[lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated

Peter Golis golisp at centrum.sk
Fri Feb 5 15:41:13 UTC 2016 

Hello Walter,
Your suggestion to request for updated antivirus per each supported *buntu release when new antivirus is released make no sense as you are getting all of packages from Debian. This is not an solution, that is only neverending story which was avoided in case of for example SW product Mozilla Firefox.
 
Anyway, from my side was my question allready answered in past time.
 
Have a nice weekend,
Peter.
 
______________________________________________________________
> Od: Walter Lapchynski <wxl at ubuntu.com>
> Komu: Peter Golis <golisp at centrum.sk>, lubuntu user list <lubuntu-users at lists.ubuntu.com>
> Dátum: 05.02.2016 15:54
> Predmet: Re: [lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated
>
No, you're still not getting it. Systems are in place in Ubuntu to ensure *all* Debian packages are kept up to date in the Ubuntu repos. There is something unexpected and unknown getting in the way of clamav being updated. This begs further investigation. You have two choices to resolve this: write a bug report or contact the Ubuntu Development Team. Long story short, further communication on this list on the subject is not going to help. Choose one of the two aforementioned actions and the problem can be resolved.
@wxl | http://polka.bike <http://polka.bike>
Lubuntu Release Manager & Head of QA
Ubuntu PPC Point of Contact
Ubuntu Oregon Team Leader
Ubuntu Membership Board & LoCo Council Member
Eugene Unix & GNU/Linux User Group Co-organizer
On Feb 4, 2016 10:45 PM, "Peter Golis" <golisp at centrum.sk <golisp at centrum.sk>> wrote:
Hello Walter,
If I can understood your words, then keeping (statically linked) antivirus up to date is unsafe. And keeping web browser up to date is safe. 

Anyway, my question was already answered. And I need no explanation why *buntu derivates don't want to be safe. 

Have a nice day,
Peter.

On February 4, 2016 7:37:03 PM CET, Walter Lapchynski <wxl at ubuntu.com <wxl at ubuntu.com>> wrote:To assume that everything will be updated all the time is an unsafe assumption, even when systems are in place to try to keep everything updated. The most stable OSes out there are, at times, out of date. For example, when a vulnerability is found but no solution exists. Or when there are issues with licensing. Or when the maintainers within the OSes are unable, for whatever reason, to keep maintaining. Murphy's Law is the rule of life. Even your example of Firefox has, at times, not been the current version. While we're on the subject of browsers, let's consider Chromium:Ubuntu: [48.0.2564.82-0ubuntu1.1222][1]Debian: [48.0.2564.82-2][2]Upstream: [48.0.2564.103][3]So it's actually not up to date. Note that upstream is on version 50-something in their development release, too. These kind of things happen. If you're reall yconcerned about your own particular system, I would urge you 
 to always download and compile upstream versions yourself, directly from upstream. No OS can promise you to be 100% up to date all the time, not Ubuntu, Debian, Arch, Red Hat, Fedora, FreeBSD, or any other UNIX-like distro. For that matter, the fact that you are more updated than the likes of Windows or OS X, especially for more serious vulnerabilities is pretty remarkable. Beyond that, you have the choice to update anything on your own.[1]: http://packages.ubuntu.com/xenial/chromium-browser <http://packages.ubuntu.com/xenial/chromium-browser>[2]: https://packages.debian.org/unstable/chromium <https://packages.debian.org/unstable/chromium>[3]: https://www.chromium.org/developers/calendar <https://www.chromium.org/developers/calendar>
On Thu, Feb 4, 2016 at 9:46 A M,Peter Golis <golisp at centrum.sk <golisp at centrum.sk>> wrote:
Hello Walter,
If there will be continuous plan for having updated antivirus at all as is for example on web browser firefox, then there will not be outdated antivirus. That missed periodical updates on provided antivirus decrease possibility of reaching *buntu based systems also enterprise segment. As example, File or Email server based on Ubuntu Server Edition. But this is for me only minor issue.
 
