AIKAWA.JP

Detailed list of changes:

-) libclamav:
+ New unpacker for RAR3, RAR2 and RAR1
+ Rewritten unpackers for Zip and CAB files
+ Support for RAR-SFX, Zip-SFX and CAB-SFX archives
+ New PE parsing model:
- Accurate virtual and raw size and offset calculations
- Proper parsing of executables with weird/handcrafted/uncommon headers
- Proper handling (or skipping) of ghost sections at various places in the
code
- Rebuild improvements for various unpackers
- Adjusted alignment on rebuilt executables
- Proper handling of out of sections offsets
- Broken exe detection now mimics the XPSP2 loader
- Lots of misc improvements and fixes
+ Support for PE32+ (64-bit) executables
+ Support for MD5 signatures based on PE sections (.mdb)
+ ELF file parser
+ Support for Sensory Networks' NodalCore hardware acceleration technology
+ Advanced phishing detection module (experimental)
+ Signatures are stored in separate trees depending on their target type
+ Algorithmic detection can be controlled with CL_SCAN_ALGORITHMIC
+ Support for new obfuscators: SUE, Y0da Cryptor, CryptFF
+ Support for new packers: NsPack, wwpack32, MEW, Upack
+ Support for SIS files (SymbianOS packages)
+ Support for PDF and RTF files
+ New encoding and entity normalizer (experimental)

-) clamd:
+ New config file parser:
* all options require arguments (options without args must be now followed
by boolean values: (yes, no), (1, 0), or (true, false)
* optional arguments (as in NotifyClamd) are no longer supported
* removed "DisableDefaultScanOptions" option (scan options can be
configured individually)
+ TCP and local sockets can be operated simultaneously
+ New command: MULTISCAN (scan directory with multiple threads)
+ New option AlgorithmicDetection
+ New option ScanELF
+ New option NodalCoreAcceleration (requires hardware accelerator)
+ New option PhishingSignatures
+ New options to control the phishing module:
- PhishingRestrictedScan
- PhishingScanURLs
- PhishingAlwaysBlockSSLMismatch
- PhishingAlwaysBlockCloak

-) clamav-milter:
+ Black list mode: optionally black lists an IP for a configurable amount
of time
+ Black hole mode: detects emails that will be discarded and refrains from
scanning them
+ Reporting: ability to report phishing attempts to anti-phishing
organisations to help close the sites
+ Improved load balancing for scanning with clusters
+ Removed -b option (enable BOUNCE compile time option to re-enable the
option)

-) clamscan:
+ New options: --no-phishing-sigs, --no-algorithmic (disable phishing and
algorithmic detection respectively)
+ New options to control the phishing module: --no-phishing-scan-urls,
--no-phishing-restrictedscan, --phishing-ssl, --phishing-cloak
+ New option: --ncore (requires hardware accelerator)
+ New option: --no-elf
+ New option: --copy

-) freshclam:
+ Interpreter for .cdiff files (scripted updates)
+ Initial version of mirror manager
+ New option: --list-mirrors (list details on mirrors accessed by the mirror
manager)
+ New option HTTPUserAgent to force different User-Agent header

-) sigtool:
+ New option: --utf16-decode (decode UTF16 encoded files)
+ New options: --diff, --run-cdiff, --verify-cdiff (update script management)
+ New option: --mdb (generated .mdb compatible signatures)

-) clamconf: initial version of configuration utility for clamd and freshclam

We are happy to announce new interesting software with support for ClamAV:

+ AqMail - a POP3 client with additional filtering
+ ClamFS - a FUSE-based file system with on-access anti-virus scanning
+ c-icap - an ICAP server coded in C with support for ClamAV
+ MailCleaner - a complete email filtering gateway
+ mod_streamav - a ClamAV based antivirus filter for Apache 2
+ pyClamd - a python interface to Clamd