ClamAV

ClamAV is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. It features a command line interface for scanning files, updating the virus definitions, and a daemon for faster scanning needed on high performance systems.

Unlike most antivirus products, ClamAV requires no yearly subscription fee, and is completely free with source code to anyone who wishes to use it. Because ClamAV is released under the GPL v2 license, you must follow all license requirements if you modify the ClamAV source code, or use it in your own projects.

What's New

ClamAV 1.4.1 is a critical patch release with the following fixes:

CVE-2024-20506:

• Changed the logging module to disable following symlinks on Linux and Unix
• systems so as to prevent an attacker with existing access to the 'clamd' or
• 'freshclam' services from using a symlink to corrupt system files.
• This issue affects all currently supported versions. It will be fixed in:
  • 1.4.1
  • 1.3.2
  • 1.0.7
  • 0.103.12

CVE-2024-20505:

• Fixed a possible out-of-bounds read bug in the PDF file parser that could
• cause a denial-of-service (DoS) condition.
• This issue affects all currently supported versions. It will be fixed in:
  • 1.4.1
  • 1.3.2
  • 1.0.7
  • 0.103.12
• Removed unused Python modules from freshclam tests including deprecated
• 'cgi' module that is expected to cause test failures in Python 3.13.