Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Review Request: clamav - Anti-virus software (for EPEL)|
|Product:||[Fedora] Fedora||Reporter:||Kevin Fenzi <kevin>|
|Component:||Package Review||Assignee:||Nobody's working on this, feel free to take it <nobody>|
|Status:||CLOSED WONTFIX||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||rawhide||CC:||bjohnson, fedora-package-review, notting, redhat-bugzilla, rpm, steve, will|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2007-12-17 15:20:22 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Kevin Fenzi 2007-11-22 19:02:23 EST
Spec URL: http://www.scrye.com/~kevin/fedora/clamav/clamav.spec SRPM URL: http://www.scrye.com/~kevin/fedora/clamav/clamav-0.91.2-2.el5.src.rpm Description: Anti-virus software History: clamav was branched for EPEL long ago. The fedora maintainer (no anyone else) has expressed interest in maintaining this package in EPEL. I am happy to do so, but I wish to use the above spec instead of the version in fedora. Notes: - The above spec is pretty much the spec from the Dag collection. Thanks Dag for letting me base off your spec file! - The fedora clamav packages remove the 'clamav' user on 'postun', which means on upgrades from the old fedora version in epel, the clamav user is missing. Any clever ideas to get around that welcomed. Perhaps this package should just conflict with the old package instead of obsolete it? - I would love to see several co-maintainers. This package has a history of security issues, and with more eyes on it we could make sure and keep up with updates. - There are some rpmlint complaints, but I think they can all be ignored, please point out any that should be addressed.
Comment 1 Kevin Fenzi 2007-11-23 13:51:15 EST
Updated the package. I realized a way around the problem with upgrades from the older version was to simply use a different user/group, so the old package wouldn't remove it on postun. With that change, the package now can successfully upgrade from the old ancient version. Testing and comments welcome. Spec URL: http://www.scrye.com/~kevin/fedora/clamav/clamav.spec SRPM URL: http://www.scrye.com/~kevin/fedora/clamav/clamav-0.91.2-3.el5.src.rpm
Comment 2 Steven Pritchard 2007-12-10 21:46:31 EST
I want to go on the record (again) that I think it is a *horrible* idea to have different versions of clamav in EPEL and Fedora proper. I honestly don't care all that much if we use the Fedora one in EPEL, use this one in Fedora proper, or start over at this point, but we need to pick one.
Comment 3 Kevin Fenzi 2007-12-11 12:39:08 EST
Yeah, I just looked at the amavisd-new spec. ;( It's heavily tied to the wacky way the fedora clamav is setup... (understandably). I guess my plan to have a sane clamav package for epel is pretty doomed. :( Would you be willing to let someone else maintain a amavisd-new package working with this clamav version for epel? I guess if not, we should try (again) to find a group of people willing to maintain the fedora clamav for epel. ;(
Comment 4 Robert Scheck 2007-12-11 14:33:55 EST
Just to mention it: At work, I'm using a rebuild of the Fedora Rawhide version from clamav and it works - on RHEL5 and RHEL4 (okay, on RHEL4 I had to do some small modifications to the spec).
Comment 5 Kevin Fenzi 2007-12-16 13:31:08 EST
So, would anyone here be willing to step up and maintain the fedora clamav for epel?
Comment 6 Robert Scheck 2007-12-16 13:52:21 EST
I could imagine to do that, if it's necessary, yes. But then the upgrade path has to be solved first, AFAIK the current clamav version in EPEL is not compatible with the latest one. And I've to mention again, that clamav upstream is IMHO very evil, means they're introducing updates which can break compatibility. And how to handle them within EPEL once more? At work this is so far no problem, because all machines are maintained at least a bit by me.
Comment 7 Robert Scheck 2007-12-16 13:53:15 EST
Kevin, what is the reason, that you're maybe switching to Fedora clamav rather using the original package based on DAG you prepared for EPEL review?
Comment 8 Kevin Fenzi 2007-12-16 14:26:23 EST
Well, the current amavisd-new package is very heavily tied to the way the fedora clamav package is setup, and the maintainer (justly) doesn't want to try and maintain two very different packages, one for fedora, one for epel. I guess if someone was willing to step up and maintain a amavisd-new spec that works with this clamav that might work. Would that be acceptable to you Steve? Otherwise, as much as I dislike the fedora clamav package, the easier course seems to be to try and find someone willing to maintain it for epel and close this version off. As for upgrades: - Anyone using the 0.88.4 version for epel already pretty much has a broken setup. It's vulnerable to a number of security issues, and it doesn't even catch many of the viruses anymore, since the functionality level is so old: WARNING: Current functionality level = 8, recommended = 21 I personally don't know anyone who uses this version. All the machines I maintain use the dag version. Other folks I have talked to also use other 3rd party repo versions. - There is a script available to convert old format conf files to new format. It could be run in a post. - Sadly, the way the fedora package works means upgrading will get you back to the same state as if you just installed the package, where it will not work until you edit some config files. I don't see that as worse than having a vulnerable/old/useless version however. Worst case, the package doesn't scan, which is only slightly worse than running the 0.88.x version. Yes, the package would need to be updated a lot as upstream changes things. Sadly, thats just the way it would need to be IMHO. The config file format only has changed once that I know of.
Comment 9 Steven Pritchard 2007-12-17 11:46:30 EST
(In reply to comment #5) > So, would anyone here be willing to step up and maintain the fedora clamav for > epel? I said before (on the mailing list) that I will. (I'm not at all pleased by it, but I'll do it. :-)
Comment 10 Kevin Fenzi 2007-12-17 15:20:22 EST
ok. Perhaps you can get a few more people interested co-maintaining as well? In that case can you take over ownership in pkgdb https://admin.fedoraproject.org/pkgdb/packages/name/clamav and push 0.91.2 versions for both EL4 and EL5?