Hello Adolf, Thank you very much for the patch.
It did however not apply cleanly because I increased the release number earlier in next when Stefan submitted a new version of Rust. So you might not see this one as accepted on Patchwork. I pushed another commit to increase the release once again, although nobody should have seen version 81 anywhere. All the best, -Michael > On 23 Jan 2026, at 13:59, Adolf Belka <[email protected]> wrote: > > - Update from version 1.4.3 to 1.5.1 > - Update of rootfile > - From version 1.5.0 clamav added signing/verification of the signature file > downloads > with external .sign files. -D CVD_CERTS_DIRECTORY=/etc/clamav/certs has > been added > as a build option to create the certs directory and to install the > clamav.crt file > - Tested out the execution of this version on a vm testbed. The .sign files > were > correctly downloaded and the databases approved. This was also the case > with a > reboot. This was where users had a problem with the version relaesed in > CU199 after > they had manually created a directory. > - Changelog > 1.5.1 > ClamAV 1.5.1 is a patch release with the following fixes: > > * > Fixed a significant performance issue when scanning some PE files > * > Fixed an issue recording file entries from a ZIP archive central directory > which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the > ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax > config file option > * > Improved performance when scanning TNEF email attachments > * > Fixed an issue with recording metadata for OOXML office documents > * > Fixed an issue with signature matches for VBA in OLE2 office documents > * > Loosened overly restrictive rules for embedded file identification and > increased the limit for finding PE files embedded in other PE files > * > Fixed an issue with extracting some RAR archives embedded in other files > * > Fixed an issue with calculating fuzzy hashes affecting some images by > updating the version for several Rust library dependencies > * This release does not require a newer version of the Rust compiler > toolchain than what was required for ClamAV 1.5.0 > > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1606> > > 1.5.0 > Major changes > > * > Added checks to determine if an OLE2-based Microsoft Office document is > encrypted. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1295> > * > Added the ability to record URIs found in HTML if the generate-JSON-metadata > feature is enabled. Also adds an option to disable this in case you want the > JSON metadata feature but do not want to record HTML URIs. The ClamScan > command-line option is --json-store-html-uris=no. The clamd.conf config > option is JsonStoreHTMLURIs no. The libclamav general scan option is > CL_SCAN_GENERAL_STORE_HTML_URIS > GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1281> > GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1482> > GitHub pull request #3<https://github.com/Cisco-Talos/clamav/pull/1514> > * > Added the ability to record URIs found in PDFs if the generate-JSON-metadata > feature is enabled. Also adds an option to disable this in case you want the > JSON metadata feature but do not want to record PDF URIs. The ClamScan > command-line option is --json-store-pdf-uris=no. The clamd.conf config option > is JsonStorePDFURIs no. The libclamav general scan option is > CL_SCAN_GENERAL_STORE_PDF_URIS > GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1482> > GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1514> > GitHub pull request #3<https://github.com/Cisco-Talos/clamav/pull/1559> > GitHub pull request #4<https://github.com/Cisco-Talos/clamav/pull/1572> > * > Added regex support for the clamd.conf OnAccessExcludePath config option. > This change courtesy of GitHub user b1tg. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1314> > * > Added CVD signing/verification with external .sign files. > Freshclam will now attempt to download external signature files to accompany > existing .cvd databases and .cdiff patch files. Sigtool now has commands to > sign and verify using the external signatures. > ClamAV now installs a 'certs' directory in the app config directory (e.g., > <prefix>/etc/certs). The install path is configurable. The CMake option to > configure the CVD certs directory is -D CVD_CERTS_DIRECTORY=PATH > New options to set an alternative CVD certs directory: > Added two new APIs to the public clamav.h header: > > cl_error_t cl_cvdverify_ex( > const char *file, > const char *certs_directory, > uint32_t dboptions); > > cl_error_t cl_cvdunpack_ex( > const char *file, > const char *dir, > const char *certs_directory, > uint32_t dboptions); > > The original cl_cvdverify and cl_cvdunpack are deprecated. > Added a cl_engine_field enum option CL_ENGINE_CVDCERTSDIR. You may set this > option with cl_engine_set_str and get it with cl_engine_get_str, to override > the compiled in default CVD certs directory. > Thank you to Mark Carey at SAP for inspiring work on this feature with an > initial proof of concept for external-signature FIPS compliant CVD signing. > GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1417> > GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1478> > GitHub pull request #3<https://github.com/Cisco-Talos/clamav/pull/1489> > GitHub pull request #4<https://github.com/Cisco-Talos/clamav/pull/1491> > * The command-line option for Freshclam, ClamD, ClamScan, and Sigtool > is --cvdcertsdir PATH > * The environment variable for Freshclam, ClamD, ClamScan, and Sigtool > is CVD_CERTS_DIR > * The config option for Freshclam and ClamD is CVDCertsDirectory PATH > * > Freshclam, ClamD, ClamScan, and Sigtool: Added an option to enable FIPS-like > limits disabling MD5 and SHA1 from being used for verifying digital > signatures or for being used to trust a file when checking for false > positives (FPs). > For freshclam.conf and clamd.conf set this config option: > > FIPSCryptoHashLimits yes > > For clamscan and sigtool use this command-line option: > > --fips-limits > > For libclamav: Enable FIPS-limits for a ClamAV engine like this: > > cl_engine_set_num(engine, CL_ENGINE_FIPS_LIMITS, 1); > > ClamAV will also attempt to detect if FIPS-mode is enabled. If so, it will > automatically enable the FIPS-limits feature. > This change mitigates safety concerns over the use of MD5 and SHA1 algorithms > to trust files and is required to enable ClamAV to operate legitimately in > FIPS-mode enabled environments. > Note: ClamAV may still calculate MD5 or SHA1 hashes as needed for detection > purposes or for informational purposes in FIPS-enabled environments and when > the FIPS-limits option is enabled. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > * > Upgraded the clean-file scan cache to use SHA2-256 (prior versions use MD5). > The clean-file cache algorithm is not configurable. > This change resolves safety concerns over the use of MD5 to trust files and > is required to enable ClamAV to operate legitimately in FIPS-mode enabled > environments. > GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1532> > GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1560> > * > ClamD: Added an option to disable select administrative commands including > SHUTDOWN, RELOAD, STATS and VERSION. > The new clamd.conf options are: > > EnableShutdownCommand yes > EnableReloadCommand yes > EnableStatsCommand yes > EnableVersionCommand yes > > This change courtesy of GitHub user ChaoticByte. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1502> > * > libclamav: Added extended hashing functions with a "flags" parameter that > allows the caller to choose if they want to bypass FIPS hash algorithm limits: > > cl_error_t cl_hash_data_ex( > const char *alg, > const uint8_t *data, > size_t data_len, > uint8_t **hash, > size_t *hash_len, > uint32_t flags); > > cl_error_t cl_hash_init_ex( > const char *alg, > uint32_t flags, > cl_hash_ctx_t **ctx_out); > > cl_error_t cl_update_hash_ex( > cl_hash_ctx_t *ctx, > const uint8_t *data, > size_t length); > > cl_error_t cl_finish_hash_ex( > cl_hash_ctx_t *ctx, > uint8_t **hash, > size_t *hash_len, > uint32_t flags); > > void cl_hash_destroy(void *ctx); > > cl_error_t cl_hash_file_fd_ex( > const char *alg, > int fd, > size_t offset, > size_t length, > uint8_t **hash, > size_t *hash_len, > uint32_t flags); > > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > * > ClamScan: Improved the precision of the bytes-scanned and bytes-read > counters. The ClamScan scan summary will now report exact counts in "GiB", > "MiB", "KiB", or "B" as appropriate. Previously, it always reported "MB". > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > * > ClamScan: Add hash & file-type in/out CLI options: > We will not be adding this for ClamDScan, as we do not have a mechanism in > the ClamD socket API to receive scan options or a way for ClamD to include > scan metadata in the response. