Great !
PNG - GIF files, problem solved !
On 2/9/2021 1:06 PM, Joel Esler (jesler) via clamav-users wrote:
>
>>
>> https://blog.clamav.net/2021/02/clamav-01031-patch-release.html
>> <https://blog.clamav.net/2021/02/clamav-01031-patch-release.html>
>>
>>
>> ClamAV 0.103.1 patch release
>>
>> ClamAV 0.103.1 is out now. Users can head over to
>> clamav.net/downloads <https://www.clamav.net/downloads> to download
>> the release materials.
>>
>> The latest version of ClamAV contains the following fixes and
>> improvements:
>>
>>
>> Notable changes
>>
>> * ?Added a new scan option to alert on broken media (graphics) file
>> formats.
>>
>> This feature mitigates the risk of malformed media files intended
>> to exploit vulnerabilities in other software. At present, media
>> validation exists for JPEG, TIFF, PNG and GIF files. To enable
>> this feature, set AlertBrokenMedia yes in clamd.conf for use with
>> ClamD, or use the --alert-broken-media option when using
>> ClamScan. These options are disabled by default in this patch
>> release but may be enabled in a subsequent release.
>>
>> Application developers may enable this scan option by enabling
>> CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit
>> field.
>>
>> * Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF and PNG
>> typing behavior. BMP and JPEG 2000 files will continue to detect
>> as CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG
>> 2000 format-checking capabilities.
>>
>>
>> ?Bug fixes
>>
>> * Fixed PNG parser logic bugs that caused an excess of parsing
>> errors and fixed a stack exhaustion issue affecting some systems
>> when scanning PNG files. PNG file type detection was disabled via
>> signature database update for ClamAV version 0.103.0 to mitigate
>> the effects from these bugs.
>>
>> * Fixed an issue where PNG and GIF files no longer work with
>> Target:5 graphics signatures if detected as CL_TYPE_PNG or
>> CL_TYPE_GIF rather than as CL_TYPE_GRAPHICS. Target types now
>> support up to 10 possible file types to make way for additional
>> graphics types in future releases.
>>
>> * Fixed ClamOnAcc's --fdpass option.
>>
>> File descriptor passing (or "FD-passing") is a mechanism by which
>> ClamOnAcc and ClamDScan may transfer an open file to ClamD to
>> scan, even if ClamD is running as a non-privileged user and
>> wouldn't otherwise have read-access to the file. This enables
>> ClamD to scan all files without having to run ClamD as root. If
>> possible, ClamD should never be run as root to mitigate the risk
>> in case ClamD is somehow compromised while scanning malware.
>>
>> Interprocess file descriptor passing for ClamOnAcc was broken
>> since version 0.102.0 due to a bug introduced by the switch to
>> cURL for communicating with ClamD. On Linux, passing file
>> descriptors from one process to another is handled by the kernel,
>> so we reverted ClamOnAcc to use standard system calls for socket
>> communication when FD-passing is enabled.
>>
>> * Fixed a ClamOnAcc stack corruption issue on some systems when
>> using an older version of libcurl. Patch courtesy of Emilio
>> Pozuelo Monfort.
>>
>> * Allow ClamScan and ClamDScan scans to proceed even if the
>> realpath lookup failed. This alleviates an issue on Windows
>> scanning files hosted on file-systems that do not support the
>> GetMappedFileNameW() API, such as on ImDisk RAM-disks.
>>
>> * Fixed FreshClam's --on-update-execute=EXIT_1 temporary directory
>> cleanup issue.
>>
>> * ClamD's log output and VirusEvent feature now provide the scan
>> target's file path instead of a file descriptor. The ClamD socket
>> API for submitting a scan by FD-passing doesn't include a file
>> path. This feature works by looking up the file path by the file
>> descriptor. This feature works on Mac and Linux but is not yet
>> implemented for other UNIX operating systems. FD-passing is not
>> available for Windows.
>>
>> * Fixed an issue where FreshClam database validation didn't work
>> correctly when run in daemon mode on Linux/Unix.
>>
>> * Fixed scan speed performance issues accidentally introduced in
>> ClamAV 0.103.0 caused by hashing file maps more than once when
>> parsing a file as a new type, and caused by frequent scanning of
>> non-HTML text data with the HTML parser.
>>
>>
>> Other improvements
>>
>> * Scanning JPEG, TIFF, PNG and GIF files will no longer return
>> "parse" errors when file format validation fails. Instead, the
>> scan will alert with the "Heuristics.Broken.Media" signature
>> prefix and a descriptive suffix to indicate the issue, provided
>> that the "alert broken media" feature is enabled.
>>
>> * GIF format validation will no longer fail if the GIF image is
>> missing the trailer byte, as this appears to be a relatively
>> common issue in otherwise functional GIFs.
>>
>> * Added a TIFF dynamic configuration (DCONF) option that was
>> missing. This will allow us to disable TIFF format validation via
>> signature database update in the event that it proves to be
>> problematic. This feature already exists for many other file types.
>>
>>
>> Acknowledgments
>>
>> The ClamAV team thanks Emilio Pozuelo Monfort for their code submissions.
>>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
--
This email has been checked for viruses by AVG.
https://www.avg.com
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
PNG - GIF files, problem solved !
On 2/9/2021 1:06 PM, Joel Esler (jesler) via clamav-users wrote:
>
>>
>> https://blog.clamav.net/2021/02/clamav-01031-patch-release.html
>> <https://blog.clamav.net/2021/02/clamav-01031-patch-release.html>
>>
>>
>> ClamAV 0.103.1 patch release
>>
>> ClamAV 0.103.1 is out now. Users can head over to
>> clamav.net/downloads <https://www.clamav.net/downloads> to download
>> the release materials.
>>
>> The latest version of ClamAV contains the following fixes and
>> improvements:
>>
>>
>> Notable changes
>>
>> * ?Added a new scan option to alert on broken media (graphics) file
>> formats.
>>
>> This feature mitigates the risk of malformed media files intended
>> to exploit vulnerabilities in other software. At present, media
>> validation exists for JPEG, TIFF, PNG and GIF files. To enable
>> this feature, set AlertBrokenMedia yes in clamd.conf for use with
>> ClamD, or use the --alert-broken-media option when using
>> ClamScan. These options are disabled by default in this patch
>> release but may be enabled in a subsequent release.
>>
>> Application developers may enable this scan option by enabling
>> CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit
>> field.
>>
>> * Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF and PNG
>> typing behavior. BMP and JPEG 2000 files will continue to detect
>> as CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG
>> 2000 format-checking capabilities.
>>
>>
>> ?Bug fixes
>>
>> * Fixed PNG parser logic bugs that caused an excess of parsing
>> errors and fixed a stack exhaustion issue affecting some systems
>> when scanning PNG files. PNG file type detection was disabled via
>> signature database update for ClamAV version 0.103.0 to mitigate
>> the effects from these bugs.
>>
>> * Fixed an issue where PNG and GIF files no longer work with
>> Target:5 graphics signatures if detected as CL_TYPE_PNG or
>> CL_TYPE_GIF rather than as CL_TYPE_GRAPHICS. Target types now
>> support up to 10 possible file types to make way for additional
>> graphics types in future releases.
>>
>> * Fixed ClamOnAcc's --fdpass option.
>>
>> File descriptor passing (or "FD-passing") is a mechanism by which
>> ClamOnAcc and ClamDScan may transfer an open file to ClamD to
>> scan, even if ClamD is running as a non-privileged user and
>> wouldn't otherwise have read-access to the file. This enables
>> ClamD to scan all files without having to run ClamD as root. If
>> possible, ClamD should never be run as root to mitigate the risk
>> in case ClamD is somehow compromised while scanning malware.
>>
>> Interprocess file descriptor passing for ClamOnAcc was broken
>> since version 0.102.0 due to a bug introduced by the switch to
>> cURL for communicating with ClamD. On Linux, passing file
>> descriptors from one process to another is handled by the kernel,
>> so we reverted ClamOnAcc to use standard system calls for socket
>> communication when FD-passing is enabled.
>>
>> * Fixed a ClamOnAcc stack corruption issue on some systems when
>> using an older version of libcurl. Patch courtesy of Emilio
>> Pozuelo Monfort.
>>
>> * Allow ClamScan and ClamDScan scans to proceed even if the
>> realpath lookup failed. This alleviates an issue on Windows
>> scanning files hosted on file-systems that do not support the
>> GetMappedFileNameW() API, such as on ImDisk RAM-disks.
>>
>> * Fixed FreshClam's --on-update-execute=EXIT_1 temporary directory
>> cleanup issue.
>>
>> * ClamD's log output and VirusEvent feature now provide the scan
>> target's file path instead of a file descriptor. The ClamD socket
>> API for submitting a scan by FD-passing doesn't include a file
>> path. This feature works by looking up the file path by the file
>> descriptor. This feature works on Mac and Linux but is not yet
>> implemented for other UNIX operating systems. FD-passing is not
>> available for Windows.
>>
>> * Fixed an issue where FreshClam database validation didn't work
>> correctly when run in daemon mode on Linux/Unix.
>>
>> * Fixed scan speed performance issues accidentally introduced in
>> ClamAV 0.103.0 caused by hashing file maps more than once when
>> parsing a file as a new type, and caused by frequent scanning of
>> non-HTML text data with the HTML parser.
>>
>>
>> Other improvements
>>
>> * Scanning JPEG, TIFF, PNG and GIF files will no longer return
>> "parse" errors when file format validation fails. Instead, the
>> scan will alert with the "Heuristics.Broken.Media" signature
>> prefix and a descriptive suffix to indicate the issue, provided
>> that the "alert broken media" feature is enabled.
>>
>> * GIF format validation will no longer fail if the GIF image is
>> missing the trailer byte, as this appears to be a relatively
>> common issue in otherwise functional GIFs.
>>
>> * Added a TIFF dynamic configuration (DCONF) option that was
>> missing. This will allow us to disable TIFF format validation via
>> signature database update in the event that it proves to be
>> problematic. This feature already exists for many other file types.
>>
>>
>> Acknowledgments
>>
>> The ClamAV team thanks Emilio Pozuelo Monfort for their code submissions.
>>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
--
This email has been checked for viruses by AVG.
https://www.avg.com
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml