ClamAV

Cisco Systems, Inc.·Cisco.ClamAV

ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

winget install --id Cisco.ClamAV --exact --source winget

Latest 1.5.3·July 1, 2026

Release Notes

ClamAV 1.5.3 is a patch release with the following fixes:

  • CVE-2026-20217: Fixed a bug in the PESpin unpacker cleanup path that could free pointers into the scanned file buffer and crash the scanner. This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as 2005. The fix is included in 1.5.3 and 1.4.5. Thank you to Atuin - Automated Vulnerability Discovery Engine, Tianchu Chen of Tencent Xuanwu Lab for identifying this issue.
  • CVE-2026-20213: Fixed an integer overflow in PE rebuild size calculations that could be reached through a malformed Aspack-packed PE file and lead to a heap buffer overflow write. This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as 2007. The fix is included in 1.5.3 and 1.4.5. Thank you to Trail of Bits, in collaboration with Anthropic, for identifying this issue.
  • CVE-2026-20216: Fixed an InstallShield archive extraction limit bypass that could write far more temporary data than intended and exhaust temporary storage. This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as 2009. The fix is included in 1.5.3 and 1.4.5. Thank you to Mizu for identifying this issue.
  • CVE-2026-20214: Fixed an FSG unpacker loop underflow that could write past the section array while scanning a malformed PE file. This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as 2004. The fix is included in 1.5.3 and 1.4.5. Thank you to Trail of Bits, in collaboration with Anthropic, for identifying this issue.
  • CVE-2026-20243: Fixed ALZ parser size handling bugs that could cause malformed ALZ archives to panic, abort the scanner, or skip expected scan-limit handling. This issue affects ClamAV 1.5.0 through 1.5.2 and 1.4.0 through 1.4.4. The fix is included in 1.5.3 and 1.4.5. Thank you to Yazdan Soltani for identifying this issue.
  • CVE-2026-20215: Fixed a 7z parser substream count overflow that could under-allocate parser metadata arrays and write past them while reading a malformed archive. This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions back to 2009. The fix is included in 1.5.3 and 1.4.5. Thank you to Trail of Bits, in collaboration with Anthropic, for identifying this issue.
  • CVE-2026-20244: Fixed 32-bit DMG parser size checks that could let a short mish stripe table pass validation and crash 32-bit scanner builds. This issue affects 32-bit ClamAV builds from 0.98.1 through 1.5.2, including 1.4.0 through 1.4.4 and 1.5.0 through 1.5.2. It does not affect 64-bit builds. The fix is included in 1.5.3 and 1.4.5. Thank you to Stanley John Tobias for identifying this issue.
  • Hardened clamscan, clamdscan, and clamonacc quarantine actions against time-of-check/time-of-use races that could redirect copied, moved, or removed files under unsafe quarantine directory configurations. Thank you to Hiroki Imai from Ricerca Security, Inc. for identifying this issue.
  • Upgraded the Rust tar dependency to resolve the RUSTSEC-2026-0067 and RUSTSEC-2026-0068 advisories, and upgraded the Rust openssl dependency to resolve CVE-2026-41676.
  • Raised the minimum required CMake version to 3.17 to fix Linux builds with libcurl v8.21.0 when linking static library dependencies.
  • Metadata preclass scans now run before the final scan verdict.
  • ClamOnAcc: Fixed errors when recursively excluded paths are children of an included path.
  • ClamOnAcc: Fixed hash bucket list corruption when two watched paths collide in the same bucket. These fixes are courtesy of sharkautarch.

Installer type: wix

ArchitectureScopeDownloadSHA256
x86Download5DC403D8597481BD1F6C541076CF9FA9A1B364E0FE4A1F5AFA00807708545374
x64DownloadDCE5C5EB819D67039043A9D8615D3A03642C7A33D1C517711E42AA0B64A980DD
arm64Download5E0207F9E2108E41705EF55CDA126CF8C2516E1B6ADA1F93CBF3CFDD8DAFFDC4

Details

Homepage
https://github.com/Cisco-Talos/clamav
License
GPL-2.0
Publisher
Cisco Systems, Inc.
Support
https://github.com/Cisco-Talos/clamav/issues

Tags

antivirusclamavopen-source

Older versions (8)

1.5.2
ArchitectureScopeDownloadSHA256
x86Download51917991B6A92F00A0D8CB5F812715DAC2E5494245533917524CAF774F7A3B25
x64Download708FEAF31155BDE3D39F0CB65E093039B6CEE831E17CA47535582D5296637C25
arm64Download5FE399DE3A4FC81C4A5B0CBA60B4369E12C2C6704CA92E5BB1FF30E39AAA5CF6
1.5.1
ArchitectureScopeDownloadSHA256
x86DownloadD82929AFC5D58FC443CC482AA2844255EF02C99291810665A7E8EE63BF7B33F3
x64Download2247F5C8E2B9EDA917D6695F87331F87E6997CA8E502DAD1D2403D3405C059A8
arm64Download43F99CC819CD1C352CFE0CBA834CC0FA7D45EBF6D581D100BEC6F03BCAE51E1B
1.5.0
ArchitectureScopeDownloadSHA256
x86Download0F957220A2A2C9032706977EB8E344EA1B789604B2787EB80DD70F2A4171584D
x64Download3F12E39E647A301CD632002BB4125A14FE5F86314A91FCE09137AEC2C69D5894
arm64DownloadC33D06D3F44003133F04BA4E51CF39BAFBF04B2B564CFC61DBF2CFAC7A926122
1.4.2
ArchitectureScopeDownloadSHA256
x64Download65308FD2AD2D550206380E406FED22F74B49C35B3F39ED8CC28D52363C8F1F2B
1.3.1
ArchitectureScopeDownloadSHA256
x64Download90806B663B863AE32AAAA2B750F56DB10B91D876DE9081B666CD1863ED380179
1.3.0
ArchitectureScopeDownloadSHA256
x64DownloadDB99569EAF841A7118A7C9974DCB8879A70B7A04E91C510DC91D64D35D883481
1.1.0
ArchitectureScopeDownloadSHA256
x64Download3AFADA801463199D9901E4445E92B486993C14C22CA179D17ABEC74D37E384BB
0.105.0
ArchitectureScopeDownloadSHA256
x64DownloadFE98FB8F5A195AA53520A9AA61A6D51E5A232A1FE5389B309278FC7604D49AD0