Bug 1018316 - Clamav should not require a specific clamav-db version
Clamav should not require a specific clamav-db version
Status: NEW
Product: Fedora EPEL
Classification: Fedora
Component: clamav (Show other bugs)
el6
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Robert Scheck
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-11 12:52 EDT by Filippo Carletti
Modified: 2017-03-28 14:14 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Filippo Carletti 2013-10-11 12:52:14 EDT
Description of problem:
It could be possible to update clamav without updating clamav-db.

Version-Release number of selected component (if applicable):
clamd-0.98-1.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. yum update clamav

Actual results:
yum adds clamav-db-0.98 as a dependancy.

Expected results:
clamav should require clamav-db without explicit version

Additional info:
Please see the following thread:
http://lists.repoforge.org/pipermail/users/2008-February/023392.html
Comment 1 Tuomo Soini 2013-10-11 13:05:15 EDT
This is wrong solution for the problem. Correct solution is to not to carry db in package at all. The clamav-db should only carry %ghost files for db files because even the latest version of the antivirus db is obsolete when it is installed so frehslcam is always needed anyway to get working db.
Comment 2 Robert Scheck 2013-10-19 08:11:51 EDT
Not carrying any clamav-db does not help in cases at offline live media, as
there might not be any Internet connectivity at all. So even older db files
are in such a case better than nothing. This was raised in the past - I am
also open to other ideas and argumentations. We could also ship a clamav-db-
empty (like Fedora did somewhen in the past) which provides clamav-db also,
but does not contain any outdated files just %ghosts.
Comment 3 Filippo Carletti 2015-04-02 10:50:08 EDT
Moreover, it is perfectly fine running clamav without the original database (and disable freshclam).

Another option towards an empty clamav-db could add a "fake" db containing only the EICAR test file.
Comment 4 Giacomo Sanchietti 2015-04-30 04:21:15 EDT
> Expected results:
> clamav should require clamav-db without explicit version

I know this isn't the best solution, still, it's better then downloading 100MB of useless database each time we need to update Clamav.
This is true especially in countries with low bandwidth connections.

>Another option towards an empty clamav-db could add a "fake" db containing only
> the EICAR test file.

If we need to retain the constrain on clamav-db, IMHO this is a simple and elegant solution.

Note You need to log in before you can comment on or make changes to this bug.