Results 1 to 8 of 8

Thread: ClamAV is outdated

  1. #1
    Join Date
    Aug 2009
    Beans
    32
    Distro
    Ubuntu 10.04 Lucid Lynx

    ClamAV is outdated

    Hi!

    I have two servers complaining about ClamAV being outdated:

    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.96.1 Recommended version: 0.96.3

    Doing an aptitude update says I don't have to upgrade anything. Why is this? Must ClamAV be updated manually?

    , MacGoose

  2. #2
    Join Date
    Apr 2006
    Beans
    800
    Distro
    Lubuntu 12.04 Precise Pangolin

    Re: ClamAV is outdated

    The clamav version you are using is tested with Ubuntu.
    If you want a later version you'll have to use a PPA repository.
    You'll have to decide whether to use a later version (for security) or a thoroughly tested version (for stability).

    If you'll go for the PPA here's how to do it:
    1. Edit the software sources (use vim, nano, emacs or whatever text editor you're familiar with)
    Code:
    sudo vim /etc/apt/sources.list
    2. Add this line
    Code:
    deb http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu lucid main
    3. Save and close
    4. Add the key for the PPA
    Code:
    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5ADC2037
    5. Update and upgrade
    Code:
    sudo apt-get update
    sudo apt-get upgrade
    Links:

  3. #3
    Join Date
    Aug 2009
    Beans
    32
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: ClamAV is outdated

    Thanx!

    So if I go for the tested Ubuntu version I will get these warnings all the time?

    I think I'll go for the PPA repository then. I like to see warnings that are "real" and can be dealth with.

    Thanx again!

    , MacGoose

  4. #4
    Join Date
    Mar 2010
    Beans
    5

    Re: ClamAV is outdated

    hi thanks for the info but i get a
    "Type ‘http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu’ is not known on line 56 in source list /etc/apt/sources.list " on updating any ideas what causes this, not that I hold out much hope clam will the my virus that I know is there.

  5. #5
    Join Date
    Apr 2006
    Beans
    800
    Distro
    Lubuntu 12.04 Precise Pangolin

    Re: ClamAV is outdated

    @krull
    What are you trying to do here? Are you following my steps on how to install the PPA version of ClamAV?
    If so, you have to copy the whole line in step 2, incl. the "deb" before the url.

    Also I would recommend using the main Ubuntu repositiories, not adding extra PPA repos just for the sake of it.

  6. #6
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    12,779
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: ClamAV is outdated

    Quote Originally Posted by lykeion View Post
    Also I would recommend using the main Ubuntu repositiories, not adding extra PPA repos just for the sake of it.
    Bug report filed at Launchpad:

    https://bugs.launchpad.net/ubuntu/+s...av/+bug/644707

    The patch is included in the version for Maverick but hasn't been applied to earlier releases. I don't know much about how backports work, but perhaps it's available to him that way?

    https://bugs.launchpad.net/bugs/cve/2010-0405

    ClamAV gets continuously updated and patched, almost on a daily basis according to its Changelog. I presume it's constantly being targeted by virus developers and other hackers given its widespread use. So I wouldn't say trying to keep current with its development constitutes "adding extra PPA repos just for the sake of it." I've used ClamAV for many years now as part of a mail scanning server, and it seems to need updating more than most of the other software on that box.

    That said, I just tried to update a CentOS 5.5 server I run, and the upgrade doesn't seem to be in its repositories yet either.

    Update: I'm building 0.96.3 on that system from source now. I had to upgrade bzip2 and bzip2-devel since that's the origin of the vulnerability. The ClamAV source for 0.96.3 checks the bzip2 code to make sure the patch is installed and complains loudly if it's not there.
    Last edited by SeijiSensei; September 25th, 2010 at 02:28 PM.

  7. #7
    Join Date
    Apr 2006
    Beans
    800
    Distro
    Lubuntu 12.04 Precise Pangolin

    Re: ClamAV is outdated

    Yes, if I ran a server and used ClamAV I would try to keep it updated. That is why I suggested a way to get an updated package via PPA to OP.
    But for the normal user who may be unsure of what he's doing I think it's easier to use the main repository version, that's all I was saying.

  8. #8
    Join Date
    Mar 2010
    Beans
    5

    Re: ClamAV is outdated

    Ok. i did add the lines exactly as written on your post bu that is what the error message says. i will probably stick to the ubuntu repo. and just wait for them to update clam.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •