[opensuse-security] Clamav installation in 10.3 is still outdated.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After the recent YOU update of clamav to 0.93.1-0.1 and clamav-db to 0.93.1-0.1, the daemon still complains that it is outdated: Jul 8 00:21:05 nimrodel freshclam[5151]: ClamAV update process started at Tue Jul 8 00:21:05 2008 Jul 8 00:21:05 nimrodel freshclam[5151]: Your ClamAV installation is OUTDATED! Jul 8 00:21:05 nimrodel freshclam[5151]: Local version: 0.93.1 Recommended version: 0.93.3 Contrary to SUSE policy of not changing the version number, this time you do have to modify the version, or hack the code to eliminate the warning. It is absurd to have this warning popping up in the warn log every two hours if it is not true, and dangerous if it is true. If you require a bugzilla, I'll write it. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIcqRHtTMYHG2NR9URAl43AKCQvD2VJ1ahorQyQ4+lQbvXZgmrKwCcCXeo +HLyfVrEJE7wHMTtfeNxr3U= =lFlB -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, Jul 08, 2008 at 01:18:29AM +0200, Carlos E. R. wrote:
After the recent YOU update of clamav to 0.93.1-0.1 and clamav-db to 0.93.1-0.1, the daemon still complains that it is outdated:
Jul 8 00:21:05 nimrodel freshclam[5151]: ClamAV update process started at Tue Jul 8 00:21:05 2008 Jul 8 00:21:05 nimrodel freshclam[5151]: Your ClamAV installation is OUTDATED! Jul 8 00:21:05 nimrodel freshclam[5151]: Local version: 0.93.1 Recommended version: 0.93.3
Contrary to SUSE policy of not changing the version number, this time you do have to modify the version, or hack the code to eliminate the warning. It is absurd to have this warning popping up in the warn log every two hours if it is not true, and dangerous if it is true.
If you require a bugzilla, I'll write it.
No, its just that clamav just seems to have released silently yet another version. Please open a bug. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-07-08 at 01:19 +0200, Marcus Meissner wrote:
On Tue, Jul 08, 2008 at 01:18:29AM +0200, Carlos E. R. wrote:
After the recent YOU update of clamav to 0.93.1-0.1 and clamav-db to 0.93.1-0.1, the daemon still complains that it is outdated:
Jul 8 00:21:05 nimrodel freshclam[5151]: ClamAV update process started at Tue Jul 8 00:21:05 2008 Jul 8 00:21:05 nimrodel freshclam[5151]: Your ClamAV installation is OUTDATED! Jul 8 00:21:05 nimrodel freshclam[5151]: Local version: 0.93.1 Recommended version: 0.93.3
Contrary to SUSE policy of not changing the version number, this time you do have to modify the version, or hack the code to eliminate the warning. It is absurd to have this warning popping up in the warn log every two hours if it is not true, and dangerous if it is true.
If you require a bugzilla, I'll write it.
No, its just that clamav just seems to have released silently yet another version.
Argh! :-(
Please open a bug.
Will do. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIcq5MtTMYHG2NR9URApW3AJ45k/QDQi2LNp/Md2Aybs2urUmITgCcCD27 0pdMUlLpGZgGPYYR/tMjdaw= =tK1q -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, 8 Jul 2008 01:19:46 +0200 Marcus Meissner <meissner@suse.de> wrote:
On Tue, Jul 08, 2008 at 01:18:29AM +0200, Carlos E. R. wrote:
After the recent YOU update of clamav to 0.93.1-0.1 and clamav-db to 0.93.1-0.1, the daemon still complains that it is outdated:
Jul 8 00:21:05 nimrodel freshclam[5151]: ClamAV update process started
at Tue Jul 8 00:21:05 2008
Jul 8 00:21:05 nimrodel freshclam[5151]: Your ClamAV installation is OUTDATED! Jul 8 00:21:05 nimrodel freshclam[5151]: Local version: 0.93.1 Recommended version: 0.93.3
Contrary to SUSE policy of not changing the version number, this time you do have to modify the version, or hack the code to eliminate the warning. It is absurd to have this warning popping up in the warn log every two hours if it is not true, and dangerous if it is true.
If you require a bugzilla, I'll write it.
No, its just that clamav just seems to have released silently yet another version.
Please open a bug.
