clamav 0.80. WTF?

Andrzej Zawadzki zawadaa w wp.pl
Nie, 17 Paź 2004, 19:52:04 CEST


Marcin Król wrote:
>> A on w ogóle szuka libidn, czy to tylko zależność pośrednia poprzez
>> curl?
> 
> 
> Posrednia. Sam juz zauwazylem :)
> 
>> Jeśli nieużywanie curla było przewidziane, to błąd.
> 
> 
> Niedospanie nie poplaca, co innego wyczytalem w configure, co innego 
> wpisywalem w specu. Wlasnie testuje i niebawem commitne.

No to mamy stable (nareszcie bo kto nie używał 0.80rcX to musiał mieć w 
sieci trochę jpegowych exploitów)

I jeszcze jedno: w 0.80rcx dodano możliwość sprawdzania czy są nowe bazy 
wirusów, poprzez czytanie rekordu w DNSie (znacznie redukuje to 
obciążenie serwerów z bazami wirusów)
Zatem czy nie lepiej w tej chwili wykorzystać "demonową" pracę 
freshclamava albo zwiększenie częstotliwości odpytywania DNSa?

Dosłownie sprzed chwilki:

[Clamav-announce] announcing ClamAV 0.80

Dear ClamAV users,

the new stable release introduces the following new features and 
improvements:

-) libclamav
     + Portable Executable analyser (CL_SCAN_PE) featuring:
	o UPX decompression (all versions)
	o Petite decompression (2.x)
	o FSG decompression (1.3, 1.31, 1.33)
	o detection of broken executables (CL_SCAN_BLOCKBROKEN)
     + new, memory efficient, pattern matching algorithm (multipattern 
variant
       of Boyer-Moore) - it's now primary matcher and Aho-Corasick is 
only used
       for regular expression extended signatures
     + new signature format with advanced target type and offset 
specification
     + support for MD5 based signatures
     + extended regular expression scanner
     + added support for MS cabinet files
     + added support for CHM files
     + added support for POSIX tar archives
     + scanning inside PowerPoint documents
     + HTML normaliser with support for decoding of MS Script Encoder code
     + great improvements in e-mail scanner (now handles even more worm 
tricks)
     + new method of mail files detection
     + all e-mail attachments are now scanned (previously only the first ten
       attachments were scanned)
     + added support for scanning URLs in e-mails (CL_SCAN_MAILURL)
     + detection of Worm.Mydoom.M.log
     + updated API (still backward compatible but please consult Section 
6 of
       clamdoc.pdf and adapt your software)
     + faster base64 decoding
     + support for GNU tar files
     + updated on-access scanner

-) clamd
     + new directive ScanHTML (enables HTML normalisator and ScrEnc decoder)
     + new directive ScanPE (win32 executable analyser and decompressor)
     + new directive DetectBrokenExecutables (try to detect broken 
executables
       and mark them as Broken.Executable)
     + new directive MailFollowURLs (try to download and scan files from 
URLs
       in mails. BE CAREFUL! DO NOT ENABLE IT ON LOADED MAIL SERVERS)
     + new directive ArchiveBlockMax (archives that exceed limits will be
       marked as viruses)
     + clamav.conf was renamed to clamd.conf

-) clamscan
     + mail files are scanned by default, use --no-mail to disable it
     + new option --no-html (disables HTML normalisator)
     + new option --no-pe (disables PE analyser)
     + new option --detect-broken
     + new option --block-max
     + new option --mail-follow-urls (download and scan files from URLs 
in mails)

-) clamdscan
     + now prints warnings if some activated command line options are only
       supported by clamscan
     + added support for archive scanning in stdin mode

-) clamav-milter
     + improved template file format
     + quarantined file names now contain virus names
     + initial support for SESSION mode of clamd

-) freshclam:
     + new directive DNSDatabaseInfo that enables ultra lightweight version
       verification method through DNS (using TXT records). Based on idea by
       Christopher X. Candreva and enabled by default.
       (see http://www.gossamer-threads.com/lists/clamav/users/11102)
     + new option --no-dns (quick option to disable DNS method without 
editing
       freshclam.conf)

-) sigtool
     + removed ability of automatic signature generation (use MD5 sums to
       create your own signatures, see signatures.pdf for details)
     + new option --md5
     + new option --html-normalise (saves HTML normalisation and decryption
       results in three html files in current directory)

-) configure:
     + new option --disable-gethostbyname_r (try enabling it if 
clamav-milter
       compilation fails)
     + new option --disable-dns (try enabling it if freshclam 
compilation fails)
     + extended regular expression scanner

-) documentation
     + included new Mac OS X installation instructions
     + official documentation rewritten and outdated docs removed


We encourage our users to take advantage of our new mirror structure. In 
order
to download the database from the closest mirror you should configure 
freshclam
to use db.XY.clamav.net where XY is your country code (see
http://www.iana.org/cctld/cctld-whois.htm for the full list). Please add
the following lines to freshclam.conf:

     DNSDatabaseInfo current.cvd.clamav.net
     DatabaseMirror db.XY.clamav.net
     DatabaseMirror database.clamav.net

DNSDatabaseInfo enables database and software version verification through
DNS TXT records, and the second database mirror acts as a fallback in case
a connection to the first mirror fails for some reason.



--
The ClamAV team (http://www.clamav.net/team.html)

-- 
Andrzej Zawadzki




Więcej informacji o liście dyskusyjnej pld-devel-pl