ClamAV is an open source (GPL) antivirus engine for detecting Trojans, viruses, malware and other malicious threats. It provides users with many utilities, including an extensible multi-threaded daemon, a command-line scanner, and an advanced tool for automatically updating databases.

ClamAV was jointly developed by Cisco and the open source community. The first version of ClamAV was released in 2002. Nearly 20 years after its initial release, ClamAV 1.0 is officially launched.

ClamAV 1.0.0 is now stable and available for download at ClamAV.net or Docker Hub. ClamAV 1.0.0 includes the following changes:

major changes

• Supports decryption of OLE2-based read-only XLS files encrypted with default passwords. The use of default passwords will now appear in the metadata JSON.
• The implementation of the full match function was overhauled. The newer code is more reliable and easier to maintain:
  • Fixed several known issues with signature detection in full match mode:
    • Enables embedded file type recognition signatures that match malware signatures when they are also matched in the scan at the same layer.
    • Enable bytecode signing to run in full-match mode after a match occurs.
    • Fixed various full-match edge case issues.
  • Added multiple test cases to verify correct full match behavior
• Added a new callback to the public API for checking file content during scanning for each layer of archive extraction
• Added a new function to the public API for decompressing CVD signed archives
• The option to build with the external TomsFastMath library has been removed
• Moved Docker files and supporting scripts from ClamAV main repo to a new repo: https://github.com/Cisco-Talos/clamav-docker
• The SONAME major version of libclamav was added due to the ABI change between the 0.103 LTS release and the 1.0 LTS release.

other improvements

• Added check to limit extraction recursion of PDF objects
• Added limit on memory allocation based on untrusted input and changed warning message when limit exceeded to be more helpful
• Greatly improved build times for libclamav-Rust unit tests
• For Windows: Debug symbol (PDB) files are now installed along with DLL and LIB library files when building in “RelWithDebInfo” or “Debug” mode.
• Relaxed check restrictions for overlapping ZIP file entries
• Increased time limit for warnings in FreshClam when DNS entries expire
• Docker: header files for C library are now included in Docker images
• When using CMake’s ccmake Show BYTECODE_RUNTIME build option when GUI
• Added explicit minimum and maximum supported LLVM versions so that if you try to compile with a version that is too old or too new, compilation will fail with a helpful message rather than simply because of compatibility issues while compilation fails with
• Fixed compiler warnings that could turn into errors in Clang 16
• Allows building with a custom RPATH to move the executable to the final install directory after building in the development environment.

More details can be found at: https://blog.clamav.net/2022/11/clamav-100-lts-released.html