ClamAV 0.104.0

What's new in this version:

New Requirements:
- As of ClamAV 0.104, CMake is required to build ClamAV
- We have added comprehensive build instructions for using CMake to the new INSTALL.md file. The online documentation will also be updated to include CMake build instructions.
- The Autotools and the Visual Studio build systems have been removed

Major changes:
- The built-in LLVM for the bytecode runtime has been removed
- The bytecode interpreter is the default runtime for bytecode signatures just as it was in ClamAV 0.103
- We hoped to add support for newer versions of LLVM, but ran out of time. If you're building ClamAV from source and you wish to use LLVM instead of the bytecode interpreter, you will need to supply the development libraries for LLVM version 3.6.2. See the "bytecode runtime" section in INSTALL.md to learn more.
- There are now official ClamAV images on Docker Hub

Docker Hub ClamAV tags:
- clamav/clamav:<version>: A release preloaded with signature databases
- Using this container will save the ClamAV project some bandwidth. Use this if you will keep the image around so that you don't download the entire database set every time you start a new container. Updating with FreshClam from the existing databases set does not use much data.
- clamav/clamav:<version>_base: A release with no signature databases
- Use this container only if you mount a volume in your container under /var/lib/clamav to persist your signature database databases. This method is the best option because it will reduce data costs for ClamAV and for the Docker registry, but it does require advanced familiarity with Linux and Docker.
- Caution: Using this image without mounting an existing database directory will cause FreshClam to download the entire database set each time you start a new container.
- You can use the unstable version (i.e. clamav/clamav:unstable or clamav/clamav:unstable_base) to try the latest from our development branch.
- Please, be kind when using 'free' bandwidth, both for the virus databases but also the Docker registry. Try not to download the entire database set or the larger ClamAV database images on a regular basis.
- For more details, see the ClamAV Docker documentation
- Special thanks to Olliver Schinagl for his excellent work creating ClamAV's new Docker files, image database deployment tooling, and user documentation
- clamd and freshclam are now available as Windows services. To install and run them, use the --install-service option and net start [name] command.
- Special thanks to Gianluigi Tiesi for his original work on this feature

Notable changes:
The following was added in 0.103.1 and is repeated here for awareness, as patch versions do not generally introduce new options:
- Added a new scan option to alert on broken media (graphics) file formats. This feature mitigates the risk of malformed media files intended to exploit vulnerabilities in other software. At present, media validation exists for JPEG, TIFF, PNG and GIF files. To enable this feature, set AlertBrokenMedia yes in clamd.conf, or use the --alert-broken-media option when using clamscan. These options are disabled by default in this patch release but may be enabled in a subsequent release. Application developers may enable this scan option by enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field.
- Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing behavior. BMP and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG 2000 format checking capabilities.

Added progress callbacks to libclamav for:
- database load: cl_engine_set_clcb_sigload_progress()
- engine compile: cl_engine_set_clcb_engine_compile_progress()
- engine free: cl_engine_set_clcb_engine_free_progress()
- These new callbacks enable an application to monitor and estimate load, compile, and unload progress. See clamav.h for API details.

Added progress bars to ClamScan for the signature load and engine compile steps before a scan begins. The start-up progress bars won't be enabled if ClamScan isn't running in a terminal (i.e. stdout is not a TTY), or if any of these options are used:
- --debug
- --quiet
- --infected
- --no-summary

Other improvements:
- Added the %f format string option to the ClamD VirusEvent feature to insert the file path of the scan target when a virus-event occurs. This supplements the VirusEvent %v option which prints the signature (virus) name. The ClamD VirusEvent feature also provides two environment variables, $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEVENT_VIRUSNAME for a similar effect. Patch courtesy of Vasile Papp.
- Improvements to the AutoIt extraction module. Patch courtesy of cw2k.
- Added support for extracting images from Excel *.xls (OLE2) documents
- Trusted SHA256-based Authenticode hashes can now be loaded in from *.cat files. For more information, visit our Authenticode documentation about using *.cat files with *.crb rules to trust signed Windows executables.

Fixed:
- Fixed a memory leak affecting logical signatures that use the "byte compare" feature. Patch courtesy of Andrea De Pasquale.
- Fixed bytecode match evaluation for PDF bytecode hooks in PDF file scans
- Other minor bug fixes