Hello Adolf, It was me in this commit:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=934a30f84f8b3e2b659f5c6d76ca6177186da6e3 I wanted to avoid pushing too many times today because the builders would takes ages to build multiple builds and I was hoping to be able to verify the Rust/Suricata changes as soon as possible. -Michael > On 23 Jan 2026, at 17:06, Adolf Belka <[email protected]> wrote: > > Hi Michael, > > On 23/01/2026 15:57, Michael Tremer wrote: >> Hello Adolf, >> Thank you very much for the patch. >> It did however not apply cleanly because I increased the release number >> earlier in next when Stefan submitted a new version of Rust. So you might >> not see this one as accepted on Patchwork. >> I pushed another commit to increase the release once again, although nobody >> should have seen version 81 anywhere. > > I had seen that the clamav version had been bumped and wondered why. > > I did my build of clamav 3 or 4 days ago and have been testing it since then > to try and make sure that I minimise the chances of having another clamav > update problem as we had with CU199. Of course it would have helped if > somebody had tested out clamav during the Testing phase. > > Hopefully some actual user will test it out in CU200 Testing. > > Regards, > > Adolf. > >> All the best, >> -Michael >>> On 23 Jan 2026, at 13:59, Adolf Belka <[email protected]> wrote: >>> >>> - Update from version 1.4.3 to 1.5.1 >>> - Update of rootfile >>> - From version 1.5.0 clamav added signing/verification of the signature >>> file downloads >>> with external .sign files. -D CVD_CERTS_DIRECTORY=/etc/clamav/certs has >>> been added >>> as a build option to create the certs directory and to install the >>> clamav.crt file >>> - Tested out the execution of this version on a vm testbed. The .sign files >>> were >>> correctly downloaded and the databases approved. This was also the case >>> with a >>> reboot. This was where users had a problem with the version relaesed in >>> CU199 after >>> they had manually created a directory. >>> - Changelog >>> 1.5.1 >>> ClamAV 1.5.1 is a patch release with the following fixes: >>> >>> * >>> Fixed a significant performance issue when scanning some PE files >>> * >>> Fixed an issue recording file entries from a ZIP archive central directory >>> which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using >>> the ClamScan --alert-exceeds-max command line option or ClamD >>> AlertExceedsMax config file option >>> * >>> Improved performance when scanning TNEF email attachments >>> * >>> Fixed an issue with recording metadata for OOXML office documents >>> * >>> Fixed an issue with signature matches for VBA in OLE2 office documents >>> * >>> Loosened overly restrictive rules for embedded file identification and >>> increased the limit for finding PE files embedded in other PE files >>> * >>> Fixed an issue with extracting some RAR archives embedded in other files >>> * >>> Fixed an issue with calculating fuzzy hashes affecting some images by >>> updating the version for several Rust library dependencies >>> * This release does not require a newer version of the Rust compiler >>> toolchain than what was required for ClamAV 1.5.0 >>> >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1606> >>> >>> 1.5.0 >>> Major changes >>> >>> * >>> Added checks to determine if an OLE2-based Microsoft Office document is >>> encrypted. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1295> >>> * >>> Added the ability to record URIs found in HTML if the >>> generate-JSON-metadata feature is enabled. Also adds an option to disable >>> this in case you want the JSON metadata feature but do not want to record >>> HTML URIs. The ClamScan command-line option is --json-store-html-uris=no. >>> The clamd.conf config option is JsonStoreHTMLURIs no. The libclamav general >>> scan option is CL_SCAN_GENERAL_STORE_HTML_URIS >>> GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1281> >>> GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1482> >>> GitHub pull request #3<https://github.com/Cisco-Talos/clamav/pull/1514> >>> * >>> Added