Bug 579370
| Summary: | Update to newest version 0.96 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Michael Arnold <redhatbugz> |
| Component: | clamav | Assignee: | Steven Pritchard <steve> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | el5 | CC: | adrian.fischli, bloch, dkovalsk, janfrode, nb, orion, ralston, redhatbugz, rom, rpm, sebastien.andreatta, steve |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | clamav-0.97-12.el5 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-03-26 18:58:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Michael Arnold
2010-04-04 17:43:52 UTC
This morning, the ClamAV team released an update (daily.cvd 10938) that caused a segmentation fault in all ClamAV versions older than 0.96 on 32 bit systems: http://lurker.clamav.net/message/20100507.110656.573e90d7.en.html Reading between the lines, the reason why this happened is because all ClamAV versions older than 0.96 are (unofficially) deprecated in the eyes of the ClamAV team, to the point where they weren't even bothering to test if signature updates caused 0.95.* versions to crash. Regardless of whether the ClamAV team is now testing whether signature updates break pre-0.96 versions of ClamAV, we should fully expect that they will (unintentionally) find other ways to break pre-0.96 versions of ClamAV, because all pre-0.96 versions are clearly deprecated in their eyes, even if "officially" they aren't. That means that upgrading to 0.96 is critically important. Mike, as the reporter, please change the Priority/Severity of this bug to high/high. Thanks. Updated Severity to high (priority appears unchangeable by me). I have also packaged 0.96 for EL5 in the RazorsEdge testing repository. Feel free to take it for a spin. http://rpm.razorsedge.org/centos-5/RE-test/repodata/repoview/clamav-0-0.96-1.el5.re.html *** Bug 461845 has been marked as a duplicate of this bug. *** *** Bug 532695 has been marked as a duplicate of this bug. *** Again the clamav virus definitionas was updated with signatures incompatible with the 0.95.1 version in EPEL, causing clamd to die. Ref: http://thread.gmane.org/gmane.comp.security.virus.clamav.user/36072 The clamav team claims to only be testing updates against the two latest releases, so 0.95.x has a very real risk of running into this problem again. Package clamav-0.97-3.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 updates-testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing clamav-0.97-3.el6' as soon as you are able to, then reboot. Please go to the following url: https://admin.fedoraproject.org/updates/clamav-0.97-3.el6 then log in and leave karma (feedback). Package clamav-0.97-3.el4: * should fix your issue, * was pushed to the Fedora EPEL 4 updates-testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing clamav-0.97-3.el4' as soon as you are able to, then reboot. Please go to the following url: https://admin.fedoraproject.org/updates/clamav-0.97-3.el4 then log in and leave karma (feedback). clamav-0.97-3.el4 has been pushed to the Fedora EPEL 4 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update clamav'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/clamav-0.97-3.el4 Looks like it was mistakingly pushed twice to EPEL4, and EPEL5 was forgotten. Could you please also push it to EPEL5 repo? We're working on it. The new update breaks amavisd-new in EPEL5. The update was pushed to EPEL4 and EPEL6 If you want, you can try the builds from http://kojipkgs.fedoraproject.org/packages/clamav/0.97/3.el5/ Please note these will require either using the freshclam.conf.rpmnew and clamd.conf.rpmnew or modifying a few lines in your existing confs clamav-0.97-3.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/clamav-0.97-3.el6 clamav-0.97-4.el4 has been submitted as an update for Fedora EPEL 4. https://admin.fedoraproject.org/updates/clamav-0.97-4.el4 It appears that /etc/sysconfig/clamav-milter is not correct. It specifies a bunch of options that are no longer recognized: Starting Clamav Milter Daemon: clamav-milter: unrecognized option `--force-scan' Starting Clamav Milter Daemon: clamav-milter: unrecognized option `--local' Starting Clamav Milter Daemon: clamav-milter: unrecognized option `--max-children=4' etc. According to the help and man page, only takes --config-file, and that points to /etc/clamd.conf. The SOCKET_ADDRESS option is bogus too. Also, I think you want to change the clamav-milter.conf file to run as user clam. clamav-0.97-9.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/clamav-0.97-9.el6 clamav-0.97-9.el4 has been submitted as an update for Fedora EPEL 4. https://admin.fedoraproject.org/updates/clamav-0.97-9.el4 clamav-0.97-9.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/clamav-0.97-9.el5 Orion Poplawski: fyi the new testing release has removed all but the --config-file option and SOCKET_ADDRESS from /etc/sysconfig/clamav-milter. I did not change your already installed clamav-milter.conf to run as user clam.. think that will have to be a manual fix when upgrading. Would appreciate if you can test, and maybe comment on if it works for you or not on the admin.fedoraproject.org links above. - Why have:
CLAMAV_FLAGS="
--config-file=/etc/clamd.conf
in /etc/sysconfig/clamav-milter? The config file for clamav-milter is /etc/clamav-milter.conf, which is the default. I would just have an empty CLAMAV_FLAGS.
- You don't need SOCKET_ADDRESS in /etc/init.d/clamav-milter, as you can't specify one on the command line.
- You really should change the default user in /etc/clamav-milter.conf to clam. It's just going to confuse people.
- Change the example unix ClamdSocket to /var/run/clamav/clamd.sock
Thanks for the feedback. I´ll get this fixed tomorrow and push out a new release. clamav-0.97-11.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/clamav-0.97-11.el6 clamav-0.97-11.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/clamav-0.97-11.el5 clamav-0.97-11.el4 has been submitted as an update for Fedora EPEL 4. https://admin.fedoraproject.org/updates/clamav-0.97-11.el4 clamav-0.97-11.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. clamav-0.97-11.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. clamav-0.97-12.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/clamav-0.97-12.el6 clamav-0.97-12.el4 has been submitted as an update for Fedora EPEL 4. https://admin.fedoraproject.org/updates/clamav-0.97-12.el4 clamav-0.97-12.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/clamav-0.97-12.el5 clamav-0.97-12.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. |