Bug 512659

Summary: 0.95.2 release is available
Product: [Fedora] Fedora EPEL Reporter: Elia Pinto <yersinia.spiros>
Component: clamavAssignee: Steven Pritchard <steve>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: high    
Version: el5CC: bugzilla, geerten, goeran, jhaar, redhat-bugzilla, redhatbugz, steve, tremble, urkle, yersinia.spiros
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-09-14 13:06:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Elia Pinto 2009-07-20 08:33:28 UTC 
Description of problem:

In Fedora EPEL exists the 0.95.1 version of clamav.

The Wed Jun 10 18:04:53 CEST 2009 the clamav project has released a fix (
the changelog is 

* libclamav: detect and handle archives hidden inside other files (eg. images),
  which can be unpacked by WinZip, WinRAR and other tools (bb#1554)
  Reported by ROGER Mickael ...

) that seems important for two reason. 

1 - Some lusers, because of the not so nice warning message of clamav, think
that the engine is very outdated when it is not, or almost not so much. But this a clamav issue. This is the message.

ClamAV update process started at Thu Jul 16 15:00:11 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.1 Recommended version: 0.95.2

2 - Who use clamav as a substitute for a good commercial antivirus for
M$ machine could be think that it is necessary to have always a good update engine antivirus. Sure, perhaps it is wrong the assumption : but i think i am not the only in thinking this :=)

I have no locked to the git log but seems the change is really a little
fix and it is not required to change the spec other the changing the version.
 
The new version is 0.95.2

It is possible to update to the new release ?

Thanks

Elia
Comment 1 Michael Arnold 2009-08-02 17:06:33 UTC 
+1 to update to version 0.95.2.
Comment 2 Frank Murphy 2009-08-13 09:05:25 UTC 
+1 For Fedora 11:

 
 Last Status:
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.95.1 Recommended version: 0.95.2
    DON'T PANIC! Read http://www.clamav.net/support/faq
    main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
    Trying host database.clamav.net (194.47.250.218)...
    Downloading daily-9685.cdiff [100%]
    daily.cld updated (version: 9685, sigs: 64251, f-level: 43, builder: ccordes)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 42, recommended = 43
    DON'T PANIC! Read http://www.clamav.net/support/faq


http://www.clamav.net/support/faq
"In order to detect all the latest viruses, it’s not enough to keep your database up to date. You also need to run the latest version of the scanner."
Comment 3 Elia Pinto 2009-09-01 09:52:06 UTC 
There are any news? 

I feel that too much time has elapsed for an update that has direct impact on the system security, even if it were made indirectly by a  service as clamav.  BTW, perhaps the real problem is that such an update would be reported - so probably it is a fault of mine - in the bugzilla security category and not as a generic bugs.
Comment 4 Michael Arnold 2009-09-07 15:43:20 UTC 
I have packages of clamav 0.95.2 for EL4 and EL5 built using the EPEL 0.95.1 clamav specfile.  The packages can be found in my RazorsEdge test repository (RE-test). http://rpm.razorsedge.org/
Comment 5 Jason Haar 2009-10-08 17:12:18 UTC 
+1 for FC11 too

I think this reflects more of a fundamental  problem with vendors handling of AV packages in general. Redhat/CentOS/Fedora alwaysv run old version of clamav. As clamav itself is a security product, I would argue that if you are to include it within your distribution, then you really have to ensure it is always the current release - the standard rule of freezing to a release version and only back-porting patches doesn't apply. That makes sense for "normal" packages - but not for an AV...

My 2c worth :-)

Jason
Comment 6 Elia Pinto 2009-10-09 23:03:17 UTC 
For me clamav is not handled
as it should, but it is my personal opinion.

Having to use clamav i have two possibility .I  will have to manage my own version (already done) or, better, change distribution - RHEL5 in this case.

For me the case is closed.
Comment 7 Edward Rudd 2009-11-07 16:15:21 UTC 
Superseded by bug #532695
Comment 8 Mark Chappell 2010-09-14 13:06:47 UTC 

*** This bug has been marked as a duplicate of bug 532695 ***