clamav 0.80. WTF?
Andrzej Zawadzki
zawadaa w wp.pl
Nie, 17 Paź 2004, 19:52:04 CEST
Marcin Król wrote:
>> A on w ogóle szuka libidn, czy to tylko zależność pośrednia poprzez
>> curl?
>
>
> Posrednia. Sam juz zauwazylem :)
>
>> Jeśli nieużywanie curla było przewidziane, to błąd.
>
>
> Niedospanie nie poplaca, co innego wyczytalem w configure, co innego
> wpisywalem w specu. Wlasnie testuje i niebawem commitne.
No to mamy stable (nareszcie bo kto nie używał 0.80rcX to musiał mieć w
sieci trochę jpegowych exploitów)
I jeszcze jedno: w 0.80rcx dodano możliwość sprawdzania czy są nowe bazy
wirusów, poprzez czytanie rekordu w DNSie (znacznie redukuje to
obciążenie serwerów z bazami wirusów)
Zatem czy nie lepiej w tej chwili wykorzystać "demonową" pracę
freshclamava albo zwiększenie częstotliwości odpytywania DNSa?
Dosłownie sprzed chwilki:
[Clamav-announce] announcing ClamAV 0.80
Dear ClamAV users,
the new stable release introduces the following new features and
improvements:
-) libclamav
+ Portable Executable analyser (CL_SCAN_PE) featuring:
o UPX decompression (all versions)
o Petite decompression (2.x)
o FSG decompression (1.3, 1.31, 1.33)
o detection of broken executables (CL_SCAN_BLOCKBROKEN)
+ new, memory efficient, pattern matching algorithm (multipattern
variant
of Boyer-Moore) - it's now primary matcher and Aho-Corasick is
only used
for regular expression extended signatures
+ new signature format with advanced target type and offset
specification
+ support for MD5 based signatures
+ extended regular expression scanner
+ added support for MS cabinet files
+ added support for CHM files
+ added support for POSIX tar archives
+ scanning inside PowerPoint documents
+ HTML normaliser with support for decoding of MS Script Encoder code
+ great improvements in e-mail scanner (now handles even more worm
tricks)
+ new method of mail files detection
+ all e-mail attachments are now scanned (previously only the first ten
attachments were scanned)
+ added support for scanning URLs in e-mails (CL_SCAN_MAILURL)
+ detection of Worm.Mydoom.M.log
+ updated API (still backward compatible but please consult Section
6 of
clamdoc.pdf and adapt your software)
+ faster base64 decoding
+ support for GNU tar files
+ updated on-access scanner
-) clamd
+ new directive ScanHTML (enables HTML normalisator and ScrEnc decoder)
+ new directive ScanPE (win32 executable analyser and decompressor)
+ new directive DetectBrokenExecutables (try to detect broken
executables
and mark them as Broken.Executable)
+ new directive MailFollowURLs (try to download and scan files from
URLs
in mails. BE CAREFUL! DO NOT ENABLE IT ON LOADED MAIL SERVERS)
+ new directive ArchiveBlockMax (archives that exceed limits will be
marked as viruses)
+ clamav.conf was renamed to clamd.conf
-) clamscan
+ mail files are scanned by default, use --no-mail to disable it
+ new option --no-html (disables HTML normalisator)
+ new option --no-pe (disables PE analyser)
+ new option --detect-broken
+ new option --block-max
+ new option --mail-follow-urls (download and scan files from URLs
in mails)
-) clamdscan
+ now prints warnings if some activated command line options are only
supported by clamscan
+ added support for archive scanning in stdin mode
-) clamav-milter
+ improved template file format
+ quarantined file names now contain virus names
+ initial support for SESSION mode of clamd
-) freshclam:
+ new directive DNSDatabaseInfo that enables ultra lightweight version
verification method through DNS (using TXT records). Based on idea by
Christopher X. Candreva and enabled by default.
(see http://www.gossamer-threads.com/lists/clamav/users/11102)
+ new option --no-dns (quick option to disable DNS method without
editing
freshclam.conf)
-) sigtool
+ removed ability of automatic signature generation (use MD5 sums to
create your own signatures, see signatures.pdf for details)
+ new option --md5
+ new option --html-normalise (saves HTML normalisation and decryption
results in three html files in current directory)
-) configure:
+ new option --disable-gethostbyname_r (try enabling it if
clamav-milter
compilation fails)
+ new option --disable-dns (try enabling it if freshclam
compilation fails)
+ extended regular expression scanner
-) documentation
+ included new Mac OS X installation instructions
+ official documentation rewritten and outdated docs removed
We encourage our users to take advantage of our new mirror structure. In
order
to download the database from the closest mirror you should configure
freshclam
to use db.XY.clamav.net where XY is your country code (see
http://www.iana.org/cctld/cctld-whois.htm for the full list). Please add
the following lines to freshclam.conf:
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.XY.clamav.net
DatabaseMirror database.clamav.net
DNSDatabaseInfo enables database and software version verification through
DNS TXT records, and the second database mirror acts as a fallback in case
a connection to the first mirror fails for some reason.
--
The ClamAV team (http://www.clamav.net/team.html)
--
Andrzej Zawadzki
Więcej informacji o liście dyskusyjnej pld-devel-pl