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > * --hash-hint: The file hash so that libclamav does not need to > calculate it. The type of hash must match the --hash-alg. > * --log-hash: Print the file hash after each file scanned. The type of > hash printed will match the --hash-alg. > * --hash-alg: The hashing algorithm used for either --hash-hint or > --log-hash. Supported algorithms are "md5", "sha1", "sha2-256". If not > specified, the default is "sha2-256". > * --file-type-hint: The file type hint so that libclamav can optimize > scanning (e.g., "pe", "elf", "zip", etc.). You may also use ClamAV type names > such as "CL_TYPE_PE". ClamAV will ignore the hint if it is not familiar with > the specified type. See also: > https://docs.clamav.net/appendix/FileTypes.html#file-types > * --log-file-type: Print the file type after each file scanned. > * > libclamav: Added new scan functions that provide additional functionality: > > cl_error_t cl_scanfile_ex( > const char *filename, > cl_verdict_t *verdict_out, > const char **last_alert_out, > uint64_t *scanned_out, > const struct cl_engine *engine, > struct cl_scan_options *scanoptions, > void *context, > const char *hash_hint, > char **hash_out, > const char *hash_alg, > const char *file_type_hint, > char **file_type_out); > > cl_error_t cl_scandesc_ex( > int desc, > const char *filename, > cl_verdict_t *verdict_out, > const char **last_alert_out, > uint64_t *scanned_out, > const struct cl_engine *engine, > struct cl_scan_options *scanoptions, > void *context, > const char *hash_hint, > char **hash_out, > const char *hash_alg, > const char *file_type_hint, > char **file_type_out); > > cl_error_t cl_scanmap_ex( > cl_fmap_t *map, > const char *filename, > cl_verdict_t *verdict_out, > const char **last_alert_out, > uint64_t *scanned_out, > const struct cl_engine *engine, > struct cl_scan_options *scanoptions, > void *context, > const char *hash_hint, > char **hash_out, > const char *hash_alg, > const char *file_type_hint, > char **file_type_out); > > The older cl_scan*() functions are now deprecated and may be removed in a > future release. See clamav.h for more details. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > * > libclamav: Added a new engine option to toggle temp directory recursion. > Temp directory recursion is the idea that each object scanned in ClamAV's > recursive extract/scan process will get a new temp subdirectory, mimicking > the nesting structure of the file. > Temp directory recursion was introduced in ClamAV 0.103 and is enabled > whenever --leave-temps / LeaveTemporaryFiles is enabled. > In ClamAV 1.5, an application linking to libclamav can separately enable temp > directory recursion if they wish. For ClamScan and ClamD, it will remain tied > to --leave-temps / LeaveTemporaryFiles options. > The new temp directory recursion option can be enabled with: > > cl_engine_set_num(engine, CL_ENGINE_TMPDIR_RECURSION, 1); > > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > * > libclamav: Added a class of scan callback functions that can be added with > the following API function: > > void cl_engine_set_scan_callback(struct cl_engine *engine, clcb_scan > callback, cl_scan_callback_t location); > > The scan callback location may be configured using the following five values: > Each callback may alter scan behavior using the following return codes: > Each callback is given a pointer to the current scan layer from which they > can get previous layers, can get the layer's fmap, and then various > attributes of the layer and of the fmap. To make this possible, there are new > APIs to query scan-layer details and fmap details: > > cl_error_t cl_fmap_set_name(cl_fmap_t *map, const char *name); > cl_error_t cl_fmap_get_name(cl_fmap_t *map, const char **name_out); > cl_error_t cl_fmap_set_path(cl_fmap_t *map, const char *path); > cl_error_t cl_fmap_get_path(cl_fmap_t *map, const char **path_out, size_t > *offset_out, size_t *len_out); > cl_error_t cl_fmap_get_fd(const cl_fmap_t *map, int *fd_out, size_t > *offset_out, size_t *len_out); > cl_error_t cl_fmap_get_size(const cl_fmap_t *map, size_t *size_out); > cl_error_t cl_fmap_set_hash(const cl_fmap_t *map, const char *hash_alg, char > hash); > cl_error_t cl_fmap_have_hash(const cl_fmap_t *map, const char *hash_alg, > bool *have_hash_out); > cl_error_t cl_fmap_will_need_hash_later(const cl_fmap_t *map, const char > *hash_alg); > cl_error_t cl_fmap_get_hash(const cl_fmap_t *map, const char *hash_alg, char > **hash_out); > cl_error_t cl_fmap_get_data(const cl_fmap_t *map, size_t offset, size_t len, > const uint8_t **data_out, size_t *data_len_out); > cl_error_t cl_scan_layer_get_fmap(cl_scan_layer_t *layer, cl_fmap_t > **fmap_out); > cl_error_t cl_scan_layer_get_parent_layer(cl_scan_layer_t *layer, > cl_scan_layer_t **parent_layer_out); > cl_error_t cl_scan_layer_get_type(cl_scan_layer_t *layer, const char > **type_out); > cl_error_t cl_scan_layer_get_recursion_level(cl_scan_layer_t *layer, > uint32_t *recursion_level_out); > cl_error_t cl_scan_layer_get_object_id(cl_scan_layer_t *layer, uint64_t > *object_id_out); > cl_error_t cl_scan_layer_get_last_alert(cl_scan_layer_t *layer, const char > **alert_name_out); > cl_error_t cl_scan_layer_get_attributes(cl_scan_layer_t *layer, uint32_t > *attributes_out); > > This deprecates, but does not immediately remove, the existing scan callbacks: > > void cl_engine_set_clcb_pre_cache(struct cl_engine *engine, clcb_pre_cache > callback); > void cl_engine_set_clcb_file_inspection(struct cl_engine *engine, > clcb_file_inspection callback); > void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan > callback); > void cl_engine_set_clcb_post_scan(struct cl_engine *engine, clcb_post_scan > callback); > void cl_engine_set_clcb_virus_found(struct cl_engine *engine, > clcb_virus_found callback); > void cl_engine_set_clcb_hash(struct cl_engine *engine, clcb_hash callback); > > There is an interactive test program to demonstrate the new callbacks. See: > examples/ex_scan_callbacks.c > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > * CL_SCAN_CALLBACK_PRE_HASH: Occurs just after basic file-type > detection and before any hashes have been calculated either for the cache or > the gen-json metadata. > * CL_SCAN_CALLBACK_PRE_SCAN: Occurs before parser modules run and > before pattern matching. > * CL_SCAN_CALLBACK_POST_SCAN: Occurs after pattern matching and after > running parser modules. A.k.a. the scan is complete for this layer. > * CL_SCAN_CALLBACK_ALERT: Occurs each time an alert (detection) would > be triggered during a scan. > * CL_SCAN_CALLBACK_FILE_TYPE: Occurs each time the file type > determination is refined. This may happen more than once per layer. > * > CL_BREAK: Scan aborted by callback. The rest of the scan is skipped. This > does not mark the file as clean or infected, it just skips the rest of the > scan. > * > CL_SUCCESS / CL_CLEAN: File scan will continue. > For CL_SCAN_CALLBACK_ALERT: This means you want to ignore this specific alert > and keep scanning. > This is different than CL_VERIFIED because it does not affect prior or future > alerts. Return CL_VERIFIED instead if you want to remove prior alerts for > this layer and skip the rest of the scan for this layer. > * > CL_VIRUS: This means you do not trust the file. A new alert will be added. > For CL_SCAN_CALLBACK_ALERT: This means you agree with the alert and no extra > alert is needed. > * > CL_VERIFIED: Layer explicitly trusted by the callback and previous alerts > removed for THIS layer. You might want to do this if you trust the hash or > verified a digital signature. The rest of the scan will be skipped for THIS > layer. For contained files, this does NOT mean that the parent or adjacent > layers are trusted. > * > Signature names that start with "Weak." will no longer alert. Instead, they > will be tracked internally and can be found in scan metadata JSON. This is a > step towards enabling alerting signatures to depend on prior Weak indicator > matches in the current layer or in child layers. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > * > For the "Generate Metadata JSON" feature: > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > * > The "Viruses" array of alert names has been replaced by two new arrays that > include additional details beyond just signature name: > * "Indicators" records three types of indicators: > * Strong indicators are for traditional alerting signature > matches and will halt the scan, except in all-match mode. > * Potentially Unwanted indicators will only cause an alert at the > end of the scan unless a Strong indicator is found. They are treated the same > as Strong indicators in all-match mode. > * Weak indicators do not alert and will be leveraged in a future > version as a condition for logical signature matches. > * "Alerts" records only alerting indicators. Events that trust a > file, such as false positive signatures, will remove affected indicators, and > mark them as "Ignored" in the "Indicators" array. > * > Add new option to calculate and record additional hash types when the > "generate metadata JSON" feature is enabled: > * libclamav option: CL_SCAN_GENERAL_STORE_EXTRA_HASHES > * ClamScan option: --json-store-extra-hashes (default off) > * clamd.conf option: JsonStoreExtraHashes (default 'no') > * > The file hash is now stored as "sha2-256" instead of "FileMD5". If you enable > the "extra hashes" option, then it will also record "md5" and "sha1". > * > Each object scanned now has a unique "Object ID". > * > Sigtool: Renamed the sigtool option --sha256 to --sha2-256. The original > option is still functional but is deprecated. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > > Other improvements > > * > Set a limit on the max-recursion config option. Users will no longer be able > to set max-recursion higher than 100. This change prevents errors on start up > or crashes if encountering a file with that many layers of recursion. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1264> > * > Build system: CMake improvements to support compiling for the AIX platform. > This change is courtesy of GitHub user KamathForAIX. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1387> > * > Improve support for extracting malformed zip archives. This change is > courtesy of Frederick Sell. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1460> > * > Windows: Code quality improvement for the ClamScan and ClamDScan --move and > --remove options. This change is courtesy of Maxim Suhanov. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1470> > * > Added file type recognition for an initial set of AI model file types. > The file type is accessible to applications using libclamav via the scan > callback functions and as an optional output parameter to the scan functions: > cl_scanfile_ex(), cl_scanmap_ex(), and cl_scandesc_ex(). > When scanning these files, type will now show "CL_TYPE_AI_MODEL" instead of > "CL_TYPE_BINARY_DATA". > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1476> > * > Added support for inline comments in ClamAV configuration files. This change > is courtesy of GitHub user userwiths. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1308> > * > Disabled the MyDoom hardcoded/heuristic detection because of false positives. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1495> > * > Sigtool: Added support for creating .cdiff and .script patch files for CVDs > that have underscores in the CVD name. Also improved support for relative > paths with the --diff command. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1541> > * > Windows: Improved support for file names with UTF-8 characters not found in > the ANSI or OEM code pages when printing scan results or showing activity in > the ClamDTOP monitoring utility. Fixed a bug with opening files with such > names with the Sigtool utility. > GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1461> > GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1537> > * > Improved the code quality of the ZIP module. Added inline documentation. > GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1548> > GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1552> > * > Always run scan callbacks for embedded files. Embedded files are found within > other files through signature matches instead of by parsing. They will now be > processed the same way and then they can trigger application callbacks (e.g., > "pre-scan", "post-scan", etc.). > A consequence of this change is that each embedded file will be pattern- > matched just like any other extracted file. To minimize excessive pattern > matching, file header validation checks were added for ZIP, ARJ, and CAB. > Also fixed a bug with embedded PE file scanning to reduce unnecessary > matching. > This change will impact scans with both the "leave-temps" feature and the > "force-to-disk" feature enabled, resulting in additional temporary files. > GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1532> > GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1571> > * > Added DevContainer templates to the ClamAV Git repository in order to make it > easier to set up AlmaLinux or Debian development environments. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1462> > * > Removed the "Heuristics.XZ.DicSizeLimit" alert because of potential > unintended alerts based on system state. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1573> > * > Improved support for compiling on Solaris. > This fix courtesy of Andrew Watkins. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1569> > * > Improved support for compiling on GNU/Hurd. > This fix courtesy of Pino Toscano. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1569> > * > Improved support for linking with the NCurses library dependency when > libtinfo is built as a separate library. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1356> > > Bug fixes > > * > Reduced email multipart message parser complexity. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1347> > * > Fixed possible undefined behavior in inflate64 module. The inflate64 module > is a modified version of the zlib library, taken from version 1.2.3 with some > customization and with some cherry-picked fixes. This adds one additional fix > from zlib 1.2.9. Thank you to TITAN Team for reporting this issue. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1469> > * > Fixed a bug in ClamD that broke reporting of memory usage on Linux. The STATS > command can be used to monitor ClamD directly or through ClamDTOP. The memory > stats feature does not work on all platforms (e.g., Windows). > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1465> > * > Windows: Fixed a build issue when the same library dependency is found in two > different locations. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1453> > * > Fixed an infinite loop when scanning some email files in debug-mode. This fix > is courtesy of Yoann Lecuyer. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1445> > * > Fixed a stack buffer overflow bug in the phishing signature load process. > This fix is courtesy of GitHub user Shivam7-1. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1486> > * > Fixed a race condition in the Freshclam feature tests. This fix is courtesy > of GitHub user rma-x. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1513> > * > Windows: Fixed a 5-byte heap buffer overread in the Windows unit tests. This > fix is courtesy of GitHub user Sophie0x2E. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1542> > * > Fix double-extraction of OOXML-based office documents. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > * > ClamBC: Fixed crashes on startup. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> > * > Fixed an assortment of issues found with Coverity static analysis. > GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1574> > GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1582> > * > Fixed libclamav unit test, ClamD, and ClamDScan Valgrind test failures > affecting some platforms. > GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1554> > GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1570> > * > Fixed crash in the Sigtool program when using the --html-normalize option. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1556> > * > Fixed some potential NULL-pointer dereference issues if memory allocations > fail. > Fix courtesy of GitHub user JiangJias. > GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1581> > > Tested-by: Adolf Belka <[email protected]> > Signed-off-by: Adolf Belka <[email protected]> > --- > config/rootfiles/packages/clamav | 15 ++++++------ > lfs/clamav | 39 ++++++++++++++++---------------- > 2 files changed, 28 insertions(+), 26 deletions(-) > > diff --git a/config/rootfiles/packages/clamav > b/config/rootfiles/packages/clamav > index d5495e4b7..43c5585d9 100644 > --- a/config/rootfiles/packages/clamav > +++ b/config/rootfiles/packages/clamav > @@ -1,3 +1,6 @@ > +etc/clamav > +etc/clamav/certs > +etc/clamav/certs/clamav.crt > etc/rc.d/init.d/clamav > usr/bin/clamav-config > usr/bin/clambc > @@ -14,20 +17,20 @@ usr/bin/sigtool > #usr/include/libfreshclam.h > usr/lib/libclamav.so > usr/lib/libclamav.so.12 > -usr/lib/libclamav.so.12.0.3 > +usr/lib/libclamav.so.12.1.0 > #usr/lib/libclamav_rust.a > usr/lib/libclammspack.so > usr/lib/libclammspack.so.0 > usr/lib/libclammspack.so.0.8.0 > usr/lib/libclamunrar.so > usr/lib/libclamunrar.so.12 > -usr/lib/libclamunrar.so.12.0.3 > +usr/lib/libclamunrar.so.12.1.0 > usr/lib/libclamunrar_iface.so > usr/lib/libclamunrar_iface.so.12 > -usr/lib/libclamunrar_iface.so.12.0.3 > +usr/lib/libclamunrar_iface.so.12.1.0 > usr/lib/libfreshclam.so > -usr/lib/libfreshclam.so.3 > -usr/lib/libfreshclam.so.3.0.2 > +usr/lib/libfreshclam.so.4 > +usr/lib/libfreshclam.so.4.0.0 > #usr/lib/pkgconfig/libclamav.pc > usr/sbin/clamd > #usr/share/doc/ClamAV > @@ -133,7 +136,6 @@ usr/sbin/clamd > #usr/share/doc/ClamAV/html/manual/Installing/Add-clamav-user.html > #usr/share/doc/ClamAV/html/manual/Installing/Community-projects.html > #usr/share/doc/ClamAV/html/manual/Installing/Docker.html > -#usr/share/doc/ClamAV/html/manual/Installing/Installing-from-source-Unix-old.html > #usr/share/doc/ClamAV/html/manual/Installing/Installing-from-source-Unix.html > #usr/share/doc/ClamAV/html/manual/Installing/Installing-from-source-Windows.html > #usr/share/doc/ClamAV/html/manual/Installing/Packages.html > @@ -168,7 +170,6 @@ usr/sbin/clamd > #usr/share/doc/ClamAV/html/print.html > #usr/share/doc/ClamAV/html/searcher.js > #usr/share/doc/ClamAV/html/searchindex.js > -#usr/share/doc/ClamAV/html/searchindex.json > #usr/share/doc/ClamAV/html/sitemap.xml > #usr/share/doc/ClamAV/html/theme-dawn.js > #usr/share/doc/ClamAV/html/theme-tomorrow_night.js > diff --git a/lfs/clamav b/lfs/clamav > index 254da1281..1d4d0ba8b 100644 > --- a/lfs/clamav > +++ b/lfs/clamav > @@ -1,7 +1,7 @@ > ############################################################################### > # > # > # IPFire.org - A linux based firewall > # > -# Copyright (C) 2007-2025 IPFire Team <[email protected]> > # > +# Copyright (C) 2007-2026 IPFire Team <[email protected]> > # > # > # > # This program is free software: you can redistribute it and/or modify > # > # it under the terms of the GNU General Public License as published by > # > @@ -26,7 +26,7 @@ include Config > > SUMMARY = Antivirus Toolkit > > -VER = 1.4.3 > +VER = 1.5.1 > > THISAPP = clamav-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) > DIR_APP = $(DIR_SRC)/$(THISAPP) > TARGET = $(DIR_INFO)/$(THISAPP) > PROG = clamav > -PAK_VER = 80 > +PAK_VER = 81 > > DEPS = > > @@ -50,7 +50,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = > 144be77e7104ebf78482c9efc411a4a168bb4ea3ad18abb237e7bcc1f5cf3e2c10d5478a54d9dc0d82b028c923065bc614cd535fd4f67fb1e73f5fe1c6425861 > +$(DL_FILE)_BLAKE2 = > d6fd0885ea2864b0fecf040d6b0a088b8d9ad05a555697eab6c999b4a8b3d14bc2ee0968ef4dcb3f3b56d8361faecb98afa5ff4ffbb843cf1bf221a4e27a4496 > > > install : $(TARGET) > @@ -87,21 +87,22 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > > cd $(DIR_APP) && mkdir -pv build > cd $(DIR_APP)/build && cmake .. -G Ninja \ > - -DCMAKE_BUILD_TYPE=Release \ > - -DCMAKE_INSTALL_PREFIX=/usr \ > - -DCMAKE_INSTALL_LIBDIR=/usr/lib \ > - -DOPTIMIZE=ON \ > - -DBYTECODE_RUNTIME="interpreter" \ > - -DENABLE_TESTS=OFF \ > - -DENABLE_CLAMONACC=OFF \ > - -DENABLE_MILTER=OFF \ > - -DENABLE_MAN_PAGES=OFF \ > - -DENABLE_EXTERNAL_MSPACK=OFF \ > - -DENABLE_FRESHCLAM_DNS_FIX=ON \ > - -DENABLE_SYSTEMD=OFF \ > - -DAPP_CONFIG_DIRECTORY=/var/ipfire/clamav \ > - -DCURSES_LIBRARY=/usr/lib/libncurses.so \ > - -DDATABASE_DIRECTORY=$(DATABASE_DIR) > + -D CMAKE_BUILD_TYPE=Release \ > + -D CMAKE_INSTALL_PREFIX=/usr \ > + -D CMAKE_INSTALL_LIBDIR=/usr/lib \ > + -D CVD_CERTS_DIRECTORY=/etc/clamav/certs \ > + -D OPTIMIZE=ON \ > + -D BYTECODE_RUNTIME="interpreter" \ > + -D ENABLE_TESTS=OFF \ > + -D ENABLE_CLAMONACC=OFF \ > + -D ENABLE_MILTER=OFF \ > + -D ENABLE_MAN_PAGES=OFF \ > + -D ENABLE_EXTERNAL_MSPACK=OFF \ > + -D ENABLE_FRESHCLAM_DNS_FIX=ON \ > + -D ENABLE_SYSTEMD=OFF \ > + -D APP_CONFIG_DIRECTORY=/var/ipfire/clamav \ > + -D CURSES_LIBRARY=/usr/lib/libncurses.so \ > + -D DATABASE_DIRECTORY=$(DATABASE_DIR) > cd $(DIR_APP)/build && ninja $(MAKETUNING) && ninja install > > mkdir -pv $(DATABASE_DIR) > -- > 2.52.0 > >
