<p dir="ltr">No, you're still not getting it. Systems are in place in Ubuntu to ensure *all* Debian packages are kept up to date in the Ubuntu repos. There is something unexpected and unknown getting in the way of clamav being updated. This begs further investigation. You have two choices to resolve this: write a bug report or contact the Ubuntu Development Team. Long story short, further communication on this list on the subject is not going to help. Choose one of the two aforementioned actions and the problem can be resolved. </p>
<p dir="ltr">@wxl | <a href="http://polka.bike">http://polka.bike</a><br>
Lubuntu Release Manager & Head of QA<br>
Ubuntu PPC Point of Contact<br>
Ubuntu Oregon Team Leader<br>
Ubuntu Membership Board & LoCo Council Member<br>
Eugene Unix & GNU/Linux User Group Co-organizer</p>
<div class="gmail_quote">On Feb 4, 2016 10:45 PM, "Peter Golis" <<a href="mailto:golisp@centrum.sk">golisp@centrum.sk</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Hello Walter,<br>
If I can understood your words, then keeping (statically linked) antivirus up to date is unsafe. And keeping web browser up to date is safe. <br>
<br>
Anyway, my question was already answered. And I need no explanation why *buntu derivates don't want to be safe. <br>
<br>
Have a nice day,<br>
Peter.<br><br><div class="gmail_quote">On February 4, 2016 7:37:03 PM CET, Walter Lapchynski <<a href="mailto:wxl@ubuntu.com" target="_blank">wxl@ubuntu.com</a>> wrote:<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">To assume that everything will be updated all the time is an unsafe assumption, even when systems are in place to try to keep everything updated. The most stable OSes out there are, at times, out of date. For example, when a vulnerability is found but no solution exists. Or when there are issues with licensing. Or when the maintainers within the OSes are unable, for whatever reason, to keep maintaining. Murphy's Law is the rule of life. Even your example of Firefox has, at times, not been the current version. <div><br></div><div>While we're on the subject of browsers, let's consider Chromium:<div><br></div><div>Ubuntu: [48.0.2564.82-0ubuntu1.1222][1]</div><div>Debian: [48.0.2564.82-2][2]</div><div>Upstream: [48.0.2564.103][3]</div><div><br></div><div>So it's actually not up to date. Note that upstream is on version 50-something in their development release, too. </div><div><br></div><div>These kind of things happen. If you're reall
y
concerned about your own particular system, I would urge you to always download and compile upstream versions yourself, directly from upstream. No OS can promise you to be 100% up to date all the time, not Ubuntu, Debian, Arch, Red Hat, Fedora, FreeBSD, or any other UNIX-like distro. For that matter, the fact that you are more updated than the likes of Windows or OS X, especially for more serious vulnerabilities is pretty remarkable. Beyond that, you have the choice to update anything on your own.</div><div><br></div><div>[1]: <a href="http://packages.ubuntu.com/xenial/chromium-browser" target="_blank">http://packages.ubuntu.com/xenial/chromium-browser</a></div><div>[2]: <a href="https://packages.debian.org/unstable/chromium" target="_blank">https://packages.debian.org/unstable/chromium</a></div></div><div>[3]: <a href="https://www.chromium.org/developers/calendar" target="_blank">https://www.chromium.org/developers/calendar</a></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 4, 2016 at 9:46 A
M,
Peter Golis <span dir="ltr"><<a href="mailto:golisp@centrum.sk" target="_blank">golisp@centrum.sk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><p style="padding:0px;margin:0px">Hello Walter,</p>
<p style="padding:0px;margin:0px">If there will be continuous plan for having updated antivirus at all as is for example on web browser firefox, then there will not be outdated antivirus. That missed periodical updates on provided antivirus decrease possibility of reaching *buntu based systems also enterprise segment. As example, File or Email server based on Ubuntu Server Edition. But this is for me only minor issue.</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">I had a question, and that question was cleanly answered. So, we can leave it closed if there are no future plans.</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">Have a nice day,</p>
<p style="padding:0px;margin:0px">Peter.</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">______________________________________________________________<br>
> Od: Walter Lapchynski <<a href="mailto:wxl@ubuntu.com" target="_blank">wxl@ubuntu.com</a>><br>
> Komu: Peter Golis <<a href="mailto:golisp@centrum.sk" target="_blank">golisp@centrum.sk</a>><br>
> Dátum: 04.02.2016 17:09<br>
> Predmet: Re: [lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated<br>
></p>
<p dir="ltr">I'm pretty sure that's not what I said. To summarize, tools are in place to ensure all packages upstream in Debian are updated, but this one doesn't seem to behaving. It requires further investigation.</p>
<p dir="ltr">@wxl | <a href="http://polka.bike" target="_blank">http://polka.bike</a><br>
Lubuntu Release Manager & Head of QA<br>
Ubuntu PPC Point of Contact<br>
Ubuntu Oregon Team Leader<br>
Ubuntu Membership Board & LoCo Council Member<br>
Eugene Unix & GNU/Linux User Group Co-organizer</p>
<div class="gmail_quote">On Feb 4, 2016 6:53 AM, "Peter Golis" <<a href="mailto:golisp@centrum.sk" target="_blank">golisp@centrum.sk</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<p style="padding:0px;margin:0px">Hello Walter,</p>
<p style="padding:0px;margin:0px">So, there is no continuous plan for making antivirus up to date by automatic updates like is for example on firefox which is allways up to date. Thanks for feedback.</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">Best Regards,</p>
<p style="padding:0px;margin:0px">Peter.</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">PS: This can exclude clean *buntu based distros from file servers which cover security for users.</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">______________________________________________________________<br>
> Od: Walter Lapchynski <<a href="mailto:wxl@ubuntu.com" target="_blank">wxl@ubuntu.com</a>><br>
> Komu: Peter Golis <<a href="mailto:golisp@centrum.sk" target="_blank">golisp@centrum.sk</a>><br>
> Dátum: 04.02.2016 15:43<br>
> Predmet: Re: [lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated<br>
></p>
<p style="padding:0px;margin:0px">> CC: "lubuntu user list"</p>
<p dir="ltr">As you may know, Lubuntu is an Ubuntu project, which is to say that some things affecting Lubuntu actually affect the entire project. In these cases, it's best to reach out to the wider community. This is one such case.</p>
<p dir="ltr">Ubuntu is, more or less, Debian unstable (except it's stable). Things in the Debian repos [autosync][1] to the Ubuntu repos. By that logic, we should have the [latest clamav][2] considering we are [before the freeze][3]. If you read about [sync requests][4], you'll find they are applicable only to packages where the Ubuntu patches are no longer relevant but this package may need them as the Ubuntu version has five (that's the meaning of the "ubuntu5" at the end of the version string), so you need to look into a [merge][5].</p>
<p dir="ltr">Interestingly, clamav is not on the merge list, so I'm not sure what's going on there. You may wish to check with the [Ubuntu Developers Team][6] to figure out what the situation is.</p>
<p dir="ltr">[1]: <a href="https://wiki.ubuntu.com/DebianImportFreeze" target="_blank">https://wiki.ubuntu.com/DebianImportFreeze</a><br>
[2]: <a href="https://packages.debian.org/unstable/clamav" target="_blank">https://packages.debian.org/unstable/clamav</a><br>
[3]: <a href="https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule" target="_blank">https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule</a><br>
[4]: <a href="https://wiki.ubuntu.com/SyncRequestProcess" target="_blank">https://wiki.ubuntu.com/SyncRequestProcess</a><br>
[5]: <a href="https://wiki.ubuntu.com/UbuntuDevelopment/Merging" target="_blank">https://wiki.ubuntu.com/UbuntuDevelopment/Merging</a><br>
[6]: <a href="https://wiki.ubuntu.com/UbuntuDevelopment#Communication" target="_blank">https://wiki.ubuntu.com/UbuntuDevelopment#Communication</a></p>
<p dir="ltr">p.s. Don't forget the females in your greetings! Ubuntu means, roughly, humanness— and that means all genders. <a href="http://women.ubuntu.com/" target="_blank">http://women.ubuntu.com/</a></p>
<p dir="ltr">@wxl | <a href="http://polka.bike" target="_blank">http://polka.bike</a><br>
Lubuntu Release Manager & Head of QA<br>
Ubuntu PPC Point of Contact<br>
Ubuntu Oregon Team Leader<br>
Ubuntu Membership Board & LoCo Council Member<br>
Eugene Unix & GNU/Linux User Group Co-organizer</p>
<div class="gmail_quote">On Feb 4, 2016 5:48 AM, "Peter Golis" <<a href="mailto:golisp@centrum.sk" target="_blank">golisp@centrum.sk</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">Hello Gentleman,</p>
<p style="padding:0px;margin:0px">During check of my logs I had found outdated ClamAV binaries (reported by freshclam). Is there any continuous plan for making antivirus up to date?</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">I know, this is only warning. But why to not have periodically updated antivirus on the same way like web browser firefox which is allways up to date on all *buntu derrivates?</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">According to <a href="http://www.clamav.net/downloads" target="_blank">http://www.clamav.net/downloads</a> the latest stable version of ClamAV is 0.99.0 from 2015-12-01 18:15:38 UTC and pervious version in Lubuntu is 0.98.7 from 2015-10-12 19:49:40 UTC which is <em>allmost 5 months old</em>.</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">Clamav and freshclam actual versions:</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">clamav-freshclam/xenial,now 0.98.7+dfsg-0ubuntu5 powerpc [installed,automatic]<br>
anti-virus utility for Unix - virus database update utility</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">clamav/xenial,now 0.98.7+dfsg-0ubuntu5 powerpc [installed,automatic]<br>
anti-virus utility for Unix - command-line interface<br>
<br>
</p>
<p style="padding:0px;margin:0px">Log with complaint:</p>
<p style="padding:0px;margin:0px">$ tail -17 /var/log/clamav/freshclam.log<br>
Thu Feb 4 14:06:13 2016 -> --------------------------------------<br>
Thu Feb 4 14:06:13 2016 -> ERROR: Can't save PID to file /var/run/clamav/freshclam.pid: No such file or directory<br>
Thu Feb 4 14:06:13 2016 -> freshclam daemon 0.98.7 (OS: linux-gnu, ARCH: ppc, CPU: powerpc)<br>
Thu Feb 4 14:06:13 2016 -> ClamAV update process started at Thu Feb 4 14:06:13 2016<br>
Thu Feb 4 14:06:13 2016 -> WARNING: Can't query <a href="http://current.cvd.clamav.net" target="_blank">current.cvd.clamav.net</a><br>
Thu Feb 4 14:06:13 2016 -> WARNING: Invalid DNS reply. Falling back to HTTP mode.<br>
Thu Feb 4 14:06:13 2016 -> Reading CVD header (main.cvd): Thu Feb 4 14:06:13 2016 -> WARNING: Can't get information about <a href="http://db.local.clamav.net" target="_blank">db.local.clamav.net</a>: Temporary failure in name resolution<br>
Thu Feb 4 14:06:13 2016 -> WARNING: Can't read main.cvd header from <a href="http://db.local.clamav.net" target="_blank">db.local.clamav.net</a> (IP: )<br>
Thu Feb 4 14:06:15 2016 -> Trying again in 5 secs...<br>
Thu Feb 4 14:06:20 2016 -> ClamAV update process started at Thu Feb 4 14:06:20 2016<br>
Thu Feb 4 14:06:20 2016 -> WARNING: Your ClamAV installation is OUTDATED!<br>
Thu Feb 4 14:06:20 2016 -> WARNING: <u>Local version: 0.98.7 Recommended version: 0.99</u><br>
Thu Feb 4 14:06:20 2016 -> DON'T PANIC! Read <a href="http://www.clamav.net/support/faq" target="_blank">http://www.clamav.net/support/faq</a><br>
Thu Feb 4 14:06:20 2016 -> main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)<br>
Thu Feb 4 14:06:20 2016 -> daily.cld is up to date (version: 21341, sigs: 1827592, f-level: 63, builder: neo)<br>
Thu Feb 4 14:06:20 2016 -> bytecode.cld is up to date (version: 271, sigs: 47, f-level: 63, builder: anvilleg)<br>
Thu Feb 4 14:07:31 2016 -> --------------------------------------</p>
<p style="padding:0px;margin:0px"> </p>
<p style="padding:0px;margin:0px">Have a nice day,</p>
<p style="padding:0px;margin:0px">Peter.</p>
<br><span><font color="#888888">
--<br>
Lubuntu-users mailing list<br>
<a href="mailto:Lubuntu-users@lists.ubuntu.com" target="_blank">Lubuntu-users@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/lubuntu-users" target="_blank">https://lists.ubuntu.com/mailman/listinfo/lubuntu-users</a><br>
<br>
</font></span></blockquote>
</div>
</blockquote>
</div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr"><div>@wxl | <a href="http://polka.bike" target="_blank">http://polka.bike</a><br>Lubuntu Release Manager & Head of QA<br>Ubuntu PPC Point of Contact<br>Ubuntu Oregon LoCo Team Leader<br>Ubuntu Membership Board & LoCo Council Member<br>Eugene Unix & GNU/Linux User Group Co-Organizer</div></div></div>
</div></div>
</blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</div></blockquote></div>