- Update to 0.103.4
* FreshClam:
- Add a 24-hour cool-down for FreshClam clients that have received
an HTTP 403 (Forbidden) response from the CDN. This is to reduce
the volume of 403-response data served to blocked FreshClam
clients that are configured with a tight update-loop.
- Fixed a bug where FreshClam treats an empty CDIFF as an
incremental update failure instead of as an intentional request
to download the whole CVD.
* ClamDScan: Fix a scan error when broken symlinks are encountered on
macOS with "FollowDirectorySymlinks" and "FollowFileSymlinks"
options disabled.
* Overhauled the scan recursion / nested archive extraction logic and
added new limits on embedded file-type recognition performed during
the "raw" scan of each file. This limits embedded file-type
misidentification and prevents detecting embedded file content that
is found/extracted and scanned at other layers in the scanning
process.
* Fix an issue with the FMap module that failed to read from some
nested files.
* Fixed an issue where failing to load some rules from a Yara file
containing multiple rules may cause a crash.
* Fixed assorted compiler warnings.
* Fixed assorted Coverity static code analysis issues.
* Scan limits:
- Added virus-name suffixes to the alerts that trigger when a scan
limit has been exceeded. Rather than simply
Heuristics.Limits.Exceeded, you may now see limit-specific
virus-names, to include:
+ Heuristics.Limits.Exceeded.MaxFileSize