ClamAV 1.5.0 is now available with new features that strengthen malware detection in Microsoft Office and PDF documents.
This update marks a significant step forward for users who need reliable and thorough scanning of encrypted files and embedded links.
Alongside improved file checks, the release also adds support for external signature verification, flexible hashing options, and precise scan reporting.
These enhancements help security teams to better protect their networks and endpoints against evolving threats.
Better Checks for Encrypted Office Files
The new version of ClamAV can now detect whether an OLE2-based Microsoft Office document is encrypted before scanning its contents, as reported by Github.
This helps avoid wasted resources on files that cannot be inspected and ensures that alerts are only raised when true risks are present.
The feature was added through a pull request that introduces checks to identify document encryption and report it clearly in scan logs.
As a result, users will see faster scan times for encrypted files and clearer notifications when a file cannot be fully scanned.
Recording and Controlling URIs in HTML and PDF
ClamAV 1.5.0 expands its JSON metadata feature by allowing the scanner to record URIs found in both HTML and PDF files.
When the generate-JSON-metadata option is enabled, the scanner will include all extracted links in its JSON output.
Users who prefer to omit link data from metadata can disable recording with simple command-line and config options. For HTML, the options are –json-store-html-uris=no for ClamScan and JsonStoreHTMLURIs no in clamd.conf.
For PDFs, the corresponding options are –json-store-pdf-uris=no and JsonStorePDFURIs no. These settings give users greater control over metadata collection and reduce unnecessary data storage.
Stronger Signature Verification and FIPS Compliance
A major addition in this release is support for external .sign files to accompany CVD databases and patch files.
Freshclam now attempts to download these external signatures, and Sigtool offers commands to sign and verify databases with the new signature files. ClamAV will install a configurable certs directory for storing trusted certificates.
Administrators can change its path via the CMake option -D CVD_CERTS_DIRECTORY=PATH or through command-line flags like –cvdcertsdir PATH and environment variables such as CVD_CERTS_DIR.
The update also introduces FIPS-style limits to disable MD5 and SHA1 algorithms for signature verification.
Enabling the FIPSCryptoHashLimits yes setting or using the –fips-limits flag ensures ClamAV operates safely in FIPS-enabled environments.
Additional improvements include upgrading the clean-file cache to SHA2-256 for more secure caching and refining clamd’s administrative commands.
The ClamScan tool now reports exact bytes scanned and read in GiB, MiB, KiB, or B, replacing the previous generic MB labels.
New APIs in clamav.h and extended hashing functions give developers fine-grained control over scanning and hashing processes. All deprecated functions and options are clearly marked for future removal.
ClamAV 1.5.0 delivers a set of features that strengthen file verification, enhance metadata control, and ensure compliance with high-security environments.
Security teams and system administrators are encouraged to upgrade promptly to benefit from these robust improvements.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
