ClamAV 1.5 strengthens security, usability, and compatibility in the benchmark open source antivirus

  • FIPS-like limits for disabling MD5/SHA1 and SHA2-256 clean file caching.
  • External CVD signatures with .sign files, FreshClam downloads them and Sigtool can verify them.
  • More configuration control: regex in OnAccessExcludePath, inline comments, and administrative command restrictions.
  • Expanded compatibility: corrupted ZIPs, AI model types, Solaris/GNU Hurd and NCurses improvements; option to record URIs in JSON metadata.
Pablinux

4 minutes

Clam AV 1.5

The arrival de Clam AV 1.5 represents a significant leap in a open source antivirus engine that many administrators rely on to scan Linux, Windows, and macOS servers. Powered by Cisco TalosThis release strengthens critical features, refines management, and improves compatibility while maintaining its cross-platform philosophy.

Among the most visible changes are adjustments to security, signatures and configuration that facilitate deployment in demanding environments. In addition, small usability improvements—such as inline comments—and new file type recognition and analysis capabilities are introduced, all with a cautious and practical approach.

ClamAV 1.5 Highlights

In the field of document analysis, the engine can determine whether a OLE2-based Microsoft Office document It is encrypted, a useful feature for handling policies for attachments and sensitive documentation. Support is also added for regular expressions to the configuration option OnAccessExcludePath file clamd.conf, allowing for more precise exclusions.

ClamAV
Related article:
ClamAV: The essential open source antivirus for Linux and servers
  • Verifying Encryption in Office OLE2 Documents for finer control.
  • Regex in OnAccessExcludePath for exclusions granular in the on-access analysis.
  • Options to define a alternative directory of CVD certificates.

Signatures, FreshClam and certificates

The project incorporates database signature and verification CVD through external files .sign, strengthening the chain of trust. From now on, FreshClam will automatically download the external signatures associated with the files .cvd already the patches .cdiff, reducing operational friction.

Likewise, the utility Sigtool expands its capabilities to sign and verify those external signatures. To simplify deployments, ClamAV installs a directory certs within the application settings (by default, in /etc/certs), with configurable route during the installation.

FIPS-type limits and use of hashes

Another important new feature is the option to activate type limits. FIPS that disable the MD5 and SHA1 cryptographic algorithms when verifying digital signatures or when trusting a file when checking for false positives. The system will also attempt to detect if the FIPS mode is active in the environment.

In that context, the antivirus can continue calculating MD5 or SHA1 solely for informational or detection purposes, avoiding its use in sensitive operations. In addition, the clean file cache now uses the algorithm SHA2-256, which improves robustness against collisions.

JSON metadata and record URIs

When the function generate-JSON-metadata is enabled, the engine is capable of register URIs found in HTML and PDF files. For those who want the JSON metadata but not to store these links, two options have been added to disable this capture: --json-store-html-uris=no y --json-store-pdf-uris=no, offering a fine control of privacy.

Administration and CLI Settings in ClamAV 1.5

With the focus on daily operations, new options are incorporated for restrict certain administrative commands and the accuracy of the scanned and read byte counters is improved. Options are also added to the CLI to manage hash y type of file at the input/output, along with new scanning functions that extend the engine's reach.

ClamAV 1.5 Compatibility, Formats, and Configuration

In file formats, ClamAV 1.5 improves support for extract malformed ZIP files and recognizes an initial set of types associated with AI models. As for configuration, now supported online comments in ClamAV files, which facilitates documentation and maintenance.

In addition, the engine can create .cdiff y .script for databases with CVD names that include underscores, a historical limitation that is resolved in this release cycle.

Portability and construction

Under the hood, the build is reinforced in Solaris y GNU / Hurd, and improves the link with the library NCurses when libtinfo is compiled separately. These changes, along with numerous bug fixes, provide additional stability and greater portability in UNIX-like environments.

Download and availability

ClamAV 1.5 is available from Official site as source code. Binaries are also available. DEB y RPM on the project page on GitHub for Debian/Ubuntu and Red Hat-based distributions, respectively; similarly, it will be coming to the your distro repositories according to the cycle of each distribution.

With these improvements, version 1.5 strengthens database validation, provides stricter options for environments with FIPS requirements, and perfects everyday tasks (regex exclusions, JSON metadata, and administration). All of this keeps ClamAV as a open and adaptable solution to multiple production scenarios.