ClamAV 0.99 AntiVirus recently released, contains major new features and changes. YARA rules, Perl Compatible Regular Expressions, revamped on-access scanning for Linux, and other new features join the many great features of ClamAV:
- Processing of YARA rules (some limitations- see signatures.pdf).
- Support in ClamAV logical signatures for many of the features added for YARA, such as Perl Compatible Regular Expressions, alternate strings, and YARA string attributes. See signatures.pdf for full details.
- New and improved on-access scanning for Linux. See the recent blog post and clamdoc.pdf for details on the new on-access capabilities.
- A new ClamAV API callback function that is invoked when a virus is found. This is intended primarily for applications running in all-match mode. Any applications using all-match mode must use the new callback function to record and report detected viruses.
- Configurable default password list to attempt zip file decryption.
- TIFF file support.
- Upgrade Windows pthread library to 2.9.1.
- A new signature target type for designating signatures to run against files with unknown file types.
- Improved fidelity of the “data loss prevention” heuristic algorithm. Code supplied by Bill Parker.
- Support for LZMA decompression within Adobe Flash files.
- Support for MSO attachments within Microsoft Office 2003 XML files.
- A new sigtool option(–ascii-normalize) allowing signature authors to more easily generate normalized versions of ascii files.
- Windows installation directories changed from \Program Files\Sourcefire\ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.
As always ClamAV can be downloaded from the ClamAV Downloads page on ClamAV.net
The post ClamAV 0.99 AntiVirus Released for GNU/Linux and Microsoft Windows appeared first on Sysads Gazette.