[Pkg-openssl-devel] Bug#993823: buster-pu: package clamav/0.103.3+dfsg-0+deb10u1

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Mon Sep 6 22:59:56 BST 2021


Package: release.debian.org
User: release.debian.org at packages.debian.org
Usertags: pu
Tags: buster
Severity: normal

This is an update of clamav to version 0.103.3 which is considered as a
LTS version. It contains only important fixes. The details were
documented by upstream at
        https://blog.clamav.net/2021/09/changes-to-clamav-end-of-life-policy.html

I had this updated version running on one of my machines. The 103.3
version is in unstable since July.
It addresses a clamdscan related regression which was introduced in
103.2.

Side note: As per
   https://docs.clamav.net/faq/faq-eol.html#definitions

upstream defines "support" as also including "Signature Database (CVD)
Access". Therefore it would be nice to include this into
buster/updates once time permits.

Sebastian
-------------- next part --------------
diff -Nru clamav-0.103.2+dfsg/clamd/scanner.c clamav-0.103.3+dfsg/clamd/scanner.c
--- clamav-0.103.2+dfsg/clamd/scanner.c	2021-04-06 21:03:42.000000000 +0200
+++ clamav-0.103.3+dfsg/clamd/scanner.c	2021-06-19 23:15:59.000000000 +0200
@@ -146,8 +146,8 @@
 
     if (NULL != filename) {
         if (CL_SUCCESS != cli_realpath((const char *)filename, &real_filename)) {
-            conn_reply_errno(scandata->conn, msg, "Failed to determine real path:");
-            logg("^Failed to determine real path for: %s\n", filename);
+            conn_reply_errno(scandata->conn, msg, "File path check failure:");
+            logg("^File path check failure for: %s\n", filename);
             logg("*Quarantine of the file may fail if file path contains symlinks.\n");
         } else {
             free(filename);
@@ -180,25 +180,30 @@
             else
                 logg("!Memory allocation failed during cli_ftw()\n");
             scandata->errors++;
+            free(filename);
             return CL_EMEM;
         case error_stat:
-            conn_reply_errno(scandata->conn, msg, "lstat() failed:");
-            logg("^lstat() failed on: %s\n", msg);
+            conn_reply_errno(scandata->conn, msg, "File path check failure:");
+            logg("^File path check failure on: %s\n", msg);
             scandata->errors++;
+            free(filename);
             return CL_SUCCESS;
         case warning_skipped_dir:
-            logg("^Directory recursion limit reached, skipping %s\n",
-                 msg);
+            logg("^Directory recursion limit reached, skipping %s\n", msg);
+            free(filename);
             return CL_SUCCESS;
         case warning_skipped_link:
             logg("$Skipping symlink: %s\n", msg);
+            free(filename);
             return CL_SUCCESS;
         case warning_skipped_special:
             if (msg == scandata->toplevel_path)
                 conn_reply(scandata->conn, msg, "Not supported file type", "ERROR");
             logg("*Not supported file type: %s\n", msg);
+            free(filename);
             return CL_SUCCESS;
         case visit_directory_toplev:
+            free(filename);
             return CL_SUCCESS;
         case visit_file:
             break;
diff -Nru clamav-0.103.2+dfsg/clamdscan/proto.c clamav-0.103.3+dfsg/clamdscan/proto.c
--- clamav-0.103.2+dfsg/clamdscan/proto.c	2021-04-06 21:03:42.000000000 +0200
+++ clamav-0.103.3+dfsg/clamdscan/proto.c	2021-06-19 23:15:59.000000000 +0200
@@ -238,6 +238,10 @@
 {
     const struct optstruct *opt;
 
+    if (!path) {
+        return 1;
+    }
+
     if ((opt = optget(clamdopts, "ExcludePath"))->enabled) {
         while (opt) {
             if (match_regex(path, opt->strarg) == 1) {
diff -Nru clamav-0.103.2+dfsg/clamsubmit/clamsubmit.c clamav-0.103.3+dfsg/clamsubmit/clamsubmit.c
--- clamav-0.103.2+dfsg/clamsubmit/clamsubmit.c	2021-04-06 21:03:42.000000000 +0200
+++ clamav-0.103.3+dfsg/clamsubmit/clamsubmit.c	2021-06-19 23:15:59.000000000 +0200
@@ -1,3 +1,30 @@
+/*
+ *  ClamAV Malware and False Positive Reporting Tool
+ *
+ *  Copyright (C) 2014-2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
+ *
+ *  Authors: Shawn Webb, Steve Morgan
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 as
+ *  published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ *  MA 02110-1301, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "clamav-config.h"
+#endif
+
+#include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
 #if HAVE_UNISTD_H
@@ -23,6 +50,7 @@
 #include "misc.h"
 #include "getopt.h"
 #include "cert_util.h"
+#include "output.h"
 
 #define OPTS "e:p:n:N:V:H:h?v?d"
 
@@ -32,7 +60,6 @@
 
 typedef struct _header_data {
     int len;
-    char *cfduid;
     char *session;
 } header_data;
 
@@ -41,7 +68,7 @@
     char *str;
 } write_data;
 
-int g_debug = 0;
+bool g_debug = false;
 
 void usage(char *name)
 {
@@ -85,22 +112,22 @@
         sp = ptr + clen + 1;
         ep = strchr(sp, ';');
         if (ep == NULL) {
-            fprintf(stderr, "header_cb(): malformed cookie\n");
+            logg("!header_cb(): malformed cookie\n");
             return 0;
         }
         mem = malloc(ep - sp + 1);
         if (mem == NULL) {
-            fprintf(stderr, "header_cb(): malloc failed\n");
+            logg("!header_cb(): malloc failed\n");
             return 0;
         }
         memcpy(mem, sp, ep - sp);
         mem[ep - sp] = '\0';
-        if (!strncmp(mem, "__cfduid", 8))
-            hd->cfduid = mem;
-        else if (!strncmp(mem, "_clamav-net_session", strlen("_clamav-net_session")))
+        if (!strncmp(mem, "_clamav-net_session", strlen("_clamav-net_session")))
             hd->session = mem;
-        else
-            fprintf(stderr, "header_cb(): unrecognized cookie\n");
+        else {
+            logg("!header_cb(): unrecognized cookie\n");
+            free(mem);
+        }
     }
     return len;
 }
@@ -114,7 +141,7 @@
     if (len) {
         str = realloc(wd->str, wd->len + len + 1);
         if (str == NULL) {
-            fprintf(stderr, "write_cb() realloc failure\n");
+            logg("!write_cb() realloc failure\n");
             return 0;
         }
         memcpy(str + wd->len, ptr, len);
@@ -140,10 +167,10 @@
     if (json_object_object_get_ex(ps_json_obj, key, &json_obj)) {
         json_str = json_object_get_string(json_obj);
         if (json_str == NULL) {
-            fprintf(stderr, "Error: json_object_get_string() for %s.\n", key);
+            logg("!Error: json_object_get_string() for %s.\n", key);
         }
     } else {
-        fprintf(stderr, "Error: json_object_object_get_ex() for %s.\n", key);
+        logg("!Error: json_object_object_get_ex() for %s.\n", key);
     }
     return json_str;
 }
@@ -161,23 +188,28 @@
     int setURL = 0, fromStream = 0;
     const char *json_str;
     write_data wd            = {0, NULL};
-    header_data hd_malware   = {0, NULL, NULL};
-    header_data hd_presigned = {0, NULL, NULL};
+    header_data hd_malware   = {0, NULL};
+    header_data hd_presigned = {0, NULL};
     json_object *ps_json_obj = NULL;
-    int malware              = 0;
+    bool malware             = false;
     int len                  = 0;
     char *submissionID       = NULL;
     char *fpvname            = NULL;
-    char *sp, *ep, *str;
-    char *authenticity_token = NULL;
-    char *urlp;
+    char *sp, *ep;
+
+    char *authenticity_token_header = NULL;
+    char *authenticity_token        = NULL;
+    char *session_cookie            = NULL;
+
+    char *url_for_auth_token;
+    char *url_for_presigned_cookie;
 
     curl_global_init(CURL_GLOBAL_ALL);
 
     clam_curl = curl_easy_init();
     if (clam_curl == NULL) {
-        fprintf(stderr, "ERROR: Could not initialize libcurl.\n");
-        goto cleanup;
+        logg("!ERROR: Could not initialize libcurl.\n");
+        goto done;
     }
 
     memset(userAgent, 0, sizeof(userAgent));
@@ -187,7 +219,7 @@
     userAgent[sizeof(userAgent) - 1] = 0;
 
     if (CURLE_OK != curl_easy_setopt(clam_curl, CURLOPT_USERAGENT, userAgent)) {
-        fprintf(stderr, "!create_curl_handle: Failed to set CURLOPT_USERAGENT (%s)!\n", userAgent);
+        logg("!!create_curl_handle: Failed to set CURLOPT_USERAGENT (%s)!\n", userAgent);
     }
 
     while ((ch = my_getopt(argc, argv, OPTS)) > 0) {
@@ -209,14 +241,14 @@
             case 'n':
                 if (setURL)
                     usage(argv[0]);
-                malware  = 1;
+                malware  = true;
                 filename = optarg;
                 break;
             case 'V':
                 fpvname = optarg;
                 break;
             case 'd':
-                g_debug = 1;
+                g_debug = true;
                 break;
             case 'h':
             case '?':
@@ -228,15 +260,15 @@
     if (!(name) || !(email) || !(filename))
         usage(argv[0]);
 
-    if (malware == 0 && fpvname == NULL) {
-        fprintf(stderr, "Detected virus name(-V) required for false positive submissions.\n");
+    if (malware == false && fpvname == NULL) {
+        logg("!Detected virus name(-V) required for false positive submissions.\n");
         usage(argv[0]);
     }
     if (strlen(filename) == 1 && filename[0] == '-') {
         filename = read_stream();
         if (!(filename)) {
-            fprintf(stderr, "ERROR: Unable to read stream\n");
-            goto cleanup;
+            logg("!ERROR: Unable to read stream\n");
+            goto done;
         }
         fromStream = 1;
     }
@@ -244,31 +276,34 @@
     if (g_debug) {
         /* ask libcurl to show us the verbose output */
         if (CURLE_OK != curl_easy_setopt(clam_curl, CURLOPT_VERBOSE, 1L)) {
-            fprintf(stderr, "!ERROR: Failed to set CURLOPT_VERBOSE!\n");
+            logg("!!ERROR: Failed to set CURLOPT_VERBOSE!\n");
         }
         if (CURLE_OK != curl_easy_setopt(clam_curl, CURLOPT_STDERR, stdout)) {
-            fprintf(stderr, "!ERROR: Failed to direct curl debug output to stdout!\n");
+            logg("!!ERROR: Failed to direct curl debug output to stdout!\n");
         }
     }
 
     if (CURLE_OK != curl_easy_setopt(clam_curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1)) {
-        fprintf(stderr, "ERROR: Failed to set HTTP version to 1.1 (to prevent 2.0 responses which we don't yet parse properly)!\n");
+        logg("!ERROR: Failed to set HTTP version to 1.1 (to prevent 2.0 responses which we don't yet parse properly)!\n");
     }
 
 #if defined(C_DARWIN) || defined(_WIN32)
     if (CURLE_OK != curl_easy_setopt(clam_curl, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function)) {
-        fprintf(stderr, "ERROR: Failed to set SSL CTX function!\n");
+        logg("!ERROR: Failed to set SSL CTX function!\n");
     }
 #else
     set_tls_ca_bundle(clam_curl);
 #endif
 
-    /*** The GET malware|fp ***/
-    if (malware == 1)
-        urlp = "https://www.clamav.net/reports/malware";
-    else
-        urlp = "https://www.clamav.net/reports/fp";
-    curl_easy_setopt(clam_curl, CURLOPT_URL, urlp);
+    /*
+     * GET authenticity token
+     */
+    if (malware == true) {
+        url_for_auth_token = "https://www.clamav.net/reports/malware";
+    } else {
+        url_for_auth_token = "https://www.clamav.net/reports/fp";
+    }
+    curl_easy_setopt(clam_curl, CURLOPT_URL, url_for_auth_token);
     curl_easy_setopt(clam_curl, CURLOPT_HTTPGET, 1);
     curl_easy_setopt(clam_curl, CURLOPT_WRITEDATA, &wd);
     curl_easy_setopt(clam_curl, CURLOPT_WRITEFUNCTION, write_cb);
@@ -276,30 +311,30 @@
     curl_easy_setopt(clam_curl, CURLOPT_HEADERFUNCTION, header_cb);
     res = curl_easy_perform(clam_curl);
     if (res != CURLE_OK) {
-        fprintf(stderr, "Error in GET %s: %s\n", urlp, curl_easy_strerror(res));
-        goto cleanup;
+        logg("!Error in GET %s: %s\n", url_for_auth_token, curl_easy_strerror(res));
+        goto done;
     }
     if (wd.str != NULL) {
         sp = strstr(wd.str, "name=\"authenticity_token\"");
         if (sp == NULL) {
-            fprintf(stderr, "Authenticity token element not found.\n");
-            goto cleanup;
+            logg("!Authenticity token element not found.\n");
+            goto done;
         }
         sp = strstr(sp, "value=");
         if (sp == NULL) {
-            fprintf(stderr, "Authenticity token value not found.\n");
-            goto cleanup;
+            logg("!Authenticity token value not found.\n");
+            goto done;
         }
         sp += 7;
         ep = strchr(sp, '"');
         if (ep == NULL) {
-            fprintf(stderr, "Authenticity token malformed.\n");
-            goto cleanup;
+            logg("!Authenticity token malformed.\n");
+            goto done;
         }
         authenticity_token = malloc(ep - sp + 1);
         if (authenticity_token == NULL) {
-            fprintf(stderr, "no memory for authenticity token.\n");
-            goto cleanup;
+            logg("!no memory for authenticity token.\n");
+            goto done;
         }
         memcpy(authenticity_token, sp, ep - sp);
         authenticity_token[ep - sp] = '\0';
@@ -307,120 +342,128 @@
         wd.str = NULL;
     }
     wd.len = 0;
-    urlp   = NULL;
 
-    /*** The GET presigned ***/
-    if (malware == 1)
-        curl_easy_setopt(clam_curl, CURLOPT_URL, "https://www.clamav.net/presigned?type=malware");
-    else
-        curl_easy_setopt(clam_curl, CURLOPT_URL, "https://www.clamav.net/presigned?type=fp");
+    /* record the session cookie for later use, if exists */
+    if (NULL == hd_malware.session) {
+        logg("!clamav.net/presigned response missing session ID cookie.\nWill try without the cookie.\n");
+        // goto done; // Note: unclear if the session cookie is required. Can't hurt to try w/out it?
+    } else {
+        len            = strlen(hd_malware.session) + 3;
+        session_cookie = malloc(len);
+        if (session_cookie == NULL) {
+            logg("!No memory for GET presigned cookies\n");
+            goto done;
+        }
+        if (snprintf(session_cookie, len, "%s;", hd_malware.session) > len) {
+            logg("!snprintf() failed formatting GET presigned cookies\n");
+            goto done;
+        }
+    }
+
+    /*
+     * GET presigned cookie
+     */
+    if (malware == true) {
+        url_for_presigned_cookie = "https://www.clamav.net/presigned?type=malware";
+    } else {
+        url_for_presigned_cookie = "https://www.clamav.net/presigned?type=fp";
+    }
+
+    curl_easy_setopt(clam_curl, CURLOPT_URL, url_for_presigned_cookie);
     curl_easy_setopt(clam_curl, CURLOPT_HTTPGET, 1);
 
-    if (NULL == hd_malware.cfduid || NULL == hd_malware.session) {
-        fprintf(stderr, "invalid cfduid and/or session id values provided by clamav.net/presigned. Unable to continue submission.");
-        goto cleanup;
-    }
-
-    len = strlen(hd_malware.cfduid) + strlen(hd_malware.session) + 3;
-    str = malloc(len);
-    if (str == NULL) {
-        fprintf(stderr, "No memory for GET presigned cookies\n");
-        goto cleanup;
-    }
-    if (snprintf(str, len, "%s; %s;", hd_malware.cfduid, hd_malware.session) > len) {
-        fprintf(stderr, "snprintf() failed formatting GET presigned cookies\n");
-        free(str);
-        goto cleanup;
-    }
-    curl_easy_setopt(clam_curl, CURLOPT_COOKIE, str);
-    free(str);
-    len = strlen(authenticity_token) + 15;
-    str = malloc(len);
-    if (str == NULL) {
-        fprintf(stderr, "No memory for GET presigned X-CSRF-Token\n");
-        goto cleanup;
-    }
-    if (snprintf(str, len, "X-CSRF-Token: %s", authenticity_token) > len) {
-        fprintf(stderr, "snprintf() failed for GET presigned X-CSRF-Token\n");
-        free(str);
-        goto cleanup;
+    if (NULL != session_cookie) {
+        curl_easy_setopt(clam_curl, CURLOPT_COOKIE, session_cookie);
     }
-    slist = curl_slist_append(slist, str);
-    free(str);
+
+    /* Include an X-CSRF-Token header using the authenticity token retrieved with the presigned GET request */
+    len                       = strlen(authenticity_token) + strlen("X-CSRF-Token: ") + 1;
+    authenticity_token_header = malloc(len);
+    if (authenticity_token_header == NULL) {
+        logg("!No memory for GET presigned X-CSRF-Token\n");
+        goto done;
+    }
+    if (snprintf(authenticity_token_header, len, "X-CSRF-Token: %s", authenticity_token) > len) {
+        logg("!snprintf() failed for GET presigned X-CSRF-Token\n");
+        goto done;
+    }
+    slist = curl_slist_append(slist, authenticity_token_header);
+    free(authenticity_token_header);
+    authenticity_token_header = NULL;
+
     curl_easy_setopt(clam_curl, CURLOPT_HTTPHEADER, slist);
     curl_easy_setopt(clam_curl, CURLOPT_HEADERDATA, &hd_presigned);
     curl_easy_setopt(clam_curl, CURLOPT_HEADERFUNCTION, header_cb);
-    if (malware == 1)
-        curl_easy_setopt(clam_curl, CURLOPT_REFERER, "https://www.clamav.net/reports/malware");
-    else
-        curl_easy_setopt(clam_curl, CURLOPT_REFERER, "https://www.clamav.net/reports/fp");
+    curl_easy_setopt(clam_curl, CURLOPT_REFERER, url_for_auth_token);
 
     res = curl_easy_perform(clam_curl);
     if (res != CURLE_OK) {
-        fprintf(stderr, "Error in GET presigned: %s\n", curl_easy_strerror(res));
-        goto cleanup;
+        logg("!Error in GET reports: %s\n", curl_easy_strerror(res));
+        goto done;
     }
     curl_slist_free_all(slist);
     slist = NULL;
 
-    /*** The POST to AWS ***/
+    /*
+     * POST the report to AWS
+     */
     ps_json_obj = json_tokener_parse(wd.str);
     if (ps_json_obj == NULL) {
-        fprintf(stderr, "Error in json_tokener_parse of %.*s\n", wd.len, wd.str);
-        goto cleanup;
+        logg("!Error in json_tokener_parse of %.*s\n", wd.len, wd.str);
+        goto done;
     }
     json_str = presigned_get_string(ps_json_obj, "key");
     if (json_str == NULL) {
-        fprintf(stderr, "Error in presigned_get_string parsing key from json object\n");
-        goto cleanup;
+        logg("!Error in presigned_get_string parsing key from json object\n");
+        goto done;
     }
     sp = strchr(json_str, '/');
     if (sp == NULL) {
-        fprintf(stderr, "Error: malformed 'key' string in GET presigned response (missing '/'.\n");
-        goto cleanup;
+        logg("!Error: malformed 'key' string in GET presigned response (missing '/'.\n");
+        goto done;
     }
     sp++;
     ep = strchr(sp, '-');
     if (ep == NULL) {
-        fprintf(stderr, "Error: malformed 'key' string in GET presigned response (missing '-'.\n");
-        goto cleanup;
+        logg("!Error: malformed 'key' string in GET presigned response (missing '-'.\n");
+        goto done;
     }
 
     submissionID = malloc(ep - sp + 1);
     if (submissionID == NULL) {
-        fprintf(stderr, "Error: malloc submissionID.\n");
-        goto cleanup;
+        logg("!Error: malloc submissionID.\n");
+        goto done;
     }
     memcpy(submissionID, sp, ep - sp);
     submissionID[ep - sp] = '\0';
 
     aws_curl = curl_easy_init();
     if (!(aws_curl)) {
-        fprintf(stderr, "ERROR: Could not initialize libcurl POST presigned\n");
-        goto cleanup;
+        logg("!ERROR: Could not initialize libcurl POST presigned\n");
+        goto done;
     }
 
     if (CURLE_OK != curl_easy_setopt(aws_curl, CURLOPT_USERAGENT, userAgent)) {
-        fprintf(stderr, "!create_curl_handle: Failed to set CURLOPT_USERAGENT (%s)!\n", userAgent);
+        logg("!!create_curl_handle: Failed to set CURLOPT_USERAGENT (%s)!\n", userAgent);
     }
 
     if (g_debug) {
         /* ask libcurl to show us the verbose output */
         if (CURLE_OK != curl_easy_setopt(aws_curl, CURLOPT_VERBOSE, 1L)) {
-            fprintf(stderr, "!ERROR: Failed to set CURLOPT_VERBOSE!\n");
+            logg("!!ERROR: Failed to set CURLOPT_VERBOSE!\n");
         }
         if (CURLE_OK != curl_easy_setopt(aws_curl, CURLOPT_STDERR, stdout)) {
-            fprintf(stderr, "!ERROR: Failed to direct curl debug output to stdout!\n");
+            logg("!!ERROR: Failed to direct curl debug output to stdout!\n");
         }
     }
 
     if (CURLE_OK != curl_easy_setopt(aws_curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1)) {
-        fprintf(stderr, "ERROR: Failed to set HTTP version to 1.1 (to prevent 2.0 responses which we don't yet parse properly)!\n");
+        logg("!ERROR: Failed to set HTTP version to 1.1 (to prevent 2.0 responses which we don't yet parse properly)!\n");
     }
 
 #if defined(C_DARWIN) || defined(_WIN32)
     if (CURLE_OK != curl_easy_setopt(aws_curl, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function)) {
-        fprintf(stderr, "ERROR: Failed to set SSL CTX function!\n");
+        logg("!ERROR: Failed to set SSL CTX function!\n");
     }
 #else
     set_tls_ca_bundle(aws_curl);
@@ -430,50 +473,50 @@
 
     json_str = presigned_get_string(ps_json_obj, "acl");
     if (json_str == NULL) {
-        fprintf(stderr, "Error in presigned_get_string parsing acl from json object\n");
-        goto cleanup;
+        logg("!Error in presigned_get_string parsing acl from json object\n");
+        goto done;
     }
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "acl", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END);
 
     json_str = presigned_get_string(ps_json_obj, "policy");
     if (json_str == NULL) {
-        fprintf(stderr, "Error in presigned_get_string parsing policy from json object\n");
-        goto cleanup;
+        logg("!Error in presigned_get_string parsing policy from json object\n");
+        goto done;
     }
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "policy", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END);
 
     json_str = presigned_get_string(ps_json_obj, "x-amz-meta-original-filename");
     if (json_str == NULL) {
-        fprintf(stderr, "Error in presigned_get_string parsing x-amz-meta-original-filename from json object\n");
-        goto cleanup;
+        logg("!Error in presigned_get_string parsing x-amz-meta-original-filename from json object\n");
+        goto done;
     }
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "x-amz-meta-original-filename", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END);
 
     json_str = presigned_get_string(ps_json_obj, "x-amz-credential");
     if (json_str == NULL) {
-        fprintf(stderr, "Error in presigned_get_string parsing x-amz-credential from json object\n");
-        goto cleanup;
+        logg("!Error in presigned_get_string parsing x-amz-credential from json object\n");
+        goto done;
     }
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "x-amz-credential", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END);
 
     json_str = presigned_get_string(ps_json_obj, "x-amz-algorithm");
     if (json_str == NULL) {
-        fprintf(stderr, "Error in presigned_get_string parsing x-amz-algorithm from json object\n");
-        goto cleanup;
+        logg("!Error in presigned_get_string parsing x-amz-algorithm from json object\n");
+        goto done;
     }
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "x-amz-algorithm", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END);
 
     json_str = presigned_get_string(ps_json_obj, "x-amz-date");
     if (json_str == NULL) {
-        fprintf(stderr, "Error in presigned_get_string parsing x-amz-date from json object\n");
-        goto cleanup;
+        logg("!Error in presigned_get_string parsing x-amz-date from json object\n");
+        goto done;
     }
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "x-amz-date", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END);
 
     json_str = presigned_get_string(ps_json_obj, "x-amz-signature");
     if (json_str == NULL) {
-        fprintf(stderr, "Error in presigned_get_string parsing x-amz-signature from json object\n");
-        goto cleanup;
+        logg("!Error in presigned_get_string parsing x-amz-signature from json object\n");
+        goto done;
     }
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "x-amz-signature", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END);
 
@@ -486,8 +529,8 @@
 
     res = curl_easy_perform(aws_curl);
     if (res != CURLE_OK) {
-        fprintf(stderr, "Error in POST AWS: %s\n", curl_easy_strerror(res));
-        goto cleanup;
+        logg("!Error in POST AWS: %s\n", curl_easy_strerror(res));
+        goto done;
     }
     curl_slist_free_all(slist);
     slist = NULL;
@@ -497,36 +540,30 @@
     curl_easy_cleanup(aws_curl);
     aws_curl = NULL;
     json_object_put(ps_json_obj);
-    free(wd.str);
-    wd.str = NULL;
+
+    if (wd.str != NULL) {
+        free(wd.str);
+        wd.str = NULL;
+    }
     wd.len = 0;
 
     /*** The POST submit to clamav.net ***/
     slist = curl_slist_append(slist, "Expect:");
-    len   = strlen(hd_malware.cfduid) + strlen(hd_malware.session) + 3;
-    str   = malloc(len);
-    if (str == NULL) {
-        fprintf(stderr, "No memory for POST submit cookies.\n");
-        goto cleanup;
-    }
-    if (snprintf(str, len, "%s; %s;", hd_malware.cfduid, hd_malware.session) > len) {
-        fprintf(stderr, "snprintf() failed formatting POST submit cookies\n");
-        free(str);
-        goto cleanup;
+
+    if (NULL != session_cookie) {
+        curl_easy_setopt(clam_curl, CURLOPT_COOKIE, session_cookie);
     }
-    curl_easy_setopt(clam_curl, CURLOPT_COOKIE, str);
-    free(str);
+
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "utf8", CURLFORM_COPYCONTENTS, "\x27\x13", CURLFORM_END);
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "authenticity_token", CURLFORM_COPYCONTENTS, authenticity_token, CURLFORM_END);
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "submissionID", CURLFORM_COPYCONTENTS, submissionID, CURLFORM_END);
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "type", CURLFORM_COPYCONTENTS, malware ? "malware" : "fp", CURLFORM_END);
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "sendername", CURLFORM_COPYCONTENTS, name, CURLFORM_END);
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "email", CURLFORM_COPYCONTENTS, email, CURLFORM_END);
-    if (malware == 0) {
-        curl_formadd(&post, &last, CURLFORM_COPYNAME, "virusname", CURLFORM_COPYCONTENTS, fpvname, CURLFORM_END);
+    if (malware == true) {
+        curl_formadd(&post, &last, CURLFORM_COPYNAME, "shareSample", CURLFORM_COPYCONTENTS, "on", CURLFORM_END);
     } else {
-        if (malware == 1)
-            curl_formadd(&post, &last, CURLFORM_COPYNAME, "shareSample", CURLFORM_COPYCONTENTS, "on", CURLFORM_END);
+        curl_formadd(&post, &last, CURLFORM_COPYNAME, "virusname", CURLFORM_COPYCONTENTS, fpvname, CURLFORM_END);
     }
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "description", CURLFORM_COPYCONTENTS, "clamsubmit", CURLFORM_END);
     curl_formadd(&post, &last, CURLFORM_COPYNAME, "notify", CURLFORM_COPYCONTENTS, "on", CURLFORM_END);
@@ -537,37 +574,43 @@
     curl_easy_setopt(clam_curl, CURLOPT_HEADERFUNCTION, NULL);
     res = curl_easy_perform(clam_curl);
     if (res != CURLE_OK) {
-        fprintf(stderr, "Error in POST submit: %s\n", curl_easy_strerror(res));
-        goto cleanup;
+        logg("!Error in POST submit: %s\n", curl_easy_strerror(res));
+        goto done;
     } else {
         long response_code;
         curl_easy_getinfo(clam_curl, CURLINFO_RESPONSE_CODE, &response_code);
         if (response_code / 100 == 3) {
-            curl_easy_getinfo(clam_curl, CURLINFO_REDIRECT_URL, &urlp);
-            if (urlp == NULL) {
-                fprintf(stderr, "POST submit Location URL is NULL.\n");
-                goto cleanup;
+            curl_easy_getinfo(clam_curl, CURLINFO_REDIRECT_URL, &url_for_auth_token);
+            if (url_for_auth_token == NULL) {
+                logg("!POST submit Location URL is NULL.\n");
+                goto done;
             }
-            sp = strstr(urlp, "/reports/");
+            sp = strstr(url_for_auth_token, "/reports/");
             if (sp == NULL) {
-                fprintf(stderr, "POST submit Location URL is malformed.\n");
+                logg("!POST submit Location URL is malformed.\n");
             } else if (!strcmp(sp, "/reports/success")) {
-                fprintf(stdout, "Submission success!\n");
+                logg("Submission success!\n");
                 status = 0;
             } else if (!strcmp(sp, "/reports/failure")) {
-                fprintf(stdout, "Submission failed\n");
+                logg("Submission failed\n");
             } else {
-                fprintf(stdout, "Unknown submission status %s\n", sp);
+                logg("Unknown submission status %s\n", sp);
             }
         } else {
-            fprintf(stderr, "Unexpected POST submit response code: %li\n", response_code);
+            logg("!Unexpected POST submit response code: %li\n", response_code);
         }
     }
 
