Clam AntiVirus

[en] [jp] [de] [it] [es] [fr] [ru] [pl] [pt] [nl] [hu] [simp. cn] [trad. cn]

Roadmap

Next major milestone: 0.96
Target release date: February 2010

At least two release candidates will be released to the community at least 2-4 weeks prior to release, and at least one week after the feature freeze.

Overview

The main target of the next major release is to improve malware detection by providing a new bytecode interpreter, support for additional unpackers, PE heuristics, improvements to logical signatures and the e-mail parser. Other important improvements for this release include adding support for signature debugging and performance statistics, support for 3rd party signature packages, additional unit-tests, file formats, and various scan engine improvements.

Features list

Bytecode Interpreter (See bug #1243)

Disasm hook.
Jsparser hook.
PE hooks, support for unpackers and algorithmic detection.
Lsigs hook.
Simple frontend to create bytecode, initially an internal tool.
JIT on the client, fallback to the interpreter.

Additional Unpackers (See bug #1571)

PECompact.
ASProtect.
UPX 3.0.

Mbox Parser Rewrite (See bug #1245)

Complete new_world quoted printable parser.
Test base64 new_world parser.
Consider if other parsers are needed.
Perform performance tests.

Prefiltering for pattern matchers (See bug #1188)

Fix, test and merge the prefiltering branch.

Improve unit-tests (See bug #1248)

Add more unit tests for files with low coverage
Add unit tests for new code
Signature Performance Statistics (See bugs #1244 and #1246)
Signature decoding and debugging functionality for sigtool.
Measure performance statistics of signatures in the engine.

Logical Signatures improvements (See bugs #164, #895, #896 and #1173)

Add support for macros in signatures.
Extend target description.
Integrate with disassembler.
LS compiler for sigmakers.

Support for 3rd party signature packages (See bug #781)

Implement infrastructure for distribution of 3rd party databases.

Malware statistics improvements (See bugs #1228 and #1503)

Extend stats information (file size, MD5,..).
Direct stats polling from clamd.
Per user statistics.

Support for additional formats (See bugs #789, #1222, #1570, #1592 and #1593)

7zip archives.
GNU sparse tar files.
OSX’s DMG format.
OSX universal executable files (DONE)
64-bit ELF files (DONE)
InstallShield (DONE)
CPIO archives (DONE)

Other scan engine improvements (See bugs #804, #1300, #1475, ##1547, #1576, #1577, #1578 and #1579)

On-the-fly scanning while extracting.
Investigate possibility of using an offset matcher.
Use Safe Browsing for all HTML data.
Anti-phishing enhancements.
Heuristics for PE files.
EP code analyzer.
Detection of fake vendor executables and fake documents.
Improved container handling.
Improved handling of compressed databases (DONE)