[Bug 406994] New: Clamav claims that it is outdated ( Your ClamAV installation is OUTDATED!)
https://bugzilla.novell.com/show_bug.cgi?id=406994 Summary: Clamav claims that it is outdated (Your ClamAV installation is OUTDATED!) Product: openSUSE 10.3 Version: Final Platform: Other OS/Version: openSUSE 10.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: robin.listas@telefonica.net QAContact: qa@suse.de Found By: --- Even after the recent YOU update of clamav to 0.93.1-0.1 and clamav-db to 0.93.1-0.1, the daemon still complains that it is outdated: Jul 8 00:21:05 nimrodel freshclam[5151]: ClamAV update process started at Tue Jul 8 00:21:05 2008 Jul 8 00:21:05 nimrodel freshclam[5151]: Your ClamAV installation is OUTDATED! Jul 8 00:21:05 nimrodel freshclam[5151]: Local version: 0.93.1 Recommended version: 0.93.3 It is absurd to have this warning popping up in the warn log every two hours if it is not true, and dangerous if it is true. I asked in the security list and Marcus Meissner told me that the clamav people have changed again the version number; maybe they could find someway easier way? Some automated method that makes upgrading the engine and the database a triffle? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=406994
User meissner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c1
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=406994
User max@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c2
Reinhard Max
Even after the recent YOU update of clamav to 0.93.1-0.1 and clamav-db to 0.93.1-0.1, the daemon still complains that it is outdated
It looks like the ClamAV team recently stopped notifying binary packagers in advance of new releases, giving them some time to prepare their packages.
It is absurd to have this warning popping up in the warn log every two hours if it is not true, and dangerous if it is true.
I asked in the security list and Marcus Meissner told me that the clamav people have changed again the version number; maybe they could find someway easier way?
Please try talking to the ClamAV people yourself, maybe they start listening if more people speak up. I have given up on getting ignored or rejected when suggesting ways to make these update notifications from freshclam more to the point, so that an admin or user can distinguish between normal updates with bugfixes or improvements to the engine and urgent security updates.
Some automated method that makes upgrading the engine and the database a triffle?
I don't know what a triffle is, but the database is already being upgraded automatically by freshclam, which is fine, but we certainly wouldn't want to handle the engine the same way, as it would defeat the purpose of having it packaged as an RPM. BTW, I'll immediately prepare the new ClamAV packages... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=406994
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c3
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=406994
User robin.listas@telefonica.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c4
--- Comment #4 from Carlos Robinson
(In reply to comment #0 from Carlos Robinson)
Even after the recent YOU update of clamav to 0.93.1-0.1 and clamav-db to 0.93.1-0.1, the daemon still complains that it is outdated
It looks like the ClamAV team recently stopped notifying binary packagers in advance of new releases, giving them some time to prepare their packages.
I'm sorry to hear that... advance notice to you is precisely what is needed.
It is absurd to have this warning popping up in the warn log every two hours if it is not true, and dangerous if it is true.
I asked in the security list and Marcus Meissner told me that the clamav people have changed again the version number; maybe they could find someway easier way?
Please try talking to the ClamAV people yourself, maybe they start listening if more people speak up.
I'll try. First I'll have to find where.
Some automated method that makes upgrading the engine and the database a triffle?
I don't know what a triffle is,
Sorry! A breeze, something trivial, like "antivir" does or something as easy and automatic.
but the database is already being upgraded automatically by freshclam, which is fine, but we certainly wouldn't want to handle the engine the same way, as it would defeat the purpose of having it packaged as an RPM.
BTW, I'll immediately prepare the new ClamAV packages...
Thanks :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=406994
User max@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c5
--- Comment #5 from Reinhard Max
https://bugzilla.novell.com/show_bug.cgi?id=406994
User max@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c6
--- Comment #6 from Reinhard Max
There is at least one security fix in 0.93.2: CVE-2008-2713 .
Ah - no, that one was fixed in 0.93.1 already, but the ChangeLog file in the ClamAV source tree only lists it shortly before the 0.93.2 release - four weeks after the actual commit. :( -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=406994
User max@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c7
Reinhard Max
https://bugzilla.novell.com/show_bug.cgi?id=406994
User meissner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c8
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=406994
User asemen@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c9
Andrej Semen
https://bugzilla.novell.com/show_bug.cgi?id=406994
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c10
--- Comment #10 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=406994
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=406994
User meissner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c11
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=406994
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406994#c12
--- Comment #12 from Ludwig Nussel
participants (1)
-
bugzilla_noreply@novell.com