Clam 2256 add alz support #1183
Conversation
ragusaa
force-pushed
the
CLAM-2256-AddALZSupport
branch
3 times, most recently
from
beef30b to
387cbc4
Compare
ragusaa
changed the title
|
PR needs to be rebased with the upstream main branch to bump the FLEVEL to 210 so ALZ file type detection works and tests pass, and to resolve merge conflicts. |
Thank you, I am starting to really like rust. |
ragusaa
force-pushed
the
CLAM-2256-AddALZSupport
branch
2 times, most recently
from
fe90c1f to
c5bc180
Compare
There was a problem hiding this comment.
A few minor things this time. My main concern is I don't think we should use info! at all. We've gotten (understandable) complaints about the "early end" warnings in the PDF parser. Users get confused by warnings when scanning malformed (but non-malicious) files.
In the future, we would want to record such events as weak indicators that could be used by signatures. That is of course pending implementing the weak indicator feature. Anyways... I ramble.
Final thing -- there is a linker error when building on Windows. It seems that the bzip-sys crate is compiling bzip2-1.0.8 into our libclamav_rust static library. That of course causes a linker error when we link libclamav (+libclamav_rust) with bz2.dll.
I'm not sure how to solve it. I created this issue to seek help: trifectatechfoundation/bzip2-rs#102
I agree on the info!. So we'll wait to merge until we resolve the link issue? |
|
Re-ran testing with your changes, and everything still looks good. |
micahsnyder
force-pushed
the
CLAM-2256-AddALZSupport
branch
from
473af46 to
4695e20
Compare
|
I just rebased it, fixed merged conflicts, and squashed commits down, and re-ran clam-format once more. |
- Update from version 1.3.2 to 1.4.1
- Update of rootfile
- Changelog
1.4.1
ClamAV 1.4.1 is a critical patch release with the following fixes:
- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506):
Changed the logging module to disable following symlinks on Linux and Unix
systems so as to prevent an attacker with existing access to the 'clamd' or
'freshclam' services from using a symlink to corrupt system files.
This issue affects all currently supported versions. It will be fixed in:
- 1.4.1
- 1.3.2
- 1.0.7
- 0.103.12
Thank you to Detlef for identifying this issue.
- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505):
Fixed a possible out-of-bounds read bug in the PDF file parser that could
cause a denial-of-service (DoS) condition.
This issue affects all currently supported versions. It will be fixed in:
- 1.4.1
- 1.3.2
- 1.0.7
- 0.103.12
Thank you to OSS-Fuzz for identifying this issue.
- Removed unused Python modules from freshclam tests including deprecated
'cgi' module that is expected to cause test failures in Python 3.13.
1.4.0
Major changes
- Added support for extracting ALZ archives.
The new ClamAV file type for ALZ archives is `CL_TYPE_ALZ`.
Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
option to enable or disable ALZ archive support.
> _Tip_: DCONF (Dynamic CONFiguration) is a feature that allows for some
> configuration changes to be made via ClamAV `.cfg` "signatures".
- [GitHub pull request](Cisco-Talos/clamav#1183)
- Added support for extracting LHA/LZH archives.
The new ClamAV file type for LHA/LZH archives is `CL_TYPE_LHA_LZH`.
Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
option to enable or disable LHA/LZH archive support.
- [GitHub pull request](Cisco-Talos/clamav#1192)
- Added the ability to disable image fuzzy hashing, if needed. For context,
image fuzzy hashing is a detection mechanism useful for identifying malware
by matching images included with the malware or phishing email/document.
New ClamScan options:
```
--scan-image[=yes(*)/no]
--scan-image-fuzzy-hash[=yes(*)/no]
```
New ClamD config options:
```
ScanImage yes(*)/no
ScanImageFuzzyHash yes(*)/no
```
New libclamav scan options:
```c
options.parse &= ~CL_SCAN_PARSE_IMAGE;
options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH;
```
Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
option to enable or disable image fuzzy hashing support.
- [GitHub pull request](Cisco-Talos/clamav#1186)
Other improvements
- Added cross-compiling instructions for targeting ARM64/aarch64 processors for
[Windows](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-windows-arm64.md)
and
[Linux](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-linux-arm64.md).
- [GitHub pull request](Cisco-Talos/clamav#1116)
- Improved the Freshclam warning messages when being blocked or rate limited
so as to include the Cloudflare Ray ID, which helps with issue triage.
- [GitHub pull request](Cisco-Talos/clamav#1195)
- Removed unnecessary memory allocation checks when the size to be allocated
is fixed or comes from a trusted source.
We also renamed internal memory allocation functions and macros, so it is
more obvious what each function does.
- [GitHub pull request](Cisco-Talos/clamav#1137)
- Improved the Freshclam documentation to make it clear that the `--datadir`
option must be an absolute path to a directory that already exists, is
writable by Freshclam, and is readable by ClamScan and ClamD.
- [GitHub pull request](Cisco-Talos/clamav#1199)
- Added an optimization to avoid calculating the file hash if the clean file
cache has been disabled. The file hash may still be calculated as needed to
perform hash-based signature matching if any hash-based signatures exist that
target a file of the same size, or if any hash-based signatures exist that
target "any" file size.
- [GitHub pull request](Cisco-Talos/clamav#1167)
- Added an improvement to the SystemD service file for ClamOnAcc so that the
service will shut down faster on some systems.
- [GitHub pull request](Cisco-Talos/clamav#1164)
- Added a CMake build dependency on the version map files so that the build
will re-run if changes are made to the version map files.
Work courtesy of Sebastian Andrzej Siewior.
- [GitHub pull request](Cisco-Talos/clamav#1294)
- Added an improvement to the CMake build so that the RUSTFLAGS settings
are inherited from the environment.
Work courtesy of liushuyu.
- [GitHub pull request](Cisco-Talos/clamav#1301)
Bug fixes
- Silenced confusing warning message when scanning some HTML files.
- [GitHub pull request](Cisco-Talos/clamav#1252)
- Fixed minor compiler warnings.
- [GitHub pull request](Cisco-Talos/clamav#1197)
- Since the build system changed from Autotools to CMake, ClamAV no longer
supports building with configurations where bzip2, libxml2, libz, libjson-c,
or libpcre2 are not available. Libpcre is no longer supported in favor of
libpcre2. In this release, we removed all the dead code associated with those
unsupported build configurations.
- [GitHub pull request](Cisco-Talos/clamav#1217)
- Fixed assorted typos. Patch courtesy of RainRat.
- [GitHub pull request](Cisco-Talos/clamav#1228)
- Added missing documentation for the ClamScan `--force-to-disk` option.
- [GitHub pull request](Cisco-Talos/clamav#1186)
- Fixed an issue where ClamAV unit tests would prefer an older
libclamunrar_iface library from the install path, if present, rather than
the recently compiled library in the build path.
- [GitHub pull request](Cisco-Talos/clamav#1258)
- Fixed a build issue on Windows with newer versions of Rust.
Also upgraded GitHub Actions imports to fix CI failures.
Fixes courtesy of liushuyu.
- [GitHub pull request](Cisco-Talos/clamav#1307)
- Fixed an unaligned pointer dereference issue on select architectures.
Fix courtesy of Sebastian Andrzej Siewior.
- [GitHub pull request](Cisco-Talos/clamav#1293)
- Fixed a bug that prevented loading plaintext (non-CVD) signature files
when using the `--fail-if-cvd-older-than=DAYS` / `FailIfCvdOlderThan` option.
Fix courtesy of Bark.
- [GitHub pull request](Cisco-Talos/clamav#1309)
Signed-off-by: Adolf Belka <[email protected]>
Signed-off-by: Arne Fitzenreiter <[email protected]>
No description provided.