Mailinglist Archive: opensuse-security (50 mails)

< Previous Next >
Re: [opensuse-security] Clamav installation in 10.3 is still outdated.
  • From: "Carlos E. R." <carlos.e.r@xxxxxxxxxxxx>
  • Date: Wed, 9 Jul 2008 02:05:30 +0200 (CEST)
  • Message-id: <alpine.LSU.1.00.0807090151460.6698@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



The Tuesday 2008-07-08 at 19:39 -0400, Cristian Rodríguez wrote:

Carlos E. R. escribió:

IMHO, releases should be announced privately to the distros maintainers so
that they have a chance to have their distros update rpms ready at the
same time that the program starts barking "Outdated!".

no, that's not the way it should work, there is absolutely no point on hidding releases of open source software to the public, the code is already available on CVS/SVN anyway.

That kind of "secrecy" is even more dangerous when used on a security product like clamav.

The point is not secrecy, the point is that we get the YOU update the same day that clamav starts crying "Wolf!" on the warning logs, not several weeks later.

I started getting the warning that my clamav installation is outdated last Jun 9, and I'm still getting them, a month later. Do you think I'm getting more security this way?

Jun 9 15:44:50 nimrodel freshclam[9428]: Your ClamAV installation is OUTDATED!
Jun 9 17:44:54 nimrodel freshclam[9428]: Your ClamAV installation is OUTDATED!
...
Jun 11 04:07:00 nimrodel freshclam[4896]: Your ClamAV installation is OUTDATED!
Jun 11 12:25:19 nimrodel freshclam[5107]: Your ClamAV installation is OUTDATED!
...
Jun 15 23:00:24 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED!
Jun 16 01:00:24 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED!
...
Jun 19 19:03:00 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED!
Jun 20 00:23:57 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED!
...
Jun 24 23:37:58 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED!
Jun 25 01:37:58 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED!
...
Jun 30 22:13:20 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED!
Jul 1 00:13:20 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED!
...
Jul 1 20:13:46 nimrodel freshclam[5059]: Your ClamAV installation is OUTDATED!
Jul 7 22:21:04 nimrodel freshclam[5151]: Your ClamAV installation is OUTDATED!
...
Jul 8 22:01:39 nimrodel freshclam[5140]: Your ClamAV installation is OUTDATED!
Jul 9 00:01:39 nimrodel freshclam[5140]: Your ClamAV installation is OUTDATED!



Will we have to wait another month to get the rpm update? Frankly, I'd
either prefer the rpms from the distros to be synchronized with those
warnings in some way, or to get the updates the "antivir" way, ie, generated by the clamav people the same way the database is updated.

This way, if I had people served by me, I'd have to compile clamav myself to get protection fast for my users. As it is, I can wait years if need be.

I'm not complaining for myself (I'm not affected), I'm just pointing out the problem...

- -- Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFIdADXtTMYHG2NR9URAv+mAJ90jxcNiHbI54giAk+8LOVb9O6D4ACfQ27L
v7EkRc7ij8++T75nFWEg6I8=
=45sM
-----END PGP SIGNATURE-----
< Previous Next >