ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Updates on ClamAV are posted here
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
This is a topic where we can post all news about ClamAV. I'll start out with the 2 already posted news updates from ClamAV.

First is the new ClamAV .98.5 beta update released on July 8th which was collection of files for their bytecode: http://www.clamav.net/lang/en/2014/07/08/clamav-0-98-5-beta-has-been-posted/

Second is the information provided by ClamAV for OpenSSL posted on July 9th. The ClamWin team will find essential for their next ClamWin update: http://www.clamav.net/lang/en/2014/07/09/compiling-openssl-for-windows/

Also, if anyone is interested in database updates for both ClamWin and ClamAV, you can subscribe to ClamAV virusdb mailing list here: http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb

I will post up any and all ClamAV news here as more information is posted.


Last edited by ROCKNROLLKID on Tue Sep 15, 2015 3:46 pm; edited 5 times in total
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
Sherpya has already made libraries for x32 and x64 versions--looks like he is on top of it.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
ClamAV end life, as GuitarBob had mention here: http://forums.clamwin.com/viewtopic.php?t=4176 More information about end life for version .96 is available here: http://www.clamav.net/lang/en/2014/07/29/clamav-0-96-engine-end-of-life-announcement/
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
ClamAV website is currently down for maintenance. It looks like they are attempted to change the whole website. More information will be available when ClamAV homepage comes back online.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
At first glance, I do not like the new Clam AV site. The information is not available on the main page. You can submit viruses and false positives via the contact page.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
Yes. New website is now online here: http://www.clamav.net/index.html I like the look. It is something new and makes it looks much more attractive, although, the way they have it set up may be a bit confusing for some users. At least they got rid of that old, ugly look on the page where you submit a sample or false positive. I really didn't like the old look at all. It also looks like they moved their news and information to here: http://blog.clamav.net/ We can go there to keep up-to-date on latest ClamAV reports. Maybe it is a sign that ClamAV 1.0 is coming out (I wish).
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
I had not thought of it as a sign of an upcoming Clam AV 1.0, but you could be right, RRK. After version .88, Clam skipped .89 and went right to .90, so they could do likewise from .98 to 1.0. I'm sure there is lots going on behind the scene that we do not know about. Clam version 1.0 will certain put some impetus to ClamWin 1.0. I will ask Alch about the progress and get back to you.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
They also skipped .98.2 and went to .98.3 after .98.1 came out. I guess anything is possible. I really only said that to add to the "dramatic of the moment".
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
I just asked Alch about progress on ClamWin 1.0. I'll let you know what he says.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
Just a question. How are they working on a ClamWin 1.0 if they have no idea what to expect with ClamAV 1.0, since there is no news or information on that, yet?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
Any work on ClamWin 1.0 would consist of the GUI interface, the real-time module, and the web protection module. These are independent of the Clam AV scan engine. Clam AV is unique in that the scan engine consists of a collection of tools that can be used/called from within other software. When/if Clam AV 1.0 makes its appearance, the needed Clam components will be inserted into the ClamWin bin directory. This could involve additional changes in ClamWin to accommodate the improved scanning capabilities when they port the Clam AV code over to Windows--that's what the ClamWin developers do each time a new version of Clam AV comes out.

Of course, we don't know if work is still continuing on ClamWin 1.0 yet. I have not had an answer to my query about it. Alch may be away from home.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
Let's see what Alch says. Maybe that will give us a better hint. Let us know what he says.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
No word--we'll just have to wait and see.

Regards,
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
No word--we'll just have to wait and see.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
New ClamAV database adds new Potentially Unwanted Applications (PUA) to its database number 19322.

Added: PUA.Macro.DoubleExtension-zippwd-1
Added: PUA.Misc.DoubleExtension-zippwd-3
Added: PUA.Macro.DoubleExtension-rarpwd-1
Added: PUA.Misc.DoubleExtension-rarpwd-1
Added: PUA.Windows.DoubleExtension-zippwd-2
Added: PUA.Windows.DoubleExtension-rarpwd-2

UPDATE
Nope--enabling PUA detection still has all those false positives for packers, so PUA detection is still useless (for us Windows users). Clam AV's Linux email server users don't have this problem, but it will kill computers using the Windows OS due to packer usage. Here's a scan of memory with PUA enabled:

C:\Users\Bob\AppData\Local\Temp\clamav-81d9307ab780ac6b5e1b560dc64b5fac.00001240.clamtmp: PUA.Win.Packer.PrivateExeProte-8 FOUND
C:\Program Files (x86)\ClamWin\bin\pyc.pyd: PUA.Win.Packer.NspackDotnetNor-1 FOUND
C:\Program Files (x86)\ClamWin\bin\clamscan.exe: PUA.Win.Packer.SetupExeSection-1 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 4907874
Engine version: 0.99.1
Scanned directories: 0
Scanned files: 109
Infected files: 3
Not copied: 4
Data scanned: 76.25 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 35.562 sec (0 m 35 s)

The following files are Digitally Signed by Microsoft Corporation and may have been incorrectly detected as viruses:
C:\WINDOWS\SYSTEM32\ntdll.dll: [PUA.Win.Packer.Pseudosigner-36] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\KERNEL32.DLL: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\KERNELBASE.dll: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\gdi32.dll: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\shell32.dll: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\ole32.dll: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\winhttp.dll: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
Please do not be alarmed and help us by submitting the files identified above as FALSE POSITIVE at http://www.clamav.net/sendvirus/

Scan Started Sat Oct 08 13:41:24 2016

Submitting to Clam AV the results of PUA false positives will do no good--PUA is an optional detection. I'd leave it alone--don't use PUA!



Regards,


Last edited by ROCKNROLLKID on Mon Sep 08, 2014 6:12 pm; edited 2 times in total
View user's profileSend private message
Updates on ClamAV are posted here
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 8  

  
  
 Reply to topic