There were two releases today (due to a serious regression in the first). Both were announced on clamav announce. I'm not sure how that qualifies as silent. The good news is that it appears at first glance the new release does not have any security fixes in it. Scott Kitterman --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Mon, Jul 07, 2008 at 08:28:46PM -0400, Scott Kitterman wrote:
On Tue, 8 Jul 2008 01:19:46 +0200 Marcus Meissner <meissner@suse.de> wrote:
On Tue, Jul 08, 2008 at 01:18:29AM +0200, Carlos E. R. wrote:
After the recent YOU update of clamav to 0.93.1-0.1 and clamav-db to 0.93.1-0.1, the daemon still complains that it is outdated:
Jul 8 00:21:05 nimrodel freshclam[5151]: ClamAV update process started
at Tue Jul 8 00:21:05 2008
Jul 8 00:21:05 nimrodel freshclam[5151]: Your ClamAV installation is OUTDATED! Jul 8 00:21:05 nimrodel freshclam[5151]: Local version: 0.93.1 Recommended version: 0.93.3
Contrary to SUSE policy of not changing the version number, this time you do have to modify the version, or hack the code to eliminate the warning. It is absurd to have this warning popping up in the warn log every two hours if it is not true, and dangerous if it is true.
If you require a bugzilla, I'll write it.
No, its just that clamav just seems to have released silently yet another version.
Please open a bug.
There were two releases today (due to a serious regression in the first). Both were announced on clamav announce. I'm not sure how that qualifies as silent.
The good news is that it appears at first glance the new release does not have any security fixes in it.
Ah, ok. Well, a bug is open so it will go its regular way. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-07-07 at 20:28 -0400, Scott Kitterman wrote:
There were two releases today (due to a serious regression in the first). Both were announced on clamav announce. I'm not sure how that qualifies as silent.
IMHO, releases should be announced privately to the distros maintainers so that they have a chance to have their distros update rpms ready at the same time that the program starts barking "Outdated!". That's not nice. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIc0emtTMYHG2NR9URAsd5AKCOYeFgKAOy0x1MN2ze8cL8m+JoewCggAqR ehJZyXIhfjHCmfAqbBxNQIM= =Bg4v -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Carlos E. R. escribió:
IMHO, releases should be announced privately to the distros maintainers so that they have a chance to have their distros update rpms ready at the same time that the program starts barking "Outdated!".
no, that's not the way it should work, there is absolutely no point on hidding releases of open source software to the public, the code is already available on CVS/SVN anyway. That kind of "secrecy" is even more dangerous when used on a security product like clamav. -- "A computer is like an Old Testament god, with a lot of rules and no mercy. " Cristian Rodríguez R. Platform/OpenSUSE - Core Services SUSE LINUX Products GmbH Research & Development http://www.opensuse.org/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-07-08 at 19:39 -0400, Cristian Rodríguez wrote:
Carlos E. R. escribió:
IMHO, releases should be announced privately to the distros maintainers so that they have a chance to have their distros update rpms ready at the same time that the program starts barking "Outdated!".
no, that's not the way it should work, there is absolutely no point on hidding releases of open source software to the public, the code is already available on CVS/SVN anyway.
That kind of "secrecy" is even more dangerous when used on a security product like clamav.
The point is not secrecy, the point is that we get the YOU update the same day that clamav starts crying "Wolf!" on the warning logs, not several weeks later. I started getting the warning that my clamav installation is outdated last Jun 9, and I'm still getting them, a month later. Do you think I'm getting more security this way? Jun 9 15:44:50 nimrodel freshclam[9428]: Your ClamAV installation is OUTDATED! Jun 9 17:44:54 nimrodel freshclam[9428]: Your ClamAV installation is OUTDATED! ... Jun 11 04:07:00 nimrodel freshclam[4896]: Your ClamAV installation is OUTDATED! Jun 11 12:25:19 nimrodel freshclam[5107]: Your ClamAV installation is OUTDATED! ... Jun 15 23:00:24 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED! Jun 16 01:00:24 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED! ... Jun 19 19:03:00 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED! Jun 20 00:23:57 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED! ... Jun 24 23:37:58 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED! Jun 25 01:37:58 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED! ... Jun 30 22:13:20 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED! Jul 1 00:13:20 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED! ... Jul 1 20:13:46 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED! Jul 7 22:21:04 nimrodel freshclam[5151]: Your ClamAV installation is OUTDATED! ... Jul 8 22:01:39 nimrodel freshclam[5140]: Your ClamAV installation is OUTDATED! Jul 9 00:01:39 nimrodel freshclam[5140]: Your ClamAV installation is OUTDATED! Will we have to wait another month to get the rpm update? Frankly, I'd either prefer the rpms from the distros to be synchronized with those warnings in some way, or to get the updates the "antivir" way, ie, generated by the clamav people the same way the database is updated. This way, if I had people served by me, I'd have to compile clamav myself to get protection fast for my users. As it is, I can wait years if need be. I'm not complaining for myself (I'm not affected), I'm just pointing out the problem... - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIdADXtTMYHG2NR9URAv+mAJ90jxcNiHbI54giAk+8LOVb9O6D4ACfQ27L v7EkRc7ij8++T75nFWEg6I8= =45sM -----END PGP SIGNATURE-----
participants (5)
-
Carlos E. R.
-
Carlos E. R.
-
Cristian Rodríguez
-
Marcus Meissner
-
Scott Kitterman