I had a question, and that question was cleanly answered. So, we can leave it closed if there are no future plans.
 
Have a nice day,
Peter.
 
______________________________________________________________
> Od: Walter Lapchynski <wxl at ubuntu.com <wxl at ubuntu.com>>
> Komu: Peter Golis <golisp at centrum.sk <golisp at centrum.sk>>
> Dátum: 04.02.2016 17:09
> Predmet: Re: [lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated
>
I'm pretty sure that's not what I said. To summarize, tools are in place to ensure all packages upstream in Debian are updated, but this one doesn't seem to behaving. It requires further investigation.
@wxl | http://polka.bike <http://polka.bike>
Lubuntu Release Manager & Head of QA
Ubuntu PPC Point of Contact
Ubuntu Oregon Team Leader
Ubuntu Membership Board & LoCo Council Member
Eugene Unix & GNU/Linux User Group Co-organizer
On Feb 4, 2016 6:53 AM, "Peter Golis" <golisp at centrum.sk <golisp at centrum.sk>> wrote:
Hello Walter,
So, there is no continuous plan for making antivirus up to date by automatic updates like is for example on firefox which is allways up to date. Thanks for feedback.
 
Best Regards,
Peter.
 
PS: This can exclude clean *buntu based distros from file servers which cover security for users.
 
______________________________________________________________
> Od: Walter Lapchynski <wxl at ubuntu.com <wxl at ubuntu.com>>
> Komu: Peter Golis <golisp at centrum.sk <golisp at centrum.sk>>
> Dátum: 04.02.2016 15:43
> Predmet: Re: [lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated
>
> CC: "lubuntu user list"
As you may know, Lubuntu is an Ubuntu project, which is to say that some things affecting Lubuntu actually affect the entire project. In these cases, it's best to reach out to the wider community. This is one such case.
Ubuntu is, more or less, Debian unstable (except it's stable). Things in the Debian repos [autosync][1] to the Ubuntu repos. By that logic, we should have the [latest clamav][2] considering we are [before the freeze][3]. If you read about [sync requests][4], you'll find they are applicable only to packages where the Ubuntu patches are no longer relevant but this package may need them as the Ubuntu version has five (that's the meaning of the "ubuntu5" at the end of the version string), so you need to look into a [merge][5].
Interestingly, clamav is not on the merge list, so I'm not sure what's going on there. You may wish to check with the [Ubuntu Developers Team][6] to figure out what the situation is.
[1]: https://wiki.ubuntu.com/DebianImportFreeze <https://wiki.ubuntu.com/DebianImportFreeze>
[2]: https://packages.debian.org/unstable/clamav <https://packages.debian.org/unstable/clamav>
[3]: https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule <https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule>
[4]: https://wiki.ubuntu.com/SyncRequestProcess <https://wiki.ubuntu.com/SyncRequestProcess>
[5]: https://wiki.ubuntu.com/UbuntuDevelopment/Merging <https://wiki.ubuntu.com/UbuntuDevelopment/Merging>
[6]: https://wiki.ubuntu.com/UbuntuDevelopment#Communication <https://wiki.ubuntu.com/UbuntuDevelopment#Communication>
p.s. Don't forget the females in your greetings! Ubuntu means, roughly, humanness— and that means all genders. http://women.ubuntu.com/ <http://women.ubuntu.com/>
@wxl | http://polka.bike <http://polka.bike>
Lubuntu Release Manager & Head of QA
Ubuntu PPC Point of Contact
Ubuntu Oregon Team Leader
Ubuntu Membership Board & LoCo Council Member
Eugene Unix & GNU/Linux User Group Co-organizer
On Feb 4, 2016 5:48 AM, "Peter Golis" <golisp at centrum.sk <golisp at centrum.sk>> wrote:
 
Hello Gentleman,
During check of my logs I had found outdated ClamAV binaries (reported by freshclam). Is there any continuous plan for making antivirus up to date?
 
