure. In order to
download the database from the closest mirror you should configure freshclam
to use db.XY.clamav.net where XY is your country code (see
http://www.iana.org/cctld/cctld-whois.htm for the full list). Please add
the following lines to freshclam.conf:

    DNSDatabaseInfo current.cvd.clamav.net
    DatabaseMirror db.XY.clamav.net
    DatabaseMirror database.clamav.net

DNSDatabaseInfo enables database and software version verification through
DNS TXT records, and the second database mirror acts as a fallback in case
a connection to the first mirror fails for some reason.


0.80rc2
-------

This update fixes a serious bug in e-mail scanner.


0.80rc
------

The development version of ClamAV is ready for general testing! New mechanisms
have already proved very nasty to Internet worms successfully protecting
against the new versions R, S, T, U, V and W of the infamous Mydoom worm
and detecting them as Worm.Mydoom.Gen before they were analysed and specific
signatures added by the ClamAV database maintainers. That means servers running
the new version of ClamAV have detected and blocked 100% of Mydoom attacks!

New features in this release include:

-) libclamav
    + Portable Executable analyser (CL_SCAN_PE) featuring:
	o UPX decompression (all versions)
	o Petite decompression (2.x)
	o FSG decompression (1.3, 1.31, 1.33)
	o detection of broken executables (CL_SCAN_BLOCKBROKEN)
    + new, memory efficient, pattern matching algorithm (multipattern variant
      of Boyer-Moore) - it's now primary matcher and Aho-Corasick is only used
      for regular expression extended signatures
    + new signature format with advanced target type and offset specification
    + support for MD5 based signatures
    + extended regular expression scanner
    + added support for MS cabinet files
    + added support for CHM files
    + added support for POSIX tar archives
    + scanning inside PowerPoint documents
    + HTML normaliser with support for decoding of MS Script Encoder code
    + great improvements in e-mail scanner (now handles even more worm tricks)
    + new method of mail files detection
    + all e-mail attachments are now scanned (previously only the first ten
      attachments were scanned)
    + added support for scanning URLs in e-mails (CL_SCAN_MAILURL)
    + detection of Worm.Mydoom.M.log
    + updated API (still backward compatible but please consult clamdoc.pdf
      (Section 6) and adapt your software)

-) clamd
    + new directive ScanHTML (enables HTML normalisator and ScrEnc decoder)
    + new directive ScanPE (win32 executable analyser and decompressor)
    + new directive DetectBrokenExecutables (try to detect broken executables
      and mark them as Broken.Executable)
    + new directive MailFollowURLs (try to download and scan files from URLs
      in mails. BE CAREFUL! DO NOT ENABLE IT ON LOADED MAIL SERVERS)
    + new directive ArchiveBlockMax (archives that exceed limits will be
      marked as viruses)
    + clamav.conf was renamed clamd.conf

-) clamscan
    + mail files are scanned by default, use --no-mail to disable it
    + new option --no-html (disables HTML normalisator)
    + new option --no-pe (disables PE analyser)
    + new option --detect-broken
    + new option --block-max
    + new option --mail-follow-urls (download and scan files from URLs in mails)

-) clamdscan
    + now prints warnings if some activated command line options are only
      supported by clamscan
    + added support for archive scanning in stdin mode

-) clamav-milter
    + improved template file format
    + quarantined file names now contain virus names
    + initial support for SESSION mode of clamd

-) freshclam:
    + new directive DNSDatabaseInfo that enables ultra lightweight version
      verification method through DNS (using TXT records). Based on idea by
      Christopher X. Candreva and enabled by default.
      (see http://www.gossamer-threads.com/lists/clamav/users/11102)
    + new option --no-dns (quick option to disable DNS method without editing
      freshclam.conf)

-) sigtool
    + removed ability of automatic signature generation (use MD5 sums to
      create your own signatures, see signatures.pdf for details)
    + new option --md5
    + new option --html-normalise (saves HTML normalisation and decryption
      results in three html files in current directory)

-) configure:
    + new option --disable-gethostbyname_r (try enabling it if clamav-milter
      compilation fails)
    + new option --disable-dns (try enabling it if freshclam compilation fails)
    + extended regular expression scanner

-) documentation
    + included new Mac OS X installation instructions
    + official documentation rewritten and outdated docs removed

-) new 3rd party software with support for ClamAV:
    + OdeiaVir - an e-mail filter for qmail and Exim
    + ClamSMTP - a lightweight (written in C) and simple filter for Postfix
    + Protea AntiVirus Tools - a virus filter for Lotus Domino
    + PTSMail Utilities - an e-mail filter for Sendmail
    + mxGuard for IMail - a mail filter for Ipswitch IMail (W32)
    + Zabit - a content and attachment filter for qmail
    + BeClam - ClamAV port for BeOS
    + clamXav - a virus scanner with GUI for Mac OS X

Special thanks to aCaB for his work on UPX, FSG and Petite decompressors.

Thanks to good reaction times on new threats ClamAV was awarded as best
security tool for 2004 by Linux Journal: "...With this year's outbreak of
e-mail worms for non-Linux platforms, ClamAV has been getting quite a workout,
and Linux admins on mailing lists report that database update times are keeping
up with or beating the proprietary alternatives." Thanks!

SourceWear.com is selling some very nice t-shirts and polo shirts powered by
ClamAV. Wear them and virus writers will stay away from you :-) A quarter out
of every dollar profited from the sale of these shirts will go to the ClamAV
project. Visit http://www.sourcewear.com and click on ClamAV logo! 


--
The ClamAV team (http://www.clamav.net/team.html)

0.75
----

This release fixes detection of e-mails generated by Worm.Mydoom.I.

Important notice for people using ClamAV 0.60:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Our logs show that there is still a small percentage of ClamAV 0.60
installations updating their database. ClamAV 0.60 was released on
July 29th, 2003 and it was the last release to use the old database
format. Starting from version 0.65, released on November 12nd, ClamAV
uses a new database format, which is compressed and digitally signed.
We have been distributing the database in both formats till now, but
we plan to drop support for ClamAV 0.60 on September 1st.

We encourage _all_ users to upgrade to the latest release available.
People running an old version of ClamAV are missing many viruses and 
may experience stability problems.

On non-production systems you can try the latest development version.
The new engine not only speeds up the scanning process but also limits
memory usage by about 8 MB ! It's able to scan new formats, including
CAB, CHM, UPX, HTML (normalisation), PowerPoint macros and can detect
annoying e-mails with empty attachments generated by new Bagle variants.

--
The ClamAV team (http://www.clamav.net/team.html)

0.74
----

Bugfixes in this version include crashes with multipart/mixed messages
and corrupted OLE2 and Zip files. Improvements include various optimisations
of mail scanning and clamav-milter and clamdscan behaviour.


New members of our "3rd party software" list:

    + MyClamMailFilter	    an e-mail filter for procmail (written in C)
    + clamaktion	    scan files from the right-click Konqueror menu
    + QMVC		    Qmail Mail and Virus Control
    + pyclamav		    Python binding for ClamAV
    + FETCAV		    Front End To Clam AntiVirus based on Xdialog
    + Famuko		    an on-access scanner working in a userspace
    + SoftlabsAV	    a generic anti-virus filter for procmail


Japanese users can take an advantage of the new ClamAV related site:
    http://clamav-jp.sourceforge.jp/
and join the clamav-jp-users mailing list.


--
The ClamAV team (http://www.clamav.net/team.html)


0.73
----

This version fixes memory management problems in the OLE2 decoder and
improves mail scanning. Because of the rapid ClamAV development the team
encourages users to help in testing new features:

	    http://www.clamav.net/snapshot

Thank you for using ClamAV !

--
The ClamAV team (http://www.clamav.net/team.html)

0.72
----

Major bugfixes in this release include crashes with corrupted BinHex messages
and some Excel documents. Protection against archive bombs (not fully
functional since 0.70) was improved and a number of other improvements were
made.

--
The ClamAV team (http://www.clamav.net/team.html)

0.71
----

This release fixes all bugs found in 0.70 and introduces a few new features -
the noteworthy changes include:

-) libclamav:
    + support nested OLE2 files 
    + support Word6 macro code
    + ignore popular file types (media, graphics)
    + support compress.exe (SZDD) compression (test/test.msc)
    + improve virus detection in e-mails

-) clamscan:
    + automatically decide (by comparing daily.cvd version numbers) which
      database directory (hardcoded or clamav.conf's one) to use
    + support compression ratio feature (--max-ratio)
    + allow regular expressions in --[in|ex]clude
    + do not overwrite old files in a quarantine directory but add a numerical
      extension to new files
    + respect --tempdir in libclamav
    + fix access problem when calling external unpackers in a superuser mode
    + fix file permission corruption with --deb in a superuser mode

-) clamd
    + support log facility specification in syslog's style (LogFacility)
    + new directive LeaveTemporaryFiles (Debug no longer leaves temporary
      files not removed)

-) clamav-milter:
    + include the virus name in the 550 rejection
    + support user defined template for virus notifications (--template-file)
    + sort quarantine messages by date
    + improve thread management
    + add X-Virus-Scanned and X-Infected-Received-From: headers
    + improve load balancing (when using remote servers with --server)
    + send 554 after DATA received, not 550
    + save PID (--pidfile)

-) documentation:
    + German clamdoc.pdf translation (Rupert Roesler-Schmidt and Karina
      Schwarz, uplink coherent solutions, http://www.uplink.at)
    + new Japanese documentation (Masaki Ogawa)


--
The ClamAV team (http://www.clamav.net/team.html)



0.70
----

The two major changes in this version are new thread manager in clamd
and support for decoding MS Office VBA macros. Both of them have been
implemented by Trog. Besides, there are many improvements and bugfixes
(all listed in ChangeLog), a short summary:

-) clamd
    + new thread manager (with better SMP support)
    + on-access scanning now also available on FreeBSD (with Dazuko 2.0)
    + new directive ArchiveBlockEncrypted
    + new directive ReadTimeout (replaces ThreadTimeout)
    + handle SIGHUP (re-open logfile) and SIGUSR2 (reload database)
    + respect TCPAddr in stream scanner

-) clamav-milter:
    + TCPWrappers support

-) libclamav:
    + support MS Office documents (OLE2) and VBA macro decoding
    + support encrypted archive detection
    + new flags: CL_OLE2, CL_ENCRYPTED (see clamdoc.pdf, Section 6.1)
    + improve virus detection in big files
    + improve support for multipart, bounce and embedded RFC822 messages
    + improve RAR support
    + include backup snprintf implementation

-) clamscan:
    + new option: --block-encrypted

-) freshclam
    + new option: --pid, -p (write pid file if run as daemon)
    + handle SIGHUP (re-open logfile), SIGTERM (terminate with log message),
      SIGALRM and SIGUSR1 (wake up and check mirror)
    + fix bug with -u and -c handling

-) contrib
    + windows clamd client now available with source code

-) documentation:
    + new Polish documentation on ClamAV and Samba integration
    + official documentation updated


Special thanks to Dirk Mueller <mueller*kde.org> for his code review,
many bugfixes and cleanups.


Thanks to the help of many companies (clamdoc.pdf: Section 2.10,
http://www.clamav.net/mirrors.html) we have 49 very fast and reliable
virus database mirrors in 22 regions and the number is still growing.
As of March 2004 we attempt to redirect our users to the closest pool
of mirrors by looking at their ip source address when they try to resolve
database.clamav.net. Our DNS servers can answer with a CNAME to:
db.europe.clamav.net, db.america.clamav.net, db.asia.clamav.net or
db.other.clamav.net. Our advanced push-mirroring mechanism (maintained by
Luca Gibelli) allows database maintainers to update all the mirrors in less
than one minute !


