September 28, 2016

ClamAV Version 0.97.2 Released

ClamAV Logo(LiveHacking.Com) – The ClamAV development team has released version 0.97.2 of its open source anti-virus. This update includes fixes for problems with the bytecode engine, Safebrowsing detection, hash matcher, and other minor issues.

ClamAV is an open source cross-platform anti-virus engine designed for detecting Trojans, viruses, malware and other malicious threats. ClamAV 0.97.2 is available to download for Linux and Unix distributions from the project’s web site.

The ClamAV team have also announced a new service called “Third Party web interface”. It will allow selected individuals/organizations to publish ClamAV Virus Databases (CVD) through the ClamAV mirror network.

ClamAV source code is released under the GNU General Public License (GPL).

Multiple Vulnerabilities in ClamAV

Arkadiusz Miskiewicsz from ClamAV has reported about multiple vulnerabilities in ClamAV anti-virus.
These issues could be exploited by an attacker to cause denial-of-service conditions or potentially execute arbitrary code in the context of the application. All the versions prior to ClamAV 0.96.5 are vulnerable.

References:

ClamWin Free Antivirus: Bad False Positive

ClamWin virus signatures and scanner updates caused the free ClamWin (ClamAV for Windows) virus scanner a false positive and move large numbers of files into quarantine on Windows systems. On the ClamWin forum, various users reported that 25,000 files, including system files, were moved into quarantine.

The issue has reportedly been fixed, but some users are struggling to restore their systems. The quarantined files have been listed in the ClamScanLog.txt file at log folder and this file could be used to restore the system.

How to recover quarantined files if you have the logs?

1. Check if you have the log file with quarantine info in it.
The log files are located:

Path:
Win7 and Vista: C:\Users\All Users\.clamwin\log\ClamScanLog.txt
XP: C:\Documents and Settings\All Users\.clamwin\log\ClamScanLog.txt

If there is no quarantine info on the logs there is still a chance it would be in your TEMP folder. It should start with tmp and look like this:

Path:
XP: C:\Documents and Settings\user\Local Settings\Temp\tmp0bx8st
Win7 and Vista: C:\Users\user\AppData\Local\Temp\tmp0bx8st

If you can’t locate these logs, then unfortunately the only way to restore is to copy the files manually.
2. Download and unzip http://files.clamwin.com/QRestore1.0.zip Works on Windows XP and above. DISCLAIMER – There is no warranty for this software. USE AT YOUR OWN RISK
3. Run the QRestore.exe and click File-Open and navigate to the log file
4. The program will process the log and show the quarantined files.
5. You may highlight files you wish to restore and click File-Restore Selected. If you wish to restore all files then click File-Restore All.
6. When the restore process is complete the program will open the report.

ClamWin, the Free Antivirus program for Microsoft Windows operating system. ClamWin Free Antivirus is used by more than 600,000 users worldwide on a daily basis. It comes with an easy installer and open source code.

Source:[http://forums.clamwin.com/viewtopic.php?t=3096]