SquidClamAv Changelog

What's new in SquidClamAv 5.11

Nov 3, 2012
  • Fix printing level of debug message when printing chunk sent to clamd. Thanks to Yuri Voinov for the report.

New in SquidClamAv 6.10 (Oct 29, 2012)

  • Replace clamd STREAM by zINSTREAM protocol as clamav have removed the obsolete STREAM protocol in release 0.97.4.

New in SquidClamAv 6.9 (Aug 29, 2012)

  • Add 'safebrowsing' configuration directive to enable/disable Safe Browsing detection.
  • Fix support to Clamav Google Safe Browsing that need a second query to clamd because the url need to be embeded in an email like content. Thanks to frOgz for the report.
  • Documentation updated for safebrowsing and proxy configuration variables.
  • All redirect CGI scripts have been rewritten with some CSS and to better handle virus vs malware. Thanks to frOgz for the patches.
  • Tested SquidClamav with Squid 3.2 successfuly.

New in SquidClamAv 6.8 (Jul 27, 2012)

  • Compatibility fix with new c-icap 0.2.1 release that prevent squidclamav service to be initialized. Thanks to Martin Matuska for the patch.
  • Fix issue with new c-icap 0.2.1 release that generate an error error each time squidclamav return CI_MOD_204 in end of data handler function. Thanks to Martin Matuska or the patch.

New in SquidClamAv 6.7 (Jul 25, 2012)

  • Add a workaround for a squidGuard bug that unescape the URL and send it back unescaped. This result in garbage staying into pipe of the system command call and could crash squidclamav on next read or return false information. This is specially true with URL containing the or
  • character. Thanks to John Xue for the report.
  • Update documentation about the recommanded way to call squidGuard through the use of url_rewrite_program in squid.conf. You may not use the squidguard configuration directive into squidclamav.conf.

New in SquidClamAv 6.6 (May 29, 2012)

  • Rewrite entirely the squidclamav behavior with the maxsize directive. The previous fix was only a workaround.
  • Fix a bug on 'trustclient' check part that was never executed if 'dnslookup' was disabled. Thanks to Kandalf for the report.

New in SquidClamAv 6.5 (Jan 16, 2012)

  • Fix a squidclamav crash when maxsize is removed from configuration file or disabled/set to 0. Thanks to Pascal Bendeich for the report.
  • Fix an issue when downloaded file size is upper than clamd.conf limit set into the StreamMaxLength configuration directive. Thanks to Arnvid Karstad for the report.
  • All cgi Perl script have been modified to report unsafe browsing.
  • Add a note about ClamAV and the support for Google Safe Browsing database.

New in SquidClamAv 6.4 (Aug 22, 2011)

  • Change default value for clamd_local configuration directive to the common package default clamd local socket '/var/run/clamav/clamd.ctl'.
  • The origin of the double free corruption was partially found in last release. It is now completely fixed. Thanks to Tim Weippert for the report.
  • The call to squidGuard from SquidClamav by a bidirectional pipe seem to make squid/c-icap system going slower and slower. The reason comes from more and more pending squidGuard processes after c-icap threads restart. The historical reason of this feature is related to Squid version 2.x that doesn't allow to chained url_rewrite_program. I think this is no more useful so the squidguard configuration directive will be removed in next major release. Thank to Marco Schuth and David Tannheimeri for the report. You'd better use the Squid configuration file (squid.conf) and the 'url_rewrite_program' directive to use squidGuard. There's no plan to reintroduce the call to squidGuard from SquidClamav at least until squidGuard has a daemon mode or you really asked for it.
  • Fix an issue on reallocating mishandled null pattern array.

New in SquidClamAv 6.2 (Feb 28, 2011)

  • Fix squidclamav crash when X-Client-IP is not forwarded by default from squid to icap, i-e: when 'icap_send_client_ip on' is not set into squid.conf. Thanks to Diego Elio Pettenò for the patch.
  • Force client Ip and Username to '-' when they are not set or null. Thanks to Alex for the report.
  • Fix a signal 11 when username was not set.
  • Add new configuration option 'dnslookup' to disable DNS lookup of client ip address. Default is enabled for backward compatibility but you must desactivate this feature if you don't use trustclient with hostname in the regexp or don't have a DNS on your network. Disabling it will also speed up squidclamav.

New in SquidClamAv 6.1 (Oct 30, 2010)

  • Add missing "#include ", compilation on BSD and possibly other distribution was not working. Thanks to Alex for the report.
  • Fix segmentation fault by gethostbyaddr when remote client can't be resolved. Thank to Valery for the report.

New in SquidClamAv 6.0 (Oct 22, 2010)

  • This is the initial release of the v6.x branch. It works exactly as v5.x branch except that it now use the ICAP protocol and must be run as a c-icap server service. The goal of this first release is to port SquidClamav to the ICAP protocol to solve all limitations encountered in the previous releases (audio/video streaming, site with session like webmail, support of POST request, etc).
  • Next release will tend to have real on stream scanning and bypass the size limitation. Coming soon, but I first want to be sure that c-icap is the good choose for stability and performance but also that this new branch is stable and speed enough. I hope you make me feedback.
  • As SquidClamav is now an ICAP service, you must use Squid v3.x branch and install the excellent c-icap server of Tsantilas Christos available at http://c-icap.sourceforge.net/. Please download version c-icap-0.1.x, you don't need the c-icap-modules part.
  • The squidclamav.conf configuration file from v5.x is fully compatible but some directives are now obsolete, here is the list:
  • squid_ip
  • squid_port
  • maxredir
  • useragent
  • trust_cache
  • stat
  • debug
  • clamd_timeout
  • One have change, this is the 'timeout' directive that was used to set the timeout for libcurl download. As cURL is no more used, this timeout directive is now used to set the timeout for clamd connect. His default value is 1 second and can be set up to 10.
  • Others works as before. There's no packaging available yet.
  • YOU MUST tune the c-icap server following your need (number of users), see http://squidclamav.darold.net/tuning.html for the configuration directive that could help.

New in SquidClamAv 5.6 (Oct 20, 2010)

  • Fix compile error with CLAMD_TIMEOUT on CentOs and possibly more distribution. Thank to Andrea Schoenberg for the report.
  • Fix compile warning on curl_easy_setopt with CURL_TIMEOUT.
  • Fix compile warning on execlp call.

New in SquidClamAv 5.5 (Oct 20, 2010)

  • It fixes some portability problems and curl timeouts on slow sites.

New in SquidClamAv 4.0 (Mar 4, 2009)

  • This release fixes the libcurl header that prevented downloads from the squid cache.
  • It adds a configuration option to disable virus scanning if the requested files hit the squid cache and have already been scanned.
  • This improves speed a lot, especially if you scan all traffic. Please upgrade.

New in SquidClamAv 3.9 (Dec 16, 2008)

  • Add SIGUSR1 signal catching to force squidclamav to reread his configuration file.
  • Add a second level of debug to have nicer output.

New in SquidClamAv 3.8 (Dec 6, 2008)

  • This release adds three new configuration options: useragent, maxredir, and abortcontent. The first is use to change the Curl user agent, the second allows Curl to follow more or fewer redirect locations, and the last allow bypassing virus checking on some pattern matching at the content-type level.
  • A segfault when squidGuard is not chained has been fixed.

New in SquidClamAv 3.7 (Oct 22, 2008)

  • This release adds a bi-directional pipe to squidGuard or another redirector to improve speed and security.