v1.0.1: ClamAV Fixes, .ICO Mimetype, and Postgres Update

🚀 Release Notes

New Features

• ScanClamAV Integration - Added ClamAV antivirus scanning capabilities to enhance malware detection [#495]
• ICO File Support - Extended file type support to include .ico mimetype for icon file analysis [#502]
  Enhancements
• Enhanced ClamAV Testing - Improved test coverage for ClamAV scanner with signature validation [#505]
• Build System Updates - Updated ClamAV test configurations for better build reliability [#498]
• Database Upgrade - Updated PostgreSQL to latest version for improved performance and security [#507]

What's Changed

• ScanClamAV by @skalupa in #495
• Update Test_ClamAV for Build by @skalupa in #498
• Adding in support for .ico Mimetype by @skalupa in #502
• Adding signature call to scan_test_clamAV by @skalupa in #505
• Updating Postgres version by @skalupa in #507

Full Changelog: 1.0.0...v1.0.1

1.0.0

Description

This release adds in Suricata functionality to the workers, which was further optimized to use Suricata Socket control. Additionally, ScanURL was updated to better extract discrete URLs.

This release also converts the tagging methodology from datetime to Semver to match the release on Strelka UI.

What's Changed

• Suricata Support and Zeek Connections in ScanPcap by @ryanohoro in #487
• Configurable Filestream Client Name by @skalupa in #491
• Adding Validation to ScanURL by @skalupa in #492
• Optimizing ScanPCAP to use Suricatasc by @skalupa in #493

Full Changelog: 0.25.02.26...1.0.0

0.25.02.26: Dependency Updates, Scanner Tweaks, ScanPyInstaller

Description

This release introduces several dependency updates and build fixes to ensure that all builds run smoothly. Additionally, this release tweaks several scanners such as ScanTLSH, ScanDocx, and ScanExiftool to provide better detection through rule and function tweaks. Finally, this release adds in a new scanner, Scan PyInstaller, which scans metadata from python installer binaries for use in forensic and malware analysis.

What's Changed

• Create Nightly Build File by @skalupa in #465
• Adjust Github Actions Build Reference by @phutelmyer in #466
• Update Nightly Build Workflow by @skalupa in #468
• Explicitly define setuptools dependency by @skalupa in #469
• Updating Docker Compose Reference in README by @phutelmyer in #470
• Package Update for Vulnerabilities by @skalupa in #472
• Update mantic.list by @skalupa in #477
• Upgrading 7zip to version 24.09 by @skalupa in #478
• Update README.md by @martinspielmann in #479
• Added Docker Restart Policies to all docker-compose files so that Strelka restarts in a fully running state. by @m3636 in #473
• Docx Classification Update by @skalupa in #482
• ScanTLSH diffxlen Update by @skalupa in #480
• New Scanner: ScanPyInstaller by @skalupa in #481
• Dependency and Changelog Updates by @skalupa in #483

New Contributors

• @martinspielmann made their first contribution in #479
• @m3636 made their first contribution in #473

Full Changelog: 0.24.07.09...0.25.02.26

0.24.07.09

What's Changed

• Bump idna from 3.6 to 3.7 by @dependabot in #453
• Bump golang.org/x/net from 0.17.0 to 0.23.0 by @dependabot in #455
• Add mimetype check for XML files by @skalupa in #460
• Adding Pull Policy to Latest Images by @phutelmyer in #461
• Removing WeasyPrint by @skalupa in #462

Full Changelog: 0.24.04.23...0.24.07.09

0.24.04.23

What's Changed

• Fix for Invalid Stripping for Email Message ID Parsing by @phutelmyer in #427
• ScanZip Improvements - Limits Changes, Zero File Size Support, Encryption Updates by @ryanohoro in #429
• Enhancements: JNLP Signature, ScanEmail Preview Image, IOC Support, and Dependency Optimization by @phutelmyer in #431
• Bump cryptography from 41.0.6 to 42.0.0 by @dependabot in #432
• ScanPe Fix for Dictionary / Flag Type Change (Fix for #433) by @phutelmyer in #434
• Adding in Full OCR text as string by @skalupa in #435
• Fix bad filestream comment by @ryanohoro in #438
• Enhancements to ScanYara Scanner for Improved Rule Organization and Metadata Extraction by @phutelmyer in #440
• Port ScanZip improvements to ScanRar, Fix Password Cracking, Port Password Caching to ScanZip by @ryanohoro in #442
• Pin yara-python to 4.3.1 in Poetry by @ryanohoro in #443
• Add optional overlay file extraction to ScanPe by @ryanohoro in #444
• Poetry Notation Update by @phutelmyer in #447
• Update README.md Contributors by @ryanohoro in #448
• ScanOcr Gif Support and ScanBase64Pe Rename by @phutelmyer in #449
• Bump pillow from 10.2.0 to 10.3.0 by @dependabot in #451
• Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 by @dependabot in #446
• Enhancements to Strelka Email Scanner / Adding Broken Email Test by @phutelmyer in #450
• Adding in ScanJNLP by @skalupa in #454
• Porting refactor of ScanXML by @skalupa in #456

Full Changelog: 0.24.01.18...0.24.04.23

0.24.01.18

What's Changed

• Scanner Updates, Error Handling and IOCs by @phutelmyer in #425
• Optional Redundancy logging to remote S3 location by @skalupa in #426

Full Changelog: 0.24.01.04...0.24.01.18

0.24.01.04

What's Changed

Infrastructure

• Optional Kafka Producer for Strelka Frontend by @skalupa in #416
• Updating Golang version to 1.21.5 by @skalupa in #418
• IOC flow modification by @phutelmyer in #417
• Bugfix: Add fix for SSL CA Bundle Verification Issue by @skalupa in #421

Scanners

• Adding Thumbnail Generation and Formatting Changes in @phutelmyer in #417
• Bug Fix + Readibility Update for ScanPdf Scanner by @phutelmyer in #420
• IOC Modifications for all relevant Scanners by @phutelmyer in #417

New Contributors

• @skalupa made their first contribution in #416

Full Changelog: 0.23.12.01...0.24.01.04

0.23.12.01

Description

This release provides user feedback for YARA compilation failures, bumps several dependencies, and removes some underused / unused functionality.

What's Changed

• Removing CAPA and FLOSS by @phutelmyer in #413
• Bump cryptography from 41.0.4 to 41.0.6 by @dependabot in #415
• ScanYara Safe Key Collection by @phutelmyer in #412

Full Changelog: 0.23.11.10...0.23.12

0.23.11.10

What's Changed

• Hotfix: Safely Account for a YARA Compilation Failure by @phutelmyer in #411

Full Changelog: 0.23.11.04...0.23.11.10

0.23.11.04

What's Changed

• Improvements to ScanQr by @ryanohoro in #406
• Exiftool Output Modification (Remove Key Inclusion Requirements) by @phutelmyer in #407
• Bump google.golang.org/grpc from 1.53.0 to 1.56.3 by @dependabot in #408
• Adding IQY Scanner by @phutelmyer in #409
• Added ScanIqy to target and extract network addressed from IQY (Internet Query) files
• Added tests for ScanIqy
• Fix for a poetry build issue
• Fix for various tests
• Adding the ability to use precompiled YARA rules: Speed up YARA initialization on Strelka boot by using precompiled rules

Full Changelog: 0.23.10.24...0.23.11.04