Cisco Releases Free Antivirus Package: ClamAV 1.2.0

Clamav 1.2 Released – Free Antivirus Package by Cisco

After four months of development, Cisco has announced the release of a new version of their free antivirus package, Clamav 1.2.0. The Clamav project was acquired by Cisco in 2013 as part of their purchase of Sourcefire, which also included the development of Snort. The project code is distributed under the GPLV2 license. The newly released branch, 1.2.0, falls under the category of ordinary branches (not LTS) which receive updates for at least four months after the release of the next branch. It also offers the ability to load signature bases for non-LTS branches at least four months after the release of the next branch.

Key Improvements in Clamav 1.2:

  • Added support for extracting data from images in UDF format (Universal Disk Format). UDF files with metadata BEA01 (Beginning Extended Area Descriptor) are now supported.
  • Added the CacheSize configuration parameter and the command-line option -Cache-Size to configure the size of the cache. Increasing the cache size can enhance scanning performance but may also increase RAM consumption.
  • A new systemd service has been added to periodically update the viral signature base using Freshclam. The service supports log maintenance, editing the start schedule through the Systemctl Edit command, and state audit. Instructions on how to enable, check status, and view the logs can be found in the official documentation.
  • The MaxScansize parameter, which limits the maximum size of the data verified when scanning a file or archive, can now accept values greater than 4 GB. The default limit is still set to 2 GB, but an option to withdraw the warning in case of ignoring files in size has been added.
  • Files can now be specified using the endings of “G” and “G” to denote gigabytes. For example, “MaxScansize 10G” or “–max-scanse = 10G” can be used.
  • A new feature in Freshclam allows the usage of a PEM file with a client certificate for authentication when connecting to a non-public mirror.

Simultaneously, Cisco has also released corrective versions for previous branches of

/Reports, release notes, official announcements.