ClamAV 0.99 contains major new features and changes. YARA rules, Perl Compatible Regular Expressions, revamped on-access scanning for Linux, and other new features join the many great features of ClamAV:
- Processing of YARA rules (some limitations - see signatures.pdf).
- Support in ClamAV logical signatures for many of the features added for YARA, such as Perl Compatible Regular Expressions, alternate strings, and YARA string attributes. See signatures.pdf for full details.
- New and improved on-access scanning for Linux. See the recent blog post and clamdoc.pdf for details on the new on-access capabilities.
- A new ClamAV API callback function that is invoked when a virus is found. This is intended primarily for applications running in all-match mode. Any applications using all-match mode must use the new callback function to record and report detected viruses.
- Configurable default password list to attempt zip file decryption.
- TIFF file support.
- A new signature target type for designating signatures to run against files with unknown file types.
- Improved fidelity of the "data loss prevention" heuristic algorithm. Code supplied by Bill Parker.
- Support for LZMA decompression within Adobe Flash files.
- Support for MSO attachments within Microsoft Office 2003 XML files.
- A new sigtool option(--ascii-normalize) allowing signature authors to more easily generate normalized versions of ascii files.
Please note: If you are using clamd on-access scanning or have applications using all-match mode, you will want to review the changes and make any necessary adjustments before using ClamAV 0.99.