There will be no major feature enhancements in the 0.7x series. Our work
will be concentrated on a new scanning engine and preliminary heuristics -
please help us and test CVS snapshots from time to time.


We are happy to announce new programs with support for ClamAV (all of them
have been reviewed by our team - more info in the documentation and
on our website: http://www.clamav.net/3rdparty.html):

    + ClamWin - a GUI for Windows (!)
    + KlamAV - a collection of GUI tools for using ClamAV on KDE
    + clamscan-procfilter - a Perl procmail filter
    + j-chkmail - a powerful filter for sendmail
    + qscanq - Virus Scanning for Qmail
    + clamavr - a Ruby binding for ClamAV
    + DansGuardian Anti-Virus Plugin
    + Viralator - a Perl script that virus scans http downloads
    + ClamAssassin - a filter for procmail
    + Gadoyanvirus - a filter for Qmail
    + OpenProtect - a complete e-mail protection solution
    + RevolSys SMTP kit for Postfix - an antispam/antivirus tools installation
    + POP3 Virus Scanner Daemon
    + mailman-clamav - a virus filter for Mailman
    + wbmclamav - a webmin module to manage ClamAV
    + Scan Log Analyzer
    + mailgraph - a RRDtool frontend for Postfix Statistics
    + INSERT - a security toolkit on a credit card size CD
    + Local Area Security - a Live CD Linux distribution

--
The ClamAV team (http://www.clamav.net/team.html)
April 17, 2004


0.68-1
------
Fixed RAR support.

0.68
----
This version fixes a crash with some RAR archives generated by the Bagle worm,
also a few important fixes have been backported from CVS.

We strongly encourage users to install the 0.70-rc version (released today).

0.67
----
This release fixes a memory management problem (platform dependent; can lead
to a DoS attack) with messages that only have attachments (reported by Oliver
Brandmueller). It also contains patches for a few problems found in 0.66 and
has better Cygwin support.

0.66
----
This version is a response to the "clamav 0.65 remote DOS exploit" information
published on popular security-related mailing lists. Unfortunately we had
not been contacted by the author before he published that and had to release
this (unplanned) package very quickly (it should be mentioned that CVS version
was not vulnerable to the exploit). Untested code has been disabled also
the Dazuko support is temporarily not available (if you really need it please
use a CVS version or wait for a next stable release). Other noteworthy changes:

-) clamd:
    + fixed database timestamp handling (and a double reload problem reported
      by Alex Pleiner and Ole Stanstrup)
    + new directive: ArchiveMaxCompressionRatio
    + new command: SESSION (starts a clamd session and allows to do multiple
      commands per TCP session)
    + new directives: TemporaryDirectory, LogClean (Andrey V. Malyshev)

-) clamav-milter: (Nigel Horne)
    + added support for AllowSupplementaryGroups and ThreadTimeout
    + added --quarantine-dir (thanks to Michael Dankov)
    + added --noreject (thanks to Vijay Sarvepalli)
    + added --headers (thanks Leonid Zeitlin)
    + added --sign option

-) libclamav:
    + detect Worm.SCO.A bounces (Nigel)
    + prevent buffer overflow in broken uuencoded files (Nigel)
    + scan multipart alternatives that have no boundaries (Nigel)
    + better handling of encapsulated messages (Nigel)
    + locate uuencoded viruses hidden in text portions of multipart/mixed
      mime messages (Nigel)
    + initial support for BinHex (Nigel)
    + fixed a mail recursion loop (problem reported by Alex Kah and Kristof
      Petr)
    + fixed bzip2 memory limit (improper call suggested by the buggy libbz2
      documentation, problem reported by Tomasz Klim)
    + fixed on error descriptor leak in CVD unpacker (Thomas Lamy)
    + fixed memory leak in digital signature verification code (Thomas Lamy)
    + added maximal compression ratio limit (cl_limits->maxratio)

-) clamscan:
    + support for multiple arguments on command line (Thomas Lamy)
    + fixed buffer overflow in --move (Denis De Messemacker)
    + removed support for sendfile() under Linux

-) freshclam:
    + support for freshclam.conf (that may be optionally merged with
      clamav.conf, command line options overwrite config settings)
    + work-around for potential database downgrade (subtle problem
      in r-r dns handling) - reported by Daniel Mario Vega and patched
      by Luca Gibelli

-) sigtool:
    + list virus names with --list-sigs (-l)

-) contrib:
    + clamdwatch (by Mike Cathey)
    + windows clamd client with drag&drop support (Nigel Horne)

-) documentation:
    + complete clamdoc.pdf French translation by Stephane Jeannenot
    + Polish how-to on ClamAV and Sendmail integration (with clamav-milter)
      by Przemyslaw Holowczyc


News:

ClamAV was the first anti-virus protecting against Worm.SCO.A (aka MyDoom.A) !
The signature was published by Diego d'Ambra in the daily update 105,
26-Jan-2004 20:23 GMT and we were at least two hours faster than "big" AV
vendors:
http://sourceforge.net/mailarchive/forum.php?thread_id=3764826&forum_id=34654
http://www.pcwelt.de/news/viren_bugs/37278/4.html


clamav-devel is finally able to decode OLE2 (Microsoft Office) files and
decompress VBA streams ! The code is developed by Trog, official ClamAV
developer. Also we're testing new clamd implementation that will solve
several important problems (especially that "Time out" related). Please
help us and test the latest CVS version.


The virus database now contains more than 20.000 signatures ! On January 8,
Denis De Messemacker (who joined our team 3 months ago) added signatures for
about 7700 new viruses. Also special thanks go to Tomasz Papszun for his
hard work on daily submissions and forcing us to keep ClamAV quality on
the highest possible level.


