[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[VUA 55-1] Updated clamav version

Debian Volatile Update Announcement VUA 55-1     http://volatile.debian.org
debian-volatile@lists.debian.org                               Stephen Gran
Apr 29, 2009

Package              : clamav
Version              : 0.95.1+dfsg-0volatile2 (Etch),
                       0.95.1+dfsg-1volatile2 (Lenny)
Importance           : medium
CVE IDs              : CVE-2008-6680, CVE-2009-1270

Upstream published version 0.95.1.

Though the changes are not strictly required for operation, users of the
previous version in volatile might get warnings.

The new version contains these enhancements:

    - Google Safe Browsing support: in addition to the heuristic and signature
      based phishing detection mechanisms already available in ClamAV, the
      scanner can now make use of the Google's blacklists of suspected
      phishing and malware sites. The ClamAV Project distributes a constantly
      updated Safe Browsing database, which can be automatically fetched by
      freshclam. For more information, please see freshclam.conf(5) and

    - New clamav-milter: The program has been redesigned and rewritten from
      scratch. The most notable difference is that the internal mode has been
      dropped which means that now a working clamd companion is required.
      The milter now also has its own configuration file.

    - Clamd extensions: The protocol has been extended to lighten the load
      that clamd puts on the system, solve limitations of the old protocol,
      and reduce latency when signature updates are received. For more
      information about the new extensions please see the official
      documentation and the upgrade notes.

    - Improved API: The API used to program ClamAV's engine (libclamav) has
      been redesigned to use modern object-oriented techniques and solves
      various API/ABI compatibility issues between old and new releases.
      You can find more information in Section 6 of clamdoc.pdf and in
      the upgrade notes.

    - ClamdTOP: This is a new program that allows system administrators to
      monitor clamd. It provides information about the items in the clamd's
      queue, clamd's memory usage, and the version of the signature database,
      all in real-time and in nice curses-based interface.

    - Memory Pool Allocator: Libclamav now includes its own memory pool
      allocator based on memory mapping. This new solution replaces the
      traditional malloc/free system for the copy of the signatures that
      is kept in memory. As a result, clamd requires much less memory,
      particularly when signature updates are received and the database is
      loaded into memory.

    - Unified Option Parser: Prior to version 0.95 each program in ClamAV's
      suite of programs had its own set of runtime options. The new general
      parser brings consistency of use and validation to these options across
      the suite. Some command line switches of clamscan have been renamed
      (the old ones will still be accepted but will have no effect and will
      result in warnings), please see clamscan(1) and clamscan --help for
      the details.

The following security flaws present in lenny were found and fixed in clamav:


      Attackers can cayse a denial of service (crash) via a crafted EXE
      file that triggers a divide-by-zero error.


      Attackers can cause a denial of service (infinite loop) via a
      crafted tar file that causes (1) clamd and (2) clamscan to hang.

    (no CVE Id yet)

      Attackers can cause a denial of service (crash) via a crafted EXE
      file that crashes the UPack unpacker.

If you use clamav, we recommend you upgrade to this version.  For Lenny
these security fixes are also present in version 0.94.dfsg.2-1lenny2 in the
security archive, if you hesitate to upgrade to a new upstream version.

Upgrade Instructions

You can get the updated packages at


and install them with dpkg, or add the volatile archive for Lenny
to your /etc/apt/sources.list:

 deb http://volatile.debian.org/debian-volatile lenny/volatile main
 deb-src http://volatile.debian.org/debian-volatile lenny/volatile main

You can also use any of our mirrors.  See
http://www.debian.org/volatile/volatile-mirrors for the full list of
mirrors.  The archive signing keys were included in Debian Lenny.

For further information about debian-volatile, please refer to

If there are any issues, please don't hesitate to get in touch with the
debian-volatile team.

Attachment: signature.asc
Description: Digital signature

Reply to: