Ubuntu
clamav package

Latest clamav not available from ppas

Asked by D. Charles Pyle

I am getting the following message with every freshclam update (every 30 minutes on my machine):

ClamAV update process started at Thu Jan 29 09:53:58 2015
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.5 Recommended version: 0.98.6
DON'T PANIC! Read http://www.clamav.net/support/faq

I am somewhat new to Ubuntu so I have not been building many packages as of yet. I also don't want to lose support for an LTS release as was the case when I built my own/installed prebuilt latest kernels. The newest version of clamav isn't available in any official ppa for Ubuntu, Trusty or otherwise. When will that be changing?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu clamav Edit question
Assignee:
No assignee Edit question
Solved by:
D. Charles Pyle
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

I suggest you contact the PPA maintainer

Revision history for this message
D. Charles Pyle (dcharlespyle) said : 		#2

Who would that be? As an aside, a couple things fixed in 0.98.6 have a CVE number next to them, and are listed as serious vulnerabilities in Debian.

Revision history for this message
Manfred Hampl (m-hampl) said : 		#3

If you look at https://launchpad.net/ubuntu/+source/clamav/+publishinghistory you can see that there is work in progress. A 0.98.6 version has already been uploaded for Ubuntu 15.04 (development release) yesterday. I assume that, as soon as this version has been confirmed to run well on Ubuntu, the process to backport a 0.98.6 version to the older Ubuntu releases will be performed. Just be patient.

If you want, you can create a bug report, but I do not think that it will speed it up.

Revision history for this message
D. Charles Pyle (dcharlespyle) said : 		#4

I know that that won't speed things up. So, rather than wait I just built my own unsigned packages and installed those in the interim.

Typically I can and often do patience. However, in this case, I really don't like running software that has CVE numbering assigned to it, particularly when I saw the list of potential vulnerabilities associated with 0.98.5. It's not cool when hacking crackers can bring down a system using software designed to stop/prevent malware intrusions. In my opinion, that should have been motivation enough to push the newer version more quickly. I may just also install the 15.04 version of 0.98.6 if I see issues with my build. So far, I have not seen any problems with what I built and installed but I'll be watching the logs.

In any case, I'll mark this as answered. Thank you for letting me know