Description of problem: In Fedora EPEL exists the 0.95.1 version of clamav. The Wed Jun 10 18:04:53 CEST 2009 the clamav project has released a fix ( the changelog is * libclamav: detect and handle archives hidden inside other files (eg. images), which can be unpacked by WinZip, WinRAR and other tools (bb#1554) Reported by ROGER Mickael ... ) that seems important for two reason. 1 - Some lusers, because of the not so nice warning message of clamav, think that the engine is very outdated when it is not, or almost not so much. But this a clamav issue. This is the message. ClamAV update process started at Thu Jul 16 15:00:11 2009 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.95.1 Recommended version: 0.95.2 2 - Who use clamav as a substitute for a good commercial antivirus for M$ machine could be think that it is necessary to have always a good update engine antivirus. Sure, perhaps it is wrong the assumption : but i think i am not the only in thinking this :=) I have no locked to the git log but seems the change is really a little fix and it is not required to change the spec other the changing the version. The new version is 0.95.2 It is possible to update to the new release ? Thanks Elia
+1 to update to version 0.95.2.
+1 For Fedora 11: Last Status: WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.95.1 Recommended version: 0.95.2 DON'T PANIC! Read http://www.clamav.net/support/faq main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) Trying host database.clamav.net (194.47.250.218)... Downloading daily-9685.cdiff [100%] daily.cld updated (version: 9685, sigs: 64251, f-level: 43, builder: ccordes) WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 42, recommended = 43 DON'T PANIC! Read http://www.clamav.net/support/faq http://www.clamav.net/support/faq "In order to detect all the latest viruses, itβs not enough to keep your database up to date. You also need to run the latest version of the scanner."
There are any news? I feel that too much time has elapsed for an update that has direct impact on the system security, even if it were made indirectly by a service as clamav. BTW, perhaps the real problem is that such an update would be reported - so probably it is a fault of mine - in the bugzilla security category and not as a generic bugs.
I have packages of clamav 0.95.2 for EL4 and EL5 built using the EPEL 0.95.1 clamav specfile. The packages can be found in my RazorsEdge test repository (RE-test). http://rpm.razorsedge.org/
+1 for FC11 too I think this reflects more of a fundamental problem with vendors handling of AV packages in general. Redhat/CentOS/Fedora alwaysv run old version of clamav. As clamav itself is a security product, I would argue that if you are to include it within your distribution, then you really have to ensure it is always the current release - the standard rule of freezing to a release version and only back-porting patches doesn't apply. That makes sense for "normal" packages - but not for an AV... My 2c worth :-) Jason
For me clamav is not handled as it should, but it is my personal opinion. Having to use clamav i have two possibility .I will have to manage my own version (already done) or, better, change distribution - RHEL5 in this case. For me the case is closed.
Superseded by bug #532695
*** This bug has been marked as a duplicate of bug 532695 ***