[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [opensuse-security] Clamd in 10.3 is outdated.
-----BEGIN PGP SIGNED MESSAGE-----
The Thursday 2008-06-12 at 12:13 +0200, Werner Flamme wrote:
@Carlos: did you read the next line? "DON'T PANIC! Read
Because that line is not printed to the /var/log/warn file; I'm getting
the warning every now and then in my warning log, whereas the line you
mention is not logged at 'warn' level. And no, of course I haven't
The line resides in my /var/log/freshclam.log and is printed at boot
time on the screen. So I can't understand "certainly", especially
because I do not only look at the warn log but in the respective
application's log, too. Besides, do you know the meaning of :-) ?
cer@nimrodel:~> ls /var/log/freshclam.log
ls: cannot access /var/log/freshclam.log: No such file or directory
Of course, I can find the line if I search for it, buried inside the
/var/log/mail between tons of other messages. The "warn" log is the only I
continously watch for "new" problems, and the rest I look when I search
for extra info. The clamd authors choosed to leave the "don't worry" out
of the "warn" log :-p
And sorry, I didn't notice that smiley.
The thing is, if I see a program reporting something unexpected in the
warn log file, I take that as important, maybe important enough to report
here or in bugzilla.
There was always an update of clamav via YOU (when you use a ftp or http
client to look into the update repo manually, you still see
clamav-0.91.2, 0.92.0, 0.92.1, and 0.93.0), it just takes some time to
This is one of the reasons for me staying with SUSE, even after they
introduced the 10.1 software management ;-)
No, there has been no update through YOU yet. Marcus said there will be
one such, so I'll wait. No, I do not intend to go to the clamav site and
roll my own. If that's what needs to be done I will uninstall clamd and
continue using antivir instead.
Don't bite me! ;-) I said that there were clamav updates via YOU for all
the recent versions. So I do not see any reason why there will be no YOU
update for the current version. With "no update through YOU yet" you
sure mean the current version of clamav, do you?
Well, of course, I mean for the one that is "official" currently for
There is some problem with the procedure here: the clamd people should
tell the distro maintainers in advance that there is going to be a new
version and that such versions are to be obsoleted, so that they can
prepare the automatic upgrades for their distros without there being any
perveived loss of security.
I mean, it doesn't look good if the antivirus says "Hey, I'm obsolete",
and the update is not ready.
On the other hand, if updating the engine is not that crucial, then they
should not write that message to the warning log. There are many programs
and daemons in the distro that keep silent when there is a new version,
and many of them are security-wise important.
That's what I think the real problem is: that they shout "Danger, update
me! with no real need.
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx