Bug 1018316 - [EL6] Clamav should not require a specific clamav-db version
Summary: [EL6] Clamav should not require a specific clamav-db version
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: clamav
Version: el6
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Robert Scheck
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2013-10-11 16:52 UTC by Filippo Carletti
Modified: 2020-11-30 15:06 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2020-11-30 15:06:06 UTC
Type: Bug

Attachments (Terms of Use)

Description Filippo Carletti 2013-10-11 16:52:14 UTC
Description of problem:
It could be possible to update clamav without updating clamav-db.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. yum update clamav

Actual results:
yum adds clamav-db-0.98 as a dependancy.

Expected results:
clamav should require clamav-db without explicit version

Additional info:
Please see the following thread:

Comment 1 Tuomo Soini 2013-10-11 17:05:15 UTC
This is wrong solution for the problem. Correct solution is to not to carry db in package at all. The clamav-db should only carry %ghost files for db files because even the latest version of the antivirus db is obsolete when it is installed so frehslcam is always needed anyway to get working db.

Comment 2 Robert Scheck 2013-10-19 12:11:51 UTC
Not carrying any clamav-db does not help in cases at offline live media, as
there might not be any Internet connectivity at all. So even older db files
are in such a case better than nothing. This was raised in the past - I am
also open to other ideas and argumentations. We could also ship a clamav-db-
empty (like Fedora did somewhen in the past) which provides clamav-db also,
but does not contain any outdated files just %ghosts.

Comment 3 Filippo Carletti 2015-04-02 14:50:08 UTC
Moreover, it is perfectly fine running clamav without the original database (and disable freshclam).

Another option towards an empty clamav-db could add a "fake" db containing only the EICAR test file.

Comment 4 Giacomo Sanchietti 2015-04-30 08:21:15 UTC
> Expected results:
> clamav should require clamav-db without explicit version

I know this isn't the best solution, still, it's better then downloading 100MB of useless database each time we need to update Clamav.
This is true especially in countries with low bandwidth connections.

>Another option towards an empty clamav-db could add a "fake" db containing only
> the EICAR test file.

If we need to retain the constrain on clamav-db, IMHO this is a simple and elegant solution.

Comment 5 Ben Cotton 2020-11-05 16:46:31 UTC
This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is our policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version.

Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged  change the 'version' to a later Fedora version prior this bug is closed as described in the policy above.

Comment 6 Ben Cotton 2020-11-30 15:06:06 UTC
EPEL el6 changed to end-of-life (EOL) status on 2020-11-30. EPEL el6 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
EPEL please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.