[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Tomasz Kojm
tkojm at clamav.net
Sun Apr 4 01:22:41 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit a86c2ddcfcab1b2d521b9c46b6964df89febc39c
Author: Tomasz Kojm <tkojm at clamav.net>
Date: Wed Mar 10 18:37:35 2010 +0100
update docs
diff --git a/NEWS b/NEWS
index d3c6221..6f5c345 100644
--- a/NEWS
+++ b/NEWS
@@ -1,9 +1,39 @@
-0.95.2
-------
+0.96rc1
+-------
-This version improves handling of archives, adds support for --file-list
-in clamscan and clamdscan, and fixes various issues found in previous
-releases.
+This release of ClamAV introduces new malware detection mechanisms and other
+significant improvements to the scan engine. The key features include:
+
+ - The Bytecode Interpreter: the interpreter built into LibClamAV allows
+ the signature writers to create and distribute very complex detection
+ routines and remotely enhance the scanner's functionality
+
+ - Heuristic improvements: improve the PE heuristics detection engine by
+ adding support of bogus icons and fake PE header information. In a
+ nutshell, ClamAV can now detect malware that tries to disguise itself
+ as a harmless application by using the most common Windows program icons.
+
+ - Signature Improvements: logical signature improvements to allow more
+ detailed matching and referencing groups of signatures. Additionally,
+ improvements to wildcard matching on word boundaries and newlines.
+
+ - Support for new archives: 7zip, InstallShield and CPIO. LibClamAV
+ can now transparently unpack and inspect their contents.
+
+ - Support for new executable file formats: 64-bit ELF files and OS X
+ Universal Binaries with Mach-O files. Additionally, the PE module
+ can now decompress and inspect executables packed with UPX 3.0.
+
+ - Performance improvements: overall performance improvements and memory
+ optimizations for a better overall resource utilization experience.
+
+ - Native Windows Support: ClamAV will now build natively under Visual
+ Studio. This will allow 3rd Party application developers on Windows
+ to easily integrate LibClamAV into their applications.
+
+The complete list of changes is available in the ChangeLog file. For upgrade
+notes and tips please see: https://wiki.clamav.net/Main/UpgradeNotes096
--
The ClamAV team (http://www.clamav.net/team)
+
diff --git a/README b/README
index abec596..3bcb16a 100644
--- a/README
+++ b/README
@@ -2,6 +2,55 @@ Note: This README/NEWS file refers to the source tarball. Some things described
here may not be available in binary packages.
--
+0.96rc1
+-------
+
+This release of ClamAV introduces new malware detection mechanisms and other
+significant improvements to the scan engine. The key features include:
+
+ - The Bytecode Interpreter: the interpreter built into LibClamAV allows
+ the signature writers to create and distribute very complex detection
+ routines and remotely enhance the scanner's functionality
+
+ - Heuristic improvements: improve the PE heuristics detection engine by
+ adding support of bogus icons and fake PE header information. In a
+ nutshell, ClamAV can now detect malware that tries to disguise itself
+ as a harmless application by using the most common Windows program icons.
+
+ - Signature Improvements: logical signature improvements to allow more
+ detailed matching and referencing groups of signatures. Additionally,
+ improvements to wildcard matching on word boundaries and newlines.
+
+ - Support for new archives: 7zip, InstallShield and CPIO. LibClamAV
+ can now transparently unpack and inspect their contents.
+
+ - Support for new executable file formats: 64-bit ELF files and OS X
+ Universal Binaries with Mach-O files. Additionally, the PE module
+ can now decompress and inspect executables packed with UPX 3.0.
+
+ - Performance improvements: overall performance improvements and memory
+ optimizations for a better overall resource utilization experience.
+
+ - Native Windows Support: ClamAV will now build natively under Visual
+ Studio. This will allow 3rd Party application developers on Windows
+ to easily integrate LibClamAV into their applications.
+
+The complete list of changes is available in the ChangeLog file. For upgrade
+notes and tips please see: https://wiki.clamav.net/Main/UpgradeNotes096
+
+--
+The ClamAV team (http://www.clamav.net/team)
+
+0.95.3
+------
+
+ClamAV 0.95.3 is a bugfix release recommended for all users.
+Please refer to the ChangeLog included in the source distribution
+for the list of changes.
+
+--
+The ClamAV team (http://www.clamav.net/team)
+
0.95.2
------
diff --git a/docs/clamdoc.pdf b/docs/clamdoc.pdf
index ad82aa0..0d77dcb 100644
Binary files a/docs/clamdoc.pdf and b/docs/clamdoc.pdf differ
diff --git a/docs/clamdoc.tex b/docs/clamdoc.tex
index b817e10..9538c2c 100644
--- a/docs/clamdoc.tex
+++ b/docs/clamdoc.tex
@@ -71,7 +71,7 @@
\vspace{3cm}
\begin{flushright}
\rule[-1ex]{8cm}{3pt}\\
- \huge Clam AntiVirus -devel\\
+ \huge Clam AntiVirus 0.96rc1\\
\huge \emph{User Manual}\\
\end{flushright}
@@ -83,7 +83,7 @@
\noindent
\begin{boxedminipage}[b]{\textwidth}
ClamAV User Manual,
- \copyright \ 2007 - 2009 Sourcefire, Inc.
