End of Life Announcement: ClamAV 0.94.x

October 5th, 2009 Posted by - jesler

All ClamAV releases older than 0.95 are affected by a bug in freshclam which prevents incremental updates from working with signatures longer than 980 bytes. (Read more...)

ClamAV 0.94.1 released

November 3rd, 2008 Posted by - jesler

There is one new feature in this release. This feature allows ClamAV users optionally to submit statistics to us about what they detect in the field. We will then use this data to determine what types of Malware/Viruses are the most detected in the field and in what geographic area they are.
It closes the following bugs from

684,777, 828, 832, 954, 1046, 1085, 1092, (Read more...)

Security fixes in 0.88.4

August 7th, 2006 Posted by - jesler

CVE: CVE-2006-4018
Status: Critical
Vulnerable: ClamAV 0.81 – 0.88.3

A heap overflow vulnerability was discovered in libclamav which could cause a denial of service or allow the execution of arbitrary code.

The problem is specifically located in the PE file rebuild function used by the UPX unpacker.

Relevant code from libclamav/upx.c:

    memcpy(dst, newbuf, foffset);   *dsize = foffset;   free(newbuf);   cli_dbgmsg("UPX: PE structure rebuilt from compressed file\n");   return 1;  

Due to improper validation it is possible to overflow the above memcpy() beyond the allocated memory block.

The problem has been fixed in 0.88.4.

Security fixes in 0.88.2

April 29th, 2006 Posted by - jesler

CVE: CVE-2006-1989
Status: Moderate risk
Vulnerable: ClamAV 0.80 – 0.88.1

Freshclam is a command line utility responsible for downloading and installing virus signature updates. One of its features is a HTTP client performing file downloads from web servers. A security vulnerability in the protocol code was discovered independently by Ulf Harnhammar and an anonymous researcher from Germany.

The problem exists due to a lack of proper check for the size of header data received (Read more...)