ClamAV 1.1.1 fixes a denial of service vulnerability and more

ClamAV is an open source antivirus software

Through a blog post, Cisco recently announced the release of the new corrective version of its free antivirus package “ClamAV 1.1.1” , along with which versions 1.0.2 and 0.103.9 have been released.

For those who do not know about  ClamAV , you should know that this is an open source and multiplatform antivirus (it has versions for Windows, GNU/Linux, BSD, Solaris, Mac OS X and other Unix-like operating systems).

Main new features of ClamAV 1.1.1

In the new version of ClamAV 1.1.1 presented, the main novelty is the implementation of the correction of the vulnerability (already cataloged under CVE-2023-20197) that causes a denial of service when scanning ClamAV files with files, especially images. disk formatted in the HFS+ format. This is mentioned to be the second vulnerability in the HFS+ file analyzer this year, as a previous issue allowed code to be executed with the rights of the ClamAV process and was recognized by the Pwnie Awards as the best remote code execution vulnerability of the year.

Other changes that stand out are that the CMake build system was improved to support compilation with OpenSSL 3.x on macOS with the Xcode toolchain. Official ClamAV installers and packages are now built with OpenSSL 3.1.1 or later.

In addition to this, it is also mentioned that a compilation issue was fixed when using Rust’s nightly toolchain, which affected the oss -fuzz build environment used for regression testing, in addition to a compilation issue in Windows when using Rust version 1.70 or later.

As for the changes in the ClamAV 1.0.2 version, in addition to also correcting the CVE-2023-20197 vulnerability, this version comes by correcting a specific vulnerability in the 1.0.x branch (cataloged under CVE-2023-20212) that resulted in a denial of service when parsing AutoIt data.

Non-security fixes include:

• Improved support for building with OpenSSL 3.x on macOS
• Fix build issues on Windows when using Rust 1.70+ toolkit
• Provide support for nightly builds of the Rust toolkit.
• Fixed an issue so that ClamAV correctly deletes temporary files generated by the VBA and XLM extraction modules so that the files are not leaked in patched versions of ClamAV.
• Removed a warning message displaying HTTP response codes during the Freshclam database update process.
• Fixed two bugs that caused Freshclam to fail to update when applying a CDIFF database patch

Finally, if you are interested in learning more about it, you can consult the details in the following link.

How to install ClamAV on Ubuntu and derivatives?

For those who are interested in being able to install this antivirus on their system, they will be able to do so in a fairly simple way and ClamAV is found within the repositories of most  Linux distributions .

In the case of  Ubuntu and its derivatives, you can install it from the terminal or from the system software center. If you choose to install with the Software Center, you just have to search for “ClamAV” and the antivirus should appear and the option to install it.

Now, for those who choose the option of being able to install from the terminal, they only have to open one on their system (they can do it with the Ctrl + Alt + T key shortcut) and in it they only have to type the following command:

sudo apt-get install clamav

And with that done, you will have this antivirus installed on your system. Now, like any antivirus, ClamAV also has its database which it downloads and uses to make comparisons in a “definitions” file. This file is a list that informs the scanner about questionable items.

From time to time it is important to be able to update this file , which we can update from the terminal, to do this simply run:

sudo freshclam

Uninstall ClamAV

If for any reason you want to remove this antivirus from your system, just type the following in a terminal:

sudo apt remove --purge clamav