[users] WARNING: Your ClamAV installation is OUTDATED!

Discussion:

Tilman Schmidt

2013-07-02 10:22:53 UTC

From http://www.clamav.net/lang/en/ :

News

ClamAV 0.97.8 has been released!

April 23rd, 2013 Posted by -

Dear ClamAV users,

"ClamAV 0.97.8 addresses several reported potential security bugs.
Thanks to Felix Groebert of the Google Security Team for finding and
reporting these issues."

Those of my servers running ClamAV from Repoforge are still complaining

Jul 2 11:10:33 gimli freshclam[7790]: Received signal: wake up
Jul 2 11:10:33 gimli freshclam[7790]: ClamAV update process started at Tue Jul 2 11:10:33 2013
Jul 2 11:10:33 gimli freshclam[7790]: Your ClamAV installation is OUTDATED!
Jul 2 11:10:33 gimli freshclam[7790]: Local version: 0.97.7 Recommended version: 0.97.8
Jul 2 11:10:33 gimli freshclam[7790]: DON'T PANIC! Read http://www.clamav.net/support/faq
Jul 2 11:10:33 gimli freshclam[7790]: main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Jul 2 11:10:33 gimli freshclam[7790]: daily.cld is up to date (version: 17448, sigs: 1409685, f-level: 63, builder: neo)
Jul 2 11:10:33 gimli freshclam[7790]: bytecode.cld is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
Jul 2 11:10:35 gimli freshclam[7790]: --------------------------------------

[ts at gimli ~]$ rpm -qa clam\*
clamav-db-0.97.7-1.el5.rf
clamav-0.97.7-1.el5.rf
clamd-0.97.7-1.el5.rf

Any plans for updating those packages anytime soon?

Thanks,
Tilman
--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.repoforge.org/pipermail/users/attachments/20130702/cc7bd7f2/attachment.sig>

Pete Geenhuizen

2013-07-02 11:52:33 UTC

Permalink

If you want to fix it now you'll have to go through the effort of
switching over to Epel, I did it yesterday and life is good once again.

Pete

Post by Tilman Schmidt
News
ClamAV 0.97.8 has been released!
April 23rd, 2013 Posted by -
Dear ClamAV users,
"ClamAV 0.97.8 addresses several reported potential security bugs.
Thanks to Felix Groebert of the Google Security Team for finding and
reporting these issues."
Those of my servers running ClamAV from Repoforge are still complaining
[ts at gimli ~]$ rpm -qa clam\*
clamav-db-0.97.7-1.el5.rf
clamav-0.97.7-1.el5.rf
clamd-0.97.7-1.el5.rf
Any plans for updating those packages anytime soon?
Thanks,
Tilman
_______________________________________________
users mailing list
users at lists.repoforge.org
http://lists.repoforge.org/mailman/listinfo/users

--
Unencumbered by the thought process.
-- Click and Clack the Tappet brothers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.repoforge.org/pipermail/users/attachments/20130702/38d66342/attachment.html>

Always Learning

2013-07-02 13:28:52 UTC

Permalink

Post by Pete Geenhuizen
If you want to fix it now you'll have to go through the effort of
switching over to Epel, I did it yesterday and life is good once again.

Prima. The alternatives are to download the source from

http://www.unhide-forensics.info/?Linux:Download

or wait for RepoForge.

Dag/rpmforge/repoforge has always been a reliable and excellent Repo, so
I'm staying with them.

Gr.

--
Paul.
England,
EU.

Our systems are exclusively Linux. No Micro$oft Windoze here.

Always Learning

2013-07-02 14:03:04 UTC

Permalink

Sorry everyone,

Post by Always Learning
http://www.unhide-forensics.info/?Linux:Download
or wait for RepoForge.

WRONG software. Not Clamav but Unhide which is also a RepoForge problem.

--
Paul.
England,
EU.

Our systems are exclusively Linux. No Micro$oft Windoze here.

Tilman Schmidt

2013-07-02 16:24:07 UTC

Permalink

Post by Pete Geenhuizen
If you want to fix it now you'll have to go through the effort of
switching over to Epel, I did it yesterday and life is good once again.

I don't think one day will be sufficient for the switch in my case.
I've done the inverse switch some time ago and that was a lot more
work, including much trial and horror.

Specifically, I'm running ClamAV with MIMEdefang, both from
Repoforge, so I'll have to switch both of them to EPEL at the same
time. MIMEdefang in turn pulled in a bunch of Perl packages from
Repoforge, and I fear it won't be easy to convince yum to replace
all of these by their EPEL counterparts.

On top of that, with the Repoforge ClamAV and MIMEdefang packages
it has been less than trivial to find a configuration of user and
group memberships that would (a) work and (b) not be broken by
every update. (Some might remember my slightly irritated postings
on the subject.) Unfortunately at least the EPEL ClamAV package
seems to differ from its Repoforge counterpart just in the area
of user configuration, so I'll probably have to reopen that can
of worms.

But still I'm seriously considering the move.
--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.repoforge.org/pipermail/users/attachments/20130702/1ffe903b/attachment.sig>

Todd Lyons

2013-07-02 18:03:58 UTC

Permalink

On Tue, Jul 2, 2013 at 9:24 AM, Tilman Schmidt

Post by Tilman Schmidt
But still I'm seriously considering the move.

It normally is easier to grab the last clamav-0.9.7 srpm, update it
with the source for 0.9.8, adjust or remove patches if necessary,
build it, and install (upgrade with) the new packages. If you're
using DAG's previous srpm, you will be getting all of the
customization that he does to the tarball to make it fit within a RHEL
environment.

I haven't tried with the 0.9.8 tarball, it may be insanely difficult.
I don't know.

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine

Yury V. Zaytsev

2013-07-03 07:25:39 UTC

Permalink

Post by Todd Lyons
It normally is easier to grab the last clamav-0.9.7 srpm, update it
with the source for 0.9.8, adjust or remove patches if necessary,
build it, and install (upgrade with) the new packages. If you're
using DAG's previous srpm, you will be getting all of the
customization that he does to the tarball to make it fit within a RHEL
environment.

I'd suggest that as the best possible course of action at the moment.

--
Sincerely yours,
Yury V. Zaytsev

David Hrbáč

2013-07-03 07:41:09 UTC

Permalink

Post by Tilman Schmidt
News
ClamAV 0.97.8 has been released!
April 23rd, 2013 Posted by -

Hi,

As a temporary solution I have published Repoforge Clamav build into my
personal repository.

http://fs11.vsb.cz/hrb33/el6/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el6/hrb/testing/i386/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el5/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el5/hrb/testing/i386/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/letter_c.group.html

Sorry for the troubles,
David Hrb??