• https://www.clamav.net/downloads/production/ (Download)

• (2020-02-06) Updated to version: clamav-0.102.2
• (2019-11-21) Updated to version: clamav-0.102.1
• (2019-11-19) Updated to version: clamav-0.102.0
• (2019-08-23) Updated to version: clamav-0.101.4
• (2019-08-06) Updated to version: clamav-0.101.3
• (2019-03-28) Updated to version: clamav-0.101.2
• (2019-01-08) Updated to version: clamav-0.101.1
• (2018-12-04) Updated to version: clamav-0.101.0
• (2018-10-04) Updated to version: clamav-0.100.2
• (2018-07-27) Updated to version: clamav-0.100.1

Log message:
update -stable to clamav-0.102.2, amongst others including a fix for a
possible DoS (out-of-bounds read -> crash) when using the credit card
data-loss-prevention feature.

Log message:
update to clamav-0.102.2, amongst others including a fix for a
possible DoS (out-of-bounds read -> crash) when using the credit card
data-loss-prevention feature.

Log message:
MFC update to clamav-0.102.1, lower daemon_timeout

Log message:
update to clamav-0.102.1, lower daemon_timeout

Log message:
unbreak packaging, from Ian McWilliam

Log message:
MFC update to clamav-0.102.0

Log message:
update to clamav-0.102.0
(slightly delayed while i tracked down the upstream commit fixing clamav-milter)

Log message:
Increase daemon_timeout to 120s; loading signatures on startup takes an
insane amount of time...
ok sthen@ (maintainer)

Log message:
update to clamav 0.101.4,
- out of bounds write in NSIS bzip2 library
- improvements to the zip bomb mitigations added in 0.101.3, there is now
a maximum scan time limit, defaulting to 2 minutes

Log message:
update to clamav-0.101.3
fix DoS when scanning a non-recursive zip bomb

Log message:
s/PERMIT_PACKAGE_CDROM/PERMIT_PACKAGE/ and some light whitespace tidying
in ports which I maintain

Log message:
use ports libmspack; should avoid intermittent problems seen building
clamav's bundled version

Log message:
update clamav in -stable to 0.100.3
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789
CVE-2019-1798

Log message:
Update to clamav-0.101.2
fix the following CVEs:
- CVE-2019-1785
- CVE-2019-1786
- CVE-2019-1787
- CVE-2019-1789
- CVE-2019-1788
- CVE-2019-1798
ok sthen@

Log message:
update to clamav-0.101.1

Log message:
fix previous a different way that avoids the extra headers

Log message:
some additional headers are needed to use libclamav but aren't installed by
default; install them, and use a subdir because one of them has a common name

Log message:
update to ClamAV 0.101.0

Log message:
security update to clamav-0.100.2

Log message:
security update to clamav-0.100.1
https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
ok sthen@ (MAINTAINER)

Log message:
update to clamav-0.100.0

Log message:
Missing TEST_DEPENDS. OK sthen@(MAINTAINER).

Log message:
MFC update to clamav-0.99.4
- fixes for the following CVE's: CVE-2012-6706, CVE-2017-6419,
CVE-2017-11423, CVE-2018-0202, and CVE-2018-1000085
- also included are 2 fixes for file descriptor leaks as well fixes for
a handful of other important bugs

Log message:
update to clamav-0.99.4
- fixes for the following CVE's: CVE-2012-6706, CVE-2017-6419,
CVE-2017-11423, CVE-2018-0202, and CVE-2018-1000085.
- also included are 2 fixes for file descriptor leaks as well fixes for
a handful of other important bugs,

Log message:
update to clamav-0.99.3

Log message:
Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d
daemon scripts and bump subpackages that contain the *.rc scripts.
discussed with and OK aja@
OK tb

Log message:
set daemon_timeout for clamd; startup can be rather slow if you have large
rulesets (for example the sanesecurity anti-spam/malware rules often used
on mail servers)

Log message:
clean non portable construct from include. stops clang warnings

Log message:
sync WANTLIB (and in one case, add gettext to LIB_DEPENDS) in dependent ports
now that internationalised domain name support has been removed from net/curl

Log message:
move clamav to using pcre2

Log message:
Prevent picking up pcre2 (for now).
ok sthen@ (maintainer)

Log message:
disable JIT which requires a W|X mapping

Log message:
update to clamav-0.99.2
still using the bundled llvm, the one in devel/llvm is too new

Log message:
Clean up some bits missed in yesterday's systrace removal.