+ \copyright \ 2007 - 2010 Sourcefire, Inc.
Authors: Tomasz Kojm\\
This document is distributed under the terms of the GNU General
Public License v2.\\
@@ -127,15 +127,20 @@
\item{POSIX compliant, portable}
\item{Fast scanning}
\item{Supports on-access scanning (Linux and FreeBSD only)}
- \item{Detects over 570.000 viruses, worms and trojans, including
+ \item{Detects over 720.000 viruses, worms and trojans, including
Microsoft Office macro viruses, mobile malware, and other threats}
+ \item{Built-in bytecode interpreter allows the ClamAV signature writers
+ to create and distribute very complex detection routines and
+ remotely enhance the scanner's functionality}
\item{Scans within archives and compressed files (also protects
against archive bombs), built-in support includes:
\begin{itemize}
\item Zip (including SFX)
\item RAR (including SFX)
+ \item 7Zip
\item ARJ (including SFX)
\item Tar
+ \item CPIO
\item Gzip
\item Bzip2
\item MS OLE2
@@ -145,6 +150,7 @@
\item BinHex
\item SIS (SymbianOS packages)
\item AutoIt
+ \item InstallShield
\end{itemize}}
\item{Supports Portable Executable (32/64-bit) files compressed or obfuscated with:}
\begin{itemize}
@@ -159,6 +165,7 @@
\item Upack
\item Y0da Cryptor
\end{itemize}
+ \item{Supports ELF and Mach-O files (both 32- and 64-bit)}
\item{Supports almost all mail file formats}
\item{Support for other special files/formats includes:}
\begin{itemize}
@@ -203,18 +210,19 @@
\section{Base package}
\subsection{Supported platforms}
- Most popular UNIX operating systems are supported. Clam AntiVirus 0.9x was
- tested on:
- \begin{itemize}
- \item{GNU/Linux}
- \item{Solaris}
- \item{FreeBSD}
- \item{OpenBSD} \footnote{Installation from a port is recommended.}
- \item{Mac OS X}
- \end{itemize}
- Some features may not be available on your operating system. If you
- are successfully running Clam AntiVirus on a system not listed above
- please let us know.
+ \subsubsection{UNIX}
+ The most popular UNIX operating systems are supported. Clam AntiVirus 0.9x is
+ regularly tested on:
+ \begin{itemize}
+ \item{GNU/Linux}
+ \item{Solaris}
+ \item{FreeBSD}
+ \item{OpenBSD} \footnote{Installation from a port is recommended.}
+ \item{Mac OS X}
+ \end{itemize}
+
+ \subsubsection{Windows}
+ Starting with 0.96 ClamAV builds natively under Visual Studio.
\subsection{Binary packages}
You can find the up-to-date list of binary packages at our website:
@@ -223,7 +231,9 @@
\section{Installation}
\subsection{Requirements}
- The following elements are required to compile ClamAV:
+ The following components are required to compile ClamAV under UNIX:
+ \footnote{For Windows instructions please see win32/README in the
+ main source code directory.}
\begin{itemize}
\item zlib and zlib-devel packages
\item gcc compiler suite (tested with 2.9x, 3.x and 4.x series)\\
@@ -428,7 +438,7 @@ $ CK_FORK=no ./libtool --mode=execute valgrind unit_tests/check-clamav
section.
\subsection{clamav-milter}
- ClamAV 0.95 includes a new, redesigned clamav-milter. The most notable
+ ClamAV $\ge0.95$ includes a new, redesigned clamav-milter. The most notable
difference is that the internal mode has been dropped and now a working
clamd companion is required. The second important difference is that now
the milter has got its own configuration and log files. To compile ClamAV
@@ -746,15 +756,14 @@ N * * * * /usr/local/bin/freshclam --quiet
\subsection{Licence}
Libclamav is licensed under the GNU GPL v2 licence. This means you are
- \textbf{not allowed} to link commercial, close-source applications
- against it\footnote{You can still use clamd or clamscan instead}.
- All software using libclamav must be GPL compliant.
+ \textbf{not allowed} to link commercial, closed-source software
+ against it. All software using libclamav must be GPL compliant.
