Clam AntiVirus is an antivirus toolkit for UNIX. The main purpose of
this software is the integration with mail servers (attachment
scanning). The package provides a flexible and scalable multithreaded
daemon, a command line scanner, and a tool for automatic updating via
the Internet. It can be used in conjunction with AMaViSD-new and
Postfix to provide a combined e-mail filter for spam and viruses.
Authors:
--------
Tomasz Kojm
Nigel Horne
Provides
Requires
Copyright
GPL v2 or later
Signatures
internal MD5: 74d428216beee8f184c9ceb10575aa7b
GPG
Changelog
* Fri Apr 18 2008 - max@suse.de
- Convert the database to the new format instead of running
freshclam to re-fetch it (bnc#380787).
- Added main.cld and daily.cld as %ghost
- Refined the logic in %post of clamav-db as to when the dist
files need to get copied over.
* Tue Apr 15 2008 - max@suse.de
- Security update 0.93 (bnc#350987, bnc#368963).
- CVE-2007-6595: symlink attack on temporary files
- CVE-2007-6596: recognize Base64 UUEncoded archives
- CVE-2008-1100: Buffer overflow in the cli_scanpe function.
- Remove bogus dependencies from libclamav.pc (bnc#196236)
- Run freshclam on update before restarting clamd to convert the
database into the new format.
* Wed Feb 13 2008 - max@suse.de
- Security update 0.92.1: (bnc#361374)
* CVE-2008-0318: libclamav PE File Integer Overflow Vulnerability
* CVE-2008-0728: heap corruption
* Tue Jan 15 2008 - aj@suse.de
- Fix open call to build again.
* Fri Dec 14 2007 - max@suse.de
- Security update 0.92 (#343277):
* CVE-2007-6335 - MEW PE File Integer Overflow
* CVE-2007-6336 - Off-by-one error in LZX_READ_HUFFSYM()
* CVE-2007-6337 - bzlib issue
- Make clamd error out if /dev/null can't be opened (#300019).
* Mon Nov 05 2007 - max@suse.de
- Added sendmail and sendmail-devel to BuildRequires.
- Enabled clamav-milter and added an init script for it.
(fate#302362)
* Tue Aug 21 2007 - max@suse.de
- Bugfix update 0.91.2.
- Fixes some NULL dereferences and variable initialisation problems
- Fix some rpmlint warnings in init scripts.
* Thu Aug 09 2007 - max@suse.de
- Inform the user that to use Clamuko, clamd needs to run as root,
so that it can read the files it needs to scan (#201730).
* Tue Jul 17 2007 - max@suse.de
- Stability and bugfix update: 0.91.1 (#292297)
- Run ldconfig on (un)installation.
- Make %check conditional to fix building on SLES8.
* Sun Jul 15 2007 - lrupp@suse.de
- add zlib-devel to build requires
- suppress some false positives from rpmlint
- added %check section and remove unneeded INSTALL file from %doc
* Wed Jul 11 2007 - max@suse.de
- Update to version 0.91 (#289830)
- improved handling of .mdb files (fixes long startup times)
- Adds anti-phishing support
- unpacker for NSIS (Nullsoft Scriptable Install System)
self-extracting archives
- unpacker for ASPack 2.12
- new implementation of the Aho-Corasick pattern matcher providing
better detection for wildcard enabled signatures
- support for nibble matching and floating offsets
- extraction of PE files embedded into other executables
- better handling of PE & UPX
- removed dependency on libcurl (improves stability)
- many other improvements and bugfixes
* Thu May 31 2007 - max@suse.de
- Security update: 0.90.3 (#279536)
- libclamav/unsp.c: fix end of buffer calculation (bb#464)
- libclamav/others.c: use strict permissions (0600) for temporary files
created in cli_gentempstream() (bb#517).
