ClamAV 1.5 adds external CVD signing, FIPS mode, and new detection features

ClamAV 1.5.0 introduces major security and compliance improvements centered on FIPS (Federal Information Processing Standards) compatibility. Signature database files are now verified using new .cvd.sign external signature files, replacing the old MD5-based RSA method. Freshclam automatically downloads these files for daily, main, and bytecode databases, ensuring proper operation in FIPS-mode environments.

The update adds FIPS-limits options that disable MD5 and SHA1 for signature validation and file trust checks. The clean-file cache now uses SHA2-256 for improved integrity, and a new configurable certs directory manages trusted signature authorities. These changes align ClamAV with modern cryptographic standards. Administrators also gain new configuration options, including regex-based path exclusions in clamd.conf and the ability to disable commands such as SHUTDOWN or RELOAD in restricted environments.

ClamAV 1.5.0 also expands external signature support to Freshclam, ClamD, ClamScan, and Sigtool, enabling signing and verification through the new .sign system. It now identifies encrypted OLE2-based Microsoft Office documents, improves ZIP archive parsing, and recognizes certain AI model file types. Developers benefit from expanded public APIs for CVD verification, unpacking, and scanning with hash and file-type hints, along with a new scan callback system for custom scanning logic. Metadata generation has been refined, with JSON outputs separating Indicators and Alerts arrays and options to record or exclude URIs from HTML and PDF files, giving users more control and precision over scan reporting.