← Package directory
Available on winget

Install ClamAV

ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

Install with winget
winget install --id Cisco.ClamAV
Upgrade
winget upgrade --id Cisco.ClamAV
Uninstall
winget uninstall --id Cisco.ClamAV

About ClamAV

ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

What's new in 1.5.3

ClamAV 1.5.3 is a patch release with the following fixes: - CVE-2026-20217: Fixed a bug in the PESpin unpacker cleanup path that could free pointers into the scanned file buffer and crash the scanner. This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as 2005. The fix is included in 1.5.3 and 1.4.5. Thank you to Atuin - Automated Vulnerability Discovery Engine, Tianchu Chen of Tencent Xuanwu Lab for identifying this issue. - CVE-2026-20213: Fixed an integer overflow in PE rebuild size calculations that could be reached through a malformed Aspack-packed PE file and lead to a heap buffer overflow write. This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as 2007. The fix is included in 1.5.3 and 1.4.5. Thank you to Trail of Bits, in collaboration with Anthropic, for identifying this issue. - CVE-2026-20216: Fixed an InstallShield archive extraction limit bypass that could write far more temporary data than intended and exhaust temporary storage. This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as 2009. The fix is included in 1.5.3 and 1.4.5. Thank you to Mizu for identifying this issue. - CVE-2026-20214: Fixed an FSG unpacker loop underflow that could write past the section array while scanning a malformed PE file. This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as 2004. The fix is included in 1.5.3 and 1.4.5. Thank you to Trail of Bits, in collaboration with Anthropic, for identifying this issue. - CVE-2026-20243: Fixed ALZ parser size handling bugs that could cause malformed...

Read release notes

Version history

Version Updated Notes
1.5.3 Unknown ClamAV 1.5.3 is a patch release with the following fixes: - CVE-2026-20217: Fixed a bug in the PESpin unpacker cleanup path that could free pointers into the scanned file buffer and crash the scanner. This issue affects...
1.5.2 Unknown ClamAV 1.5.2 is a patch release with the following fixes: - CVE-2026-20031: Fixed an error handling bug in the HTML file parser that may crash the program and cause a denial-of-service (DoS) condition. This issue was int...
1.5.1 Unknown ClamAV 1.5.1 is a patch release with the following fixes: - Fixed a significant performance issue when scanning some PE files. - Fixed an issue recording file entries from a ZIP archive central directory which resulted i...
1.5.0 Unknown ClamAV 1.5.0 includes the following improvements and changes: Major changes - Added checks to determine if an OLE2-based Microsoft Office document is encrypted. GitHub pull request - Added the ability to record URIs foun...
1.4.2 Unknown Release notes
1.3.1 Unknown ClamAV 1.3.1 is a critical patch release with the following fixes:- CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 onl...
1.3.0 Unknown Release notes
1.1.0 Unknown Major changes - Added the ability to extract images embedded in HTML CSS <style> blocks. - GitHub pull request: #813 - Updated to Sigtool so that the --vba option will extract VBA code from - GitHub pull request: #852 -...
0.105.0 Unknown No notes