18a813afb6
The following changes were made - The code to calculate the authenticode hash was not properly accounting for the case where a PE had sections that either overlapped with each other or overlapped with the PE header. One common case for this is UPX-packed binaries, where the first section with data on disk starts at offset 0x400, which overlaps with the specified PE header by 0xC00 bytes. - The code didn't wrap accesses to fields in the Security DataDirectory with EC32(), so it seems likely that authenticode parsing always encountered issues on big endian systems. I think I fixed all of the accesses in cli_checkfp_pe, but there might still be issues here. I'll test this further. - We parse the authenticode data header to better ensure that it's PCKS7 we are trying to parse, and not one of the other types - cli_checkfp_pe should now finish faster in the case where there is no authenticode data and we don't want to compute the section hashes. - Fixed a potential memory leak in one cli_checkfp_pe failure case |
||
|---|---|---|
| clamav-milter | ||
| clambc | ||
| clamconf | ||
| clamd | ||
| clamdscan | ||
| clamdtop | ||
| clamscan | ||
| clamsubmit | ||
| config | ||
| contrib | ||
| database | ||
| docs | ||
| etc | ||
| examples | ||
| freshclam | ||
| libclamav | ||
| libclammspack | ||
| libclamunrar | ||
| libclamunrar_iface | ||
| libfreshclam | ||
| libltdl | ||
| llvm/lib/Target | ||
| m4 | ||
| shared | ||
| sigtool | ||
| test | ||
| unit_tests | ||
| win32 | ||
| .gitattributes | ||
| .gitignore | ||
| aclocal.m4 | ||
| ChangeLog.md | ||
| clamav-config.h.in | ||
| clamav-config.in | ||
| configure | ||
| configure.ac | ||
| COPYING | ||
| COPYING.bzip2 | ||
| COPYING.file | ||
| COPYING.getopt | ||
| COPYING.LGPL | ||
| COPYING.llvm | ||
| COPYING.lzma | ||
| COPYING.pcre | ||
| COPYING.regex | ||
| COPYING.unrar | ||
| COPYING.YARA | ||
| COPYING.zlib | ||
| INSTALL.md | ||
| libclamav.pc.in | ||
| Makefile.am | ||
| Makefile.in | ||
| NEWS.md | ||
| platform.h.in | ||
| README.md | ||
ClamAV
ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
Documentation & FAQ
The ClamAV documentation can be found in the ClamAV User Manual with additional information online in our FAQ.
ClamAV Signatures
Anyone can learn to read and write ClamAV signatures. Take a look at the signature writing documentation and phishing signature writing documentation to get started!
Installation Instructions
UNIX
Build from Source on Linux/Unix/Mac
For basic compile and install instructions on Linux/Unix platforms, check out the install instructions.
For detailed instructions specific to building ClamAV please investigate our the Linux/Unix/Mac Install instructions in the User Manual.
Install from a binary package
For binary package distribution installation instructions, head over to our website.
Windows
Build from Source on Windows
The instructions for building ClamAV from source on Windows is located in the Win32 README.
Using an Install Package
We provide an installer to install ClamAV on Windows to "C:\Program Files". This install method will require you to have Adminstrator priveleges.
We also provide a "Portable Install Package" (i.e. a zip of the required files) for users that may wish to run ClamAV without installing it to a system-owned directory.
For details on how to use either option, head over to the Windows Install instructions in the User Manual.
Upgrading from a previous version
Some tips on how to upgrade from a previous version of ClamAV.
ClamAV News
For information about the features in this and prior releases, read the news.
Catch up on the latest about ClamAV by reading our blog and follow us on Twitter @clamav.
Join the ClamAV Community
The best way to get in touch with the ClamAV community is to join our our mailing lists, and tune to #clamav on IRC.
Want to make a contribution?
The ClamAV development team welcomes code contributions, improvements to our FAQ, and also bug reports. Thanks for joining us!