Clam AntiVirus
1.4.1
23 Nov 05:45
ClamAV is an anti-virus engine, which is commonly used for email and web scanning, or gateway and fileserver securing. It provides a command-line scanner, a sendmail milter, automatic signature database updates, built-in support for many archiving and container or mail encoding formats, scanning standard ELF and compressed executables, as well as common office document formats.
minor feature: lt;p gt;ClamAV 1.4.1 is a critical patch release with the following : lt;/p gt;. lt;ul gt;. lt;li gt;. lt;p gt; lt;a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506" rel="nofollow" gt;CVE-2024-20506 lt;/a gt;: lt;br gt;. Changed the logging module to disable following symlinks on Linux and Unix lt;br gt; Systems so as to prevent an attacker with existing access to the 'clamd' or lt;br gt; freshclam' services from using a symlink to corrupt system files. lt;/p gt;. lt;p gt;This affects all currently supported versions. It will be in: lt;/p gt;. lt;ul gt;. lt;li gt;1.4.1 lt;/li gt;. lt;li gt;1.3.2 lt;/li gt;. lt;li gt;1.0.7 lt;/li gt;. lt;li gt;0.103.12 lt;/li gt;. lt;/ul gt;. lt;p gt;Thank you to Detlef for identifying this. lt;/p gt;. lt;/li gt;. lt;li gt;. lt;p gt; lt;a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505" rel="nofollow" gt;CVE-2024-20505 lt;/a gt;: lt;br gt;. a possible out-of-bounds read in the PDF file parser that could lt;br gt; Cause a denial-of-service (DoS) condition. lt;/p gt; lt;p gt;This affects all currently supported versions. It will be in: lt;/p gt;. lt;ul gt;. lt;li gt;1.4.1 lt;/li gt;. lt;li gt;1.3.2 lt;/li gt;. lt;li gt;1.0.7 lt;/li gt;. lt;li gt;0.103.12 lt;/li gt;. lt;/ul gt;. lt;p gt;Thank you to OSS-Fuzz for identifying this. lt;/p gt;. lt;/li gt;. lt;li gt;. lt;p gt;Removed unused Python modules from freshclam tests including deprecated lt;br gt;. cgi' module that is expected to cause test failures in Python 3.13. lt;/p gt;. lt;/li gt;. lt;/ul gt;.
