ClamAV for Linux 1.5.0

ClamAV, developed by Cisco, is a robust open-source antivirus engine designed to detect a wide range of malware threats, including viruses, trojans, and other malicious software. Known for its versatility and reliability, ClamAV is a preferred choice for both individual users and enterprises seeking a dependable security solution.

One of ClamAV's standout features is its cross-platform compatibility, making it suitable for deployment on various operating systems, including Windows, macOS, and Linux. This flexibility ensures that users across different environments can benefit from its protective capabilities. The software is particularly popular in the Linux community, where it serves as a key component in email scanning, web scanning, and endpoint security.

ClamAV's architecture is built around a powerful command-line interface, which provides advanced users with the ability to customize and automate scans according to their specific needs. For those who prefer a graphical interface, there are several third-party GUIs available that integrate seamlessly with ClamAV, enhancing its accessibility and ease of use.

A significant advantage of ClamAV is its comprehensive virus database, which is regularly updated to include the latest threat signatures. This ensures that users are protected against emerging threats in real-time. The software also supports on-access scanning, which continuously monitors files as they are accessed, providing an additional layer of security.

ClamAV's open-source nature is one of its greatest strengths, as it allows for community-driven development and collaboration. This results in a constantly evolving tool that benefits from the contributions of security experts and developers worldwide. Additionally, its open-source license means that ClamAV is free to use, making it an attractive option for budget-conscious users and organizations.

Despite its many strengths, ClamAV is not without its limitations. Its reliance on signature-based detection means that it may not be as effective against zero-day threats as some proprietary solutions that incorporate advanced heuristics and machine learning. However, its ability to integrate with other security tools and its extensive customization options allow users to bolster its capabilities.

In summary, ClamAV by Cisco is a reliable and versatile antivirus solution that excels in environments where open-source software is preferred. Its cross-platform support, robust command-line interface, and active community make it a valuable tool for detecting and mitigating malware threats. While it may not offer the most advanced features found in some commercial antivirus products, its cost-effectiveness and adaptability make it a compelling choice for many users.

Release notes:

New Release
Added the ability to record URIs found in PDFs if the generate-JSON-metadata feature is enabled. Also adds an option to disable this in case you want the JSON metadata feature but do not want to record PDF URIs. The ClamScan command-line option is --json-store-pdf-uris=no. The clamd.conf config option is JsonStorePDFURIs no. The libclamav general scan option is CL_SCAN_GENERAL_STORE_PDF_URIS
Added regex support for the clamd.conf OnAccessExcludePath config option. This change courtesy of GitHub user b1tg.
Added CVD signing/verification with external .sign files.
Freshclam will now attempt to download external signature files to accompany existing .cvd databases and .cdiff patch files. Sigtool now has commands to sign and verify using the external signatures.
ClamAV now installs a 'certs' directory in the app config directory (e.g., <prefix>/etc/certs). The install path is configurable. The CMake option to configure the CVD certs directory is -D CVD_CERTS_DIRECTORY=PATH
New options to set an alternative CVD certs directory:
The command-line option for Freshclam, ClamD, ClamScan, and Sigtool is --cvdcertsdir PATH
The environment variable for Freshclam, ClamD, ClamScan, and Sigtool is CVD_CERTS_DIR
The config option for Freshclam and ClamD is CVDCertsDirectory PATH
Added two new APIs to the public clamav.h header:
cl_error_t cl_cvdverify_ex(
const char *file,
const char *certs_directory,
uint32_t dboptions);
cl_error_t cl_cvdunpack_ex(
const char *file,
const char *dir,
const char *certs_directory,
uint32_t dboptions);
The original cl_cvdverify and cl_cvdunpack are deprecated.
Added a cl_engine_field enum option CL_ENGINE_CVDCERTSDIR. You may set this option with cl_engine_set_str and get it with cl_engine_get_str, to override the compiled in default CVD certs directory.
Thank you to Mark Carey at SAP for inspiring work on this feature with an initial proof of concept for external-signature FIPS compliant CVD signing.
Freshclam, ClamD, ClamScan, and Sigtool: Adde
[ ClamAV for Linux full changelog ]