aadf25df6a
`libclamav/libmspack.c`: Initialize variables before first `goto done;` to fix unitialized variable use in an error condition. `libclamav/others.c`: Explicitly ignore return values for calls to add JSON values when subsequent calls don't depend on them. If we were to add error handling here, the only thing we'd do is debug- log it. I don't think it's worth adding the extra lines of code. `libclamav/unarj.c`: Removed dead code. The `status` variable is immediately set afterwards based on whether or not any files may be extracted. `libclamav/unzip.c`: Removed dead code. The `ret` variable is checked immediately after being set, above. This check after the `do`-`while()` loop is dead code. `sigtool/sigtool.c`: Fix potential NULL deref in error handling. This is a fix for the same issue as was fixed in a previous commit. I somehow overlooked this one. Copy/paste bug. `libclamav/pdfdecode.c`: Fix leaked `stream` memory when `filter_lzwdecode()` fails. `clamdtop/clamdtop.c`: Fix possible NULL dereference if `strchr` returns NULL in `read_version()` and `check_stats_available()`. `libclamav/rtf.c`: Fix memory leak in `rtf_object_process()` if `cli_gentemp_with_prefix()` fails. Also change empty for-loop to resolve clang-format weirdness and make it more obvious the for-loop has no body. `libclamav/aspack.c`: Ensure that `endoff - old` is not negative in `build_decrypt_array()` before passing to `CLI_ISCONTAINED()` which expects unsigned values. `libclamav/upx.c`: Fix integer overflow checks in multiple functions. `libclamav/vba_extract.c`: Set `entries` pointer back to NULL after free in `word_read_macro_entry()` error condition. `libclamav/unzip.c`: Remove logic to return `CL_EMAXFILES` from `index_local_file_headers()`. It seems it only overwrote the status when not `CL_SUCCESS` in which case it could be overriding a more serious failure. Further, updates to the how the ZIP parser works has made it so this needs to return `CL_SUCCESS` in order for the caller to at least scan the files found so far. Finally, the calling function has checks of its own to make sure we don't exceeds the max-files limit. `libclamav/unzip.c`: Fix issue where `cli_append_potentially_unwanted()` in `index_local_file_headers()` might overwrite an error in `status` with `CL_CLEAN`. Instead, it now checks the return value and only overwrites the `CL_EFORMAT` status with a different value if not `CL_SUCCESS`. `libclamav/unzip.c`: Fix a potential leak with `combined_catalogue` and `temp_catalogue` in an error condition. We should always free them if not NULL, not just if the function failed. And to make this safe, we must set `combined_catalogue` to NULL when we give ownership to `*catalogue`. `libclamav/scanners.c`: Fix a potential leak in error handling for the `cli_ole2_tempdir_scan_vba()` function. CLAM-2768 |
||
|---|---|---|
| .devcontainer | ||
| .github | ||
| certs | ||
| clamav-milter | ||
| clambc | ||
| clamconf | ||
| clamd | ||
| clamdscan | ||
| clamdtop | ||
| clamonacc | ||
| clamscan | ||
| clamsubmit | ||
| cmake | ||
| common | ||
| COPYING | ||
| docs | ||
| etc | ||
| examples | ||
| freshclam | ||
| fuzz | ||
| libclamav | ||
| libclamav_rust | ||
| libclammspack | ||
| libclamunrar | ||
| libclamunrar_iface | ||
| libfreshclam | ||
| sigtool | ||
| unit_tests | ||
| win32 | ||
| .clang-format | ||
| .dockerignore | ||
| .gitattributes | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| ChangeLog.md | ||
| clam-format | ||
| clamav-config.h.cmake.in | ||
| clamav-config.in | ||
| clamav-types.h.in | ||
| clamav-version.h.in | ||
| CMakeLists.txt | ||
| CMakeOptions.cmake | ||
| CODE_OF_CONDUCT.md | ||
| COPYING.txt | ||
| INSTALL-cross-linux-arm64.md | ||
| INSTALL-cross-windows-arm64.md | ||
| INSTALL.md | ||
| Jenkinsfile | ||
| libclamav.pc.in | ||
| logo.png | ||
| NEWS.md | ||
| platform.h.in | ||
| README.Docker.md | ||
| README.md | ||
| SECURITY.md | ||
| target.h.cmake.in | ||
ClamAV
ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
Documentation & FAQ
ClamAV documentation is hosted at docs.clamav.net. The source archive for each release also includes a copy of the documentation for offline reading.
You can contribute to the documentation by submitting improvements to Cisco-Talos/clamav-documentation
ClamAV News
For information about the features in this and prior releases, read the news.
Catch up on the latest about ClamAV by reading our
blog and follow us on Twitter @clamav.
ClamAV Signatures
Anyone can learn to read and write ClamAV signatures. To get started, see our signature writing manual.
Installation Instructions
Using Docker
ClamAV can be run using Docker. For details, visit to the online manual under "Docker" and check out our images on Docker Hub.
Using a Package Manager
For help installing from a package manager, refer to the online manual under "Packages".
Using an Installer
The following install packages are available for download from clamav.net/downloads:
- Linux - Debian and RPM packages for x86_64 and i686. New in v0.104.
- macOS - PKG installer for x86_64 and arm64 (universal). New in v0.104.
- Windows - MSI installers and portable ZIP packages for win32 and x64.
To learn how to use these packages, refer to the online manual under "Installing".
Build from Source
For step-by-step instructions, refer to the online manual:
The source archive for each release includes a copy of the documentation for offline reading.
A reference with all of the available build options can be found in the INSTALL.md file.
You can find additional advice for developers in the online manual under "For Developers".
Upgrading from a previous version
Visit the FAQ for tips on how to upgrade from a previous version.
Join the ClamAV Community
The best way to get in touch with the ClamAV community is to join our mailing lists.
You can also join the community on our ClamAV Discord chat server.
Want to make a contribution?
The ClamAV development team welcomes code contributions, improvements to our documentation, and also bug reports.
Thanks for joining us!
Licensing
ClamAV is licensed for public/open source use under the GNU General Public License, Version 2 (GPLv2).
See COPYING.txt for a copy of the license.
3rd Party Code
ClamAV contains a number of components that include code copied in part or in whole from 3rd party projects and whose code is not owned by Cisco and which are licensed differently than ClamAV. These include:
- Yara: Apache 2.0 license
- Yara has since switched to the BSD 3-Clause License; Our source is out-of-date and needs to be updated.
- 7z / lzma: public domain
- libclamav's NSIS/NulSoft parser includes:
- zlib: permissive free software license
- bzip2 / libbzip2: BSD-like license
- OpenBSD's libc/regex: BSD license
- file: BSD license
- str.c: Contains BSD licensed modified-implementations of strtol(), stroul() functions, Copyright (c) 1990 The Regents of the University of California.
- pngcheck (png.c): MIT/X11-style license
- getopt.c: MIT license
- Curl: license inspired by MIT/X, but not identical
- libmspack: LGPL license
- UnRAR (libclamunrar): a non-free/restricted open source license
- Note: The UnRAR license is incompatible with GPLv2 because it contains a clause that prohibits reverse engineering a RAR compression algorithm from the UnRAR decompression code. For this reason, libclamunrar/libclamunrar_iface is not linked at all with libclamav. It is instead loaded at run-time. If it fails to load, ClamAV will continue running without RAR support.
See the COPYING directory for a copy of the 3rd party project licenses.
Acknowledgements
Credit for contributions to each release can be found in the News.
ClamAV is brought to you by the ClamAV Team