Log message:
garbage collect CONFIGURE_SHARED

Log message:
update to clamav-0.99.1

Log message:
add sparc to the --disable-llvm group

Log message:
uncomment the "User _clamav" line in sample config.
clamd won't run without editing this file anyway, but in case somebody
doesn't notice this line while reviewing the file, use a better default.

Log message:
- use ${MACHINE_ARCH} instead of ${ARCH} for consistency across the tree
- unbreak build on mips64 by adding it to the list of arches where llvm is disabled
ok sthen@ (MAINTAINER)

Log message:
update to clamav-0.99

Log message:
Remove clamav run deps on lha, arc and unzip. I don't see anywhere where they
can possibly be used (there is an internal lib for unzip) and in the event
I missed a call to use them, users can make their own decision if they
want to have unmaintained decompression tools on their system.

Log message:
sync WANTLIB (curl+nghttp2)

Log message:
Disable LLVM in clamd on sparc64, the bundled one requires additional
patching to work there, and ports/devel/llvm is unsuitable (halfway between
versions and files moved). Reported/tested by Markus Lude, thank you -
some other arch may also need this.

Log message:
MFC: Update to ClamAV 0.98.7, including several crash/infinite loop fixes (CVEs)
and various improvements.
http://lists.clamav.net/pipermail/clamav-announce/2015/000011.html

Log message:
Update to ClamAV 0.98.7, including several crash/infinite loop fixes (CVEs)
and various improvements.
http://lists.clamav.net/pipermail/clamav-announce/2015/000011.html

Log message:
MFC SECURITY update to clamav 0.98.6
http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html

Log message:
SECURITY update to clamav 0.98.6, tested by myself and ajacoutot on various
arches, ok ajacoutot
http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html

Log message:
ensure -current version > -stable version

Log message:
this patch should have been removed from the -stable commit.

Log message:
unbreak WANTLIB, libxml didn't start depending on xz (liblzma) until post-5.6

Log message:
SECURITY update to clamav 0.98.5 (crash fixes for various maliciously crafted
files, improved detection of malicious PE files, new file formats)

Log message:
SECURITY update to clamav 0.98.5 (crash fixes for various maliciously crafted
files, improved detection of malicious PE files, new file formats)

Log message:
update to clamav 0.97.2; fixes problems with the bytecode engine, Safebrowsing
detection, hash matcher, and other minor issues. ok giovanni@ pea@

Log message:
bugfix update to clamav 0.97.1

Log message:
--disable-silent-rules is now added to CONFIGURE_ARGS per default,
if CONFIGURE_STYLE = gnu.

Log message:
Sanitize some @unexec/@extraunexec calls to rm: move them up in the
PLIST and delete everything under the @sample'd directory instead of the
directory itself to prevent a warning from pkg_delete(1) trying to
remove a non existing directory and to help preventing left-over files
and directories.

Log message:
update to 0.97

Log message:
Rename rc scripts to follow our usual naming.
ok sthen@

Log message:
Simplify after recent rc.subr change.
The framework is now stable and we will start documenting it (at last).

Log message:
Cope with recent rc.subr changes.

Log message:
Move these to rc_reload=NO.

Log message:
update ClamAV to 0.96.5

Log message:
new depends

Log message:
MFC:
- - -
date: 2010/10/25 23:36:38;  author: sthen;  state: Exp;  lines: +3 -3
update ClamAV to 0.96.4.
as the release notes say, "a bugfix release recommended for all users"
(or as ChangeLog says, "fix stack smash")
- - -
ok sthen

Log message:
Make the default config work without eating all FDs.

Log message:
remove unnecessary MESSAGE

Log message:
add rc scripts. "go ahead" ajacoutot@

Log message:
update ClamAV to 0.96.4.
as the release notes say, "a bugfix release recommended for all users"
(or as ChangeLog says, "fix stack smash")

Log message:
USE_GROFF=Yes

Log message:
remove -Lxxx/.libs workarounds required with GNU libtool

Log message:
update clamav to 0.96.3, ok pea@

Log message:
hump de bump for pythonp

Log message:
update ClamAV to 0.96.2; earlier version ok pea@ (with some port
Makefile cleanup since then), feedback giovanni@
- better performance and reduced memory use
- various other fixes and minor enhancements
- new pdf parser

Log message:
SECURITY FIX
Resolves CVE-2010-1639, from upstream via pea@ (thanks!)
ok sthen@ jasper@

Log message:
clamav picks up gcc4 if it's installed to build some extra things;
add stdc++ to WANTLIB. (This will result in an Extra: on !gcc4 arch
but that's not a problem). Discussed with espie@

Log message:
update to 0.96.1

Log message:
update to 0.96, ok pea@

Log message:
MFC:
Update to clamav-0.95.3, bugfixes
ok sthen@

Log message:
update to 0.95.3, partly from pea@.

Log message:
take MAINTAINER on these. ok jasper@

Log message:
remove marc balmer as maintainer of all of his ports, to take away the
illusion marc still maintains them. as requested by himself.

Log message:
update to 0.95.2; ok giovanni@
"This version improves handling of archives, adds support for --file-list
in clamscan and clamdscan, and fixes various issues found in previous
releases."

Log message:
it seems something was fixed between 0.95 and 0.95.1 meaning the bundled
libltdl no longer needs be used, so switch back to the usual one and add
the dependency on ports-tree libltdl.
prompted by a diff from Mikolaj Kucharski, ok with mbalmer (maintainer).

Log message:
security update to 0.95.1. it doesn't build with ports-tree libtool,
so use the bundled one and mark with XXX until it can be fixed better.
commit requested by mbalmer (maintainer).

Log message:
Update to ClamAV 0.94.2

Log message:
update to 0.94.1; sundry fixes
ok mbalmer (maintainer)

Log message:
SECURITY and other bug fixes.
- A vulnerability in ClamAV's chm-parser allowed remote attackers to
cause a denial of service (application crash) via a malformed CHM file
(CVE-2008-1389).
- A vulnerability in libclamav would allow attackers to cause a
denial of service via vectors related to an out-of-memory condition
(CVE-2008-3912).
- Multiple memory leaks were found in ClamAV that could possibly allow
attackers to cause a denial of service via excessive memory consumption
(CVE-2008-3913).
- A number of unspecified vulnerabilities in ClamAV were reported that
have an unknown impact and attack vectors related to file descriptor
leaks (CVE-2008-3914).
various OpenBSD patches rolled in upstream. thanks to sturm@
for looking over systrace.filter (needed for the test of sendmsg()
in configure to enable FD passing).

Log message:
update clamav to 0.93.3. possible SECURITY. since 0.93:
- fixes DoS with MailFollowURLs (CVE-2008-2713)
- improves handling of PDF, CAB, RTF, OLE2 and HTML files
and includes various bugfixes for 0.93 issues.
"if it works" mbalmer@

Log message:
Update ClamAV to version 0.93, which fixes mostly security problems, at
least one highly critical (remote). See http://secunia.com/advisories/29000
for details.
Thanks to kurt@ for helping analyzing the threaded code issues.

