winget install --id Cisco.ClamAVAbout ClamAV
ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
What's new in 1.5.2
ClamAV 1.5.2 is a patch release with the following fixes: - CVE-2026-20031: Fixed an error handling bug in the HTML file parser that may crash the program and cause a denial-of-service (DoS) condition. This issue was introduced in version 1.1.0. The fix is included in 1.5.2 and 1.4.4. - Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV dependency, a Rust image library. Unfortunately, this change requires a newer Rust compiler for ClamAV. The minimum Rust version for ClamAV 1.4.3 was 1.85.1. The minimum Rust version for ClamAV 1.4.4 is now 1.87.0. - Fixed a possible crash on Windows when scanning some files while using the LeaveTemporaryFiles and TemporaryDirectory features. - The CVD verification process will now ignore certificate files in the CVD certs directory when the user lacks read permissions. - Freshclam: Fixed CLD verification bug with PrivateMirror option. - Upgraded the Rust bytes dependency to a newer version to resolve the RUSTSEC-2026-0007 advisory. - Fixed a possible crash caused by invalid pointer alignment on some platforms. This fix is courtesy of Hsuan-Ming Chen at Synology PSIRT.
Version history
| Version | Updated | Notes |
|---|---|---|
| 1.5.2 | Unknown | ClamAV 1.5.2 is a patch release with the following fixes: - CVE-2026-20031: Fixed an error handling bug in the HTML file parser that may crash the program and cause a denial-of-service (DoS) condition. This issue was int... |
| 1.5.1 | Unknown | ClamAV 1.5.1 is a patch release with the following fixes: - Fixed a significant performance issue when scanning some PE files. - Fixed an issue recording file entries from a ZIP archive central directory which resulted i... |
| 1.5.0 | Unknown | ClamAV 1.5.0 includes the following improvements and changes: Major changes - Added checks to determine if an OLE2-based Microsoft Office document is encrypted. GitHub pull request - Added the ability to record URIs foun... |
| 1.4.2 | Unknown | Release notes |
| 1.3.1 | Unknown | ClamAV 1.3.1 is a critical patch release with the following fixes:- CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 onl... |
| 1.3.0 | Unknown | Release notes |
| 1.1.0 | Unknown | Major changes - Added the ability to extract images embedded in HTML CSS <style> blocks. - GitHub pull request: #813 - Updated to Sigtool so that the --vba option will extract VBA code from - GitHub pull request: #852 -... |
| 0.105.0 | Unknown | No notes |