Over a year after the previous 1.4 release, ClamAV, a mainstay in the open-source antivirus world developed by Cisco Talos, a part of Cisco Systems Inc., has released its latest version, 1.5.
One of the headline features in this update is the new FIPS-compatible method for verifying the authenticity of CVD signature databases and CDIFF patch files. This system now utilizes external “.cvd.sign” files for the daily, main, and bytecode databases, which are downloaded automatically by Freshclam or CVDUpdate.
When these signature files aren’t available, ClamAV will fall back to its legacy MD5-based RSA verification method.
On the security side, ClamAV 1.5 replaces all previous MD5-based clean-file caching with SHA2-256 hashing, addressing long-standing concerns about weak cryptographic algorithms.
A new configuration option, FIPSCryptoHashLimits, enforces stricter limits on hash usage by disabling MD5 and SHA1 when running in FIPS-mode environments. The change ensures that ClamAV can now operate legitimately under systems that require FIPS-approved algorithms.
Beyond compliance, ClamAV 1.5 brings a series of usability and configuration improvements. Freshclam, ClamD, ClamScan, and Sigtool now share a new option—--cvdcertsdir—for setting custom certificate directories. Administrators can also define these paths through configuration files or environment variables, offering greater flexibility in enterprise setups.
Scanning precision has been improved as well. ClamScan now reports byte counts in GiB, MiB, KiB, or B units, providing exact file-size metrics instead of rounded megabyte values.
Users also gain new command-line options such as --log-hash, --hash-alg, and --file-type-hint, giving more control over how hashes and file types are handled and logged during scans.
Under the hood, this release adds several new public APIs to libclamav, offering developers deeper control over verification, unpacking, and scanning workflows.
A set of new scan callback functions enables external programs to hook into specific stages of the scan process—before hashing, before and after scanning, upon detection, or when the file type changes.
Additional highlights include regex support for the OnAccessExcludePath option, new metadata recording for URIs found in HTML and PDF files, and improved JSON output for users generating scan metadata.
The JSON schema now distinguishes between strong, potentially unwanted, and weak indicators, making it easier to interpret scan results programmatically.
Other notable enhancements include improved support for malformed ZIP archives and UTF-8 filenames on Windows, as well as platform-specific build improvements for AIX, Solaris, and GNU/Hurd.
Finally, the development team has cleaned up the codebase by fixing multiple memory overflow and race-condition bugs, improving stability across Freshclam, ClamD, and the core engine.
For downloads and more detailed information, users can visit the ClamAV download page and their GitHub Release page. The official announcement is here.