Log message:
Update to ClamAV 0.92.1.
ok sthen, rui

Log message:
Disable rar until the license has been checked.
Noticed by sturm@, thanks!
ok mbalmer@ (MAINTAINER)

Log message:
Security update to clamav-0.92. (CVE-2007-6335)
"ClamAV libclamav MEW PE File Integer Overflow Vulnerability"
More info:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634
Similar diff submitted by grunk@ on ports@.
test & ok mbalmer@ (MAINTAINER)

Log message:
- use "_clamav" user as default in the config files (not "clamav")
"of course" mbalmer@

Log message:
MFC:
Update ClamAV to version 0.91.2
work done by ajacoutot@

Log message:
MFC:
Update ClamAV to version 0.91.2
work done by ajacoutot@

Log message:
Update ClamAV to version 0.91.2.
Note to -stable ports maintainers:  This should probably be put into -stable
since the ClamAV people do not provide virus data to outdated scan engines.
ok simon

Log message:
- fix the configure script so that TCP Wrappers support gets enabled.
- bump SHARED_LIBS / PKGNAME.
- while there, remove quotes from COMMENT.
ok mbalmer@

Log message:
- more @sample directories, needed by clamd.
- bump PKGNAME.
ok mbalmer@

Log message:
MFC:
Security Update to ClamAV 0.90.3.
This release contains various bugfixes, see ChangeLog for details.

Log message:
MFC:
Security Update to ClamAV 0.90.3.
This release contains various bugfixes, see ChangeLog for details.

Log message:
Security Update to ClamAV 0.90.3.
This release contains various bugfixes, see ChangeLog for details.
ok mbalmer@

Log message:
chase wantlib changes after curl update

Log message:
MFC:
Update to ClamAV 0.90.1.  Work done mostly by Stuart Henderson, with some
tweaks by myself.
---
Security update to ClamAV 0.90.2.  This containe three import security
fixes:
- ClamAV CAB File Unstore Buffer Overflow Vulnerability
- File descriptor leak in CHM handler
- PDF fd leak
>From the original annoucement:
**Important note**: on April 16th CHM, CAB and PDF handlers will be
disabled for 0.90 and 0.90.1 users through the dynamic engine
configuration module (DCONF). Please upgrade to 0.90.2 immediately.

Log message:
MFC:
Security update to ClamAV 0.90.2.  This containe three import security
fixes:
- ClamAV CAB File Unstore Buffer Overflow Vulnerability
- File descriptor leak in CHM handler
- PDF fd leak
>From the original annoucement:
**Important note**: on April 16th CHM, CAB and PDF handlers will be
disabled for 0.90 and 0.90.1 users through the dynamic engine
configuration module (DCONF). Please upgrade to 0.90.2 immediately.

Log message:
MFC:
Security update to ClamAV 0.90.2.  This containe three import security
fixes:
- ClamAV CAB File Unstore Buffer Overflow Vulnerability
- File descriptor leak in CHM handler
- PDF fd leak
>From the original annoucement:
**Important note**: on April 16th CHM, CAB and PDF handlers will be
disabled for 0.90 and 0.90.1 users through the dynamic engine
configuration module (DCONF). Please upgrade to 0.90.2 immediately.

Log message:
Security update to ClamAV 0.90.2.  This containe three import security
fixes:
- ClamAV CAB File Unstore Buffer Overflow Vulnerability
- File descriptor leak in CHM handler
- PDF fd leak
>From the original annoucement:
**Important note**: on April 16th CHM, CAB and PDF handlers will be
disabled for 0.90 and 0.90.1 users through the dynamic engine
configuration module (DCONF). Please upgrade to 0.90.2 immediately.

Log message:
Port maintenance:
- Build a new version even if the old one is still installed
- Only chmod 700 the /var/clamav/quantine directory
>From Jeremy Evans <jeremyevans0@gmail.com>

Log message:
more base64 checksums

Log message:
MFC:
Update to ClamAV 0.90.1.  Work done mostly by Stuart Henderson, with some
tweaks by myself.

Log message:
MFC:
Update to ClamAV 0.90.1.  Work done mostly by Stuart Henderson, with some
tweaks by myself.

Log message:
Update to ClamAV 0.90.1.  Work done mostly by Stuart Henderson, with some
tweaks by myself.

Log message:
MFC:
Update to ClamAV 0.90.  A lot of improvments and bugfixes, see www.clamav.net
for all details.

Log message:
need these, too

Log message:
MFC:
Update to ClamAV 0.90.  A lot of improvments and bugfixes, see www.clamav.net
for all details.

Log message:
Update to ClamAV 0.90.  A lot of improvments and bugfixes, see www.clamav.net
for all details.
ok nikolay

Log message:
Implement scanning by filedescriptor passing.  Makes it much simpler to
configure a mail scanning gateway using ClamAV and smtp-vilter.
ok jsg (who also had the idea for this)

Log message:
Remove two RUN_DEPENDS to software that is only available by manually
installing ports.  This makes using the clamav package much easier.
ok ajacoutot

Log message:
MFC:
Maintenance update to version 0.88.7, improvements in mail scanning.
Bump the major SHARED_LIBS number because exposed structs and interfaces
changed.

Log message:
MFC:
Maintenance update to version 0.88.7, improvements in mail scanning.
Bump the major SHARED_LIBS number because exposed structs and interfaces
changed.

Log message:
Maintenance update to version 0.88.7, improvements in mail scanning.
Bump the major SHARED_LIBS number because exposed structs and interfaces
changed.

Log message:
update to ClamAV 0.88.6 to silence warnings about clamav being outdated

Log message:
update to ClamAV 0.88.6 to silence warnings about clamav being outdated

Log message:
Update to ClamAV 0.88.6.
Changes in this release include better handling of network problems in
freshclam and other minor bugfixes.

Log message:
MFC:
ClamAV 0.88.5
Security:
ClamAV 0.88.5 fixes a crash in the CHM unpacker and a heap overflow in
the function rebuilding PE files after unpacking.

Log message:
MFC:
ClamAV 0.88.5
Security:
ClamAV 0.88.5 fixes a crash in the CHM unpacker and a heap overflow in
the function rebuilding PE files after unpacking.

Log message:
MFC:
ClamAV 0.88.5
Security:
ClamAV 0.88.5 fixes a crash in the CHM unpacker and a heap overflow in
the function rebuilding PE files after unpacking.

Log message:
ClamAV 0.88.5
Security:
ClamAV 0.88.5 fixes a crash in the CHM unpacker and a heap overflow in
the function rebuilding PE files after unpacking.

Log message:
MFC:
security update to 0.88.4

Log message:
MFC:
security update to 0.88.4

Log message:
security update to 0.88.4
ok pvalchev

Log message:
new lib specs

Log message:
MFC:
Update to ClamAV 0.88.2
This release improves virus detection and fixes zip handling on 64-bit
architectures.
SECURITY
This release fixes a possible security problem in freshclam.
See http://www.clamav.net/security/0.88.2.html for a full security report.

Log message:
MFC:
Update to ClamAV 0.88.2
This release improves virus detection and fixes zip handling on 64-bit
architectures.
SECURITY
This release fixes a possible security problem in freshclam.
See http://www.clamav.net/security/0.88.2.html for a full security report.

Log message:
MFC:
Update to ClamAV 0.88.1.
1) An unspecified integer overflow error exists in the PE header parser
in "libclamav/pe.c".
2) Some format string errors in the logging handling in
"shared/output.c" may be exploited to execute arbitrary code.
3) An out-of-bounds memory access error in the "cli_bitset_test()"
function in "ibclamav/others.c" may be exploited to cause a crash.
CVE reference: CVE-2006-1614, CVE-2006-1615, CVE-2006-1630
More info: http://secunia.com/advisories/19534/
-----------
Update to ClamAV 0.88.2
This release improves virus detection and fixes zip handling on 64-bit
architectures.
SECURITY
This release fixes a possible security problem in freshclam.
See http://www.clamav.net/security/0.88.2.html for a full security report.

Log message:
Update to ClamAV 0.88.2
This release improves virus detection and fixes zip handling on 64-bit
architectures.
SECURITY
This release fixes a possible security problem in freshclam.
See http://www.clamav.net/security/0.88.2.html for a full security report.

Log message:
security update to ClamAV 0.88.1.
1) An unspecified integer overflow error exists in the PE header parser
in "libclamav/pe.c".
2) Some format string errors in the logging handling in
"shared/output.c" may be exploited to execute arbitrary code.
3) An out-of-bounds memory access error in the "cli_bitset_test()"
function in "ibclamav/others.c" may be exploited to cause a crash.
CVE reference: CVE-2006-1614, CVE-2006-1615, CVE-2006-1630

Log message:
security update to ClamAV 0.88.1.
1) An unspecified integer overflow error exists in the PE header parser
in "libclamav/pe.c".
2) Some format string errors in the logging handling in
"shared/output.c" may be exploited to execute arbitrary code.
3) An out-of-bounds memory access error in the "cli_bitset_test()"
function in "ibclamav/others.c" may be exploited to cause a crash.
CVE reference: CVE-2006-1614, CVE-2006-1615, CVE-2006-1630

Log message:
Update to ClamAV 0.88.1.

Log message:
MFC:
Update to ClamAV 0.88.
SECURITY:  A possible heap overflow in the UPX code has been fixed.
The security of the UPX, FSG and Petite modules has been improved, too.

Log message:
MFC:
Update to ClamAV 0.88.
SECURITY:  A possible heap overflow in the UPX code has been fixed.
The security of the UPX, FSG and Petite modules has been improved, too.

Log message:
Update to ClamAV 0.88.
SECURITY:  A possible heap overflow in the UPX code has been fixed.
The security of the UPX, FSG and Petite modules has been improved, too.

Log message:
forgot these

Log message:
SHARED_LIBS
USE_LIBTOOL where appropriate

Log message:
update to clamav 0.87.1, which fixes several security flaws

Log message:
update to clamav 0.87.1, which fixes several security flaws

Log message:
Update to ClamAV 0.87.1
This release includes major bugfixes for problems with handling TNEF
attachments, cabinet files and FSG compressed executables.

Log message:
libmilter is now a shared lib.  Add it to WANTLIB and bump the package name.
Reported by espie@

Log message:
bump PKGNAMEs to not fall behind 3.7

Log message:
MFC:
Update to version 0.87.
Notes: This version fixes vulnerabilities in handling of UPX and FSG compressed
executables. Support for PE files, Zip and Cabinet archives has been improved
and other small bugfixes have been made. The new option "--on-outdated-execute"
allows freshclam to run a command when system reports a new engine version.
ok brad@

Log message:
bump PKGNAMEs for new packages after libcurl update
discussed with pval

Log message:
bump PKGNAMEs to permit the same in -stable, needed for new packages
after recent libcurl update

Log message:
MFC:
Update to version 0.87.
Notes: This version fixes vulnerabilities in handling of UPX and FSG compressed
executables. Support for PE files, Zip and Cabinet archives has been improved
and other small bugfixes have been made. The new option "--on-outdated-execute"
allows freshclam to run a command when system reports a new engine version.
ok brad@

Log message:
Update to version 0.87.
Notes: This version fixes vulnerabilities in handling of UPX and FSG compressed
executables. Support for PE files, Zip and Cabinet archives has been improved
and other small bugfixes have been made. The new option "--on-outdated-execute"
allows freshclam to run a command when system reports a new engine version.

Log message:
bump PKGNAME so that 3.7 won't have higher PKGNAMEs than 3.8
suggested by espie@, ok pval@

Log message:
updated packages for these ports where not build in a sane environment
bump PKGNAME for fixed packages

Log message:
Security update to 0.86.2
http://www.security.nnov.ru/Jdocument282.html
ok brad@

Log message:
Update to ClamAV 0.86.2.

Log message:
Update to version 0.86.1 and add patches to fix problems on macppc (comparisons
that are always true due to char not being signed on this platform).
This update fixes a possible crash, see
http://sourceforge.net/project/shownotes.php?release_id=337279
for details.

Log message:
Update to version 0.85.1 which fixes a problem in email handling.

Log message:
Update to ClamAV version 0.85

Log message:
Update to ClamAV version 0.83.

Log message:
Upgrade to ClamAV 0.81 on popular request.
ok alek@