New mirroring mechanisms. Luca Gibelli (ClamAV) and mirror administrators
(22 sites, http://www.clamav.net/mirrors.html, please see clamdoc.pdf for
a complete mirror information) are converting mirrors to new "push mirroring"
method. It uses advanced techniques to ensure all the mirrors are up to date.
More info: http://www.clamav.net/docs/mirrors


"Newsworthy Hack of Kindness" - Affero.net is featuring ClamAV in its latest
newsletter (Volume #9, January 2004: http://www.affero.net/nl/dec03.html).
Affero is a great rate-donate system and its mission is to bring a culture
of patronage to the Internet. Currently we only accept donations via Affero.
You can also help us and promote our project by adding the ClamAV logo to
your home page. Look at http://www.clamav.net/donate.html for more information.


We would like to thank our donors:

    * Jeremy Garcia (http://www.linuxquestions.org)
    * Andries Filmer (http://www.netexpo.nl)
    * David Eriksson (http://www.2good.nu)
    * Dynamic Network Services, Inc (http://www.dyndns.org)
    * epublica
    * Invisik Corporation (http://www.invisik.com)
    * Keith (http://www.textpad.com)
    * Explido Software USA Inc. (http://www.explido.us)
    * cheahch from Singapore
    * Electric Embers
    * Stephane Rault
    * Brad Koehn
    * David Farrick
    * ActiveIntra.net Inc. (http://www.activeintra.net)
    * An anonymous donor from Colorado, US

--
Tomasz Kojm <tkojm*clamav.net>
February 10, 2004


0.65
----
IMPORTANT NOTE: The project has been moved into SourceForge. The only official
		ClamAV's homepage is www.clamav.net (however clamav.elektrapro.
		com still works). We would like to thank ElektraPro.com for
		their support for the open-source community  - THANKS !


ClamAV 0.65 introduces a new database container file format (called CVD) with
support for digital signatures and compression. Please remove the old
databases from your database directory before the installation. And the most
important thing: clamd stability has been greatly improved (especially under
FreeBSD) ! Also we have a new mirror infrastructure - you will find all the
details in clamdoc.pdf. If you want to become an official ClamAV mirror
(with entry in database.clamav.net) please read the clamav-mirror-howto.pdf
document and contact our administrator - Luca Gibelli <nervous*clamav.net>.

Noteworthy changes in this version:

-) clamd:
    + fixed a race condition in database reloading code (random crashes
      under high load)
    + fixed a race condition with the improperly initialized session start time
      (thanks to Michael Dankov)
    + fixed PidFile permissions (Magnus Ekdahl, bug reported by Tomasz Papszun)
    + fixed LogFile permissions (Magnus Ekdahl)
    + new directive ScanRAR (bacause RAR support is now disabled by default)
    + new directive VirusEvent
    + new directive FixStaleSocket (Thomas Lamy and Mark Mielke)
    + new directive TCPAddr (Bernard Quatermass, fixed by Damien Curtain)
    + new directive Debug

-) clamav-milter: (Nigel Horne <njh*clamav.net>)
    + new --force-scan flag
    + new -P and -q flags by Nicholas M. Kirsch
    WARNING: clamav-milter and our mail scanner are still in high development
	     and may be unstable. You should always use the CVS version.

-) libclamav:
    + support for a new database container format (CVD) - compressed and
      digitally signed
    + better protection against malformed zip archives (such as Mimail)
    + mail decoder fixes (thanks to Rene Bellora, Bernd Kuhls, Thomas Lamy,
      Tomasz Papszun) (Nigel Horne)
    + memory leak fixes (Thomas Lamy)
    + new scan option CL_DISABLERAR (disables built-in RAR unpacker)

-) freshclam:
    + fixed --on-error-execute behaviour (David Woakes)
    + new option --user (-u) USER - run as USER instead of the default user.
      Patch by Damien Curtain.
    + rewritten to use database.clamav.net and CVD

-) documentation:
    + new Spanish documentation on ClamAV and Sendmail integration by
      Erick Ivaan Lopez Carreon
    + included clamdoc.pdf Turkish translation by yavuz kaya and ´┐Żbrahim erken
    + included clamav-mirror-howto.pdf by Luca Gibelli
    + included clamd+daemontools HOWTO by Jesse D. Guardiani
    + included signatures.pdf
    + man pages: updated
    + clamdoc.pdf: rewritten

New members of our list of ClamAV certified software (see clamdoc.pdf for
details):
    + cgpav
    + smtp-vilter
    + IVS Milter
    + scanexi
    + Mail::ClamAV
    + OpenAntiVirus samba-vscan
    + Sylpheed Claws
    + nclamd

Thanks to Mia Kalenius and Sergei Pronin we have a new official logo !

Thank you for using ClamAV !

--
Tomasz Kojm <tkojm*clamav.net>
November 12, 2003



0.60
----

Hello again...

This is a new, (very?) stable release of Clam AntiVirus. 0.60 was developed
and stabilized for over seven months and many people had contributed to the
final release. This version introduces many enhancements and a new program:
clamav-milter written by ClamAV developer Nigel Horne. This is a mail scanner
for Sendmail/milter written entirely in C, which uses clamd for virus scanning.
Clamav-milter and clamd duet is a powerful solution for systems where high
performance is required. Please check clamdoc for more detail.


