|
1 | | -v1.6 | Mar 17 2017: |
2 | | -[New] added curated set of YARA webshell & malware signatures for use with ClamAV >= 0.99b |
3 | | -[New] added cleaner rule 'VistorTracker.Mob' |
4 | | -[New] added cleaner rule 'js.inject.fakejquery02' |
5 | | -[New] added support for 'froxlor' to cron.daily execution |
6 | | -[New] added support for 'vestacp' to cron.daily execution |
7 | | -[New] added support for 'ispconfig3' to cron.daily execution |
8 | | -[New] added support for 'DTC' to cron.daily execution |
9 | | -[New] added '$confpath', '$varlibpath' and '$libpath' for FHS separation |
10 | | -[New] moved compatibility (legacy) variables out of internals.conf into compat.conf |
11 | | -[New] added support to pull configuration variables for cron executions from 'sysconfig/maldet' |
12 | | -[New] added Debian derivatives sysconfig and initd compatibility for function sourcing and subsys locking |
13 | | -[New] added LSB tags to init script |
14 | | -[New] added capability of moving public scan path with $userbasedir variable |
15 | | -[New] manpage added and setup default with install.sh execution |
16 | | -[New] added support for clamd running as an unprivileged user through clamdscan w/ --fdpass options |
17 | | -[New] added --wget-proxy CLI option for http(s) proxy support |
18 | | -[New] added clam(d)scan_extraopts variables to internals.conf for appending extra CLI options on clam(d)scan; |
19 | | - these values can also be defined in sysconfig or cron/exec based config files and on CLI |
20 | | -[New] sysconfig support through '/etc/sysconfig/maldet' or '/etc/default/maldet', system dependant, to |
21 | | - allow easier configuration overrides; all conf.maldet and internals.conf variables supported |
22 | | -[Change] file stat calls replaced with function file_stat |
23 | | -[Change] stat calls are now (Free|Net)BSD compatible through file_stat function |
24 | | -[Change] report listing, '-e|--report list', now displays scan run time |
25 | | -[Change] scan reports and cli outputs once again display simplified path definitions instead of expanded paths |
26 | | -[Change] unified all clamav selection logic for data paths, running clamd processes, clam(d)scan CLI options etc... |
27 | | - into a single function, clamselector(); this will make clam behavior more predictable across all functions |
28 | | -[Change] added subdomains path for ISPConfig to cron.daily |
29 | | -[Change] corrected variable naming semantics for import_*_(md5|hex)_url paramters |
30 | | -[Change] monitor mode now identifies inotifywait processes based on a string pattern unique to maldet |
31 | | - to avoid conflicts with any other inotifywait processes |
32 | | -[Change] added wget_proxy variable for us in sysconfig and conf.maldet options |
33 | | -[Change] YARA-LMD curated signature set will now be included with signature updates |
34 | | -[Change] differentiate signature hits for YARA with '{YARA}' signame prefix |
35 | | -[Change] inotify_docroot now accepts comma or white spaced list of paths under user root to monitor |
36 | | -[Change] removed absolute path usage from 'pidof' |
37 | | -[Change] drop unneeded usage of shebang from sourced configuration files |
38 | | -[Change] modified shebang usage with 'env' prefix for portability |
39 | | -[Change] temporary path usage now consistently using $tmpdir value |
40 | | -[Change] scan paths must now be absolute paths |
41 | | -[Change] modified init script stop function for Debian derivatives |
42 | | -[Change] improved history tracking with proper date stamps, more verbose quarantine history logging and storing |
43 | | - into more explicitly named files '$sessdir/hits.hist' and '$sessdir/quarantine.hist' |
44 | | -[Change] added scan_days value to cron.daily allowing customization of the date range scanned by daily cron |
45 | | -[Change] replaced remaining absolute calls to sigdirs with '$sigdir' |
46 | | -[Change] added Debian derivatives support for MONITOR_MODE checks |
47 | | -[Change] updated cron.daily to provide for a custom execution file and modified custom config file into |
48 | | - 'cron/conf.maldet.cron' and 'cron/custom.cron' |
49 | | -[Change] install.sh cased variable on find execution |
50 | | -[Change] symlink hookscan.sh to modsec.sh for pre-v1.5 compat |
51 | | -[Change] added '^/tmp/clamav-.*' to ignored paths where ownership matches clamd process |
52 | | -[Change] preserve custom cron configuration files on upgrade |
53 | | -[Change] hookscan.sh was calling LMD using legacy, deprecated, '--config-option' options |
54 | | -[Change] normalize installation path variable between LMD proper and installation scripts |
55 | | -[Change] reduced redundant path definitions |
56 | | -[Change] added test for main.cvd and main.cld in determining clamav signature paths |
57 | | -[Change] README changes to reflect new cron customization setup |
58 | | -[Change] added attempting passive ftp when active fails for malware checkout uploads |
59 | | -[Change] .ca.def configuration template renamed importconf and now copied over during installation to |
60 | | - 'internals/importconf' |
61 | | -[Change] new versions of 'chown' don't support use of . (dot) to separate user and group |
62 | | -[Change] find option regextype is now dropped on FreeBSD for compatibility |
63 | | -[Change] scan.tpl reporting template handles column spacing on filenames with spaces better |
64 | | -[Change] CLI usage semantics of --include-regex and --exclude-regex now consistently passing to 'find' command |
65 | | -[Change] moved all internal field separator line break modifications to lbreakifs() |
66 | | -[Change] quarantine .info file is now field separated with colon symbol (:) |
67 | | -[Change] quarantine .info file value ordering has been modified |
68 | | - # owner:group:mode:size(b):md5:atime(epoch):mtime(epoch):ctime(epoch):file(path) |
69 | | -[Change] record_hits() now writes file mode and file times (a|m|c) into hits history file |
70 | | -[Change] 'eval' is now used as a prefix on the 'find' command to better handle the complex set of options passed to 'find' |
71 | | - and avoid globbing, splitting and other bash'esque semantic issues |
72 | | -[Change] modified mkpubpaths cronjob to execute every 5 minutes instead of 10 |
73 | | -[Change] public mode scanning errors are now more verbose |
74 | | -[Change] updated README to reflect required modsec >=2.9 variable 'SecTmpSaveUploadedFiles' |
75 | | - for upload scanning |
76 | | -[Change] hookscan.sh (modsec.sh) now checks for variable override file at conf.maldet.hookscan |
77 | | -[Change] added use of sed flag -E for FreeBSD compatibility with GNU sed usage |
78 | | -[Change] clamscan will now respect scan_max_filesize value instead of hardcoded 5M |
79 | | -[Change] default scan_max_filesize increased from 768k to 2048k |
80 | | -[Change] clamscan max-scansize for archive depth set as scan_max_filesize*2 |
81 | | -[Fix] improved special character argument escaping for -a|-r options that could have caused arbitrary command |
82 | | - executions in environments where LMD was allowed to be called by non-root users and/or set-uid/gid wrappers |
83 | | -[Fix] FreeBSD calls to 'md5 -q' were being incorrectly escaped causing file names to never pass and return valid |
84 | | - md5 hash string; corrected by preprending 'eval' to the md5 command callouts. |
85 | | -[Fix] corrected typo with import_* variables causing configuration imports to fail |
86 | | -[Fix] suppress eout() output for certain import_*() and get_remote_file() calls; this was causing |
87 | | - false-positive hits for modsec integration |
88 | | -[Fix] install.sh may not have preserved certain variables on upgrade |
89 | | -[Fix] clamdscan was running as a non-root user, would generate lstat errors for all file find results |
90 | | - leading to potential false positive hit/quarantine |
91 | | -[Fix] the permissions of the $tmpdir path can cause clamd when running as a non-root user to fail on |
92 | | - startup due as a result of lstat errors on the custom user signature files stored under $tmpdir |
93 | | -[Fix] clamd.conf configurations containing Follow(File|Directory)Symlinks set to false results in |
94 | | - the rfxn.*/lmd.user.* links causing clamd startup failures |
95 | | -[Fix] suppress error output to cli for customer user signature files when they do not exist |
96 | | -[Fix] uninstall.sh now cleans up signature files from clamav data paths |
97 | | -[Fix] corrected invalid matching against clamdscan binary when clamd was running as non-root user |
98 | | -[Fix] intofiywait on Ubuntu12 doesn't support the '-o' and '-d' option; modified to send stdout to logfile |
99 | | - for better compatibility |
100 | | -[Fix] conditionally test for vz container and disable use of ionice which is not support in vz containers |
101 | | -[Fix] '-k|--kill-monitor' would under certain circumstances leave zombie processes |
102 | | -[Fix] monitor_cycle() could lead to memory depletion due to infinite loop cycle calls |
103 | | -[Fix] uninstall.sh was not shutting off monitor mode on uninstall |
104 | | -[Fix] legacy variable suppress_cleanhit references updated to email_ignore_clean |
105 | | -[Fix] email alerting broke during an iterative update due to order of precedence change of how configuration |
106 | | - files were loaded and compatibility (legacy) variables being set before main conf.maldet was loaded; |
107 | | - caused by FHS refactoring |
108 | | -[Fix] installation upgrade configuration importer was not properly executing after FHS refactoring during an |
109 | | - iterative update |
110 | | -[Fix] issue #167 certain variables not being preserved on importconf execution, updated 'compat.conf' |
111 | | -[Fix] custom signature runtime files could grow exponentially in monitor mode |
112 | | -[Fix] make '--mkpubpaths' option cross-platform compatible (debian, rh, bsd) |
113 | | -[Fix] replaced usage of 'awk' on file name sensitive variables with 'cut' and/or better scoped field separator for awk |
114 | | -[Fix] double quote wrapped file name variables properly on restore*() functions |
115 | | -[Fix] quarantine .info files were not properly recording source file atime,mtime,ctime values manual quarantine calls |
116 | | -[Fix] user supplied paths to CLI are now better handled if they contain special characters |
117 | | -[Fix] multiple user supplied paths to CLI would generate an error if the first path contained a space and |
118 | | - subsequent paths did not |
119 | | -[Fix] commit c8a1279 introduced bug where clamav could be fed zero sized signature files resulting in fatal exit |
120 | | -[Fix] public mode scanning will now properly error if mkpubpaths paths do not exist |
121 | | -[Fix] hookscan.sh (modsec.sh) will now default to not using clamav if clamd is not running |
122 | | -[Fix] though functional, public mode scanning would result in permission errors on console due to pathing issues with |
123 | | - history tracking files |
124 | | -[Fix] clam(d)scan was not respecting values in 'ignore_sigs' file, this has been corrected for both CLI and monitor mode |
125 | | -[Fix] addition of prefixing eval to find command required certain values to be escaped differently for proper function |
126 | | - of '-r|--recent' |
127 | | -[Fix] util-linux 2.23 supports 'column' command with '-o' but earlier versions do not, resulting in scan reports |
128 | | - generating empty hit lists |
129 | | -[Fix] importconf was setting invalid vars for custom signature imports; correct variables are import_custsigs_md5_url |
130 | | - and import_custsigs_hex_url |
131 | | -[Fix] multiplying maldet monitor processes due to 'ps' command expansion under parent bash process on CentOS6 |
132 | | -[Fix] added default installation path to ignore_inotify to prevent monitor looping when '/' is scoped into |
133 | | - monitoring mode; results in notify log filling disk space |
134 | | -[Fix] importconf was not importing the value for import_config_url |
| 1 | +v1.6.1 | May 28 2017: |
| 2 | +[New] added conf.maldet option cron_prune_days to configure cron.daily pruning max age of quar/sess/tmp data; issue #197 |
| 3 | +[New] added curl support, as new default, into get_remote_file; wget support is preserved secondary to curl; issue #200 |
| 4 | +[New] added --force option on -u|--update-sigs |
| 5 | +[New] added --force option on -d|--update-ver |
| 6 | +[New] added empty lines cleaner for runtime signatures and sorting of hdb for better performance; pr #223 |
| 7 | +[Change] modified default prune interval of quarantine/sess/tmp data from older than 7d to 21d |
| 8 | +[Change] set email alerts to disabled when -z $mail / issue verbose warning on CLI; issue #220 |
| 9 | +[Change] scan_export_filelist feature had no real need to be limited to just cron runs; |
| 10 | +[Change] updated help and README to reflect '--force' option on '-u|--update-sigs' and '-d|--update-ver' |
| 11 | +[Change] post-change to get_remote_file(); signature version file was truncating with tmp file for maldet-clean |
| 12 | +[Change] replaced all calls of wget with get_remote_file() |
| 13 | +[Change] refactored get_remote_file() to be more generic / not depend on wget |
| 14 | +[Change] increased default values for wget --timeout from 5 to 10 seconds |
| 15 | +[Change] replace egrep with posix 'grep -E'; direct invocation of egrep/fgrep is deprecated; pr #214 |
| 16 | +[Fix] modified sourcing of conf files and order of precedence in mald…et.sh init script to properly |
| 17 | + treat default_monitor_mode being defined in conf.maldet; issue #224 |
| 18 | +[Fix] escape quotes within eval md5sum command as fix for issues #230 and #216 |
| 19 | + modified so when set, it will export find results for all '-r|--recent' scans |
| 20 | +[Fix] test condition for systemd was generating unary errors on older versions of bash; pr #36 |
| 21 | +[Fix] systemd based systems were skipping addition of sysconfig entry; pr #36 |
| 22 | +[Fix] install.sh find operation to prune old install backups was generating error when no previous installs existed |
| 23 | +[Fix] wgetopt was single quoted making the variables inside of it strings, set double quotes |
| 24 | +[Fix] potential out of memory issue while scanning a large set of files on native LMD scanner; pr #223 |
| 25 | +[Fix] -f option issue with relative path message; pr #223 |
| 26 | +[Fix] issue with checkout of relative file path for non root user; pr #223 |
0 commit comments