ClamAV 0.90 finally out, over 90.000 signatures in the database

The ClamAV team is proud to announce the long awaited ClamAV 0.90. This version introduces lots of new interesting features and marks a big step forward in the development of our antivirus engine.

The 0.9x series introduces lots of improvements in terms of detection rate and performance, like support for many new packers and decryptors, RAR3 and SIS archives, and a new phishing signatures format that proves to be very effective.

One of the most important changes is the availability of scripted updates. Instead of transferring the whole cvd file at each update, only the differences between the latest cvds and the previous versions will be transferred.

In case the local copy of the latest cvd is corrupted or the scripted update fails for some reason, freshclam will fallback to the old method.
Similarly to cvd files, scripted updates are compressed and digitally signed and are already being distributed. They will dramatically reduce traffic on our mirrors and will allow us to release even more updates in the future.

Another noticeable change is the new configuration syntax: you can now turn single options on and off, the old crude hack of “DisableDefaultScanOptions” is no longer required.

Cosmetic changes apart, the 0.9x series introduces lots of new code, but some parts are not compiled in by default because they are not ready for production systems yet. You are encouraged to pass the—enable-experimental flag to ./configure when compiling ClamAV. The experimental code introduces many improvements in terms of detection rate and performances.
If you find a bug, please take some time to report it on our bugzilla.
Your help in testing the new code is really appreciated. The experimental code introduces many improvements in terms of detection rate and performances.

RAR3, SIS and SFX archives support is finally available together with new unpackers and decryptors: pespin, sue, yc, wwpack32, nspack, mew, upack and others. Additionally, ClamAV now includes better mechanisms for scanning ELF, PDF and tar files. The email decoding has been improved to reduce both the memory requirements and the time taken to process attachments.

As part of the Google Summer of Code program, we have introduced support for a new phishing signatures format that has proved very effective in detecting phishing emails. The ClamAV phishing module allows better and more generic detection of phishing emails by searching for URLs in email messages, and comparing the real site with the URL displayed to the user in the message.

On the performance side, support for the MULTISCAN command has been implemented in clamd, allowing to scan multiple files simultaneously.
Support for Sensory Networks’ NodalCore acceleration technology is now available in ClamAV and will be compiled in if the ncore libraries are detected at compile time. NodalCore acceleration allows highly improved scan speeds on systems equipped with NodalCore cards.

Malware coverage has been extended a lot during the last few months thanks to the hard work of our sigmakers . At the moment ClamAV Virus Database contains over 90.000 signatures and the number keeps increasing day by day.

Today we are also launching our new website. We strived to make it w3c compliant so it should be easy to navigate from just any browser. Feel free to send any suggestion or report problems to Luca .
Thanks to the people from our newly formed polyglot team, the website is available in multiple languages. We look forward to add even more languages in the next few months, in particular Russian and French; we would also like to translate the full ClamAV documentation. If you are interested in helping us with this task, please don’t hesitate to contact Luca .