- libclamav/unrar/unrar.c: heap corruption causing DoS with corrupted
rar archive, better handle truncated files
- libclamav/phishcheck.c: isURL() regex execution hangs on Solaris
- libclamav/ole2_extract.c: detect block list loop (bb#466)
* Fri Apr 13 2007 - max@suse.de
- Security update: 0.90.2 (#264189)
- CVE-2007-1997: CAB File Unstore Buffer Overflow Vulnerability
- CVE-2007-1745: file descriptor leak in CHM handler
- File descriptor leaks in libclamav/pdf.c and libclamav/lockdb.c
* Mon Mar 05 2007 - max@suse.de
- Extended the database presence check in rcclamd to accept the
main.inc directory in addition to the main.cvd file, because
freshclam can delete the file during a scripted update.
* Fri Mar 02 2007 - max@suse.de
- Update to version 0.90.1 (#250566)
- Some bug fixes and code improvements
- Bumps the version of libclamav's soname, which should have been
done in 0.90 already.
* Tue Feb 20 2007 - max@suse.de
- Update to version 0.90 (#246214) to fix two Vulnerabilities:
- CAB File Denial of Service (CVE-2007-0897)
- MIME Parsing Directory Traversal (CVE-2007-0898)
- Other changes of 0.90 include:
- Changed config file syntax (automatic conversion is done by the
RPM on update)
- New unpacker for RAR3, RAR2 and RAR1
- Rewritten unpackers for Zip and CAB files
- Support for RAR-SFX, Zip-SFX and CAB-SFX archives
- New PE parsing model
- Support for PE32+ (64-bit) executables
- Support for MD5 signatures based on PE sections (.mdb)
- ELF file parser
- Support for Sensory Networks' NodalCore hardware acceleration
technology
- Algorithmic detection can be controlled with CL_SCAN_ALGORITHMIC
- Support for new obfuscators: SUE, Y0da Cryptor, CryptFF
- Support for new packers: NsPack, wwpack32, MEW, Upack
- Support for SIS files (SymbianOS packages)
- Support for PDF and RTF files
- TCP and local sockets can be operated simultaneously
- New command: MULTISCAN (scan directory with multiple threads)
- There where also some API/ABI changes which might affect packages
that link against libclamav. Affected functions are: cl_loaddb,
cl_loaddir and cl_scanbuff.
- Cleaned up daemonizing of clamd and freshclam.
* Tue Dec 12 2006 - max@suse.de
- Security update: 0.88.7 (#227827, CVE-2006-5874)
- handle consecutive errors in base64 decoding
- honour recursion limit when scanning email messages
- clamscan: new option --mail-max-recursion
- libclamav/untar.c: honour archive limits
* Tue Nov 07 2006 - max@suse.de
- Add homedir of user vscan to the package (FATE300731).
* Mon Nov 06 2006 - max@suse.de
- Bugfix release: 0.88.6 (#218313)
- freshclam: apply timeout patch from Everton da Silva Marques
(new options: ConnectTimeout and ReceiveTimeout)
- clamd: change stack size at the right place (closes bug#103)
- libclamav/petite.c: sanity check the number of rebuilt sections
(speeds up handling of malformed files)
* Tue Oct 17 2006 - max@suse.de
- Bugfix release 0.88.5 fixes two serious security issues.
[#212898], CVE-2006-4182, CVE-2006-5295
* Tue Aug 08 2006 - lnussel@suse.de
- New version 0.88.4 fixes heap overflow in UPX decoder
* Thu Jul 06 2006 - max@suse.de
- Bugfix release 0.88.3:
- fix possible false matches of alternatives
- Large binhex files were not being handled gracefully.
- fix zero allocation warning
- Added bc and pkgconfig to BuildRequires to fix curl version
detection.
- Prevent a file conflict on the database files when main and db
packages of different versions are installed.
- Renamed clamav.conf to clamd.conf for SLES9.
- Added the db subpackage to SLES9.
- Bugzilla: 190647
* Tue May 02 2006 - max@suse.de
- New version: 0.88.2
- Fixes a buffer overflow in freshclam's get_database function
(CVE-2006-1989, Bug #171496).
* Mon Apr 10 2006 - meissner@suse.de
- Fixed several implicit warnings which lead to failures
on 64bit platforms.
* Wed Apr 05 2006 - max@suse.de
- New version: 0.88.1, fixes several security issues:
CVE-2006-1614, CVE-2006-1615, CVE-2006-1630, bug #164039.
* Thu Feb 09 2006 - max@suse.de
- Removed unneeded dependencies from the init script to break a
dependency loop.
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Sat Jan 14 2006 - kukuk@suse.de
- Add gmp-devel to nfb
* Thu Jan 12 2006 - max@suse.de
- Added gcc-4.1 stack protection (-fstack-protector).
* Mon Jan 09 2006 - max@suse.de
- New version: 0.88 (Bug #142298).
* Mon Nov 07 2005 - lnussel@suse.de
- Security update: version 0.87.1 (#132305, CVE-2005-3239,
CVE-2005-3303)
* Mon Sep 19 2005 - max@suse.de
- New version: 0.87 (bug #117648).
* Mon Jul 25 2005 - max@suse.de
- New version: 0.86.2
* Thu Jul 14 2005 - max@suse.de
- New version: 0.86.1
* Tue Jun 21 2005 - max@suse.de
- New version: 0.86
* Tue May 17 2005 - max@suse.de
- New version: 0.85.1 (Bug #81264).
* Wed May 11 2005 - max@suse.de
- New version: 0.85 (Bug #81264).
* Tue May 03 2005 - max@suse.de
- New version: 0.84 (Bug #81264).
- Added and special-cased the patch that is needed for 9.1/SLES9.
* Fri Mar 11 2005 - max@suse.de
- Fixed %doc file list (wildcards matched too much).
* Mon Feb 28 2005 - max@suse.de
- New version: 0.83
* Mon Feb 07 2005 - max@suse.de
- New version: 0.82
* Thu Jan 27 2005 - max@suse.de
- New version: 0.81
* Thu Nov 11 2004 - max@suse.de
- pkgconfig files go to libdir rather than /usr/lib.
* Thu Nov 11 2004 - coolo@suse.de
- fixing file list for debug packages
* Wed Nov 03 2004 - max@suse.de
- Fixed path to freshclam in init script, and rcfreshclam link.
* Mon Oct 18 2004 - max@suse.de
- Updated to the final 0.80 release.
- Added a runlevel script for freshclam.
* Mon Oct 11 2004 - max@suse.de
- Updated to 0.80rc4.
* Wed Sep 29 2004 - max@suse.de
- Updated to 0.80rc3. The README says:
"This release candidate eliminates possible false positive alerts
in UPX/FSG compressed files and clarifies behaviour of default
actions in clamd and freshclam."
- This also eliminates the need to patch configure.in in order to
recognize resolv.
* Thu Sep 23 2004 - max@suse.de
- Updated to 0.80rc2 which fixes a critical bug in the handling of
empty lines in text/plain emails.
- Build with curl support.
- Fixed building of shared libraries instead of static.
- Removed unneeded %run_ldconfig calls.
- Fixed file lists.
- Check for main.cvd instead of daily.cvd on daemon startup.
* Mon Sep 20 2004 - max@suse.de
- Updated to version 0.80rc which adds support for more file
formats, and HTML parsing. See the README file for details.
- Added a warning to the init script if no virus database is
installed.
* Thu Aug 05 2004 - max@suse.de
- New version: 0.75.1
- Moved the virus database files into a subpackage, as they are
large and not needed if the database is kept up to date with
freshclam.
* Fri Jul 23 2004 - max@suse.de
- New version: 0.75
* Thu Jul 08 2004 - max@suse.de
- Added -fno-strict-aliasing to CFLAGS.
* Mon Jul 05 2004 - max@suse.de
- New version: 0.74
* Tue Jun 15 2004 - max@suse.de
- New version: 0.73
* Mon Apr 26 2004 - max@suse.de
- New version: 0.70
- Changes the format of the virus definition file.
* Mon Feb 16 2004 - max@suse.de
- New version: 0.67
- Added support for tcpd (/etc/hosts.{allow,deny}).
- Obsoletes clamav-manager.patch.
* Fri Feb 13 2004 - max@suse.de
- New version: 0.66
- Fixes a remote DoS vulnerability (Bug #34412).
* Tue Jan 27 2004 - max@suse.de
- New package: ClamAV Anti-Virus Toolkit
Files
�7;�1
Generated by rpm2html 1.8.1
Daniel Veillard, Fri Jul 25 03:34:51 2008