    Many people get confused with ClamAV database status because of
    the OpenAntiVirus update information at:
	    http://openantivirus.org/latest.php
    (last update at 17 October, 2002). The ClamAV virus database contains
    the OAV database (with some signatures fixed or removed) but we
    develop it independently of the OAV project. Our database is updated
    frequently (on average 4-5 times a week). You can help (or join) us -
    will find some basic but useful instructions at
	    http://clamav.elektrapro.com/doc/signatures.pdf


News from ClamAV world:

-) New email address for virus submitting: virus@clamav.elektrapro.com
   You don't need to encrypt a virus sample, but if your system doesn't allow
   you to send infected files just put it into an encrypted zip archive
   (password: virus)

   Special thanks to Nicholas Chua, Diego D'Ambra, Hrvoje Habjanic, Nigel Kukard
   and Chris van Meerendonk for a big number of samples submitted.

-) New mailing list: virusdb@clamav.elektrapro.com
   After each update an email with subject "[clamav-virusdb] Update" and a list
   of viruses added is sent to it. You can set up a procmail rule for freshclam
   to react on such a mails (and update the database just after an update).

-) New official mirrors:
    + clamav.ozforces.com: database mirror updated manually (thanks to
      Andrew <andrew@ozforces.com>)
    + clamav.essentkabel.com: full (automatic) mirror of clamav.elektrapro.com
      (thanks to Chris van Meerendonk <cvm@castel.nl>)
    + clamav.linux-sxs.org: database mirror - rsync from clamav.ozforces.com
      (thanks to Douglas J Hunley <doug@hunley.homeip.net>)

    Freshclam will automatically use them when the main server is not
    accessible.

-) Official port in FreeBSD available ! (maintained by Masahiro Teramoto
   <markun@onohara.to>)

-) Unofficial port for OpenBSD is available at:
	http://www.activeintra.net/openbsd/article.php?id=5
   (maintained by Flinn Mueller <flinn@activeintra.net>)

-) there are many new programs that use ClamAV, eg. mod_clamav (Apache
   virus scanning filter), clamdmail or Sagator. You will find more
   info in clamdoc.

Changes:

-) libclamav:
    + fixed buffer overflow in unrarlib (patch by Robbert Kouprie
      <robbert@exx.nl>)

    + various mbox code updates (fixed memory leak; added support for decoding
      viruses sent in message bodies, detection of viruses that put their
      payloads after the end of message marker (thanks to Stephen White
      <stephen@earth.li> for the bug report and useful CGI tools); 

    + zziplib updated to 0.10.81 (some problems with older version were reported
      by Martin Schitter)
    + direct scanning of mbox/maildir files (new directive CL_MAIL)
    + file scanner optimization (patch by Hendrik Muhs
      <Hendrik.Muhs@student.uni-magdeburg.de>)
    + bzip2 support
    + faster detection of malformed Zip archives (eg. 'Zip of Death'), they are
      reported as a viruses
    + fixed strcasecmp() compile problem in zziplib on Free/NetBSD and others


-) clamd:
    + fixed descriptor leak in directory scanner - it was causing random
      clamd crashes and locks, especially on highly loaded servers. Reported
      by Kristof Petr <Kristof.P@fce.vutbr.cz>.

    + fixed crash with archive scanning on BSD (increased thread stack size)
      (Nigel Horne)
    + fixed CONTSCAN command (used by clamdscan) - it had archive support
      disabled (hardcoded)
    + fixed SelfCheck option (there was a logic bug, and the option was
      disabled) it now checks a databases time stamps and reloads them
      if needed.
    + fixed possible writing to undefined descriptors (bug found by
      Brian May <bam@debian.org>)
    + new STREAM command (scanning data on socket) and directives:
      StreamSaveToDisk (save stream to disk to allow scanning within archives),
      StreamMaxLength. This option allows scanning data on socket (might be
      sent from another host), currently only clamav-milter uses this.

    + new ScanMail directive for scanning into mbox/Maildir files
    + new directive: ArchiveLimitMemoryUsage (limit memory usage with bzip2)
    + new directive: AllowSupplementaryGroups (feature requested by Exiscan
      users)
    + syslog support (LogSyslog) (patch by Hrvoje Habjanic
      <hrvoje.habjanic@zg.hinet.hr>)
    + fixed parser segfault with extra space between option and argument
      in config file (Magnus Ekdahl <magnus@debian.org>)


-) clamscan:
    + fixed --remove option (didn't work when the file was scanned with an
      internal unpacker) (patch by Damien Curtain <damien@pagefault.org>)
    + --move option for moving infected files into a specified directory
      (by Damien Curtain <damien@pagefault.org>)
    + --mbox enables a direct support for mbox files
      (ex. clamscan --mbox /var/spool/mail)
    + fixed --log (-l) option
    + fixed -i option (patch by Magnus Ekdahl <magnus@debian.org>)
    + enabled default archive limits (max-files = 500, max-size = 10M,
      max-recursion = 5)
    + use arj instead of non-free unarj (patch by Magnus Ekdahl)
    + use unzoo instead of non-free zoo (patch by Magnus Ekdahl)
    + removed thread support

freshclam:
    + mirror support (implemented by Damien Curtain <damien@pagefault.org>)
    + --proxy-user: proxy authorization support (implemented by Gernot Tenchio
      <g.tenchio@telco-tech.de>)
    + new options --on-error-execute, --on-update-execute
      (ex. freshclam -d -c 6 --on-error-execute "sendsms 23332243 Can't
      update virus database"). Idea by Douglas J Hunley <doug@hunley.homeip.net>

configure:
    + --disable-cr (don't link with C reentrant library (needed on some newer
      versions of OpenBSD))

-) Enhanced AIX (thanks to Mike Loewen <mloewen@sturgeon.cac.psu.edu>) and
   Tru64 support (thanks to Christophe Varoqui <ext.devoteam.varoqui@sncf.fr>)

-) documentation:
    + included how-to in Portugese by Alexandre de Jesus Marcolino
    + clamdoc.pdf and system manual updates

Many thanks to Luca 'NERvOus' Gibelli from ElektraPro for his support,
to Ken McKittrick from USA DataNet for a fully accessible FreeBSD box and
to mailing list subscribers for a constructive discussions.