I know, this is only warning. But why to not have periodically updated antivirus on the same way like web browser firefox which is allways up to date on all *buntu derrivates?
 
According to http://www.clamav.net/downloads <http://www.clamav.net/downloads> the latest stable version of ClamAV is 0.99.0 from 2015-12-01 18:15:38 UTC and pervious version in Lubuntu is 0.98.7 from 2015-10-12 19:49:40 UTC which is allmost 5 months old.
 
Clamav and freshclam actual versions:
 
clamav-freshclam/xenial,now 0.98.7+dfsg-0ubuntu5 powerpc [installed,automatic]
  anti-virus utility for Unix - virus database update utility
 
clamav/xenial,now 0.98.7+dfsg-0ubuntu5 powerpc [installed,automatic]
  anti-virus utility for Unix - command-line interface


Log with complaint:
$ tail -17 /var/log/clamav/freshclam.log
Thu Feb  4 14:06:13 2016 -> --------------------------------------
Thu Feb  4 14:06:13 2016 -> ERROR: Can't save PID to file /var/run/clamav/freshclam.pid: No such file or directory
Thu Feb  4 14:06:13 2016 -> freshclam daemon 0.98.7 (OS: linux-gnu, ARCH: ppc, CPU: powerpc)
Thu Feb  4 14:06:13 2016 -> ClamAV update process started at Thu Feb  4 14:06:13 2016
Thu Feb  4 14:06:13 2016 -> WARNING: Can't query current.cvd.clamav.net <http://current.cvd.clamav.net>
Thu Feb  4 14:06:13 2016 -> WARNING: Invalid DNS reply. Falling back to HTTP mode.
Thu Feb  4 14:06:13 2016 -> Reading CVD header (main.cvd): Thu Feb  4 14:06:13 2016 -> WARNING: Can't get information about db.local.clamav.net <http://db.local.clamav.net>: Temporary failure in name resolution
Thu Feb  4 14:06:13 2016 -> WARNING: Can't read main.cvd header from db.local.clamav.net <http://db.local.clamav.net> (IP: )
Thu Feb  4 14:06:15 2016 -> Trying again in 5 secs...
Thu Feb  4 14:06:20 2016 -> ClamAV update process started at Thu Feb  4 14:06:20 2016
Thu Feb  4 14:06:20 2016 -> WARNING: Your ClamAV installation is OUTDATED!
Thu Feb  4 14:06:20 2016 -> WARNING: Local version: 0.98.7 Recommended version: 0.99
Thu Feb  4 14:06:20 2016 -> DON'T PANIC! Read http://www.clamav.net/support/faq <http://www.clamav.net/support/faq>
Thu Feb  4 14:06:20 2016 -> main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Thu Feb  4 14:06:20 2016 -> daily.cld is up to date (version: 21341, sigs: 1827592, f-level: 63, builder: neo)
Thu Feb  4 14:06:20 2016 -> bytecode.cld is up to date (version: 271, sigs: 47, f-level: 63, builder: anvilleg)
Thu Feb  4 14:07:31 2016 -> --------------------------------------
 
Have a nice day,
Peter.

--
Lubuntu-users mailing list
Lubuntu-users at lists.ubuntu.com <Lubuntu-users at lists.ubuntu.com>
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users <https://lists.ubuntu.com/mailman/listinfo/lubuntu-users>



-- 
@wxl | http://polka.bike <http://polka.bike>
Lubuntu Release Manager & Head of QA
Ubuntu PPC Point of Contact
Ubuntu Oregon LoCo Team Leader
Ubuntu Membership Board & LoCo Council Member
Eugene Unix & GNU/Linux User Group Co-Organizer
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/lubuntu-users/attachments/20160205/6ca7973a/attachment.html>

More information about the Lubuntu-users mailing list