-cleanup:
+done:
     /*
      * Cleanup
      */
+    if (authenticity_token_header != NULL) {
+        free(authenticity_token_header);
+    }
+    if (session_cookie != NULL) {
+        free(session_cookie);
+    }
     if (slist != NULL) {
         curl_slist_free_all(slist);
     }
@@ -587,15 +630,9 @@
         wd.str = NULL;
         wd.len = 0;
     }
-    if (hd_malware.cfduid != NULL) {
-        free(hd_malware.cfduid);
-    }
     if (hd_malware.session != NULL) {
         free(hd_malware.session);
     }
-    if (hd_presigned.cfduid != NULL) {
-        free(hd_presigned.cfduid);
-    }
     if (hd_presigned.session != NULL) {
         free(hd_presigned.session);
     }
diff -Nru clamav-0.103.2+dfsg/CMakeLists.txt clamav-0.103.3+dfsg/CMakeLists.txt
--- clamav-0.103.2+dfsg/CMakeLists.txt	2021-04-06 21:03:42.000000000 +0200
+++ clamav-0.103.3+dfsg/CMakeLists.txt	2021-06-19 23:15:59.000000000 +0200
@@ -15,7 +15,7 @@
 set(VERSION_SUFFIX "")
 
 project( ClamAV
-         VERSION "0.103.2"
+         VERSION "0.103.3"
          DESCRIPTION "ClamAV open source email, web, and end-point anti-virus toolkit." )
 
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH})
diff -Nru clamav-0.103.2+dfsg/configure clamav-0.103.3+dfsg/configure
--- clamav-0.103.2+dfsg/configure	2021-04-06 21:04:41.000000000 +0200
+++ clamav-0.103.3+dfsg/configure	2021-06-19 23:16:29.000000000 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ClamAV 0.103.2.
+# Generated by GNU Autoconf 2.69 for ClamAV 0.103.3.
 #
 # Report bugs to <https://bugzilla.clamav.net/>.
 #
@@ -592,8 +592,8 @@
 # Identity of this package.
 PACKAGE_NAME='ClamAV'
 PACKAGE_TARNAME='clamav'
-PACKAGE_VERSION='0.103.2'
-PACKAGE_STRING='ClamAV 0.103.2'
+PACKAGE_VERSION='0.103.3'
+PACKAGE_STRING='ClamAV 0.103.3'
 PACKAGE_BUGREPORT='https://bugzilla.clamav.net/'
 PACKAGE_URL='https://www.clamav.net/'
 
@@ -1606,7 +1606,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures ClamAV 0.103.2 to adapt to many kinds of systems.
+\`configure' configures ClamAV 0.103.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1687,7 +1687,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of ClamAV 0.103.2:";;
+     short | recursive ) echo "Configuration of ClamAV 0.103.3:";;
    esac
   cat <<\_ACEOF
   --enable-dependency-tracking
@@ -1922,7 +1922,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-ClamAV configure 0.103.2
+ClamAV configure 0.103.3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2550,7 +2550,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by ClamAV $as_me 0.103.2, which was
+It was created by ClamAV $as_me 0.103.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4308,7 +4308,7 @@
 
 # Define the identity of the package.
  PACKAGE='clamav'
- VERSION='0.103.2'
+ VERSION='0.103.3'
 
 
 # Some tools Automake needs.
@@ -6036,7 +6036,7 @@
 $as_echo "#define PACKAGE PACKAGE_NAME" >>confdefs.h
 
 
-VERSION="0.103.2"
+VERSION="0.103.3"
 
 major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/^0-9//g"`
 minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/^0-9//g"`
@@ -31896,7 +31896,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by ClamAV $as_me 0.103.2, which was
+This file was extended by ClamAV $as_me 0.103.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -31963,7 +31963,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-ClamAV config.status 0.103.2
+ClamAV config.status 0.103.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
@@ -34813,7 +34813,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by ClamAV $as_me 0.103.2, which was
+This file was extended by ClamAV $as_me 0.103.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -34880,7 +34880,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-ClamAV config.status 0.103.2
+ClamAV config.status 0.103.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -Nru clamav-0.103.2+dfsg/configure.ac clamav-0.103.3+dfsg/configure.ac
--- clamav-0.103.2+dfsg/configure.ac	2021-04-12 20:43:41.000000000 +0200
+++ clamav-0.103.3+dfsg/configure.ac	2021-06-27 21:39:58.000000000 +0200
@@ -22,7 +22,7 @@
 
 dnl For a release change [devel] to the real version [0.xy]
 dnl also change VERSION below
-AC_INIT([ClamAV], [0.103.2], [https://bugzilla.clamav.net/], [clamav], [https://www.clamav.net/])
+AC_INIT([ClamAV], [0.103.3], [https://bugzilla.clamav.net/], [clamav], [https://www.clamav.net/])
 
 dnl put configure auxiliary into config
 AC_CONFIG_AUX_DIR([config])
diff -Nru clamav-0.103.2+dfsg/debian/changelog clamav-0.103.3+dfsg/debian/changelog
--- clamav-0.103.2+dfsg/debian/changelog	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/changelog	2021-09-04 15:51:26.000000000 +0200
@@ -1,3 +1,14 @@
+clamav (0.103.3+dfsg-0+deb10u1) buster; urgency=medium
+
+  * Import 0.103.3
+    - Update symbol file.
+    - Regression: clamdscan segfaults with --fdpass --multipass and
+      ExcludePath (Closes: #988218).
+  * Remove clamav user on purge (Closes: #987861).
+  * Remove freshclam.dat on purge.
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc>  Sat, 04 Sep 2021 15:51:26 +0200
+
 clamav (0.103.2+dfsg-0+deb10u1) buster; urgency=medium
 
   [ Sebastian Andrzej Siewior ]
diff -Nru clamav-0.103.2+dfsg/debian/clamav-base.postrm clamav-0.103.3+dfsg/debian/clamav-base.postrm
--- clamav-0.103.2+dfsg/debian/clamav-base.postrm	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/clamav-base.postrm	2021-09-04 15:51:26.000000000 +0200
@@ -41,6 +41,7 @@
   rm -f /var/log/clamav/*.log* /etc/clamav/*.conf.dpkg-old
   rm -f /var/lib/clamav/*.md5sum || true
   rm -f $DATABASEDIR/main.cvd $DATABASEDIR/daily.cvd $DATABASEDIR/bytecode.cvd $DATABASEDIR/bytecode.cld
+  userdel clamav || true
   ;;
   remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
   ;;
diff -Nru clamav-0.103.2+dfsg/debian/clamav-freshclam.postrm clamav-0.103.3+dfsg/debian/clamav-freshclam.postrm
--- clamav-0.103.2+dfsg/debian/clamav-freshclam.postrm	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/clamav-freshclam.postrm	2021-09-04 15:51:26.000000000 +0200
@@ -45,6 +45,7 @@
     ${workdir}/daily.inc/* \
     ${workdir}/main.inc/* \
     ${workdir}/mirrors.dat \
+    ${workdir}/freshclam.dat \
     ${workdir}/interface"
   for i in $RMLIST; do
     rm -f $i > /dev/null 2>&1 || true
diff -Nru clamav-0.103.2+dfsg/debian/.git-dpm clamav-0.103.3+dfsg/debian/.git-dpm
--- clamav-0.103.2+dfsg/debian/.git-dpm	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/.git-dpm	2021-09-04 15:51:26.000000000 +0200
@@ -1,8 +1,8 @@
 # see git-dpm(1) from git-dpm package
-5938bac12638f6fe722adbc5e382c347268f0431
-5938bac12638f6fe722adbc5e382c347268f0431
-21b35cadc5ce6e45c2700201681499bc45eb5419
-21b35cadc5ce6e45c2700201681499bc45eb5419
-clamav_0.103.2+dfsg.orig.tar.xz
-461ec3a7b45851e31a1cd9a4458473f9b4dc2677
-5123788
+72146c7665650e0727a520e5235130c229c1e5eb
+72146c7665650e0727a520e5235130c229c1e5eb
+576c3dc22d608d90c712c86aab8905d8d5ce619a
+576c3dc22d608d90c712c86aab8905d8d5ce619a
+clamav_0.103.3+dfsg.orig.tar.xz
+1c8ffd98a7bdeec6bc329218da5d4f8e1f912333
+5124272
diff -Nru clamav-0.103.2+dfsg/debian/libclamav9.symbols clamav-0.103.3+dfsg/debian/libclamav9.symbols
--- clamav-0.103.2+dfsg/debian/libclamav9.symbols	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/libclamav9.symbols	2021-09-04 15:51:26.000000000 +0200
@@ -1,20 +1,20 @@
 libclamav.so.9 libclamav9 #MINVER#
 * Build-Depends-Package: libclamav-dev
- CLAMAV_PRIVATE at CLAMAV_PRIVATE 0.103.2
+ CLAMAV_PRIVATE at CLAMAV_PRIVATE 0.103.3
  CLAMAV_PUBLIC at CLAMAV_PUBLIC 0.101.0
- __cli_strcasestr at CLAMAV_PRIVATE 0.103.2
- __cli_strndup at CLAMAV_PRIVATE 0.103.2
- __cli_strnlen at CLAMAV_PRIVATE 0.103.2
- __cli_strnstr at CLAMAV_PRIVATE 0.103.2
- base64Flush at CLAMAV_PRIVATE 0.103.2
- blobAddData at CLAMAV_PRIVATE 0.103.2
- blobCreate at CLAMAV_PRIVATE 0.103.2
- blobDestroy at CLAMAV_PRIVATE 0.103.2
- cl_ASN1_GetTimeT at CLAMAV_PRIVATE 0.103.2
+ __cli_strcasestr at CLAMAV_PRIVATE 0.103.3
+ __cli_strndup at CLAMAV_PRIVATE 0.103.3
+ __cli_strnlen at CLAMAV_PRIVATE 0.103.3
+ __cli_strnstr at CLAMAV_PRIVATE 0.103.3
+ base64Flush at CLAMAV_PRIVATE 0.103.3
+ blobAddData at CLAMAV_PRIVATE 0.103.3
+ blobCreate at CLAMAV_PRIVATE 0.103.3
+ blobDestroy at CLAMAV_PRIVATE 0.103.3
+ cl_ASN1_GetTimeT at CLAMAV_PRIVATE 0.103.3
  cl_always_gen_section_hash at CLAMAV_PUBLIC 0.101.0
- cl_base64_decode at CLAMAV_PRIVATE 0.103.2
- cl_base64_encode at CLAMAV_PRIVATE 0.103.2
- cl_cleanup_crypto at CLAMAV_PRIVATE 0.103.2
+ cl_base64_decode at CLAMAV_PRIVATE 0.103.3
+ cl_base64_encode at CLAMAV_PRIVATE 0.103.3
+ cl_cleanup_crypto at CLAMAV_PRIVATE 0.103.3
  cl_countsigs at CLAMAV_PUBLIC 0.101.0
  cl_cvdfree at CLAMAV_PUBLIC 0.101.0
  cl_cvdhead at CLAMAV_PUBLIC 0.101.0
@@ -54,19 +54,19 @@
  cl_fmap_close at CLAMAV_PUBLIC 0.101.0
  cl_fmap_open_handle at CLAMAV_PUBLIC 0.101.0
  cl_fmap_open_memory at CLAMAV_PUBLIC 0.101.0
- cl_get_pkey_file at CLAMAV_PRIVATE 0.103.2
- cl_get_x509_from_mem at CLAMAV_PRIVATE 0.103.2
- cl_hash_data at CLAMAV_PRIVATE 0.103.2
+ cl_get_pkey_file at CLAMAV_PRIVATE 0.103.3
+ cl_get_x509_from_mem at CLAMAV_PRIVATE 0.103.3
+ cl_hash_data at CLAMAV_PRIVATE 0.103.3
  cl_hash_destroy at CLAMAV_PUBLIC 0.101.0
- cl_hash_file_fd at CLAMAV_PRIVATE 0.103.2
- cl_hash_file_fd_ctx at CLAMAV_PRIVATE 0.103.2
- cl_hash_file_fp at CLAMAV_PRIVATE 0.103.2
+ cl_hash_file_fd at CLAMAV_PRIVATE 0.103.3
+ cl_hash_file_fd_ctx at CLAMAV_PRIVATE 0.103.3
+ cl_hash_file_fp at CLAMAV_PRIVATE 0.103.3
  cl_hash_init at CLAMAV_PUBLIC 0.101.0
  cl_init at CLAMAV_PUBLIC 0.101.0
- cl_initialize_crypto at CLAMAV_PRIVATE 0.103.2
+ cl_initialize_crypto at CLAMAV_PRIVATE 0.103.3
  cl_load at CLAMAV_PUBLIC 0.101.0
- cl_load_cert at CLAMAV_PRIVATE 0.103.2
- cl_load_crl at CLAMAV_PRIVATE 0.103.2
+ cl_load_cert at CLAMAV_PRIVATE 0.103.3
+ cl_load_crl at CLAMAV_PRIVATE 0.103.3
  cl_retdbdir at CLAMAV_PUBLIC 0.101.0
  cl_retflevel at CLAMAV_PUBLIC 0.103.0
  cl_retver at CLAMAV_PUBLIC 0.101.0
@@ -76,195 +76,195 @@
  cl_scanfile_callback at CLAMAV_PUBLIC 0.101.0
  cl_scanmap_callback at CLAMAV_PUBLIC 0.101.0
  cl_set_clcb_msg at CLAMAV_PUBLIC 0.101.0
- cl_sha1 at CLAMAV_PRIVATE 0.103.2
- cl_sha256 at CLAMAV_PRIVATE 0.103.2
- cl_sign_data at CLAMAV_PRIVATE 0.103.2
- cl_sign_data_keyfile at CLAMAV_PRIVATE 0.103.2
- cl_sign_file_fd at CLAMAV_PRIVATE 0.103.2
- cl_sign_file_fp at CLAMAV_PRIVATE 0.103.2
+ cl_sha1 at CLAMAV_PRIVATE 0.103.3
+ cl_sha256 at CLAMAV_PRIVATE 0.103.3
+ cl_sign_data at CLAMAV_PRIVATE 0.103.3
+ cl_sign_data_keyfile at CLAMAV_PRIVATE 0.103.3
+ cl_sign_file_fd at CLAMAV_PRIVATE 0.103.3
+ cl_sign_file_fp at CLAMAV_PRIVATE 0.103.3
  cl_statchkdir at CLAMAV_PUBLIC 0.101.0
  cl_statfree at CLAMAV_PUBLIC 0.101.0
  cl_statinidir at CLAMAV_PUBLIC 0.101.0
  cl_strerror at CLAMAV_PUBLIC 0.101.0
  cl_update_hash at CLAMAV_PUBLIC 0.101.0
- cl_validate_certificate_chain at CLAMAV_PRIVATE 0.103.2
- cl_validate_certificate_chain_ts_dir at CLAMAV_PRIVATE 0.103.2
- cl_verify_signature at CLAMAV_PRIVATE 0.103.2
- cl_verify_signature_fd at CLAMAV_PRIVATE 0.103.2
- cl_verify_signature_fd_x509 at CLAMAV_PRIVATE 0.103.2
- cl_verify_signature_fd_x509_keyfile at CLAMAV_PRIVATE 0.103.2
- cl_verify_signature_hash at CLAMAV_PRIVATE 0.103.2
- cl_verify_signature_hash_x509 at CLAMAV_PRIVATE 0.103.2
- cl_verify_signature_hash_x509_keyfile at CLAMAV_PRIVATE 0.103.2
- cl_verify_signature_x509 at CLAMAV_PRIVATE 0.103.2
- cl_verify_signature_x509_keyfile at CLAMAV_PRIVATE 0.103.2
- cli_ac_buildtrie at CLAMAV_PRIVATE 0.103.2
- cli_ac_chklsig at CLAMAV_PRIVATE 0.103.2
- cli_ac_free at CLAMAV_PRIVATE 0.103.2
- cli_ac_freedata at CLAMAV_PRIVATE 0.103.2
- cli_ac_init at CLAMAV_PRIVATE 0.103.2
- cli_ac_initdata at CLAMAV_PRIVATE 0.103.2
- cli_ac_scanbuff at CLAMAV_PRIVATE 0.103.2
- cli_basename at CLAMAV_PRIVATE 0.103.2
- cli_bm_free at CLAMAV_PRIVATE 0.103.2
- cli_bm_init at CLAMAV_PRIVATE 0.103.2
- cli_bm_scanbuff at CLAMAV_PRIVATE 0.103.2
- cli_build_regex_list at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_context_alloc at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_context_clear at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_context_destroy at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_context_getresult_int at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_context_set_trace at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_context_setfile at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_context_setfuncid at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_context_setparam_int at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_context_setparam_ptr at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_debug at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_debug_printsrc at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_describe at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_destroy at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_done at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_init at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_load at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_prepare2 at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_printversion at CLAMAV_PRIVATE 0.103.2
- cli_bytecode_run at CLAMAV_PRIVATE 0.103.2
- cli_bytefunc_describe at CLAMAV_PRIVATE 0.103.2
- cli_byteinst_describe at CLAMAV_PRIVATE 0.103.2
- cli_bytetype_describe at CLAMAV_PRIVATE 0.103.2
- cli_bytevalue_describe at CLAMAV_PRIVATE 0.103.2
- cli_calloc at CLAMAV_PRIVATE 0.103.2
- cli_check_auth_header at CLAMAV_PRIVATE 0.103.2
- cli_chomp at CLAMAV_PRIVATE 0.103.2
- cli_codepage_to_utf8 at CLAMAV_PRIVATE 0.103.2
- cli_ctime at CLAMAV_PRIVATE 0.103.2
- cli_cvdunpack at CLAMAV_PRIVATE 0.103.2
- cli_dbgmsg_internal at CLAMAV_PRIVATE 0.103.2
- cli_dconf_init at CLAMAV_PRIVATE 0.103.2
- cli_debug_flag at CLAMAV_PRIVATE 0.103.2
- cli_detect_environment at CLAMAV_PRIVATE 0.103.2
- cli_disasm_one at CLAMAV_PRIVATE 0.103.2
- cli_errmsg at CLAMAV_PRIVATE 0.103.2
- cli_filecopy at CLAMAV_PRIVATE 0.103.2
- cli_free_vba_project at CLAMAV_PRIVATE 0.103.2
- cli_ftw at CLAMAV_PRIVATE 0.103.2
- cli_genhash_pe at CLAMAV_PRIVATE 0.103.2
- cli_gentemp at CLAMAV_PRIVATE 0.103.2
- cli_gentemp_with_prefix at CLAMAV_PRIVATE 0.103.2
- cli_gentempfd at CLAMAV_PRIVATE 0.103.2
- cli_get_filepath_from_filedesc at CLAMAV_PRIVATE 0.103.2
- cli_gettmpdir at CLAMAV_PRIVATE 0.103.2
- cli_hashfile at CLAMAV_PRIVATE 0.103.2
- cli_hashset_destroy at CLAMAV_PRIVATE 0.103.2
- cli_hashstream at CLAMAV_PRIVATE 0.103.2
- cli_hex2str at CLAMAV_PRIVATE 0.103.2
- cli_hex2ui at CLAMAV_PRIVATE 0.103.2
- cli_initroots at CLAMAV_PRIVATE 0.103.2
- cli_isnumber at CLAMAV_PRIVATE 0.103.2
- cli_js_destroy at CLAMAV_PRIVATE 0.103.2
- cli_js_init at CLAMAV_PRIVATE 0.103.2
- cli_js_output at CLAMAV_PRIVATE 0.103.2
- cli_js_parse_done at CLAMAV_PRIVATE 0.103.2
- cli_js_process_buffer at CLAMAV_PRIVATE 0.103.2
- cli_ldbtokenize at CLAMAV_PRIVATE 0.103.2
- cli_malloc at CLAMAV_PRIVATE 0.103.2
- cli_memstr at CLAMAV_PRIVATE 0.103.2
- cli_ole2_extract at CLAMAV_PRIVATE 0.103.2
- cli_parse_add at CLAMAV_PRIVATE 0.103.2
- cli_pcre_build at CLAMAV_PRIVATE 0.103.2
- cli_pcre_freeoff at CLAMAV_PRIVATE 0.103.2
- cli_pcre_init at CLAMAV_PRIVATE 0.103.2
- cli_pcre_perf_events_destroy at CLAMAV_PRIVATE 0.103.2
- cli_pcre_perf_print at CLAMAV_PRIVATE 0.103.2
- cli_pcre_recaloff at CLAMAV_PRIVATE 0.103.2
- cli_pcre_scanbuf at CLAMAV_PRIVATE 0.103.2
- cli_ppt_vba_read at CLAMAV_PRIVATE 0.103.2
- cli_printcxxver at CLAMAV_PRIVATE 0.103.2
- cli_readn at CLAMAV_PRIVATE 0.103.2
- cli_realloc at CLAMAV_PRIVATE 0.103.2
- cli_realpath at CLAMAV_PRIVATE 0.103.2
- cli_regcomp at CLAMAV_PRIVATE 0.103.2
- cli_regex2suffix at CLAMAV_PRIVATE 0.103.2
- cli_regexec at CLAMAV_PRIVATE 0.103.2
- cli_regfree at CLAMAV_PRIVATE 0.103.2
- cli_rmdirs at CLAMAV_PRIVATE 0.103.2
- cli_rndnum at CLAMAV_PRIVATE 0.103.2
- cli_sanitize_filepath at CLAMAV_PRIVATE 0.103.2
- cli_scan_buff at CLAMAV_PRIVATE 0.103.2
- cli_scan_fmap at CLAMAV_PRIVATE 0.103.2
- cli_sigopts_handler at CLAMAV_PRIVATE 0.103.2
- cli_sigperf_events_destroy at CLAMAV_PRIVATE 0.103.2
- cli_sigperf_print at CLAMAV_PRIVATE 0.103.2
- cli_str2hex at CLAMAV_PRIVATE 0.103.2
- cli_strbcasestr at CLAMAV_PRIVATE 0.103.2
- cli_strdup at CLAMAV_PRIVATE 0.103.2
- cli_strerror at CLAMAV_PRIVATE 0.103.2
- cli_strlcat at CLAMAV_PRIVATE 0.103.2
- cli_strlcpy at CLAMAV_PRIVATE 0.103.2
- cli_strntoul at CLAMAV_PRIVATE 0.103.2
- cli_strrcpy at CLAMAV_PRIVATE 0.103.2
- cli_strtok at CLAMAV_PRIVATE 0.103.2
- cli_strtokbuf at CLAMAV_PRIVATE 0.103.2
- cli_strtokenize at CLAMAV_PRIVATE 0.103.2
- cli_textbuffer_append_normalize at CLAMAV_PRIVATE 0.103.2
- cli_unescape at CLAMAV_PRIVATE 0.103.2
- cli_unlink at CLAMAV_PRIVATE 0.103.2
- cli_url_canon at CLAMAV_PRIVATE 0.103.2
- cli_utf16_to_utf8 at CLAMAV_PRIVATE 0.103.2
- cli_utf16toascii at CLAMAV_PRIVATE 0.103.2
- cli_vba_inflate at CLAMAV_PRIVATE 0.103.2
- cli_vba_readdir at CLAMAV_PRIVATE 0.103.2
- cli_versig2 at CLAMAV_PRIVATE 0.103.2
- cli_versig at CLAMAV_PRIVATE 0.103.2
- cli_warnmsg at CLAMAV_PRIVATE 0.103.2
- cli_wm_decrypt_macro at CLAMAV_PRIVATE 0.103.2
- cli_wm_readdir at CLAMAV_PRIVATE 0.103.2
- cli_writen at CLAMAV_PRIVATE 0.103.2
- decodeLine at CLAMAV_PRIVATE 0.103.2
- disasmbuf at CLAMAV_PRIVATE 0.103.2
- fmap at CLAMAV_PRIVATE 0.103.2
- fmap_duplicate at CLAMAV_PRIVATE 0.103.2
- free_duplicate_fmap at CLAMAV_PRIVATE 0.103.2
- get_fpu_endian at CLAMAV_PRIVATE 0.103.2
- have_clamjit at CLAMAV_PRIVATE 0.103.2
- have_rar at CLAMAV_PRIVATE 0.103.2
- html_normalise_map at CLAMAV_PRIVATE 0.103.2
- html_normalise_mem at CLAMAV_PRIVATE 0.103.2
- html_screnc_decode at CLAMAV_PRIVATE 0.103.2
- html_tag_arg_free at CLAMAV_PRIVATE 0.103.2
- init_domainlist at CLAMAV_PRIVATE 0.103.2
- init_regex_list at CLAMAV_PRIVATE 0.103.2
- init_whitelist at CLAMAV_PRIVATE 0.103.2
- is_regex_ok at CLAMAV_PRIVATE 0.103.2
- load_regex_matcher at CLAMAV_PRIVATE 0.103.2
+ cl_validate_certificate_chain at CLAMAV_PRIVATE 0.103.3
+ cl_validate_certificate_chain_ts_dir at CLAMAV_PRIVATE 0.103.3
+ cl_verify_signature at CLAMAV_PRIVATE 0.103.3
+ cl_verify_signature_fd at CLAMAV_PRIVATE 0.103.3
+ cl_verify_signature_fd_x509 at CLAMAV_PRIVATE 0.103.3
+ cl_verify_signature_fd_x509_keyfile at CLAMAV_PRIVATE 0.103.3
+ cl_verify_signature_hash at CLAMAV_PRIVATE 0.103.3
+ cl_verify_signature_hash_x509 at CLAMAV_PRIVATE 0.103.3
+ cl_verify_signature_hash_x509_keyfile at CLAMAV_PRIVATE 0.103.3
+ cl_verify_signature_x509 at CLAMAV_PRIVATE 0.103.3
+ cl_verify_signature_x509_keyfile at CLAMAV_PRIVATE 0.103.3
+ cli_ac_buildtrie at CLAMAV_PRIVATE 0.103.3
+ cli_ac_chklsig at CLAMAV_PRIVATE 0.103.3
+ cli_ac_free at CLAMAV_PRIVATE 0.103.3
+ cli_ac_freedata at CLAMAV_PRIVATE 0.103.3
+ cli_ac_init at CLAMAV_PRIVATE 0.103.3
+ cli_ac_initdata at CLAMAV_PRIVATE 0.103.3
+ cli_ac_scanbuff at CLAMAV_PRIVATE 0.103.3
+ cli_basename at CLAMAV_PRIVATE 0.103.3
+ cli_bm_free at CLAMAV_PRIVATE 0.103.3
+ cli_bm_init at CLAMAV_PRIVATE 0.103.3
+ cli_bm_scanbuff at CLAMAV_PRIVATE 0.103.3
+ cli_build_regex_list at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_context_alloc at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_context_clear at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_context_destroy at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_context_getresult_int at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_context_set_trace at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_context_setfile at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_context_setfuncid at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_context_setparam_int at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_context_setparam_ptr at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_debug at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_debug_printsrc at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_describe at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_destroy at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_done at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_init at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_load at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_prepare2 at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_printversion at CLAMAV_PRIVATE 0.103.3
+ cli_bytecode_run at CLAMAV_PRIVATE 0.103.3
+ cli_bytefunc_describe at CLAMAV_PRIVATE 0.103.3
+ cli_byteinst_describe at CLAMAV_PRIVATE 0.103.3
+ cli_bytetype_describe at CLAMAV_PRIVATE 0.103.3
+ cli_bytevalue_describe at CLAMAV_PRIVATE 0.103.3
+ cli_calloc at CLAMAV_PRIVATE 0.103.3
+ cli_check_auth_header at CLAMAV_PRIVATE 0.103.3
+ cli_chomp at CLAMAV_PRIVATE 0.103.3
+ cli_codepage_to_utf8 at CLAMAV_PRIVATE 0.103.3
+ cli_ctime at CLAMAV_PRIVATE 0.103.3
+ cli_cvdunpack at CLAMAV_PRIVATE 0.103.3
+ cli_dbgmsg_internal at CLAMAV_PRIVATE 0.103.3
+ cli_dconf_init at CLAMAV_PRIVATE 0.103.3
+ cli_debug_flag at CLAMAV_PRIVATE 0.103.3
+ cli_detect_environment at CLAMAV_PRIVATE 0.103.3
+ cli_disasm_one at CLAMAV_PRIVATE 0.103.3
+ cli_errmsg at CLAMAV_PRIVATE 0.103.3
+ cli_filecopy at CLAMAV_PRIVATE 0.103.3
+ cli_free_vba_project at CLAMAV_PRIVATE 0.103.3
+ cli_ftw at CLAMAV_PRIVATE 0.103.3
+ cli_genhash_pe at CLAMAV_PRIVATE 0.103.3
+ cli_gentemp at CLAMAV_PRIVATE 0.103.3
+ cli_gentemp_with_prefix at CLAMAV_PRIVATE 0.103.3
+ cli_gentempfd at CLAMAV_PRIVATE 0.103.3
+ cli_get_filepath_from_filedesc at CLAMAV_PRIVATE 0.103.3
+ cli_gettmpdir at CLAMAV_PRIVATE 0.103.3
+ cli_hashfile at CLAMAV_PRIVATE 0.103.3
+ cli_hashset_destroy at CLAMAV_PRIVATE 0.103.3
+ cli_hashstream at CLAMAV_PRIVATE 0.103.3
+ cli_hex2str at CLAMAV_PRIVATE 0.103.3
+ cli_hex2ui at CLAMAV_PRIVATE 0.103.3
+ cli_initroots at CLAMAV_PRIVATE 0.103.3
+ cli_isnumber at CLAMAV_PRIVATE 0.103.3
+ cli_js_destroy at CLAMAV_PRIVATE 0.103.3
+ cli_js_init at CLAMAV_PRIVATE 0.103.3
+ cli_js_output at CLAMAV_PRIVATE 0.103.3
+ cli_js_parse_done at CLAMAV_PRIVATE 0.103.3
+ cli_js_process_buffer at CLAMAV_PRIVATE 0.103.3
+ cli_ldbtokenize at CLAMAV_PRIVATE 0.103.3
+ cli_malloc at CLAMAV_PRIVATE 0.103.3
+ cli_memstr at CLAMAV_PRIVATE 0.103.3
+ cli_ole2_extract at CLAMAV_PRIVATE 0.103.3
+ cli_parse_add at CLAMAV_PRIVATE 0.103.3
+ cli_pcre_build at CLAMAV_PRIVATE 0.103.3
+ cli_pcre_freeoff at CLAMAV_PRIVATE 0.103.3
+ cli_pcre_init at CLAMAV_PRIVATE 0.103.3
+ cli_pcre_perf_events_destroy at CLAMAV_PRIVATE 0.103.3
+ cli_pcre_perf_print at CLAMAV_PRIVATE 0.103.3
+ cli_pcre_recaloff at CLAMAV_PRIVATE 0.103.3
+ cli_pcre_scanbuf at CLAMAV_PRIVATE 0.103.3
+ cli_ppt_vba_read at CLAMAV_PRIVATE 0.103.3
+ cli_printcxxver at CLAMAV_PRIVATE 0.103.3
+ cli_readn at CLAMAV_PRIVATE 0.103.3
+ cli_realloc at CLAMAV_PRIVATE 0.103.3
+ cli_realpath at CLAMAV_PRIVATE 0.103.3
+ cli_regcomp at CLAMAV_PRIVATE 0.103.3
+ cli_regex2suffix at CLAMAV_PRIVATE 0.103.3
+ cli_regexec at CLAMAV_PRIVATE 0.103.3
+ cli_regfree at CLAMAV_PRIVATE 0.103.3
+ cli_rmdirs at CLAMAV_PRIVATE 0.103.3
+ cli_rndnum at CLAMAV_PRIVATE 0.103.3
+ cli_sanitize_filepath at CLAMAV_PRIVATE 0.103.3
+ cli_scan_buff at CLAMAV_PRIVATE 0.103.3
+ cli_scan_fmap at CLAMAV_PRIVATE 0.103.3
+ cli_sigopts_handler at CLAMAV_PRIVATE 0.103.3
+ cli_sigperf_events_destroy at CLAMAV_PRIVATE 0.103.3
+ cli_sigperf_print at CLAMAV_PRIVATE 0.103.3
+ cli_str2hex at CLAMAV_PRIVATE 0.103.3
+ cli_strbcasestr at CLAMAV_PRIVATE 0.103.3
+ cli_strdup at CLAMAV_PRIVATE 0.103.3
+ cli_strerror at CLAMAV_PRIVATE 0.103.3
+ cli_strlcat at CLAMAV_PRIVATE 0.103.3
+ cli_strlcpy at CLAMAV_PRIVATE 0.103.3
+ cli_strntoul at CLAMAV_PRIVATE 0.103.3
+ cli_strrcpy at CLAMAV_PRIVATE 0.103.3
+ cli_strtok at CLAMAV_PRIVATE 0.103.3
+ cli_strtokbuf at CLAMAV_PRIVATE 0.103.3
+ cli_strtokenize at CLAMAV_PRIVATE 0.103.3
+ cli_textbuffer_append_normalize at CLAMAV_PRIVATE 0.103.3
+ cli_unescape at CLAMAV_PRIVATE 0.103.3
+ cli_unlink at CLAMAV_PRIVATE 0.103.3
+ cli_url_canon at CLAMAV_PRIVATE 0.103.3
+ cli_utf16_to_utf8 at CLAMAV_PRIVATE 0.103.3
+ cli_utf16toascii at CLAMAV_PRIVATE 0.103.3
+ cli_vba_inflate at CLAMAV_PRIVATE 0.103.3
+ cli_vba_readdir at CLAMAV_PRIVATE 0.103.3
+ cli_versig2 at CLAMAV_PRIVATE 0.103.3
+ cli_versig at CLAMAV_PRIVATE 0.103.3
+ cli_warnmsg at CLAMAV_PRIVATE 0.103.3
+ cli_wm_decrypt_macro at CLAMAV_PRIVATE 0.103.3
+ cli_wm_readdir at CLAMAV_PRIVATE 0.103.3
+ cli_writen at CLAMAV_PRIVATE 0.103.3
+ decodeLine at CLAMAV_PRIVATE 0.103.3
+ disasmbuf at CLAMAV_PRIVATE 0.103.3
+ fmap at CLAMAV_PRIVATE 0.103.3
+ fmap_duplicate at CLAMAV_PRIVATE 0.103.3
+ free_duplicate_fmap at CLAMAV_PRIVATE 0.103.3
+ get_fpu_endian at CLAMAV_PRIVATE 0.103.3
+ have_clamjit at CLAMAV_PRIVATE 0.103.3
+ have_rar at CLAMAV_PRIVATE 0.103.3
+ html_normalise_map at CLAMAV_PRIVATE 0.103.3
+ html_normalise_mem at CLAMAV_PRIVATE 0.103.3
+ html_screnc_decode at CLAMAV_PRIVATE 0.103.3
+ html_tag_arg_free at CLAMAV_PRIVATE 0.103.3
+ init_domainlist at CLAMAV_PRIVATE 0.103.3
+ init_regex_list at CLAMAV_PRIVATE 0.103.3
+ init_whitelist at CLAMAV_PRIVATE 0.103.3
+ is_regex_ok at CLAMAV_PRIVATE 0.103.3
+ load_regex_matcher at CLAMAV_PRIVATE 0.103.3
  lsig_sub_matched at CLAMAV_PUBLIC 0.101.0
- messageCreate at CLAMAV_PRIVATE 0.103.2
- messageDestroy at CLAMAV_PRIVATE 0.103.2
- mpool_calloc at CLAMAV_PRIVATE 0.103.2
- mpool_create at CLAMAV_PRIVATE 0.103.2
- mpool_destroy at CLAMAV_PRIVATE 0.103.2
- mpool_free at CLAMAV_PRIVATE 0.103.2
- mpool_getstats at CLAMAV_PRIVATE 0.103.2
- phishingScan at CLAMAV_PRIVATE 0.103.2
- phishing_done at CLAMAV_PRIVATE 0.103.2
- phishing_init at CLAMAV_PRIVATE 0.103.2
- regex_list_add_pattern at CLAMAV_PRIVATE 0.103.2
- regex_list_done at CLAMAV_PRIVATE 0.103.2
- regex_list_match at CLAMAV_PRIVATE 0.103.2
- tableCreate at CLAMAV_PRIVATE 0.103.2
- tableDestroy at CLAMAV_PRIVATE 0.103.2
- tableFind at CLAMAV_PRIVATE 0.103.2
- tableInsert at CLAMAV_PRIVATE 0.103.2
- tableIterate at CLAMAV_PRIVATE 0.103.2
- tableRemove at CLAMAV_PRIVATE 0.103.2
- tableUpdate at CLAMAV_PRIVATE 0.103.2
- text_normalize_init at CLAMAV_PRIVATE 0.103.2
- text_normalize_map at CLAMAV_PRIVATE 0.103.2
- text_normalize_reset at CLAMAV_PRIVATE 0.103.2
- uniq_add at CLAMAV_PRIVATE 0.103.2
- uniq_free at CLAMAV_PRIVATE 0.103.2
- uniq_get at CLAMAV_PRIVATE 0.103.2
- uniq_init at CLAMAV_PRIVATE 0.103.2
+ messageCreate at CLAMAV_PRIVATE 0.103.3
+ messageDestroy at CLAMAV_PRIVATE 0.103.3
+ mpool_calloc at CLAMAV_PRIVATE 0.103.3
+ mpool_create at CLAMAV_PRIVATE 0.103.3
+ mpool_destroy at CLAMAV_PRIVATE 0.103.3
+ mpool_free at CLAMAV_PRIVATE 0.103.3
+ mpool_getstats at CLAMAV_PRIVATE 0.103.3
+ phishingScan at CLAMAV_PRIVATE 0.103.3
+ phishing_done at CLAMAV_PRIVATE 0.103.3
+ phishing_init at CLAMAV_PRIVATE 0.103.3
+ regex_list_add_pattern at CLAMAV_PRIVATE 0.103.3
+ regex_list_done at CLAMAV_PRIVATE 0.103.3
+ regex_list_match at CLAMAV_PRIVATE 0.103.3
+ tableCreate at CLAMAV_PRIVATE 0.103.3
+ tableDestroy at CLAMAV_PRIVATE 0.103.3
+ tableFind at CLAMAV_PRIVATE 0.103.3
+ tableInsert at CLAMAV_PRIVATE 0.103.3
+ tableIterate at CLAMAV_PRIVATE 0.103.3
+ tableRemove at CLAMAV_PRIVATE 0.103.3
+ tableUpdate at CLAMAV_PRIVATE 0.103.3
+ text_normalize_init at CLAMAV_PRIVATE 0.103.3
+ text_normalize_map at CLAMAV_PRIVATE 0.103.3
+ text_normalize_reset at CLAMAV_PRIVATE 0.103.3
+ uniq_add at CLAMAV_PRIVATE 0.103.3
+ uniq_free at CLAMAV_PRIVATE 0.103.3
+ uniq_get at CLAMAV_PRIVATE 0.103.3
+ uniq_init at CLAMAV_PRIVATE 0.103.3
 libfreshclam.so.2 libclamav9 #MINVER#
  FRESHCLAM_PRIVATE at FRESHCLAM_PRIVATE 0.103.0
  FRESHCLAM_PUBLIC at FRESHCLAM_PUBLIC 0.102.1
diff -Nru clamav-0.103.2+dfsg/debian/patches/0007-unit-tests-Fix-ck_assert_msg-call.patch clamav-0.103.3+dfsg/debian/patches/0007-unit-tests-Fix-ck_assert_msg-call.patch
--- clamav-0.103.2+dfsg/debian/patches/0007-unit-tests-Fix-ck_assert_msg-call.patch	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/patches/0007-unit-tests-Fix-ck_assert_msg-call.patch	2021-09-04 15:51:26.000000000 +0200
@@ -1,4 +1,4 @@
-From 5938bac12638f6fe722adbc5e382c347268f0431 Mon Sep 17 00:00:00 2001
+From 72146c7665650e0727a520e5235130c229c1e5eb Mon Sep 17 00:00:00 2001
 From: Orion Poplawski <orion at nwra.com>
 Date: Thu, 17 Sep 2020 22:26:04 -0600
 Subject: unit tests: Fix ck_assert_msg() call
diff -Nru clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch
--- clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch	2021-09-04 15:51:26.000000000 +0200
@@ -1,4 +1,4 @@
-From 579e51913488a9e230ef3aaf00b66d916ce6a0c9 Mon Sep 17 00:00:00 2001
+From df82013136196ad3965a6a355ab16a2c00eef672 Mon Sep 17 00:00:00 2001
 From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
 Date: Fri, 14 Oct 2016 20:24:39 +0200
 Subject: Add support for LLVM 3.7
diff -Nru clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch
--- clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch	2021-09-04 15:51:26.000000000 +0200
@@ -1,4 +1,4 @@
-From 7ced6d6a9f6dab06e5d862a679bbb6fd56ce3dc1 Mon Sep 17 00:00:00 2001
+From c60688f8d1c2b93973834c4b4427c3866397e5d5 Mon Sep 17 00:00:00 2001
 From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
 Date: Fri, 14 Oct 2016 20:24:48 +0200
 Subject: Add support for LLVM 3.8
diff -Nru clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch
--- clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch	2021-09-04 15:51:26.000000000 +0200
@@ -1,4 +1,4 @@
-From 48cf5a4a0ac6383753a39a89e59e315a01004a2b Mon Sep 17 00:00:00 2001
+From 1ded63f04bd4d7bcf8745961779e75a83885bfa3 Mon Sep 17 00:00:00 2001
 From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
 Date: Fri, 14 Oct 2016 20:24:56 +0200
 Subject: Add support for LLVM 3.9
diff -Nru clamav-0.103.2+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch clamav-0.103.3+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch
--- clamav-0.103.2+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch	2021-09-04 15:51:26.000000000 +0200
@@ -1,4 +1,4 @@
-From 5074de826702367732ad868d39e1a94c5ab6d630 Mon Sep 17 00:00:00 2001
+From 896e9b21c30479c090c9171501b52aa1c217f648 Mon Sep 17 00:00:00 2001
 From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
 Date: Wed, 11 Mar 2015 20:03:15 +0100
 Subject: add support for system tomsfastmath
@@ -14,7 +14,7 @@
  create mode 100644 m4/reorganization/libs/tomsfastmath.m4
 
 diff --git a/configure.ac b/configure.ac
-index 6da01a3..1e46398 100644
+index b8f4ba8..6d967be 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -98,6 +98,7 @@ m4_include([m4/reorganization/libs/libmspack.m4])
diff -Nru clamav-0.103.2+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch clamav-0.103.3+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch
--- clamav-0.103.2+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch	2021-09-04 15:51:26.000000000 +0200
@@ -1,4 +1,4 @@
-From e7d10ca987ca563825f867aba937bcd98fc0438d Mon Sep 17 00:00:00 2001
+From bfb43c4b50740d8fbd986c3a340f7a79bae6b59c Mon Sep 17 00:00:00 2001
 From: Scott Kitterman <scott at kitterman.com>
 Date: Mon, 10 Mar 2014 19:20:18 -0400
 Subject: Change paths in sample conf file to match Debian
diff -Nru clamav-0.103.2+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch clamav-0.103.3+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch
--- clamav-0.103.2+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch	2021-09-04 15:51:26.000000000 +0200
@@ -1,4 +1,4 @@
-From c08266ab8074b1c159f4a99fac03d10a161dc543 Mon Sep 17 00:00:00 2001
+From 2a82f87e9fc7d374b0531792c0a2fa2174f57363 Mon Sep 17 00:00:00 2001
 From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
 Date: Thu, 11 Aug 2016 21:54:10 +0200
 Subject: clamd: don't depend on clamav-demon.socket
diff -Nru clamav-0.103.2+dfsg/debian/rules clamav-0.103.3+dfsg/debian/rules
--- clamav-0.103.2+dfsg/debian/rules	2021-04-14 08:38:52.000000000 +0200
+++ clamav-0.103.3+dfsg/debian/rules	2021-09-04 15:51:26.000000000 +0200
@@ -88,7 +88,7 @@
 	  fi;\
 	done; \
 	# Check for library features which may have been upgraded.
-	if ! grep -q "CL_FLEVEL 123" libclamav/others.h ; then \
+	if ! grep -q "CL_FLEVEL 124" libclamav/others.h ; then \
 		echo "cl_retflevel needs boosting in symbol file"; \
 		touch debian/exit; \
 	fi;
diff -Nru clamav-0.103.2+dfsg/docs/man/freshclam.conf.5.in clamav-0.103.3+dfsg/docs/man/freshclam.conf.5.in
--- clamav-0.103.2+dfsg/docs/man/freshclam.conf.5.in	2021-04-06 21:03:42.000000000 +0200
+++ clamav-0.103.3+dfsg/docs/man/freshclam.conf.5.in	2021-06-19 23:15:59.000000000 +0200
@@ -165,6 +165,7 @@
 .TP
 \fBHTTPUserAgent STRING\fR
 If your servers are behind a firewall/proxy which applies User-Agent filtering, you can use this option to force the use of a different User-Agent header.
+As of ClamAV 0.103.3, this setting may not be used when updating from the clamav.net CDN and can only be used when updating from a private mirror.
 .br .
 Default: clamav/version_number
 .TP
diff -Nru clamav-0.103.2+dfsg/etc/freshclam.conf.sample clamav-0.103.3+dfsg/etc/freshclam.conf.sample
--- clamav-0.103.2+dfsg/etc/freshclam.conf.sample	2021-04-06 21:03:42.000000000 +0200
+++ clamav-0.103.3+dfsg/etc/freshclam.conf.sample	2021-06-19 23:15:59.000000000 +0200
@@ -135,7 +135,9 @@
 # If your servers are behind a firewall/proxy which applies User-Agent
 # filtering you can use this option to force the use of a different
 # User-Agent header.
-# Default: clamav/version_number
+# As of ClamAV 0.103.3, this setting may not be used when updating from the
+# clamav.net CDN and can only be used when updating from a private mirror.
+# Default: clamav/version_number (OS: ..., ARCH: ..., CPU: ..., UUID: ...)
 #HTTPUserAgent SomeUserAgentIdString
 
 # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
diff -Nru clamav-0.103.2+dfsg/examples/ex1.c clamav-0.103.3+dfsg/examples/ex1.c
--- clamav-0.103.2+dfsg/examples/ex1.c	2021-04-06 21:03:42.000000000 +0200
+++ clamav-0.103.3+dfsg/examples/ex1.c	2021-06-19 23:15:59.000000000 +0200
@@ -24,7 +24,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#ifndef _WIN32
 #include <unistd.h>
+#endif
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
diff -Nru clamav-0.103.2+dfsg/freshclam/freshclam.c clamav-0.103.3+dfsg/freshclam/freshclam.c
--- clamav-0.103.2+dfsg/freshclam/freshclam.c	2021-04-06 21:03:42.000000000 +0200
+++ clamav-0.103.3+dfsg/freshclam/freshclam.c	2021-06-19 23:15:59.000000000 +0200
@@ -927,8 +927,24 @@
         logg("Connecting via %s\n", fcConfig.proxyServer);
     }
 
-    if (optget(opts, "HTTPUserAgent")->enabled)
-        fcConfig.userAgent = optget(opts, "HTTPUserAgent")->strarg;
+    if (optget(opts, "HTTPUserAgent")->enabled) {
+
+        if (!(optget(opts, "PrivateMirror")->enabled) &&
+            (optget(opts, "DatabaseMirror")->enabled) &&
+            (strstr(optget(opts, "DatabaseMirror")->strarg, "clamav.net"))) {
+            /*
+             * Using the official project CDN.
+             */
+            logg("In an effort to reduce CDN data costs, HTTPUserAgent may not be used when updating from clamav.net.\n");
+            logg("The HTTPUserAgent specified in your config will be ignored so that FreshClam is not blocked by the CDN.\n");
+            logg("If ClamAV's user agent is not allowed through your firewall/proxy, please contact your network administrator.\n\n");
+        } else {
+            /*
+             * Using some other CDN or private mirror.
+             */
+            fcConfig.userAgent = optget(opts, "HTTPUserAgent")->strarg;
+        }
+    }
 
     fcConfig.maxAttempts    = optget(opts, "MaxAttempts")->numarg;
     fcConfig.connectTimeout = optget(opts, "ConnectTimeout")->numarg;
@@ -1891,6 +1907,36 @@
         }
 
         /*
+         * freshclam may have created the freshclam.dat file with as root
+         * if run in daemon-mode, so we should give ownership to the
+         * DatabaseOwner if we're supposed to drop privileges..
+         */
+        if ((0 == geteuid()) && (NULL != optget(opts, "DatabaseOwner")->strarg)) {
+            struct passwd *user = NULL;
+            STATBUF sb;
+
+            if ((user = getpwnam(optget(opts, "DatabaseOwner")->strarg)) == NULL) {
+                logg("^Can't get information about user %s.\n", optget(opts, "DatabaseOwner")->strarg);
+                fprintf(stderr, "ERROR: Can't get information about user %s.\n", optget(opts, "DatabaseOwner")->strarg);
+                status = FC_ECONFIG;
+                goto done;
+            }
+
+            /*Change ownership of the freshclam DAT file to the user we are going to switch to.*/
+            if (CLAMSTAT("freshclam.dat", &sb) != -1) {
+                int ret = lchown("freshclam.dat", user->pw_uid, user->pw_gid);
+                if (ret) {
+                    fprintf(stderr, "ERROR: lchown to user '%s' failed on freshclam.dat\n", user->pw_name);
+                    fprintf(stderr, "Error was '%s'\n", strerror(errno));
+                    logg("^lchown to user '%s' failed on freshclam.dat.  Error was '%s'\n",
+                         user->pw_name, strerror(errno));
+                    status = FC_ECONFIG;
+                    goto done;
+                }
+            }
+        }
+
+        /*
          * freshclam shouldn't work with root privileges.
          * Drop privileges to the DatabaseOwner user, if specified.
          */
diff -Nru clamav-0.103.2+dfsg/libclamav/bytecode_api.h clamav-0.103.3+dfsg/libclamav/bytecode_api.h
--- clamav-0.103.2+dfsg/libclamav/bytecode_api.h	2021-04-06 21:03:42.000000000 +0200
+++ clamav-0.103.3+dfsg/libclamav/bytecode_api.h	2021-06-19 23:15:59.000000000 +0200
@@ -148,6 +148,7 @@
     FUNC_LEVEL_0103      = 121, /**< LibClamAV release 0.103.0 */
     FUNC_LEVEL_0103_1    = 122, /**< LibClamAV release 0.103.1 */
     FUNC_LEVEL_0103_2    = 123, /**< LibClamAV release 0.103.2 */
+    FUNC_LEVEL_0103_3    = 124, /**< LibClamAV release 0.103.3 */
 };
 
 /**
diff -Nru clamav-0.103.2+dfsg/libclamav/c++/Makefile.in clamav-0.103.3+dfsg/libclamav/c++/Makefile.in
--- clamav-0.103.2+dfsg/libclamav/c++/Makefile.in	2021-04-06 21:04:34.000000000 +0200
+++ clamav-0.103.3+dfsg/libclamav/c++/Makefile.in	2021-06-19 23:16:22.000000000 +0200
@@ -5333,8 +5333,8 @@
 	@echo "This command is intended for maintainers to use"
 	@echo "it deletes files that may require special tools to rebuild."
 	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
- at BUILD_EXTERNAL_LLVM_TRUE@distclean-local:
 @BUILD_EXTERNAL_LLVM_TRUE at clean-local:
+ at BUILD_EXTERNAL_LLVM_TRUE@distclean-local:
 clean: clean-am
 
 clean-am: clean-generic clean-libtool clean-local \
diff -Nru clamav-0.103.2+dfsg/libclamav/macho.c clamav-0.103.3+dfsg/libclamav/macho.c
--- clamav-0.103.2+dfsg/libclamav/macho.c	2021-04-06 21:03:43.000000000 +0200
+++ clamav-0.103.3+dfsg/libclamav/macho.c	2021-06-19 23:15:59.000000000 +0200
@@ -562,6 +562,15 @@
         cli_dbgmsg("UNIBIN: Binary %u of %u\n", i + 1, fat_header.nfats);
         cli_dbgmsg("UNIBIN: File offset: %u\n", fat_arch.offset);
         cli_dbgmsg("UNIBIN: File size: %u\n", fat_arch.size);
+
+        /* The offset must be greater than the location of the header or we risk
+           re-scanning the same data over and over again. The scan recursion max
+           will save us, but it will still cause other problems and waste CPU. */
+        if (fat_arch.offset < at) {
+            cli_dbgmsg("Invalid fat offset: %d\n", fat_arch.offset);
+            RETURN_BROKEN;
+        }
+
         ret = cli_magic_scan_nested_fmap_type(map, fat_arch.offset, fat_arch.size, ctx, CL_TYPE_ANY, NULL);
         if (ret == CL_VIRUS)
             break;
diff -Nru clamav-0.103.2+dfsg/libclamav/ole2_extract.c clamav-0.103.3+dfsg/libclamav/ole2_extract.c
--- clamav-0.103.2+dfsg/libclamav/ole2_extract.c	2021-04-06 21:03:43.000000000 +0200
+++ clamav-0.103.3+dfsg/libclamav/ole2_extract.c	2021-06-19 23:15:59.000000000 +0200
@@ -673,7 +673,7 @@
                 break;
             case 2: /* File */
                 ole2_listmsg("file node\n");
-                if (ctx && ctx->engine->maxfiles && ctx->scannedfiles + *file_count > ctx->engine->maxfiles) {
+                if (ctx && ctx->engine->maxfiles && ((*file_count > ctx->engine->maxfiles) || (ctx->scannedfiles > ctx->engine->maxfiles - *file_count))) {
                     cli_dbgmsg("OLE2: files limit reached (max: %u)\n", ctx->engine->maxfiles);
                     ole2_list_delete(&node_list);
                     return CL_EMAXFILES;
diff -Nru clamav-0.103.2+dfsg/libclamav/others_common.c clamav-0.103.3+dfsg/libclamav/others_common.c
--- clamav-0.103.2+dfsg/libclamav/others_common.c	2021-04-06 21:03:43.000000000 +0200
+++ clamav-0.103.3+dfsg/libclamav/others_common.c	2021-06-19 23:15:59.000000000 +0200
@@ -574,28 +574,46 @@
     return stated;
 }
 
-static int handle_filetype(const char *fname, int flags,
-                           STATBUF *statbuf, int *stated, enum filetype *ft,
-                           cli_ftw_cb callback, struct cli_ftw_cbdata *data)
+static cl_error_t handle_filetype(const char *fname, int flags,
+                                  STATBUF *statbuf, int *stated, enum filetype *ft,
+                                  cli_ftw_cb callback, struct cli_ftw_cbdata *data)
 {
-    int ret;
+    cl_error_t status = CL_EMEM;
 
     *stated = get_filetype(fname, flags, flags & CLI_FTW_NEED_STAT, statbuf, ft);
 
     if (*stated == -1) {
-        /*  we failed a stat() or lstat() */
-        ret = callback(NULL, NULL, fname, error_stat, data);
-        if (ret != CL_SUCCESS)
-            return ret;
+        /* we failed a stat() or lstat() */
+        char *fname_copy = cli_strdup(fname);
+        if (NULL == fname_copy) {
+            goto done;
+        }
+
+        status = callback(NULL, fname_copy, fname, error_stat, data);
+        if (status != CL_SUCCESS) {
+            goto done;
+        }
         *ft = ft_unknown;
     } else if (*ft == ft_skipped_link || *ft == ft_skipped_special) {
         /* skipped filetype */
-        ret = callback(stated ? statbuf : NULL, NULL, fname,
-                       *ft == ft_skipped_link ? warning_skipped_link : warning_skipped_special, data);
-        if (ret != CL_SUCCESS)
-            return ret;
+        char *fname_copy = cli_strdup(fname);
+        if (NULL == fname_copy) {
+            goto done;
+        }
+
+        status = callback(stated ? statbuf : NULL,
+                          fname_copy,
+                          fname,
+                          *ft == ft_skipped_link ? warning_skipped_link : warning_skipped_special,
+                          data);
+        if (status != CL_SUCCESS)
+            goto done;
     }
-    return CL_SUCCESS;
+
+    status = CL_SUCCESS;
+
+done:
+    return status;
 }
 
 static int cli_ftw_dir(const char *dirname, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk);
@@ -608,13 +626,14 @@
     }
 }
 
-int cli_ftw(char *path, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk)
+cl_error_t cli_ftw(char *path, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk)
 {
+    cl_error_t status = CL_EMEM;
     STATBUF statbuf;
     enum filetype ft = ft_unknown;
     struct dirent_data entry;
-    int stated = 0;
-    int ret;
+    int stated      = 0;
+    char *path_copy = NULL;
 
     if (((flags & CLI_FTW_TRIM_SLASHES) || pathchk) && path[0] && path[1]) {
         char *pathend;
@@ -627,23 +646,49 @@
         while (pathend > path && pathend[-1] == *PATHSEP) --pathend;
         *pathend = '\0';
     }
-    if (pathchk && pathchk(path, data) == 1)
-        return CL_SUCCESS;
-    ret = handle_filetype(path, flags, &statbuf, &stated, &ft, callback, data);
-    if (ret != CL_SUCCESS)
-        return ret;
-    if (ft_skipped(ft))
-        return CL_SUCCESS;
-    entry.statbuf  = stated ? &statbuf : NULL;
-    entry.is_dir   = ft == ft_directory;
-    entry.filename = entry.is_dir ? NULL : strdup(path);
-    entry.dirname  = entry.is_dir ? path : NULL;
+
+    if (pathchk && pathchk(path, data) == 1) {
+        status = CL_SUCCESS;
+        goto done;
+    }
+
+    status = handle_filetype(path, flags, &statbuf, &stated, &ft, callback, data);
+    if (status != CL_SUCCESS) {
+        goto done;
+    }
+
+    if (ft_skipped(ft)) {
+        status = CL_SUCCESS;
+        goto done;
+    }
+
+    entry.statbuf = stated ? &statbuf : NULL;
+    entry.is_dir  = ft == ft_directory;
+
     if (entry.is_dir) {
-        ret = callback(entry.statbuf, NULL, path, visit_directory_toplev, data);
-        if (ret != CL_SUCCESS)
-            return ret;
+        path_copy = cli_strdup(path);
+        if (NULL == path_copy) {
+            goto done;
+        }
+
+        status = callback(entry.statbuf, path_copy, path, visit_directory_toplev, data);
+        if (status != CL_SUCCESS) {
+            goto done;
+        }
+    }
+
+    path_copy = cli_strdup(path);
+    if (NULL == path_copy) {
+        goto done;
     }
-    return handle_entry(&entry, flags, maxdepth, callback, data, pathchk);
+
+    entry.filename = entry.is_dir ? NULL : path_copy;
+    entry.dirname  = entry.is_dir ? path : NULL;
+
+    status = handle_entry(&entry, flags, maxdepth, callback, data, pathchk);
+
+done:
+    return status;
 }
 
 static int cli_ftw_dir(const char *dirname, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk)
diff -Nru clamav-0.103.2+dfsg/libclamav/others.h clamav-0.103.3+dfsg/libclamav/others.h
--- clamav-0.103.2+dfsg/libclamav/others.h	2021-04-06 21:03:43.000000000 +0200
+++ clamav-0.103.3+dfsg/libclamav/others.h	2021-06-19 23:15:59.000000000 +0200
@@ -72,7 +72,7 @@
  * in re-enabling affected modules.
  */
 
-#define CL_FLEVEL 123
+#define CL_FLEVEL 124
 #define CL_FLEVEL_DCONF CL_FLEVEL
 #define CL_FLEVEL_SIGTOOL CL_FLEVEL
 
@@ -951,7 +951,7 @@
  * which one it is.
  * If it is a file, it simply calls the callback once, otherwise recurses.
  */
-int cli_ftw(char *base, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk);
+cl_error_t cli_ftw(char *base, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk);
 
 const char *cli_strerror(int errnum, char *buf, size_t len);
 
diff -Nru clamav-0.103.2+dfsg/libclamav/png.c clamav-0.103.3+dfsg/libclamav/png.c
--- clamav-0.103.2+dfsg/libclamav/png.c	2021-04-06 21:03:43.000000000 +0200
+++ clamav-0.103.3+dfsg/libclamav/png.c	2021-06-19 23:15:59.000000000 +0200
@@ -357,7 +357,7 @@
                     zstrm_initialized = false;
                     idat_state = PNG_IDAT_DECOMPRESSION_COMPLETE;
 
-                    if (decompressed_data_len > image_size) {
+                    if ((decompressed_data_len > image_size) && (SCAN_HEURISTIC_BROKEN_MEDIA)) {
                         status = cli_append_virus(ctx, "Heuristics.PNG.CVE-2010-1205");
                         goto done;
                     }
diff -Nru clamav-0.103.2+dfsg/libclamav/scanners.c clamav-0.103.3+dfsg/libclamav/scanners.c
--- clamav-0.103.2+dfsg/libclamav/scanners.c	2021-04-06 21:03:43.000000000 +0200
+++ clamav-0.103.3+dfsg/libclamav/scanners.c	2021-06-19 23:15:59.000000000 +0200
@@ -3123,6 +3123,7 @@
         (type != CL_TYPE_GPT) &&       /* Omit GPT files because it's an image format that we can extract and scan manually. */
         (type != CL_TYPE_CPIO_OLD) &&  /* Omit CPIO_OLD files because it's an image format that we can extract and scan manually. */
         (type != CL_TYPE_ZIP) &&       /* Omit ZIP files because it'll detect each zip file entry as SFXZIP, which is a waste. We'll extract it and then scan. */
+        (type != CL_TYPE_ZIPSFX) &&    /* Omit ZIPSFX files because we should've already detected each entry with embedded file type recognition already! */
         (type != CL_TYPE_OLD_TAR) &&   /* Omit OLD TAR files because it's a raw archive format that we can extract and scan manually. */
         (type != CL_TYPE_POSIX_TAR)) { /* Omit POSIX TAR files because it's a raw archive format that we can extract and scan manually. */
         /*
@@ -4875,7 +4876,7 @@
 
     cli_logg_setup(&ctx);
 
-    rc = cli_magic_scan_nested_fmap_type(map, 0, map->len, &ctx, CL_TYPE_ANY, target_basename);
+    rc = cli_magic_scan(&ctx, CL_TYPE_ANY);
 
     if (rc == CL_CLEAN && ctx.found_possibly_unwanted) {
         cli_virus_found_cb(&ctx);
diff -Nru clamav-0.103.2+dfsg/libfreshclam/libfreshclam.c clamav-0.103.3+dfsg/libfreshclam/libfreshclam.c
--- clamav-0.103.2+dfsg/libfreshclam/libfreshclam.c	2021-04-06 21:03:43.000000000 +0200
+++ clamav-0.103.3+dfsg/libfreshclam/libfreshclam.c	2021-06-19 23:16:00.000000000 +0200
@@ -250,12 +250,12 @@
 
     g_bCompressLocalDatabase = fcConfig->bCompressLocalDatabase;
 
-    /* Load or create mirrors.dat */
-    if (FC_SUCCESS != load_mirrors_dat()) {
-        logg("*Failed to load mirrors.dat; will create a new mirrors.dat\n");
+    /* Load or create freshclam.dat */
+    if (FC_SUCCESS != load_freshclam_dat()) {
+        logg("*Failed to load freshclam.dat; will create a new freshclam.dat\n");
 
-        if (FC_SUCCESS != new_mirrors_dat()) {
-            logg("^Failed to create a new mirrors.dat!\n");
+        if (FC_SUCCESS != new_freshclam_dat()) {
+            logg("^Failed to create a new freshclam.dat!\n");
             status = FC_EINIT;
             goto done;
         }
@@ -308,9 +308,9 @@
         free(g_tempDirectory);
         g_tempDirectory = NULL;
     }
-    if (NULL != g_mirrorsDat) {
-        free(g_mirrorsDat);
-        g_mirrorsDat = NULL;
+    if (NULL != g_freshclamDat) {
+        free(g_freshclamDat);
+        g_freshclamDat = NULL;
     }
 }
 
@@ -683,7 +683,7 @@
                 case FC_ERETRYLATER: {
                     char retry_after_string[26];
                     struct tm *tm_info;
-                    tm_info = localtime(&g_mirrorsDat->retry_after);
+                    tm_info = localtime(&g_freshclamDat->retry_after);
                     if (NULL == tm_info) {
                         logg("!Failed to query the local time for the retry-after date!\n");
                         status = FC_ERROR;
@@ -750,12 +750,12 @@
 
     *nUpdated = 0;
 
-    if (g_mirrorsDat->retry_after > 0) {
-        if (g_mirrorsDat->retry_after > time(NULL)) {
+    if (g_freshclamDat->retry_after > 0) {
+        if (g_freshclamDat->retry_after > time(NULL)) {
             /* We're on cool-down, try again later. */
             char retry_after_string[26];
             struct tm *tm_info;
-            tm_info = localtime(&g_mirrorsDat->retry_after);
+            tm_info = localtime(&g_freshclamDat->retry_after);
             if (NULL == tm_info) {
                 logg("!Failed to query the local time for the retry-after date!\n");
                 status = FC_ERROR;
@@ -776,9 +776,9 @@
             status = FC_SUCCESS;
             goto done;
         } else {
-            g_mirrorsDat->retry_after = 0;
+            g_freshclamDat->retry_after = 0;
             logg("^Cool-down expired, ok to try again.\n");
-            save_mirrors_dat();
+            save_freshclam_dat();
         }
     }
 
@@ -889,7 +889,7 @@
             case FC_ERETRYLATER: {
                 char retry_after_string[26];
                 struct tm *tm_info;
-                tm_info = localtime(&g_mirrorsDat->retry_after);
+                tm_info = localtime(&g_freshclamDat->retry_after);
                 if (NULL == tm_info) {
                     logg("!Failed to query the local time for the retry-after date!\n");
                     status = FC_ERROR;
diff -Nru clamav-0.103.2+dfsg/libfreshclam/libfreshclam_internal.c clamav-0.103.3+dfsg/libfreshclam/libfreshclam_internal.c
--- clamav-0.103.2+dfsg/libfreshclam/libfreshclam_internal.c	2021-04-06 21:03:43.000000000 +0200
+++ clamav-0.103.3+dfsg/libfreshclam/libfreshclam_internal.c	2021-06-19 23:16:00.000000000 +0200
@@ -116,7 +116,7 @@
 
 uint32_t g_bCompressLocalDatabase = 0;
 
-mirrors_dat_v1_t *g_mirrorsDat = NULL;
+freshclam_dat_v1_t *g_freshclamDat = NULL;
 
 /** @brief Generate a Version 4 UUID according to RFC-4122
  *
@@ -164,12 +164,12 @@
     return;
 }
 
-fc_error_t load_mirrors_dat(void)
+fc_error_t load_freshclam_dat(void)
 {
     fc_error_t status      = FC_EINIT;
     int handle             = -1;
     ssize_t bread          = 0;
-    mirrors_dat_v1_t *mdat = NULL;
+    freshclam_dat_v1_t *mdat = NULL;
     uint32_t version       = 0;
     char magic[13]         = {0};
 
@@ -181,13 +181,13 @@
     }
     logg("*Current working dir is %s\n", g_databaseDirectory);
 
-    if (-1 == (handle = open("mirrors.dat", O_RDONLY | O_BINARY))) {
+    if (-1 == (handle = open("freshclam.dat", O_RDONLY | O_BINARY))) {
         char currdir[PATH_MAX];
 
         if (getcwd(currdir, sizeof(currdir)))
-            logg("*Can't open mirrors.dat in %s\n", currdir);
+            logg("*Can't open freshclam.dat in %s\n", currdir);
         else
-            logg("*Can't open mirrors.dat in the current directory\n");
+            logg("*Can't open freshclam.dat in the current directory\n");
 
         logg("*It probably doesn't exist yet. That's ok.\n");
         status = FC_EFILE;
@@ -197,18 +197,18 @@
     if (strlen(MIRRORS_DAT_MAGIC) != (bread = read(handle, &magic, strlen(MIRRORS_DAT_MAGIC)))) {
         char error_message[260];
         cli_strerror(errno, error_message, 260);
-        logg("!Can't read magic from mirrors.dat. Bytes read: %zi, error: %s\n", bread, error_message);
+        logg("!Can't read magic from freshclam.dat. Bytes read: %zi, error: %s\n", bread, error_message);
         goto done;
     }
     if (0 != strncmp(magic, MIRRORS_DAT_MAGIC, strlen(MIRRORS_DAT_MAGIC))) {
-        logg("*Magic bytes for mirrors.dat did not match expectations.\n");
+        logg("*Magic bytes for freshclam.dat did not match expectations.\n");
         goto done;
     }
 
     if (sizeof(uint32_t) != (bread = read(handle, &version, sizeof(uint32_t)))) {
         char error_message[260];
         cli_strerror(errno, error_message, 260);
-        logg("!Can't read version from mirrors.dat. Bytes read: %zi, error: %s\n", bread, error_message);
+        logg("!Can't read version from freshclam.dat. Bytes read: %zi, error: %s\n", bread, error_message);
         goto done;
     }
 
@@ -217,25 +217,25 @@
             /* Verify that file size is as expected. */
             off_t file_size = lseek(handle, 0L, SEEK_END);
 
-            if (strlen(MIRRORS_DAT_MAGIC) + sizeof(mirrors_dat_v1_t) != (size_t)file_size) {
-                logg("*mirrors.dat is bigger than expected: %zu != %ld\n", sizeof(mirrors_dat_v1_t), file_size);
+            if (strlen(MIRRORS_DAT_MAGIC) + sizeof(freshclam_dat_v1_t) != (size_t)file_size) {
+                logg("*freshclam.dat is bigger than expected: %zu != %ld\n", sizeof(freshclam_dat_v1_t), file_size);
                 goto done;
             }
 
             /* Rewind to just after the magic bytes and read data struct */
             lseek(handle, strlen(MIRRORS_DAT_MAGIC), SEEK_SET);
 
-            mdat = malloc(sizeof(mirrors_dat_v1_t));
+            mdat = malloc(sizeof(freshclam_dat_v1_t));
             if (NULL == mdat) {
-                logg("!Failed to allocate memory for mirrors.dat\n");
+                logg("!Failed to allocate memory for freshclam.dat\n");
                 status = FC_EMEM;
                 goto done;
             }
 
-            if (sizeof(mirrors_dat_v1_t) != (bread = read(handle, mdat, sizeof(mirrors_dat_v1_t)))) {
+            if (sizeof(freshclam_dat_v1_t) != (bread = read(handle, mdat, sizeof(freshclam_dat_v1_t)))) {
                 char error_message[260];
                 cli_strerror(errno, error_message, 260);
-                logg("!Can't read from mirrors.dat. Bytes read: %zi, error: %s\n", bread, error_message);
+                logg("!Can't read from freshclam.dat. Bytes read: %zi, error: %s\n", bread, error_message);
                 goto done;
             }
 
@@ -245,27 +245,27 @@
 
             /* This is the latest version.
                If we change the format in the future, we may wish to create a new
-               mirrors dat struct, import the relevant bits to the new format,
-               and then save (overwrite) mirrors.dat with the new data. */
-            if (NULL != g_mirrorsDat) {
-                free(g_mirrorsDat);
+               freshclam.dat struct, import the relevant bits to the new format,
+               and then save (overwrite) freshclam.dat with the new data. */
+            if (NULL != g_freshclamDat) {
+                free(g_freshclamDat);
             }
-            g_mirrorsDat = mdat;
+            g_freshclamDat = mdat;
             mdat         = NULL;
             break;
         }
         default: {
-            logg("*mirrors.dat version is different than expected: %u != %u\n", 1, version);
+            logg("*freshclam.dat version is different than expected: %u != %u\n", 1, version);
             goto done;
         }
     }
 
-    logg("*Loaded mirrors.dat:\n");
-    logg("*  version:    %d\n", g_mirrorsDat->version);
-    logg("*  uuid:       %s\n", g_mirrorsDat->uuid);
-    if (g_mirrorsDat->retry_after > 0) {
+    logg("*Loaded freshclam.dat:\n");
+    logg("*  version:    %d\n", g_freshclamDat->version);
+    logg("*  uuid:       %s\n", g_freshclamDat->uuid);
+    if (g_freshclamDat->retry_after > 0) {
         char retry_after_string[26];
-        struct tm *tm_info = localtime(&g_mirrorsDat->retry_after);
+        struct tm *tm_info = localtime(&g_freshclamDat->retry_after);
         if (NULL == tm_info) {
             logg("!Failed to query the local time for the retry-after date!\n");
             goto done;
@@ -284,45 +284,45 @@
         if (NULL != mdat) {
             free(mdat);
         }
-        if (NULL != g_mirrorsDat) {
-            free(g_mirrorsDat);
-            g_mirrorsDat = NULL;
+        if (NULL != g_freshclamDat) {
+            free(g_freshclamDat);
+            g_freshclamDat = NULL;
         }
     }
 
     return status;
 }
 
-fc_error_t save_mirrors_dat(void)
+fc_error_t save_freshclam_dat(void)
 {
     fc_error_t status = FC_EINIT;
     int handle        = -1;
 
-    if (NULL == g_mirrorsDat) {
-        logg("!Attempted to save mirrors data to mirrors.dat before initializing it!\n");
+    if (NULL == g_freshclamDat) {
+        logg("!Attempted to save freshclam.dat before initializing data struct!\n");
         goto done;
     }
 
-    if (-1 == (handle = open("mirrors.dat", O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644))) {
+    if (-1 == (handle = open("freshclam.dat", O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644))) {
         char currdir[PATH_MAX];
 
         if (getcwd(currdir, sizeof(currdir)))
-            logg("!Can't create mirrors.dat in %s\n", currdir);
+            logg("!Can't create freshclam.dat in %s\n", currdir);
         else
-            logg("!Can't create mirrors.dat in the current directory\n");
+            logg("!Can't create freshclam.dat in the current directory\n");
 
         logg("Hint: The database directory must be writable for UID %d or GID %d\n", getuid(), getgid());
         status = FC_EDBDIRACCESS;
         goto done;
     }
     if (-1 == write(handle, MIRRORS_DAT_MAGIC, strlen(MIRRORS_DAT_MAGIC))) {
-        logg("!Can't write to mirrors.dat\n");
+        logg("!Can't write to freshclam.dat\n");
     }
-    if (-1 == write(handle, g_mirrorsDat, sizeof(mirrors_dat_v1_t))) {
-        logg("!Can't write to mirrors.dat\n");
+    if (-1 == write(handle, g_freshclamDat, sizeof(freshclam_dat_v1_t))) {
+        logg("!Can't write to freshclam.dat\n");
     }
 
-    logg("*Saved mirrors.dat\n");
+    logg("*Saved freshclam.dat\n");
 
     status = FC_SUCCESS;
 done:
@@ -333,13 +333,13 @@
     return status;
 }
 
-fc_error_t new_mirrors_dat(void)
+fc_error_t new_freshclam_dat(void)
 {
     fc_error_t status = FC_EINIT;
 
-    mirrors_dat_v1_t *mdat = calloc(1, sizeof(mirrors_dat_v1_t));
+    freshclam_dat_v1_t *mdat = calloc(1, sizeof(freshclam_dat_v1_t));
     if (NULL == mdat) {
-        logg("!Failed to allocate memory for mirrors.dat\n");
+        logg("!Failed to allocate memory for freshclam.dat\n");
         status = FC_EMEM;
         goto done;
     }
@@ -348,15 +348,15 @@
     mdat->retry_after = 0;
     uuid_v4_gen(mdat->uuid);
 
-    if (NULL != g_mirrorsDat) {
-        free(g_mirrorsDat);
+    if (NULL != g_freshclamDat) {
+        free(g_freshclamDat);
     }
-    g_mirrorsDat = mdat;
+    g_freshclamDat = mdat;
 
-    logg("*Creating new mirrors.dat\n");
+    logg("*Creating new freshclam.dat\n");
 
-    if (FC_SUCCESS != save_mirrors_dat()) {
-        logg("!Failed to save mirrors.dat!\n");
+    if (FC_SUCCESS != save_freshclam_dat()) {
+        logg("!Failed to save freshclam.dat!\n");
         status = FC_EFILE;
         goto done;
     }
@@ -368,7 +368,7 @@
         if (NULL != mdat) {
             free(mdat);
         }
-        g_mirrorsDat = NULL;
+        g_freshclamDat = NULL;
     }
     return status;
 }
@@ -597,7 +597,7 @@
         snprintf(userAgent, sizeof(userAgent),
                  PACKAGE "/%s (OS: " TARGET_OS_TYPE ", ARCH: " TARGET_ARCH_TYPE ", CPU: " TARGET_CPU_TYPE ", UUID: %s)",
                  get_version(),
-                 g_mirrorsDat->uuid);
+                 g_freshclamDat->uuid);
     }
     userAgent[sizeof(userAgent) - 1] = 0;
 
@@ -1013,13 +1013,13 @@
 
             if (retry_after > 0) {
                 /* The response gave us a Retry-After date. Use that. */
-                g_mirrorsDat->retry_after = time(NULL) + (time_t)retry_after;
+                g_freshclamDat->retry_after = time(NULL) + (time_t)retry_after;
             } else {
                 /* Try again in no less than 4 hours if the response didn't specify
                    or if CURLINFO_RETRY_AFTER is not supported. */
-                g_mirrorsDat->retry_after = time(NULL) + 60 * 60 * 4;
+                g_freshclamDat->retry_after = time(NULL) + 60 * 60 * 4;
             }
-            (void)save_mirrors_dat();
+            (void)save_freshclam_dat();
 
             break;
         }
@@ -1309,13 +1309,13 @@
 
             if (retry_after > 0) {
                 /* The response gave us a Retry-After date. Use that. */
-                g_mirrorsDat->retry_after = time(NULL) + (time_t)retry_after;
+                g_freshclamDat->retry_after = time(NULL) + (time_t)retry_after;
             } else {
                 /* Try again in no less than 4 hours if the response didn't specify
                    or if CURLINFO_RETRY_AFTER is not supported. */
-                g_mirrorsDat->retry_after = time(NULL) + 60 * 60 * 4;
+                g_freshclamDat->retry_after = time(NULL) + 60 * 60 * 4;
             }
-            (void)save_mirrors_dat();
+            (void)save_freshclam_dat();
 
             break;
         }
diff -Nru clamav-0.103.2+dfsg/libfreshclam/libfreshclam_internal.h clamav-0.103.3+dfsg/libfreshclam/libfreshclam_internal.h
--- clamav-0.103.2+dfsg/libfreshclam/libfreshclam_internal.h	2021-04-06 21:03:43.000000000 +0200
+++ clamav-0.103.3+dfsg/libfreshclam/libfreshclam_internal.h	2021-06-19 23:16:00.000000000 +0200
@@ -33,12 +33,12 @@
 // clang-format on
 
 #define SIZEOF_UUID_V4 37                 /** For uuid_v4_gen(), includes NULL byte */
-#define MIRRORS_DAT_MAGIC "FreshClamData" /** Magic bytes for mirrors.dat found before mirrors_dat_v1_t */
-typedef struct _mirrors_dat_v1 {
+#define MIRRORS_DAT_MAGIC "FreshClamData" /** Magic bytes for freshclam.dat found before freshclam_dat_v1_t */
+typedef struct _freshclam_dat_v1 {
     uint32_t version;          /** version of this dat format */
     char uuid[SIZEOF_UUID_V4]; /** uuid to be used in user-agent */
     time_t retry_after;        /** retry date. If > 0, don't update until after this date */
-} mirrors_dat_v1_t;
+} freshclam_dat_v1_t;
 
 /* ----------------------------------------------------------------------------
  * Internal libfreshclam globals
@@ -63,11 +63,11 @@
 
 extern uint32_t g_bCompressLocalDatabase;
 
-extern mirrors_dat_v1_t *g_mirrorsDat;
+extern freshclam_dat_v1_t *g_freshclamDat;
 
-fc_error_t load_mirrors_dat(void);
-fc_error_t save_mirrors_dat(void);
-fc_error_t new_mirrors_dat(void);
+fc_error_t load_freshclam_dat(void);
+fc_error_t save_freshclam_dat(void);
+fc_error_t new_freshclam_dat(void);
 
 fc_error_t updatedb(
     const char *database,
diff -Nru clamav-0.103.2+dfsg/m4/reorganization/version.m4 clamav-0.103.3+dfsg/m4/reorganization/version.m4
--- clamav-0.103.2+dfsg/m4/reorganization/version.m4	2021-04-06 21:03:43.000000000 +0200
+++ clamav-0.103.3+dfsg/m4/reorganization/version.m4	2021-06-19 23:16:00.000000000 +0200
@@ -3,7 +3,7 @@
 dnl For beta,                  set: VERSION="<version>-beta"
 dnl For release candidate,     set: VERSION="<version>-rc"
 dnl For release,               set: VERSION="<version>"
-VERSION="0.103.2"
+VERSION="0.103.3"
 
 major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/[^0-9]//g"`
 minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/[^0-9]//g"`
diff -Nru clamav-0.103.2+dfsg/NEWS.md clamav-0.103.3+dfsg/NEWS.md
--- clamav-0.103.2+dfsg/NEWS.md	2021-04-06 21:03:42.000000000 +0200
+++ clamav-0.103.3+dfsg/NEWS.md	2021-06-19 23:15:59.000000000 +0200
@@ -3,6 +3,55 @@
 Note: This file refers to the source tarball. Things described here may differ
  slightly from the binary packages.
 
+## 0.103.3
+
+ClamAV 0.103.3 is a patch release with the following fixes:
+
+- Fixed a scan performance issue when ENGINE_OPTIONS_FORCE_TO_DISK is enabled.
+  This issue did not impacted most users but for those affected it caused every
+  scanned file to be copied to the temp directory before the scan.
+
+- Fix ClamDScan crashes when using the `--fdpass --multiscan` command-line
+  options in combination with the ClamD `ExcludePath` config file options.
+
+- Fixed an issue where the `mirrors.dat` file is owned by root when starting as
+  root (or with sudo) and using daemon-mode. File ownership will be set to the
+  `DatabaseOwner` just before FreshClam switches to run as that user.
+
+- Renamed the `mirrors.dat` file to `freshclam.dat`.
+
+  We used to recommend deleting `mirrors.dat` if FreshClam failed to update.
+  This is because `mirrors.dat` used to keep track of offline mirrors and
+  network interruptions were known to cause FreshClam to think that all mirrors
+  were offline. ClamAV now uses a paid CDN instead of a mirror network, and the
+  new FreshClam DAT file no longer stores that kind of information.
+  The UUID used in ClamAV's HTTP User-Agent is stored in the FreshClam DAT file
+  and we want the UUID to persist between runs, even if there was a failure.
+
+  Unfortunately, some users have FreshClam configured to automatically delete
+  `mirrors.dat` if FreshClam failed. Renaming `mirrors.dat` to `freshclam.dat`
+  should make it so those scripts don't delete important FreshClam data.
+
+- Disabled the `HTTPUserAgent` config option if the `DatabaseMirror` uses
+  clamav.net. This will prevent users from being inadvertently blocked and
+  will ensure that we can keep better metrics on which ClamAV versions are
+  being used.
+
+  This change effectively deprecates the `HTTPUserAgent` option for most users.
+
+- Moved the detection for Heuristics.PNG.CVE-2010-1205 behind the
+  ClamScan `--alert-broken-media` option (ClamD `AlertBrokenMedia yes`) option.
+  This type of PNG issue appears to be common enough to be an annoyance, and
+  the CVE is old enough that no one should be vulnerable at this point.
+
+- Fix ClamSubmit failures after changes to Cloudflare "__cfduid" cookies.
+  See: https://blog.cloudflare.com/deprecating-cfduid-cookie/
+
+Special thanks to the following for code contributions and bug reports:
+
+- Stephen Agate
+- Tom Briden
+
 ## 0.103.2
 
 ClamAV 0.103.2 is a security patch release with the following fixes:
diff -Nru clamav-0.103.2+dfsg/unit_tests/check_clamd.c clamav-0.103.3+dfsg/unit_tests/check_clamd.c
--- clamav-0.103.2+dfsg/unit_tests/check_clamd.c	2021-04-06 21:03:43.000000000 +0200
+++ clamav-0.103.3+dfsg/unit_tests/check_clamd.c	2021-06-19 23:16:00.000000000 +0200
@@ -121,7 +121,7 @@
 
 #define NONEXISTENT "/nonexistent\vfilename"
 
-#define NONEXISTENT_REPLY NONEXISTENT ": lstat() failed: No such file or directory. ERROR"
+#define NONEXISTENT_REPLY NONEXISTENT ": File path check failure: No such file or directory. ERROR"
 
 #define ACCDENIED BUILDDIR "/accdenied"
 #define ACCDENIED_REPLY ACCDENIED ": Access denied. ERROR"


More information about the Pkg-openssl-devel mailing list