This is a topic where we can post all news about ClamAV. I'll start out with the 2 already posted news updates from ClamAV.

First is the new ClamAV .98.5 beta update released on July 8th which was collection of files for their bytecode: https://www.clamav.net/lang/en/2014/07/08/clamav-0-98-5-beta-has-been-posted/

Second is the information provided by ClamAV for OpenSSL posted on July 9th. The ClamWin team will find essential for their next ClamWin update: https://www.clamav.net/lang/en/2014/07/09/compiling-openssl-for-windows/

Also, if anyone is interested in database updates for both ClamWin and ClamAV, you can subscribe to ClamAV virusdb mailing list here: https://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb

I will post up any and all ClamAV news here as more information is posted.

Sherpya has already made libraries for x32 and x64 versions--looks like he is on top of it.

Regards,

ClamAV end life, as GuitarBob had mention here: https://forums.clamwin.com/viewtopic.php?t=4176 More information about end life for version .96 is available here: https://www.clamav.net/lang/en/2014/07/29/clamav-0-96-engine-end-of-life-announcement/

ClamAV website is currently down for maintenance. It looks like they are attempted to change the whole website. More information will be available when ClamAV homepage comes back online.

At first glance, I do not like the new Clam AV site. The information is not available on the main page. You can submit viruses and false positives via the contact page.

Regards,

Yes. New website is now online here: https://www.clamav.net/ I like the look. It is something new and makes it looks much more attractive, although, the way they have it set up may be a bit confusing for some users. At least they got rid of that old, ugly look on the page where you submit a sample or false positive. I really didn't like the old look at all. It also looks like they moved their news and information to here: https://blog.clamav.net/ We can go there to keep up-to-date on latest ClamAV reports. Maybe it is a sign that ClamAV 1.0 is coming out (I wish).

I had not thought of it as a sign of an upcoming Clam AV 1.0, but you could be right, RRK. After version .88, Clam skipped .89 and went right to .90, so they could do likewise from .98 to 1.0. I'm sure there is lots going on behind the scene that we do not know about. Clam version 1.0 will certain put some impetus to ClamWin 1.0. I will ask Alch about the progress and get back to you.

Regards,

They also skipped .98.2 and went to .98.3 after .98.1 came out. I guess anything is possible. I really only said that to add to the "dramatic of the moment".

I just asked Alch about progress on ClamWin 1.0. I'll let you know what he says.

Regards,

Just a question. How are they working on a ClamWin 1.0 if they have no idea what to expect with ClamAV 1.0, since there is no news or information on that, yet?

Any work on ClamWin 1.0 would consist of the GUI interface, the real-time module, and the web protection module. These are independent of the Clam AV scan engine. Clam AV is unique in that the scan engine consists of a collection of tools that can be used/called from within other software. When/if Clam AV 1.0 makes its appearance, the needed Clam components will be inserted into the ClamWin bin directory. This could involve additional changes in ClamWin to accommodate the improved scanning capabilities when they port the Clam AV code over to Windows--that's what the ClamWin developers do each time a new version of Clam AV comes out.

Of course, we don't know if work is still continuing on ClamWin 1.0 yet. I have not had an answer to my query about it. Alch may be away from home.

Regards,

Let's see what Alch says. Maybe that will give us a better hint. Let us know what he says.

No word--we'll just have to wait and see.

Regards,

No word--we'll just have to wait and see.

Regards,

New ClamAV database adds new Potentially Unwanted Applications (PUA) to its database number 19322.

Added: PUA.Macro.DoubleExtension-zippwd-1
Added: PUA.Misc.DoubleExtension-zippwd-3
Added: PUA.Macro.DoubleExtension-rarpwd-1
Added: PUA.Misc.DoubleExtension-rarpwd-1
Added: PUA.Windows.DoubleExtension-zippwd-2
Added: PUA.Windows.DoubleExtension-rarpwd-2

UPDATE
Nope--enabling PUA detection still has all those false positives for packers, so PUA detection is still useless (for us Windows users). Clam AV's Linux email server users don't have this problem, but it will kill computers using the Windows OS due to packer usage. Here's a scan of memory with PUA enabled:

C:\Users\Bob\AppData\Local\Temp\clamav-81d9307ab780ac6b5e1b560dc64b5fac.00001240.clamtmp: PUA.Win.Packer.PrivateExeProte-8 FOUND
C:\Program Files (x86)\ClamWin\bin\pyc.pyd: PUA.Win.Packer.NspackDotnetNor-1 FOUND
C:\Program Files (x86)\ClamWin\bin\clamscan.exe: PUA.Win.Packer.SetupExeSection-1 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 4907874
Engine version: 0.99.1
Scanned directories: 0
Scanned files: 109
Infected files: 3
Not copied: 4
Data scanned: 76.25 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 35.562 sec (0 m 35 s)

The following files are Digitally Signed by Microsoft Corporation and may have been incorrectly detected as viruses:
C:\WINDOWS\SYSTEM32\ntdll.dll: [PUA.Win.Packer.Pseudosigner-36] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\KERNEL32.DLL: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\KERNELBASE.dll: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\gdi32.dll: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\shell32.dll: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\ole32.dll: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
C:\WINDOWS\SYSTEM32\winhttp.dll: [PUA.Win.Packer.PrivateExeProte-8] FALSE POSITIVE FOUND
Please do not be alarmed and help us by submitting the files identified above as FALSE POSITIVE at https://www.clamav.net/sendvirus/

Scan Started Sat Oct 08 13:41:24 2016

Submitting to Clam AV the results of PUA false positives will do no good--PUA is an optional detection. I'd leave it alone--don't use PUA!



Regards,