[Bug 460316] Re: clamav-base package contains very big clamav data files (main.cvd and daily.cvd) from clamav-data package

Sat Nov 12 23:39:02 UTC 2011

I'm reopening this bug because initial signature definitions isn't removed from clamav-base package since clamav version 0.97.1+dfsg-1ubuntu1 (oneiric) :(
Now newest clamav-base packages from oneiric, natty and precise are 31Mb size (previously size was only 0.1Mb)!!!

I'm pasting important moments from debian/changelog:
1. Latest correct version was 0.97+dfsg-2ubuntu1:
clamav (0.97+dfsg-2ubuntu1.1) natty-security; urgency=low
  * SECURITY UPDATE: denial of service via hash manager off-by-one
    - libclamav/matcher-hash.c: fix count.
    - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=656dfd0b86817c05cc67964823fb4da8790f243d
    - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5
    - CVE-2011-2721
 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Wed, 27 Jul 2011 13:31:36 -0400

clamav (0.97+dfsg-2ubuntu1) natty; urgency=low
  * Merge from debian unstable.  Remaining Ubuntu changes:
    - Drop initial signature definitions from clamav-base
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer script changes
 -- Scott Kitterman <scott at kitterman.com>  Fri, 11 Mar 2011 08:07:46 -0500

2. First bad version without "Dropped initial signature definitions from
clamav-base":

clamav (0.97.1+dfsg-1ubuntu1) oneiric; urgency=low
  * Merge from debian unstable.  Remaining changes:
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer script changes
 -- Scott Kitterman <scott at kitterman.com>  Sat, 18 Jun 2011 11:56:34 -0400

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2721

** Changed in: clamav (Ubuntu)
       Status: Fix Released => New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in Ubuntu.
https://bugs.launchpad.net/bugs/460316

Title:
  clamav-base package contains very big clamav data files (main.cvd and
  daily.cvd) from clamav-data package

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/460316/+subscriptions