the ability to record URIs found in PDFs if the >>> generate-JSON-metadata feature is enabled. Also adds an option to disable >>> this in case you want the JSON metadata feature but do not want to record >>> PDF URIs. The ClamScan command-line option is --json-store-pdf-uris=no. The >>> clamd.conf config option is JsonStorePDFURIs no. The libclamav general scan >>> option is CL_SCAN_GENERAL_STORE_PDF_URIS >>> GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1482> >>> GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1514> >>> GitHub pull request #3<https://github.com/Cisco-Talos/clamav/pull/1559> >>> GitHub pull request #4<https://github.com/Cisco-Talos/clamav/pull/1572> >>> * >>> Added regex support for the clamd.conf OnAccessExcludePath config option. >>> This change courtesy of GitHub user b1tg. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1314> >>> * >>> Added CVD signing/verification with external .sign files. >>> Freshclam will now attempt to download external signature files to >>> accompany existing .cvd databases and .cdiff patch files. Sigtool now has >>> commands to sign and verify using the external signatures. >>> ClamAV now installs a 'certs' directory in the app config directory (e.g., >>> <prefix>/etc/certs). The install path is configurable. The CMake option to >>> configure the CVD certs directory is -D CVD_CERTS_DIRECTORY=PATH >>> New options to set an alternative CVD certs directory: >>> Added two new APIs to the public clamav.h header: >>> >>> cl_error_t cl_cvdverify_ex( >>> const char *file, >>> const char *certs_directory, >>> uint32_t dboptions); >>> >>> cl_error_t cl_cvdunpack_ex( >>> const char *file, >>> const char *dir, >>> const char *certs_directory, >>> uint32_t dboptions); >>> >>> The original cl_cvdverify and cl_cvdunpack are deprecated. >>> Added a cl_engine_field enum option CL_ENGINE_CVDCERTSDIR. You may set this >>> option with cl_engine_set_str and get it with cl_engine_get_str, to >>> override the compiled in default CVD certs directory. >>> Thank you to Mark Carey at SAP for inspiring work on this feature with an >>> initial proof of concept for external-signature FIPS compliant CVD signing. >>> GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1417> >>> GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1478> >>> GitHub pull request #3<https://github.com/Cisco-Talos/clamav/pull/1489> >>> GitHub pull request #4<https://github.com/Cisco-Talos/clamav/pull/1491> >>> * The command-line option for Freshclam, ClamD, ClamScan, and Sigtool >>> is --cvdcertsdir PATH >>> * The environment variable for Freshclam, ClamD, ClamScan, and >>> Sigtool is CVD_CERTS_DIR >>> * The config option for Freshclam and ClamD is CVDCertsDirectory PATH >>> * >>> Freshclam, ClamD, ClamScan, and Sigtool: Added an option to enable >>> FIPS-like limits disabling MD5 and SHA1 from being used for verifying >>> digital signatures or for being used to trust a file when checking for >>> false positives (FPs). >>> For freshclam.conf and clamd.conf set this config option: >>> >>> FIPSCryptoHashLimits yes >>> >>> For clamscan and sigtool use this command-line option: >>> >>> --fips-limits >>> >>> For libclamav: Enable FIPS-limits for a ClamAV engine like this: >>> >>> cl_engine_set_num(engine, CL_ENGINE_FIPS_LIMITS, 1); >>> >>> ClamAV will also attempt to detect if FIPS-mode is enabled. If so, it will >>> automatically enable the FIPS-limits feature. >>> This change mitigates safety concerns over the use of MD5 and SHA1 >>> algorithms to trust files and is required to enable ClamAV to operate >>> legitimately in FIPS-mode enabled environments. >>> Note: ClamAV may still calculate MD5 or SHA1 hashes as needed for detection >>> purposes or for informational purposes in FIPS-enabled environments and >>> when the FIPS-limits option is enabled. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> * >>> Upgraded the clean-file scan cache to use SHA2-256 (prior versions use >>> MD5). The clean-file cache algorithm is not configurable. >>> This change resolves safety concerns over the use of MD5 to trust files and >>> is required to enable ClamAV to operate legitimately in FIPS-mode enabled >>> environments. >>> GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1532> >>> GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1560> >>> * >>> ClamD: Added an option to disable select administrative commands including >>> SHUTDOWN, RELOAD, STATS and VERSION. >>> The new clamd.conf options are: >>> >>> EnableShutdownCommand yes >>> EnableReloadCommand yes >>> EnableStatsCommand yes >>> EnableVersionCommand yes >>> >>> This change courtesy of GitHub user ChaoticByte. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1502> >>> * >>> libclamav: Added extended hashing functions with a "flags" parameter that >>> allows the caller to choose if they want to bypass FIPS hash algorithm >>> limits: >>> >>> cl_error_t cl_hash_data_ex( >>> const char *alg, >>> const uint8_t *data, >>> size_t data_len, >>> uint8_t **hash, >>> size_t *hash_len, >>> uint32_t flags); >>> >>> cl_error_t cl_hash_init_ex( >>> const char *alg, >>> uint32_t flags, >>> cl_hash_ctx_t **ctx_out); >>> >>> cl_error_t cl_update_hash_ex( >>> cl_hash_ctx_t *ctx, >>> const uint8_t *data, >>> size_t length); >>> >>> cl_error_t cl_finish_hash_ex( >>> cl_hash_ctx_t *ctx, >>> uint8_t **hash, >>> size_t *hash_len, >>> uint32_t flags); >>> >>> void cl_hash_destroy(void *ctx); >>> >>> cl_error_t cl_hash_file_fd_ex( >>> const char *alg, >>> int fd, >>> size_t offset, >>> size_t length, >>> uint8_t **hash, >>> size_t *hash_len, >>> uint32_t flags); >>> >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> * >>> ClamScan: Improved the precision of the bytes-scanned and bytes-read >>> counters. The ClamScan scan summary will now report exact counts in "GiB", >>> "MiB", "KiB", or "B" as appropriate. Previously, it always reported "MB". >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> * >>> ClamScan: Add hash & file-type in/out CLI options: >>> We will not be adding this for ClamDScan, as we do not have a mechanism in >>> the ClamD socket API to receive scan options or a way for ClamD to include >>> scan metadata in the response. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> * --hash-hint: The file hash so that libclamav does not need to >>> calculate it. The type of hash must match the --hash-alg. >>> * --log-hash: Print the file hash after each file scanned. The type >>> of hash printed will match the --hash-alg. >>> * --hash-alg: The hashing algorithm used for either --hash-hint or >>> --log-hash. Supported algorithms are "md5", "sha1", "sha2-256". If not >>> specified, the default is "sha2-256". >>> * --file-type-hint: The file type hint so that libclamav can optimize >>> scanning (e.g., "pe", "elf", "zip", etc.). You may also use ClamAV type >>> names such as "CL_TYPE_PE". ClamAV will ignore the hint if it is not >>> familiar with the specified type. See also: >>> https://docs.clamav.net/appendix/FileTypes.html#file-types >>> * --log-file-type: Print the file type after each file scanned. >>> * >>> libclamav: Added new scan functions that provide additional functionality: >>> >>> cl_error_t cl_scanfile_ex( >>> const char *filename, >>> cl_verdict_t *verdict_out, >>> const char **last_alert_out, >>> uint64_t *scanned_out, >>> const struct cl_engine *engine, >>> struct cl_scan_options *scanoptions, >>> void *context, >>> const char *hash_hint, >>> char **hash_out, >>> const char *hash_alg, >>> const char *file_type_hint, >>> char **file_type_out); >>> >>> cl_error_t cl_scandesc_ex( >>> int desc, >>> const char *filename, >>> cl_verdict_t *verdict_out, >>> const char **last_alert_out, >>> uint64_t *scanned_out, >>> const struct cl_engine *engine, >>> struct cl_scan_options *scanoptions, >>> void *context, >>> const char *hash_hint, >>> char **hash_out, >>> const char *hash_alg, >>> const char *file_type_hint, >>> char **file_type_out); >>> >>> cl_error_t cl_scanmap_ex( >>> cl_fmap_t *map, >>> const char *filename, >>> cl_verdict_t *verdict_out, >>> const char **last_alert_out, >>> uint64_t *scanned_out, >>> const struct cl_engine *engine, >>> struct cl_scan_options *scanoptions, >>> void *context, >>> const char *hash_hint, >>> char **hash_out, >>> const char *hash_alg, >>> const char *file_type_hint, >>> char **file_type_out); >>> >>> The older cl_scan*() functions are now deprecated and may be removed in a >>> future release. See clamav.h for more details. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> * >>> libclamav: Added a new engine option to toggle temp directory recursion. >>> Temp directory recursion is the idea that each object scanned in ClamAV's >>> recursive extract/scan process will get a new temp subdirectory, mimicking >>> the nesting structure of the file. >>> Temp directory recursion was introduced in ClamAV 0.103 and is enabled >>> whenever --leave-temps / LeaveTemporaryFiles is enabled. >>> In ClamAV 1.5, an application linking to libclamav can separately enable >>> temp directory recursion if they wish. For ClamScan and ClamD, it will >>> remain tied to --leave-temps / LeaveTemporaryFiles options. >>> The new temp directory recursion option can be enabled with: >>> >>> cl_engine_set_num(engine, CL_ENGINE_TMPDIR_RECURSION, 1); >>> >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> * >>> libclamav: Added a class of scan callback functions that can be added with >>> the following API function: >>> >>> void cl_engine_set_scan_callback(struct cl_engine *engine, clcb_scan >>> callback, cl_scan_callback_t location); >>> >>> The scan callback location may be configured using the following five >>> values: >>> Each callback may alter scan behavior using the following return codes: >>> Each callback is given a pointer to the current scan layer from which they >>> can get previous layers, can get the layer's fmap, and then various >>> attributes of the layer and of the fmap. To make this possible, there are >>> new APIs to query scan-layer details and fmap details: >>> >>> cl_error_t cl_fmap_set_name(cl_fmap_t *map, const char *name); >>> cl_error_t cl_fmap_get_name(cl_fmap_t *map, const char **name_out); >>> cl_error_t cl_fmap_set_path(cl_fmap_t *map, const char *path); >>> cl_error_t cl_fmap_get_path(cl_fmap_t *map, const char **path_out, size_t >>> *offset_out, size_t *len_out); >>> cl_error_t cl_fmap_get_fd(const cl_fmap_t *map, int *fd_out, size_t >>> *offset_out, size_t *len_out); >>> cl_error_t cl_fmap_get_size(const cl_fmap_t *map, size_t *size_out); >>> cl_error_t cl_fmap_set_hash(const cl_fmap_t *map, const char *hash_alg, >>> char hash); >>> cl_error_t cl_fmap_have_hash(const cl_fmap_t *map, const char *hash_alg, >>> bool *have_hash_out); >>> cl_error_t cl_fmap_will_need_hash_later(const cl_fmap_t *map, const char >>> *hash_alg); >>> cl_error_t cl_fmap_get_hash(const cl_fmap_t *map, const char *hash_alg, >>> char **hash_out); >>> cl_error_t cl_fmap_get_data(const cl_fmap_t *map, size_t offset, size_t >>> len, const uint8_t **data_out, size_t *data_len_out); >>> cl_error_t cl_scan_layer_get_fmap(cl_scan_layer_t *layer, cl_fmap_t >>> **fmap_out); >>> cl_error_t cl_scan_layer_get_parent_layer(cl_scan_layer_t *layer, >>> cl_scan_layer_t **parent_layer_out); >>> cl_error_t cl_scan_layer_get_type(cl_scan_layer_t *layer, const char >>> **type_out); >>> cl_error_t cl_scan_layer_get_recursion_level(cl_scan_layer_t *layer, >>> uint32_t *recursion_level_out); >>> cl_error_t cl_scan_layer_get_object_id(cl_scan_layer_t *layer, uint64_t >>> *object_id_out); >>> cl_error_t cl_scan_layer_get_last_alert(cl_scan_layer_t *layer, const char >>> **alert_name_out); >>> cl_error_t cl_scan_layer_get_attributes(cl_scan_layer_t *layer, uint32_t >>> *attributes_out); >>> >>> This deprecates, but does not immediately remove, the existing scan >>> callbacks: >>> >>> void cl_engine_set_clcb_pre_cache(struct cl_engine *engine, clcb_pre_cache >>> callback); >>> void cl_engine_set_clcb_file_inspection(struct cl_engine *engine, >>> clcb_file_inspection callback); >>> void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan >>> callback); >>> void cl_engine_set_clcb_post_scan(struct cl_engine *engine, clcb_post_scan >>> callback); >>> void cl_engine_set_clcb_virus_found(struct cl_engine *engine, >>> clcb_virus_found callback); >>> void cl_engine_set_clcb_hash(struct cl_engine *engine, clcb_hash callback); >>> >>> There is an interactive test program to demonstrate the new callbacks. See: >>> examples/ex_scan_callbacks.c >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> * CL_SCAN_CALLBACK_PRE_HASH: Occurs just after basic file-type >>> detection and before any hashes have been calculated either for the cache >>> or the gen-json metadata. >>> * CL_SCAN_CALLBACK_PRE_SCAN: Occurs before parser modules run and >>> before pattern matching. >>> * CL_SCAN_CALLBACK_POST_SCAN: Occurs after pattern matching and after >>> running parser modules. A.k.a. the scan is complete for this layer. >>> * CL_SCAN_CALLBACK_ALERT: Occurs each time an alert (detection) would >>> be triggered during a scan. >>> * CL_SCAN_CALLBACK_FILE_TYPE: Occurs each time the file type >>> determination is refined. This may happen more than once per layer. >>> * >>> CL_BREAK: Scan aborted by callback. The rest of the scan is skipped. This >>> does not mark the file as clean or infected, it just skips the rest of the >>> scan. >>> * >>> CL_SUCCESS / CL_CLEAN: File scan will continue. >>> For CL_SCAN_CALLBACK_ALERT: This means you want to ignore this specific >>> alert and keep scanning. >>> This is different than CL_VERIFIED because it does not affect prior or >>> future alerts. Return CL_VERIFIED instead if you want to remove prior >>> alerts for this layer and skip the rest of the scan for this layer. >>> * >>> CL_VIRUS: This means you do not trust the file. A new alert will be added. >>> For CL_SCAN_CALLBACK_ALERT: This means you agree with the alert and no >>> extra alert is needed. >>> * >>> CL_VERIFIED: Layer explicitly trusted by the callback and previous alerts >>> removed for THIS layer. You might want to do this if you trust the hash or >>> verified a digital signature. The rest of the scan will be skipped for THIS >>> layer. For contained files, this does NOT mean that the parent or adjacent >>> layers are trusted. >>> * >>> Signature names that start with "Weak." will no longer alert. Instead, they >>> will be tracked internally and can be found in scan metadata JSON. This is >>> a step towards enabling alerting signatures to depend on prior Weak >>> indicator matches in the current layer or in child layers. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> * >>> For the "Generate Metadata JSON" feature: >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> * >>> The "Viruses" array of alert names has been replaced by two new arrays that >>> include additional details beyond just signature name: >>> * "Indicators" records three types of indicators: >>> * Strong indicators are for traditional alerting signature >>> matches and will halt the scan, except in all-match mode. >>> * Potentially Unwanted indicators will only cause an alert at >>> the end of the scan unless a Strong indicator is found. They are treated >>> the same as Strong indicators in all-match mode. >>> * Weak indicators do not alert and will be leveraged in a >>> future version as a condition for logical signature matches. >>> * "Alerts" records only alerting indicators. Events that trust a >>> file, such as false positive signatures, will remove affected indicators, >>> and mark them as "Ignored" in the "Indicators" array. >>> * >>> Add new option to calculate and record additional hash types when the >>> "generate metadata JSON" feature is enabled: >>> * libclamav option: CL_SCAN_GENERAL_STORE_EXTRA_HASHES >>> * ClamScan option: --json-store-extra-hashes (default off) >>> * clamd.conf option: JsonStoreExtraHashes (default 'no') >>> * >>> The file hash is now stored as "sha2-256" instead of "FileMD5". If you >>> enable the "extra hashes" option, then it will also record "md5" and "sha1". >>> * >>> Each object scanned now has a unique "Object ID". >>> * >>> Sigtool: Renamed the sigtool option --sha256 to --sha2-256. The original >>> option is still functional but is deprecated. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> >>> Other improvements >>> >>> * >>> Set a limit on the max-recursion config option. Users will no longer be >>> able to set max-recursion higher than 100. This change prevents errors on >>> start up or crashes if encountering a file with that many layers of >>> recursion. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1264> >>> * >>> Build system: CMake improvements to support compiling for the AIX platform. >>> This change is courtesy of GitHub user KamathForAIX. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1387> >>> * >>> Improve support for extracting malformed zip archives. This change is >>> courtesy of Frederick Sell. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1460> >>> * >>> Windows: Code quality improvement for the ClamScan and ClamDScan --move and >>> --remove options. This change is courtesy of Maxim Suhanov. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1470> >>> * >>> Added file type recognition for an initial set of AI model file types. >>> The file type is accessible to applications using libclamav via the scan >>> callback functions and as an optional output parameter to the scan >>> functions: cl_scanfile_ex(), cl_scanmap_ex(), and cl_scandesc_ex(). >>> When scanning these files, type will now show "CL_TYPE_AI_MODEL" instead of >>> "CL_TYPE_BINARY_DATA". >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1476> >>> * >>> Added support for inline comments in ClamAV configuration files. This >>> change is courtesy of GitHub user userwiths. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1308> >>> * >>> Disabled the MyDoom hardcoded/heuristic detection because of false >>> positives. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1495> >>> * >>> Sigtool: Added support for creating .cdiff and .script patch files for CVDs >>> that have underscores in the CVD name. Also improved support for relative >>> paths with the --diff command. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1541> >>> * >>> Windows: Improved support for file names with UTF-8 characters not found in >>> the ANSI or OEM code pages when printing scan results or showing activity >>> in the ClamDTOP monitoring utility. Fixed a bug with opening files with >>> such names with the Sigtool utility. >>> GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1461> >>> GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1537> >>> * >>> Improved the code quality of the ZIP module. Added inline documentation. >>> GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1548> >>> GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1552> >>> * >>> Always run scan callbacks for embedded files. Embedded files are found >>> within other files through signature matches instead of by parsing. They >>> will now be processed the same way and then they can trigger application >>> callbacks (e.g., "pre-scan", "post-scan", etc.). >>> A consequence of this change is that each embedded file will be pattern- >>> matched just like any other extracted file. To minimize excessive pattern >>> matching, file header validation checks were added for ZIP, ARJ, and CAB. >>> Also fixed a bug with embedded PE file scanning to reduce unnecessary >>> matching. >>> This change will impact scans with both the "leave-temps" feature and the >>> "force-to-disk" feature enabled, resulting in additional temporary files. >>> GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1532> >>> GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1571> >>> * >>> Added DevContainer templates to the ClamAV Git repository in order to make >>> it easier to set up AlmaLinux or Debian development environments. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1462> >>> * >>> Removed the "Heuristics.XZ.DicSizeLimit" alert because of potential >>> unintended alerts based on system state. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1573> >>> * >>> Improved support for compiling on Solaris. >>> This fix courtesy of Andrew Watkins. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1569> >>> * >>> Improved support for compiling on GNU/Hurd. >>> This fix courtesy of Pino Toscano. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1569> >>> * >>> Improved support for linking with the NCurses library dependency when >>> libtinfo is built as a separate library. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1356> >>> >>> Bug fixes >>> >>> * >>> Reduced email multipart message parser complexity. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1347> >>> * >>> Fixed possible undefined behavior in inflate64 module. The inflate64 module >>> is a modified version of the zlib library, taken from version 1.2.3 with >>> some customization and with some cherry-picked fixes. This adds one >>> additional fix from zlib 1.2.9. Thank you to TITAN Team for reporting this >>> issue. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1469> >>> * >>> Fixed a bug in ClamD that broke reporting of memory usage on Linux. The >>> STATS command can be used to monitor ClamD directly or through ClamDTOP. >>> The memory stats feature does not work on all platforms (e.g., Windows). >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1465> >>> * >>> Windows: Fixed a build issue when the same library dependency is found in >>> two different locations. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1453> >>> * >>> Fixed an infinite loop when scanning some email files in debug-mode. This >>> fix is courtesy of Yoann Lecuyer. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1445> >>> * >>> Fixed a stack buffer overflow bug in the phishing signature load process. >>> This fix is courtesy of GitHub user Shivam7-1. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1486> >>> * >>> Fixed a race condition in the Freshclam feature tests. This fix is courtesy >>> of GitHub user rma-x. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1513> >>> * >>> Windows: Fixed a 5-byte heap buffer overread in the Windows unit tests. >>> This fix is courtesy of GitHub user Sophie0x2E. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1542> >>> * >>> Fix double-extraction of OOXML-based office documents. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> * >>> ClamBC: Fixed crashes on startup. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1532> >>> * >>> Fixed an assortment of issues found with Coverity static analysis. >>> GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1574> >>> GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1582> >>> * >>> Fixed libclamav unit test, ClamD, and ClamDScan Valgrind test failures >>> affecting some platforms. >>> GitHub pull request #1<https://github.com/Cisco-Talos/clamav/pull/1554> >>> GitHub pull request #2<https://github.com/Cisco-Talos/clamav/pull/1570> >>> * >>> Fixed crash in the Sigtool program when using the --html-normalize option. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1556> >>> * >>> Fixed some potential NULL-pointer dereference issues if memory allocations >>> fail. >>> Fix courtesy of GitHub user JiangJias. >>> GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1581> >>> >>> Tested-by: Adolf Belka <[email protected]> >>> Signed-off-by: Adolf Belka <[email protected]> >>> --- >>> config/rootfiles/packages/clamav | 15 ++++++------ >>> lfs/clamav | 39 ++++++++++++++++---------------- >>> 2 files changed, 28 insertions(+), 26 deletions(-) >>> >>> diff --git a/config/rootfiles/packages/clamav >>> b/config/rootfiles/packages/clamav >>> index d5495e4b7..43c5585d9 100644 >>> --- a/config/rootfiles/packages/clamav >>> +++ b/config/rootfiles/packages/clamav >>> @@ -1,3 +1,6 @@ >>> +etc/clamav >>> +etc/clamav/certs >>> +etc/clamav/certs/clamav.crt >>> etc/rc.d/init.d/clamav >>> usr/bin/clamav-config >>> usr/bin/clambc >>> @@ -14,20 +17,20 @@ usr/bin/sigtool >>> #usr/include/libfreshclam.h >>> usr/lib/libclamav.so >>> usr/lib/libclamav.so.12 >>> -usr/lib/libclamav.so.12.0.3 >>> +usr/lib/libclamav.so.12.1.0 >>> #usr/lib/libclamav_rust.a >>> usr/lib/libclammspack.so >>> usr/lib/libclammspack.so.0 >>> usr/lib/libclammspack.so.0.8.0 >>> usr/lib/libclamunrar.so >>> usr/lib/libclamunrar.so.12 >>> -usr/lib/libclamunrar.so.12.0.3 >>> +usr/lib/libclamunrar.so.12.1.0 >>> usr/lib/libclamunrar_iface.so >>> usr/lib/libclamunrar_iface.so.12 >>> -usr/lib/libclamunrar_iface.so.12.0.3 >>> +usr/lib/libclamunrar_iface.so.12.1.0 >>> usr/lib/libfreshclam.so >>> -usr/lib/libfreshclam.so.3 >>> -usr/lib/libfreshclam.so.3.0.2 >>> +usr/lib/libfreshclam.so.4 >>> +usr/lib/libfreshclam.so.4.0.0 >>> #usr/lib/pkgconfig/libclamav.pc >>> usr/sbin/clamd >>> #usr/share/doc/ClamAV >>> @@ -133,7 +136,6 @@ usr/sbin/clamd >>> #usr/share/doc/ClamAV/html/manual/Installing/Add-clamav-user.html >>> #usr/share/doc/ClamAV/html/manual/Installing/Community-projects.html >>> #usr/share/doc/ClamAV/html/manual/Installing/Docker.html >>> -#usr/share/doc/ClamAV/html/manual/Installing/Installing-from-source-Unix-old.html >>> #usr/share/doc/ClamAV/html/manual/Installing/Installing-from-source-Unix.html >>> #usr/share/doc/ClamAV/html/manual/Installing/Installing-from-source-Windows.html >>> #usr/share/doc/ClamAV/html/manual/Installing/Packages.html >>> @@ -168,7 +170,6 @@ usr/sbin/clamd >>> #usr/share/doc/ClamAV/html/print.html >>> #usr/share/doc/ClamAV/html/searcher.js >>> #usr/share/doc/ClamAV/html/searchindex.js >>> -#usr/share/doc/ClamAV/html/searchindex.json >>> #usr/share/doc/ClamAV/html/sitemap.xml >>> #usr/share/doc/ClamAV/html/theme-dawn.js >>> #usr/share/doc/ClamAV/html/theme-tomorrow_night.js >>> diff --git a/lfs/clamav b/lfs/clamav >>> index 254da1281..1d4d0ba8b 100644 >>> --- a/lfs/clamav >>> +++ b/lfs/clamav >>> @@ -1,7 +1,7 @@ >>> ############################################################################### >>> # >>> # >>> # IPFire.org - A linux based firewall >>> # >>> -# Copyright (C) 2007-2025 IPFire Team <[email protected]> >>> # >>> +# Copyright (C) 2007-2026 IPFire Team <[email protected]> >>> # >>> # >>> # >>> # This program is free software: you can redistribute it and/or modify >>> # >>> # it under the terms of the GNU General Public License as published by >>> # >>> @@ -26,7 +26,7 @@ include Config >>> >>> SUMMARY = Antivirus Toolkit >>> >>> -VER = 1.4.3 >>> +VER = 1.5.1 >>> >>> THISAPP = clamav-$(VER) >>> DL_FILE = $(THISAPP).tar.gz >>> @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) >>> DIR_APP = $(DIR_SRC)/$(THISAPP) >>> TARGET = $(DIR_INFO)/$(THISAPP) >>> PROG = clamav >>> -PAK_VER = 80 >>> +PAK_VER = 81 >>> >>> DEPS = >>> >>> @@ -50,7 +50,7 @@ objects = $(DL_FILE) >>> >>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >>> >>> -$(DL_FILE)_BLAKE2 = >>> 144be77e7104ebf78482c9efc411a4a168bb4ea3ad18abb237e7bcc1f5cf3e2c10d5478a54d9dc0d82b028c923065bc614cd535fd4f67fb1e73f5fe1c6425861 >>> +$(DL_FILE)_BLAKE2 = >>> d6fd0885ea2864b0fecf040d6b0a088b8d9ad05a555697eab6c999b4a8b3d14bc2ee0968ef4dcb3f3b56d8361faecb98afa5ff4ffbb843cf1bf221a4e27a4496 >>> >>> >>> install : $(TARGET) >>> @@ -87,21 +87,22 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>> >>> cd $(DIR_APP) && mkdir -pv build >>> cd $(DIR_APP)/build && cmake .. -G Ninja \ >>> - -DCMAKE_BUILD_TYPE=Release \ >>> - -DCMAKE_INSTALL_PREFIX=/usr \ >>> - -DCMAKE_INSTALL_LIBDIR=/usr/lib \ >>> - -DOPTIMIZE=ON \ >>> - -DBYTECODE_RUNTIME="interpreter" \ >>> - -DENABLE_TESTS=OFF \ >>> - -DENABLE_CLAMONACC=OFF \ >>> - -DENABLE_MILTER=OFF \ >>> - -DENABLE_MAN_PAGES=OFF \ >>> - -DENABLE_EXTERNAL_MSPACK=OFF \ >>> - -DENABLE_FRESHCLAM_DNS_FIX=ON \ >>> - -DENABLE_SYSTEMD=OFF \ >>> - -DAPP_CONFIG_DIRECTORY=/var/ipfire/clamav \ >>> - -DCURSES_LIBRARY=/usr/lib/libncurses.so \ >>> - -DDATABASE_DIRECTORY=$(DATABASE_DIR) >>> + -D CMAKE_BUILD_TYPE=Release \ >>> + -D CMAKE_INSTALL_PREFIX=/usr \ >>> + -D CMAKE_INSTALL_LIBDIR=/usr/lib \ >>> + -D CVD_CERTS_DIRECTORY=/etc/clamav/certs \ >>> + -D OPTIMIZE=ON \ >>> + -D BYTECODE_RUNTIME="interpreter" \ >>> + -D ENABLE_TESTS=OFF \ >>> + -D ENABLE_CLAMONACC=OFF \ >>> + -D ENABLE_MILTER=OFF \ >>> + -D ENABLE_MAN_PAGES=OFF \ >>> + -D ENABLE_EXTERNAL_MSPACK=OFF \ >>> + -D ENABLE_FRESHCLAM_DNS_FIX=ON \ >>> + -D ENABLE_SYSTEMD=OFF \ >>> + -D APP_CONFIG_DIRECTORY=/var/ipfire/clamav \ >>> + -D CURSES_LIBRARY=/usr/lib/libncurses.so \ >>> + -D DATABASE_DIRECTORY=$(DATABASE_DIR) >>> cd $(DIR_APP)/build && ninja $(MAKETUNING) && ninja install >>> >>> mkdir -pv $(DATABASE_DIR) >>> -- >>> 2.52.0 >>> >>> >
