Re: [clamav-users] Are the Clam AV community signature sets still being actively maintained by Cisco?

[Micah Snyder (micasnyd) via clamav-users]

Hi Richard,

Sorry about the delay on the reply.  Retirement of Immunet had no impact on 
ClamAV CVD signatures.  We still create new detections and publish daily 
updates.

Immunet was a sort of testing ground for Cisco Secure Endpoint - specifically 
for Windows, but without the enterprise features or administrative dashboard. 
It suffered from lack of support for users. And without the dashboard it was 
not a good showcase for Secure Endpoint. It was for the best to discontinue 
Immunet.

Secure Endpoint is still an active Cisco product and it's really good.

Cheers,
Micah


Micah Snyder (they/them)
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of Richard 
Savage via clamav-users 
Sent: Thursday, April 11, 2024 6:42 AM
To: clamav-users@lists.clamav.net 
Cc: Richard Savage 
Subject: [clamav-users] Are the Clam AV community signature sets still being 
actively maintained by Cisco?


Hello



Since the retirement of Immunet in early 2024, has maintenance of Clam AV CVD 
signature files by Cisco TALOS been impacted? Are the Clam AV community 
signature sets still being actively maintained by Cisco?



Thanks in advance



**
This email and any files transmitted with it are private and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please return it to the address
it came from telling them it is not for you and then delete it from your system.
This email message has been swept for computer viruses.
**
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published

[Micah Snyder (micasnyd) via clamav-users]

Read this online at: 
https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html




Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions.

The release files for the patch versions are available for download on the 
ClamAV downloads page, on the GitHub Release 
page, and through Docker 
Hub.

The images on Docker Hub may not be immediately available on release day.

Continue reading to learn what changed in each version.

1.3.1

ClamAV 1.3.1 is a critical patch release with the following fixes:

  *   
CVE-2024-20380: 
Fixed a possible crash in the HTML file parser that could cause a 
denial-of-service (DoS) condition.

This issue affects version 1.3.0 only and does not affect prior versions.

Thank you to Błażej Pawłowski for identifying this issue.

 *   GitHub pull request
  *   Updated select Rust dependencies to the latest versions. This resolved 
Cargo audit complaints and included PNG parser bug fixes.

 *   GitHub pull request
  *   Fixed a bug causing some text to be truncated when converting from UTF-16.

 *   GitHub pull request
  *   Fixed assorted complaints identified by Coverity static analysis.

 *   GitHub pull request
  *   Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam 
config option to be pruned and then re-downloaded with every update.

 *   GitHub pull request
  *   Added the new 'valhalla' database name to the list of optional databases 
in preparation for future work.

 *   GitHub pull request
  *   Added symbols to the libclamav.map file to enable additional build 
configurations.

Patch courtesy of Neil Wilson.

 *   GitHub pull request

1.2.3

ClamAV 1.2.3 is a critical patch release with the following fixes:

  *   Updated select Rust dependencies to the latest versions. This resolved 
Cargo audit complaints and included PNG parser bug fixes.

 *   GitHub pull request
  *   Fixed a bug causing some text to be truncated when converting from UTF-16.

 *   GitHub pull request
  *   Fixed assorted complaints identified by Coverity static analysis.

 *   GitHub pull request
  *   Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam 
config option to be pruned and then re-downloaded with every update.

 *   GitHub pull request
  *   Added the new 'valhalla' database name to the list of optional databases 
in preparation for future work.

 *   GitHub pull request
  *   Silenced a warning "Unexpected early end-of-file" that occured when 
scanning some PNG files.

 *   GitHub pull request

1.0.6

ClamAV 1.0.6 is a critical patch release with the following fixes:

  *   Updated select Rust dependencies to the latest versions. This resolved 
Cargo audit complaints and included PNG parser bug fixes.

 *   GitHub pull request
  *   Fixed a bug causing some text to be truncated when converting from UTF-16.

 *   GitHub pull request
  *   Fixed assorted complaints identified by Coverity static analysis.

 *   GitHub pull request
  *   Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam 
config option to be pruned and then re-downloaded with every update.

 *   GitHub pull request
  *   Added the new 'valhalla' database name to the list of optional databases 
in preparation for future work.

 *   GitHub pull request
  *   Silenced a warning "Unexpected early end-of-file" that occured when 
scanning some PNG files.

 *   GitHub pull request





Micah Snyder (they/them)
ClamAV Development
Talos
Cisco Systems, Inc.
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat