https://bugzilla.novell.com/show_bug.cgi?id=406994 User max@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=406994#c2 Reinhard Max changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #2 from Reinhard Max 2008-07-08 05:30:59 MDT --- (In reply to comment #0 from Carlos Robinson)

Even after the recent YOU update of clamav to 0.93.1-0.1 and clamav-db to 0.93.1-0.1, the daemon still complains that it is outdated

It looks like the ClamAV team recently stopped notifying binary packagers in advance of new releases, giving them some time to prepare their packages.

It is absurd to have this warning popping up in the warn log every two hours if it is not true, and dangerous if it is true.

I asked in the security list and Marcus Meissner told me that the clamav people have changed again the version number; maybe they could find someway easier way?

Please try talking to the ClamAV people yourself, maybe they start listening if more people speak up. I have given up on getting ignored or rejected when suggesting ways to make these update notifications from freshclam more to the point, so that an admin or user can distinguish between normal updates with bugfixes or improvements to the engine and urgent security updates.

Some automated method that makes upgrading the engine and the database a triffle?

I don't know what a triffle is, but the database is already being upgraded automatically by freshclam, which is fine, but we certainly wouldn't want to handle the engine the same way, as it would defeat the purpose of having it packaged as an RPM. BTW, I'll immediately prepare the new ClamAV packages... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=406994 User robin.listas@telefonica.net added comment https://bugzilla.novell.com/show_bug.cgi?id=406994#c4 --- Comment #4 from Carlos Robinson 2008-07-08 06:09:12 MDT --- (In reply to comment #2 from Reinhard Max)

(In reply to comment #0 from Carlos Robinson)

...

Even after the recent YOU update of clamav to 0.93.1-0.1 and clamav-db to 0.93.1-0.1, the daemon still complains that it is outdated

It looks like the ClamAV team recently stopped notifying binary packagers in advance of new releases, giving them some time to prepare their packages.

I'm sorry to hear that... advance notice to you is precisely what is needed.

...

It is absurd to have this warning popping up in the warn log every two hours if it is not true, and dangerous if it is true.

I asked in the security list and Marcus Meissner told me that the clamav people have changed again the version number; maybe they could find someway easier way?

Please try talking to the ClamAV people yourself, maybe they start listening if more people speak up.

I'll try. First I'll have to find where.

...

Some automated method that makes upgrading the engine and the database a triffle?

I don't know what a triffle is,

Sorry! A breeze, something trivial, like "antivir" does or something as easy and automatic.

but the database is already being upgraded automatically by freshclam, which is fine, but we certainly wouldn't want to handle the engine the same way, as it would defeat the purpose of having it packaged as an RPM.

BTW, I'll immediately prepare the new ClamAV packages...

Thanks :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=406994 User max@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=406994#c6 --- Comment #6 from Reinhard Max 2008-07-08 06:43:54 MDT --- (In reply to comment #5 from Reinhard Max)

There is at least one security fix in 0.93.2: CVE-2008-2713 .

Ah - no, that one was fixed in 0.93.1 already, but the ChangeLog file in the ClamAV source tree only lists it shortly before the 0.93.2 release - four weeks after the actual commit. :( -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=406994 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=406994#c8 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- Found By|--- |Third Party Developer/Partner Status Whiteboard| |patchinfos submitted --- Comment #8 from Marcus Meissner 2008-07-10 15:42:01 MDT --- patchinfos submitted -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=406994 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=406994#c10 --- Comment #10 from Ludwig Nussel 2008-07-11 05:14:08 MDT --- Yes. Since previous updates were security updates we need to flag this one as security too though. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=406994 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=406994#c11 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #11 from Marcus Meissner 2008-07-11 09:26:08 MDT --- released -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.