April 2nd, 2010 Posted by - jesler
ClamAV 0.96 introduces new malware detection mechanisms and other
significant improvements to the scan engine. The key features are:
- The Bytecode Interpreter: the interpreter built into LibClamAV allows
the signature writers to create and distribute very complex detection
routines and remotely enhance the scanner’s functionality
- Heuristic improvements: improve the PE heuristics detection engine by
adding support of bogus icons and fake PE header information. In a
nutshell, ClamAV can now detect malware that tries to disguise itself
as a harmless application by using the most common Windows program
- Signature Improvements: logical signature improvements to allow more
detailed matching and referencing groups of signatures. Additionally,
improvements to wildcard matching on word boundaries and newlines.
- Support for new archives: 7zip, InstallShield and CPIO. LibClamAV
can now transparently unpack and inspect their contents.
- Support for new executable file formats: 64-bit ELF files and OS X
Universal Binaries with Mach-O files. Additionally, the PE module
can now decompress and inspect executables packed with UPX 3.0.
- Support for DazukoFS in clamd
- Performance improvements: overall performance improvements and
memory optimizations for a better overall resource utilization
- Native Windows Support: ClamAV will now build natively under
Visual Studio. This will allow 3rd Party application developers on
Windows to easily integrate LibClamAV into their applications.
The complete list of changes is available in the ChangeLog file. For
upgrade notes and tips please see: