There was always an update of clamav via YOU (when you use a ftp or http
client to look into the update repo manually, you still see clamav-0.91.2, 0.92.0, 0.92.1, and 0.93.0), it just takes some time to testing... This is one of the reasons for me staying with SUSE, even after they introduced the 10.1 software management ;-)
No, there has been no update through YOU yet. Marcus said there will be one such, so I'll wait. No, I do not intend to go to the clamav site and roll my own. If that's what needs to be done I will uninstall clamd and continue using antivir instead.
Well, of course, I mean for the one that is "official" currently for opensuse 10.3.
There is some problem with the procedure here: the clamd people should tell the distro maintainers in advance that there is going to be a new version and that such versions are to be obsoleted, so that they can prepare the automatic upgrades for their distros without there being any perveived loss of security.
I mean, it doesn't look good if the antivirus says "Hey, I'm obsolete", and the update is not ready.
On the other hand, if updating the engine is not that crucial, then they should not write that message to the warning log. There are many programs and daemons in the distro that keep silent when there is a new version, and many of them are security-wise important.
That's what I think the real problem is: that they shout "Danger, update me! with no real need.
There are from time to time bugs and updates to clamav, and the normal opensuse updates take care of this problem by updating thru YOU, normally a week or so later. However there was a very serious bug found in clamav a couple of months ago that would allow remote code execution. As long as you are running version 0.93.0 you should be fine until the newest YOU updates get pushed out. I understand your point about updates being brought more current, but I guess I'll have to trust our developers to get them out as soon as they can. Jim --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org