- \subsection{Supported formats}
+ \subsection{Supported formats and features}
\subsubsection{Executables}
- The library has a built-in support for 32/64-bit Portable Executable files
- and 32-bit ELF files. Additionally, it can handle PE files compressed or
+ The library has a built-in support for 32- and 64-bit Portable Executable,
+ ELF and Mach-O files. Additionally, it can handle PE files compressed or
obfuscated with the following tools:
\begin{itemize}
\item Aspack (2.12)
@@ -779,7 +788,9 @@ N * * * * /usr/local/bin/freshclam --quiet
\begin{itemize}
\item Zip (+ SFX)
\item RAR (+ SFX)
+ \item 7Zip
\item Tar
+ \item CPIO
\item Gzip
\item Bzip2
\item MS OLE2
@@ -790,6 +801,7 @@ N * * * * /usr/local/bin/freshclam --quiet
\item SIS (SymbianOS packages)
\item AutoIt
\item NSIS
+ \item InstallShield
\end{itemize}
\subsubsection{Documents}
@@ -824,7 +836,7 @@ N * * * * /usr/local/bin/freshclam --quiet
#include <clamav.h>
\end{verbatim}
- \subsection{Initialization}
+ \subsubsection{Initialization}
Before using libclamav, you should call \verb+cl_init()+ to initialize
it. When it's done, you're ready to create a new scan engine by calling
\verb+cl_engine_new()+. To free resources allocated by the engine use
@@ -866,6 +878,10 @@ N * * * * /usr/local/bin/freshclam --quiet
Initialize the phishing detection module and load .wdb and .pdb files.
\item \textbf{CL\_DB\_PUA}\\
Load signatures for Potentially Unwanted Applications.
+ \item \textbf{CL\_DB\_OFFICIAL\_ONLY}\\
+ Only load official signatures from digitally signed databases.
+ \item \textbf{CL\_DB\_BYTECODE}\\
+ Load bytecode.
\end{itemize}
\verb+cl_load()+ returns \verb+CL_SUCCESS+ on success and another code on
failure.
@@ -916,7 +932,7 @@ N * * * * /usr/local/bin/freshclam --quiet
}
\end{verbatim}
- \subsection{Limits}
+ \subsubsection{Limits}
When you create a new engine with \verb+cl_engine_new()+, it will have
all internal settings set to default values as recommended by the
ClamAV authors. It's possible to check and modify the values (numerical
@@ -937,7 +953,7 @@ const char *cl_engine_get_str(const struct cl_engine *engine,
Please don't modify the default values unless you know what you're doing.
Refer to the ClamAV sources (clamscan, clamd) for examples.
- \subsection{Database reloading}
+ \subsubsection{Database checks}
It's very important to keep the internal instance of the database up to
date. You can watch database changes with the \verb+cl_stat..()+ family
of functions.
@@ -955,7 +971,8 @@ const char *cl_engine_get_str(const struct cl_engine *engine,
cl_statinidir(dbdir, &dbstat);
\end{verbatim}
To check for a change you just need to call \verb+cl_statchkdir+ and check
- its return value (0 - no change, 1 - some change occured):
+ its return value (0 - no change, 1 - some change occured). Remember to reset
+ the \verb+cl_stat+ structure after reloading the database.
\begin{verbatim}
if(cl_statchkdir(&dbstat) == 1) {
reload_database...;
@@ -963,7 +980,20 @@ const char *cl_engine_get_str(const struct cl_engine *engine,
cl_statinidir(cl_retdbdir(), &dbstat);
}
\end{verbatim}
- Remember to reset the \verb+cl_stat+ structure after each reload.
+ Libclamav $\ge0.96$ includes and additional call to check the number of
+ signatures that can be loaded from a given directory:
+ \begin{verbatim}
+ int cl_countsigs(const char *path, unsigned int countoptions,
+ unsigned int *sigs);
+ \end{verbatim}
+ The first argument points to the database directory, the second one
+ specifies what signatures should be counted:
+ \verb+CL_COUNTSIGS_OFFICIAL+ (official signatures),\\
+ \verb+CL_COUNTSIGS_UNOFFICIAL+ (third party signatures),
+ \verb+CL_COUNTSIGS_ALL+ (all signatures). The last argument points
+ to the counter to which the number of detected signatures will
+ be added (therefore the counter should be initially set to 0).
+ The call returns \verb+CL_SUCCESS+ or an error code.
\subsubsection{Data scan functions}
It's possible to scan a file or descriptor using:
diff --git a/libclamav/clamav.h b/libclamav/clamav.h
index f998c65..533157e 100644
--- a/libclamav/clamav.h
+++ b/libclamav/clamav.h
@@ -82,7 +82,7 @@ typedef enum {
#define CL_DB_DIRECTORY 0x800 /* internal */
#define CL_DB_OFFICIAL_ONLY 0x1000
#define CL_DB_BYTECODE 0x2000
-#define CL_DB_SIGNED 0x4000
+#define CL_DB_SIGNED 0x4000 /* internal */
/* recommended db settings */
#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_BYTECODE)
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list