--
Tomasz Kojm
June 21, 2003


0.54
----
Many major changes this time...

-) libclamav:
    + fixed segfault with some strange zip archives (there is a bug in zziplib,
      libclamav contains a work around for it) (the problem was reported by
      Oliver Paukstadt <pstadt@stud.fh-heilbronn.de>)
    + engine improvements (better support for a detection of new viruses,
      limited memory usage (consumes ~ 5 Mb now))
    + mbox code updated and moved into the library: fixed core dump when an
      embedded message includes a mime header with the line Content-Type:
      without specifying the type of content, fixed (theoretical) memory leak,
      support for multipart/report messages, fixed bug causing some formats to
      fail to scan) (Nigel)
-) clamd:
    + new commands: CONTSCAN (it doesn't stop scanning even when virus is
      found), VERSION
    + disable logging of a unnecessary time stamps with LogTime when
      LogVerbose isn't used (patch by Ed Phillips <ed@UDel.Edu>)
-) freshclam:
    + "Cache-Control: no-cache" enabled by default
    + Cygwin support fix
-) clamdscan:
    + initial version
-) all tools:
    + removed huge printf() in help() (there was a buffer overflow problem with
      --help option under Windows and SCO Unix (reported by Wojciech Noworyta
      <wnow@konarski.edu.pl> and Nigel respectively)
-) configure:
    + allow configuration of the clamav user and group with --with-user and
      --with-group (patch by Patrick Bihan-Faou <patrick@mindstep.com>)
    + --enable-id-check - it uses the check procedure from Jason Englander
      <jason@englanders.cc>, currently it will fail on systems with getent
      which doesn't detect clamav group.
    + do not overwrite the existing config file


There are initial packages for Windows available at:
    http://clamav.elektrapro.com/binary

--tk


0.53
----
This release has removed the limit for a file name length in clamscan. Some
viruses (eg. W32/Yaha.E) are using very long file names, and they were
ignored in mbox mode. Users of AMaViS-ng and other wrappers were not
vulnerable to this problem, because that programs don't use original
attachement file names.

-) clamscan:
    + removed limit for a file name length (thanks to Odhiambo Washington
      <wash@wananchi.com> for the test files and extensive mbox testing)
    + mbox: adapted to the new changes, enabled thread support (Nigel),
	    re-enabled temporary directory removing.

0.52
----

This version contains a portability fixes - it should compile on OpenBSD,
MacOSX and NetBSD (support for them was broken in 0.51). 

-) clamd: various fixes:
	+ drop supplementary groups (suggested by Enrico Scholz
	  <enrico.scholz@informatik.tu-chemnitz.de>) (this has been implemented
	  in freshclam, too)
	+ work-around for the segmentation fault at QUIT under FreeBSD
	+ check timeouts when waiting for threads in RELOAD mode
	+ SelfCheck - internal integrity check (by default every 1 hour)
	+ fixed problem with directory scanning on non typical file systems
	  (bug reported by Jason Englander <jason@englanders.cc>)
	+ clamd is a system command (clamd.1 -> clamd.8, /usr/local/bin ->
	  /usr/local/sbin) (Magnus Ekdahl)
-) clamscan:
	+ mbox code updates (Nigel Horne) - it fixes some problems on *BSD
	  systems (see mailing lists archives for the details)
	+ enable core dumping (Nigel Horne) [ with --enable-debug ]
-) freshclam:
	+ applied http-proxy patch from http://bugs.debian.org/clamav (by
	  Martin Lesser <admin-debian@bettercom.de>)
	+ when configured with --disable-cache, freshclam forces 'no-cache'
	  option in proxy servers (patch by Ant La Porte <ant@dvere.net>)

-) HPUX (10.20/11.0 tested) support (thanks to Joe Oaks <joe.oaks@hp.com>)
-) fixed support for SCO Unix and BeOS (Nigel Horne)
-) support/mboxscan: new version with SpamAssassin support (Nigel Horne)
-) re-included TrashScan 0.08 (by Trashware <trashware@gmx.de>) - the security
   issue has been fixed.
-) included "Installing qmail-scanner, Clam Antivirus and SpamAssassin under
   FreeBSD" how-to by Paul Hoadley and Eric Parsonage


0.51
----

OAV database is up to date ! There was a problem with signature parsing,
because some hex strings were upper case. Anyway, I still recommend you
freshclam for a database updating.

-) support for the genuine OAV database
-) limited memory usage (at the cost of speed, increase CL_MIN_LENGTH in
   libclamav/clamav.h to make it faster, it's safe to set it on 3-4 for
   the OAV database)
-) fixed compile problem on TurboLinux 6.5 (probably others, too), the bug
   was reported by Henk Kuipers <henk@opensourcesolutions.nl>.
-) clamd: fixed THREXIT (thanks to Piotr Gackiewicz <gacek@intertele.pl>)
-) clamd: fixed serious bug with thread argument type
-) clamscan: mbox: don't scan empty attachments (Nigel Horne)
-) configure: --with-db1, --with-db2 (suggested by Magnus Ekdahl)


0.50
----

Here it is...
Clam AntiVirus 0.50 contains an anti-virus library - libclamav, a fully
multi-threaded daemon clamd(1) and a quite long list of changes. The
documentation was rewritten and you _should_ review it. By courtesy of
NERvOus <nervous@nervous.it> and ElektraPro, there are three mailing lists
available - you can subscribe via www at http://clamav.elektrapro.com/ml.
Please check the manual for more information.


New software:

-) libclamav with RAR, Zip and Gzip support built-in. The library is thread
   safe and should be very secure, also. It uses UniquE RAR File
   Library by Christian Scheurer and Johannes Winkelmann (RAR 2.0 support only)
   and zziplib library by Guido Draheim and Tomi Ollila. Both of them are
   included and slightly modified in the clamav sources. You need the zlib
   library for the Zip/Gzip support, though. The API is described with
   examples in the clamdoc.

