[lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated

Walter Lapchynski wxl at ubuntu.com
Thu Feb 4 18:37:03 UTC 2016 

To assume that everything will be updated all the time is an unsafe
assumption, even when systems are in place to try to keep everything
updated. The most stable OSes out there are, at times, out of date. For
example, when a vulnerability is found but no solution exists. Or when
there are issues with licensing. Or when the maintainers within the OSes
are unable, for whatever reason, to keep maintaining. Murphy's Law is the
rule of life. Even your example of Firefox has, at times, not been the
current version.

While we're on the subject of browsers, let's consider Chromium:

Ubuntu: [48.0.2564.82-0ubuntu1.1222][1]
Debian: [48.0.2564.82-2][2]
Upstream: [48.0.2564.103][3]

So it's actually not up to date. Note that upstream is on version
50-something in their development release, too.

These kind of things happen. If you're really concerned about your own
particular system, I would urge you to always download and compile upstream
versions yourself, directly from upstream. No OS can promise you to be 100%
up to date all the time, not Ubuntu, Debian, Arch, Red Hat, Fedora,
FreeBSD, or any other UNIX-like distro. For that matter, the fact that you
are more updated than the likes of Windows or OS X, especially for more
serious vulnerabilities is pretty remarkable. Beyond that, you have the
choice to update anything on your own.

[1]: http://packages.ubuntu.com/xenial/chromium-browser
[2]: https://packages.debian.org/unstable/chromium
[3]: https://www.chromium.org/developers/calendar

On Thu, Feb 4, 2016 at 9:46 AM, Peter Golis <golisp at centrum.sk> wrote:

> Hello Walter,
>
> If there will be continuous plan for having updated antivirus at all as is
> for example on web browser firefox, then there will not be outdated
> antivirus. That missed periodical updates on provided antivirus decrease
> possibility of reaching *buntu based systems also enterprise segment. As
> example, File or Email server based on Ubuntu Server Edition. But this is
> for me only minor issue.
>
>
>
> I had a question, and that question was cleanly answered. So, we can leave
> it closed if there are no future plans.
>
>
>
> Have a nice day,
>
> Peter.
>
>
>
> ______________________________________________________________
> > Od: Walter Lapchynski <wxl at ubuntu.com>
> > Komu: Peter Golis <golisp at centrum.sk>
> > Dátum: 04.02.2016 17:09
> > Predmet: Re: [lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated
> >
>
> I'm pretty sure that's not what I said. To summarize, tools are in place
> to ensure all packages upstream in Debian are updated, but this one doesn't
> seem to behaving. It requires further investigation.
>
> @wxl | http://polka.bike
> Lubuntu Release Manager & Head of QA
> Ubuntu PPC Point of Contact
> Ubuntu Oregon Team Leader
> Ubuntu Membership Board & LoCo Council Member
> Eugene Unix & GNU/Linux User Group Co-organizer
> On Feb 4, 2016 6:53 AM, "Peter Golis" <golisp at centrum.sk> wrote:
>
>> Hello Walter,
>>
>> So, there is no continuous plan for making antivirus up to date by
>> automatic updates like is for example on firefox which is allways up to
>> date. Thanks for feedback.
>>
>>
>>
>> Best Regards,
>>
>> Peter.
>>
>>
>>
>> PS: This can exclude clean *buntu based distros from file servers which
>> cover security for users.
>>
>>
>>
>> ______________________________________________________________
>> > Od: Walter Lapchynski <wxl at ubuntu.com>
>> > Komu: Peter Golis <golisp at centrum.sk>
>> > Dátum: 04.02.2016 15:43
>> > Predmet: Re: [lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated
>> >
>>
>> > CC: "lubuntu user list"
>>
>> As you may know, Lubuntu is an Ubuntu project, which is to say that some
>> things affecting Lubuntu actually affect the entire project. In these
>> cases, it's best to reach out to the wider community. This is one such case.
>>
>> Ubuntu is, more or less, Debian unstable (except it's stable). Things in
>> the Debian repos [autosync][1] to the Ubuntu repos. By that logic, we
>> should have the [latest clamav][2] considering we are [before the
>> freeze][3]. If you read about [sync requests][4], you'll find they are
>> applicable only to packages where the Ubuntu patches are no longer relevant
>> but this package may need them as the Ubuntu version has five (that's the
>> meaning of the "ubuntu5" at the end of the version string), so you need to
>> look into a [merge][5].
>>
>> Interestingly, clamav is not on the merge list, so I'm not sure what's
>> going on there. You may wish to check with the [Ubuntu Developers Team][6]
>> to figure out what the situation is.
>>
>> [1]: https://wiki.ubuntu.com/DebianImportFreeze
>> [2]: https://packages.debian.org/unstable/clamav
>> [3]: https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule
>> [4]: https://wiki.ubuntu.com/SyncRequestProcess
>> [5]: https://wiki.ubuntu.com/UbuntuDevelopment/Merging
>> [6]: https://wiki.ubuntu.com/UbuntuDevelopment#Communication
>>
>> p.s. Don't forget the females in your greetings! Ubuntu means, roughly,
>> humanness— and that means all genders. http://women.ubuntu.com/
>>
>> @wxl | http://polka.bike
>> Lubuntu Release Manager & Head of QA
>> Ubuntu PPC Point of Contact
>> Ubuntu Oregon Team Leader
>> Ubuntu Membership Board & LoCo Council Member
>> Eugene Unix & GNU/Linux User Group Co-organizer
>> On Feb 4, 2016 5:48 AM, "Peter Golis" <golisp at centrum.sk> wrote:
>>
>>>
>>>
>>> Hello Gentleman,
>>>
>>> During check of my logs I had found outdated ClamAV binaries (reported
>>> by freshclam). Is there any continuous plan for making antivirus up to date?
>>>
>>>
>>>
>>> I know, this is only warning. But why to not have periodically updated
>>> antivirus on the same way like web browser firefox which is allways up to
>>> date on all *buntu derrivates?
>>>
>>>
>>>
>>> According to http://www.clamav.net/downloads the latest stable version
>>> of ClamAV is 0.99.0 from 2015-12-01 18:15:38 UTC and pervious version in
>>> Lubuntu is 0.98.7 from 2015-10-12 19:49:40 UTC which is *allmost 5
>>> months old*.
>>>
>>>
>>>
>>> Clamav and freshclam actual versions:
>>>
>>>
>>>
>>> clamav-freshclam/xenial,now 0.98.7+dfsg-0ubuntu5 powerpc
>>> [installed,automatic]
>>>   anti-virus utility for Unix - virus database update utility
>>>
>>>
>>>
>>> clamav/xenial,now 0.98.7+dfsg-0ubuntu5 powerpc [installed,automatic]
>>>   anti-virus utility for Unix - command-line interface
>>>
>>> Log with complaint:
>>>
>>> $ tail -17 /var/log/clamav/freshclam.log
>>> Thu Feb  4 14:06:13 2016 -> --------------------------------------
>>> Thu Feb  4 14:06:13 2016 -> ERROR: Can't save PID to file
>>> /var/run/clamav/freshclam.pid: No such file or directory
>>> Thu Feb  4 14:06:13 2016 -> freshclam daemon 0.98.7 (OS: linux-gnu,
>>> ARCH: ppc, CPU: powerpc)
>>> Thu Feb  4 14:06:13 2016 -> ClamAV update process started at Thu Feb  4
>>> 14:06:13 2016
>>> Thu Feb  4 14:06:13 2016 -> WARNING: Can't query current.cvd.clamav.net
>>> Thu Feb  4 14:06:13 2016 -> WARNING: Invalid DNS reply. Falling back to
>>> HTTP mode.
>>> Thu Feb  4 14:06:13 2016 -> Reading CVD header (main.cvd): Thu Feb  4
>>> 14:06:13 2016 -> WARNING: Can't get information about
>>> db.local.clamav.net: Temporary failure in name resolution
>>> Thu Feb  4 14:06:13 2016 -> WARNING: Can't read main.cvd header from
>>> db.local.clamav.net (IP: )
>>> Thu Feb  4 14:06:15 2016 -> Trying again in 5 secs...
>>> Thu Feb  4 14:06:20 2016 -> ClamAV update process started at Thu Feb  4
>>> 14:06:20 2016
>>> Thu Feb  4 14:06:20 2016 -> WARNING: Your ClamAV installation is
>>> OUTDATED!
>>> Thu Feb  4 14:06:20 2016 -> WARNING: *Local version: 0.98.7 Recommended
>>> version: 0.99*
>>> Thu Feb  4 14:06:20 2016 -> DON'T PANIC! Read
>>> http://www.clamav.net/support/faq
>>> Thu Feb  4 14:06:20 2016 -> main.cvd is up to date (version: 55, sigs:
>>> 2424225, f-level: 60, builder: neo)
>>> Thu Feb  4 14:06:20 2016 -> daily.cld is up to date (version: 21341,
>>> sigs: 1827592, f-level: 63, builder: neo)
>>> Thu Feb  4 14:06:20 2016 -> bytecode.cld is up to date (version: 271,
>>> sigs: 47, f-level: 63, builder: anvilleg)
>>> Thu Feb  4 14:07:31 2016 -> --------------------------------------
>>>
>>>
>>>
>>> Have a nice day,
>>>
>>> Peter.
>>>
>>> --
>>> Lubuntu-users mailing list
>>> Lubuntu-users at lists.ubuntu.com
>>> Modify settings or unsubscribe at:
>>> https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
>>>
>>>


-- 
@wxl | http://polka.bike
Lubuntu Release Manager & Head of QA
Ubuntu PPC Point of Contact
Ubuntu Oregon LoCo Team Leader
Ubuntu Membership Board & LoCo Council Member
Eugene Unix & GNU/Linux User Group Co-Organizer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/lubuntu-users/attachments/20160204/8164e034/attachment-0001.html>

More information about the Lubuntu-users mailing list