-) clamd: a modern anti-virus daemon. It uses configuration file clamav.conf
   described in the clamav.conf(5) manual. The program was written with
   security as a goal. 

-) clamuko: on-access scanning under Linux. It utilizes Dazuko kernel module
   (GPL, http://dazuko.org) and is clamd-based.

New features / improvements:

-) enhanced scanner engine (better detection of some complex polymorphic
   viruses)

-) clamscan: Nigel Horne <njh@bandsman.co.uk> has added the ability to scan
   mail attachments in a filter. For example:

   $ clamscan -i --mbox - < /var/spool/mail/john
   /tmp/aa6b9fc06bc477ae/setup.exe: Worm/Klez.H FOUND

   Nigel is the author of the whole mbox code in clamscan. Currently it only
   works in a filter mode, but there are plans to move the code into the
   libclamav and allow clamd using it. Please check support/mboxscan, also.

-) clamscan: support for including and excluding multiple patterns with
   --include and --exclude (patch by Alejandro Dubrovsky
   <s328940@student.uq.edu.au>).
   Example: clamscan --include .exe --include .obj --include .scr /mnt/windows

-) clamscan: don't scan /proc files (Linux, st_dev comparing). No more
   /proc/kcore related mails :))

-) clamscan: use libclamav's archive support by default (it's enabled by default
   and may be disabled with --disable-archive) and switch to the external
   unpackers (if specified) in the case of libclamav archive code error.

-) freshclam: proxy support (via $http_proxy variable and --http-proxy).
   I started implementing proxy support some time ago, but never finished.
   Nigel Horne did the great job and has finished the proxy support !

-) freshclam: --daemon-notify. freshclam will send the RELOAD command to the
   daemon after database update (supports both tcp and local sockets, it reads
   clamav.conf to determine the socket type).

-) freshclam: support for viruses.db2

Bug fixes:

-) freshclam: log 'Database updated' message (thanks to Jeffrey Moskot
    <jef@math.miami.edu> for the bug report). It now prints a number
    of signatures in a database, also.

-) clamscan: fixed compile problem on Solaris 8 and some other systems -
   #include <signal.h> lack in others.c (thanks Mike Loewen
   <mloewen@sturgeon.cac.psu.edu> for the bug report)

Documentation:

-) included Japanese documentation by Masaki Ogawa <proc@mac.com>

-) updated Spanish "Sendmail + Amavis + ClamAv - Como" by Erick I. Lopez
   Carreon <elopezc@technitrade.com>

-) rewritten clamdoc, included clamdoc-html, removed PostScript version (.ps)

-) Clam-Mutant ;) logo update by Michal Hajduczenia <michalis@mat.uni.torun.pl>

-) new man pages: clamd(1), clamav.conf(5); others updated


!!!
    Please don't use the oav-update script with this version. It doesn't
update viruses.db2 and supports OpenAntiVirus.org site only (the last
update of the OAV database was 1 July !). Nicholas Chua <nicholas@ncmbox.net>
has generated over 200 new signatures, ClamAV's database is also frequently
updated (expecially when new wild virus/worm appears, eg. W32/BugBear.A).

    This software is still in developement (new software == new bugs), however
clamscan should be very stable. You shouldn't use clamd/clamuko (well, clamd is
stable, clamuko isn't) on production systems, yet. Please wait for 0.51 at
least ;). ClamAV 0.50 was tested on Linux and Solaris and should work fine.
There is a problem with clamd on FreeBSD (tested on my FreeBSD 5.0-CURRENT) -
the daemon crashes with Zip/Gzip files (disabling ScanArchive should help).

Enjoy !
--
Tomasz Kojm
October 5, 2002


0.24
----

-) fixed threads deadlock in a critical error situation (bug found by David
   Sanchez <dsanchez@veloxia.com>)
-) fixed sigtool bug (negative seeking)
-) fixed potential clamscan segfault in the case of memory allocation error
-) unpacker execution error is no longer treated as critical - a few programs
   (eg. Qmail-Scanner, TrashScan) have clamscan command hardcoded with all
   archive options turned on. Now, if unpacker can't be executed, raw file is
   scanned and scan process is continued.
-) reverted to pthread.h detection
-) TrashScan 0.07 (Trashware <trashware@gmx.net>)
-) --exclude (regular expressions are not supported !)
   [ex: clamscan --exclude="/proc/kcore" /], but please use it with care.
-) included html documentation

IMPORTANT NOTE:
~~~~~~~~~~~~~~~
You will probably have a problem with a default Qmail-Scanner (1.13 or newer)
installation. You need to increase qmail-smtpd softlimit or disable it. You
can force clamscan to use only half of the memory which it uses by default, too.
Please change the following line in the clamscan/matcher.h file:
    #define MIN_LENGTH 5
to:
    #define MIN_LENGTH 3
and recompile the program. Unhappily, scanning may be a little slower in some
cases, but it shouldn't be significant. Then you can safely set the qmail
softlimit to 8 MB. I want to thank Doug Monroe <doug@planetconnect.com> for
his contribution in the problem analysis.
---

New ClamAV version is in a heavy development. It has currently built-in
support for RAR, Zip, Gzip and tar. The daemon will support only built-in
compression/archive support. Snapshot will be available for a few days.

0.23
----

-) fixed compile problem on FreeBSD (thanks to Wieslaw Glod <wkg@x2.pl> and
   Ken McKittrick <klmac@usadatanet.com>)
-) clamscan reads all .db files from data directory, so you can put your
   own databases there and they won't be overwrited by the updaters. viruses.db
   is still the main database file (if --database isn't used).
-) --deb (debian binary packages scanning) by Magnus Ekdahl <magnus@debian.org>
-) --remove option, but be careful with it !
-) new clam logo ;) (GPL) by Michal Hajduczenia <michalis@mat.uni.torun.pl>.
-) TrashScan 0.06 (by Trashware <trashware@gmx.net>) - a script for scanning
   mail with procmail. I recommend it. (support/trashscan)
-) documentation updates

0.30 release will contain a daemon and an anti-virus library (with simple API),
so you can use it directly in your projects. I want to build in zip and rar
support, also.

There are binary packages for AIX available. Please check the documentation.

0.22
----

This release fixes bug with scanning archives in unaccessible directories with
*superuser* priviledges (after dropping priviledges scanner wasn't able to
access the archive, although the same archive was accessible), thanks
for Sergei Pronin <sp@finndesign.fi> for the problem description. Now all
archives unaccessible directly by the clamav user are copied (with a respect to
--max-space) to the temporary directory. All old filesystem tricks were removed.

Other fixes / improvements:

-) better error handling, new error codes
-) improved -i (--infected) option
-) removed --strange-unzip option
-) removed eicar test files and logos from the documentation due to the GPL
   (thanks for Magnus Ekdahl <magnus@debian.org>), ClamAV-Test-Signature is
   used instead
-) removed Qmail-Scanner patch, ClamAV is supported by Q-S 1.13 (thanks guys!)
-) code cleanups


0.21 Release
------------

It fixes following problems:

-) database downloading in freshclam/0.20
-) malformed amavis-perl patch from 0.20
-) clamscan problems with some unzip versions, please try --strange-unzip
   option

ClamAV 0.21 source package contains initial support for NetBSD
(thanks to Marc Baudoin <babafou@babafou.eu.org>, Jean-Edouard BABIN
<Jeb@jeb.com.fr>), better support for Mac OS X (Masaki Ogawa <proc@mac.com>),
and clamdoc documentation corrected by Dennis Leeuw <dleeuw@made-it.com>.


0.20 Release
------------

The most important change in this release is a new, linear pattern matching
algorithm. You will find more informations about it in clamscan/matcher.c -
in the sources and in clamdoc. Summary (since 0.15):

New features:

-) fast pattern matching algorithm
-) sigtool utility, check `man sigtool` and clamdoc
-) Linux: threads autodetection on various architectures
          (Magnus Ekdahl <magnus@debian.org>)
-) -i, --infected: clamscan prints only infected files
-) 'Data scanned' in summary, size in megabytes with 16 Kb precision
-) configure: --with-dbdir sets the database location
-) support/sigmake shell script by Dennis Leeuw <leeuw@stone-it.com>
-) Spanish "Sendmail+Amavis+ClamAv installation how-to" by
   Erick I. Lopez Carreon <elopezc@technitrade.com>

Updates:

-) "Debian GNU/Linux Mail Server v. 0.2.0" by Dennis Leeuw <leeuw@stone-it.com>
-) qmail-scanner patch from Kazuhiko <kazuhiko@fdiary.net>
-) general documentation cleanups / updates
-) freshclam / Internet database location

Fixes:

-) threads autodetection on not-x86 Linux systems
-) gcc 3.x support (David Ford <david+cert@blue-labs.org>)
-) data type fix on Mac OS X (Peter N Lewis <peter@stairways.com.au>)
-) removed -w, --whole-file, now clamscan scans whole files by default
   -w is still supported by internal getopt(), because it is used in
   various patches
-) removed --one-virus, still supported by getopt(); removed 'Found viruses'
   from summary, clamscan stops file scanning after first virus
-) fixed old problem with scanning stdin
-) removed amavisd-patch - strange problems have been reported

OpenAntiVirus Update is a great tool written by Matthew A. Grant
<grantma@anathoth.gen.nz> and it will be the primary updater for ClamAV
in the near future. In contrast to freshclam it has proxy support and many
specific features. Please check clamdoc for more informations and how to
obtain it.


0.15 Notes
----------

This version contains minor bugfixes only, such as:
    -) multiple fixes in freshclam (it has problems, when one of the
       hosts wasn't accessible), there were logic flaws in the code
    -) fixed problem with password protected archives (unpackers were waiting
       for password)

New features:
    -) OpenBSD support (thanks to Kamil Andrusz <wizz@mniam.net>)
    -) added support for amavisd, qmail-scanner (see ./support)

There were no major bugs and I was very busy, that's why new version is
released just today. In the next 2 months, clamav development will be much
faster. Here are some of my plans:

    ~ 0.20 : New pattern-matching algorithm
    ~ 0.30 : clamlib; clamscan and the daemon based on it

There is a new homepage:

		http://clamav.elektrapro.com

Thanks to ElektraPro.com for sponsoring this site (it's very fast).
Thanks to NERvOus <nervous@nervous.it>.

If you are interested in current development versions, please check
snapshots link.

Resource usage limits in 0.14
-----------------------------

Two new features: --max-files, --max-space have been implemented. If you have
enabled one of this options, clamscan monitors resource usage (number of
created files and used space) and stops extractor when it has exceeded
the limit. You should use these options to protect your machine against
Denial of Service attacks. In the near future --max-levels (limit for
recursive archives extracting) and --max-time (spent on checking/extracting
files) will be implemented.


FreeBSD: AMaViS compile problems
--------------------------------

Please check FAQ.

!!! Strange signatures in VirusSignatures-2002.04.15.10.51.zip !!!
------------------------------------------------------------------

Last version of signatures was ~90 kb, this version is ~474 kb.
But I don't understand, why some signatures are mega-huge. When I decoded
them, they looked like regular files. In CA they were removed from the
database and I probably add them later, in normal sizes.

Installation :
--------------

Please view documentation in ./docs. There are several formats - pdf, ps
and plain latex, if you want to compile it yourself.

You need GNU make (on Solaris you should have gmake).
It was tested only with gcc 2.9x compilers.