Hello Walter,
Your suggestion to request for updated antivirus per each supported *buntu
release when new antivirus is released make no sense as you are getting all of
packages from Debian. This is not an solution, that is only neverending story
which was avoided in case of for example SW product Mozilla Firefox.
Anyway, from my side was my question allready answered in past time.
Have a nice weekend,
Peter.
______________________________________________________________
Od: Walter Lapchynski <[email protected]>
Komu: Peter Golis <[email protected]>, lubuntu user list
<[email protected]>
Dátum: 05.02.2016 15:54
Predmet: Re: [lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated
No, you're still not getting it. Systems are in place in Ubuntu to ensure *all*
Debian packages are kept up to date in the Ubuntu repos. There is something
unexpected and unknown getting in the way of clamav being updated. This begs
further investigation. You have two choices to resolve this: write a bug report
or contact the Ubuntu Development Team. Long story short, further communication
on this list on the subject is not going to help. Choose one of the two
aforementioned actions and the problem can be resolved.
@wxl | http://polka.bike <http://polka.bike>
Lubuntu Release Manager & Head of QA
Ubuntu PPC Point of Contact
Ubuntu Oregon Team Leader
Ubuntu Membership Board & LoCo Council Member
Eugene Unix & GNU/Linux User Group Co-organizer
On Feb 4, 2016 10:45 PM, "Peter Golis" <[email protected] <[email protected]>>
wrote:
Hello Walter,
If I can understood your words, then keeping (statically linked) antivirus up to date is unsafe. And keeping web browser up to date is safe.
Anyway, my question was already answered. And I need no explanation why *buntu derivates don't want to be safe.
Have a nice day,
Peter.
On February 4, 2016 7:37:03 PM CET, Walter Lapchynski <[email protected] <[email protected]>> wrote:To assume that everything will be updated all the time is an unsafe assumption, even when systems are in place to try to keep everything updated. The most stable OSes out there are, at times, out of date. For example, when a vulnerability is found but no solution exists. Or when there are issues with licensing. Or when the maintainers within the OSes are unable, for whatever reason, to keep maintaining. Murphy's Law is the rule of life. Even your example of Firefox has, at times, not been the current version. While we're on the subject of browsers, let's consider Chromium:Ubuntu: [48.0.2564.82-0ubuntu1.1222][1]Debian: [48.0.2564.82-2][2]Upstream: [48.0.2564.103][3]So it's actually not up to date. Note that upstream is on version 50-something in their development release, too. These kind of things happen. If you're reall yconcerned about your own particular system, I would urge you
to always download and compile upstream versions yourself, directly from upstream. No OS can promise you to be 100% up to date all the time, not Ubuntu, Debian, Arch, Red Hat, Fedora, FreeBSD, or any other UNIX-like distro. For that matter, the fact that you are more updated than the likes of Windows or OS X, especially for more serious vulnerabilities is pretty remarkable. Beyond that, you have the choice to update anything on your own.[1]: http://packages.ubuntu.com/xenial/chromium-browser <http://packages.ubuntu.com/xenial/chromium-browser>[2]: https://packages.debian.org/unstable/chromium <https://packages.debian.org/unstable/chromium>[3]: https://www.chromium.org/developers/calendar <https://www.chromium.org/developers/calendar>
On Thu, Feb 4, 2016 at 9:46 A M,Peter Golis <[email protected]
<[email protected]>> wrote:
Hello Walter,
If there will be continuous plan for having updated antivirus at all as is for
example on web browser firefox, then there will not be outdated antivirus. That
missed periodical updates on provided antivirus decrease possibility of
reaching *buntu based systems also enterprise segment. As example, File or
Email server based on Ubuntu Server Edition. But this is for me only minor
issue.
I had a question, and that question was cleanly answered. So, we can leave it
closed if there are no future plans.
Have a nice day,
Peter.
______________________________________________________________
Od: Walter Lapchynski <[email protected] <[email protected]>>
Komu: Peter Golis <[email protected] <[email protected]>>
Dátum: 04.02.2016 17:09
Predmet: Re: [lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated
I'm pretty sure that's not what I said. To summarize, tools are in place to
ensure all packages upstream in Debian are updated, but this one doesn't seem
to behaving. It requires further investigation.
@wxl | http://polka.bike <http://polka.bike>
Lubuntu Release Manager & Head of QA
Ubuntu PPC Point of Contact
Ubuntu Oregon Team Leader
Ubuntu Membership Board & LoCo Council Member
Eugene Unix & GNU/Linux User Group Co-organizer
On Feb 4, 2016 6:53 AM, "Peter Golis" <[email protected] <[email protected]>>
wrote:
Hello Walter,
So, there is no continuous plan for making antivirus up to date by automatic
updates like is for example on firefox which is allways up to date. Thanks for
feedback.
Best Regards,
Peter.
PS: This can exclude clean *buntu based distros from file servers which cover
security for users.
______________________________________________________________
Od: Walter Lapchynski <[email protected] <[email protected]>>
Komu: Peter Golis <[email protected] <[email protected]>>
Dátum: 04.02.2016 15:43
Predmet: Re: [lubuntu-users] Lubuntu PPC 16.04 Clamav is outdated
CC: "lubuntu user list"
As you may know, Lubuntu is an Ubuntu project, which is to say that some things
affecting Lubuntu actually affect the entire project. In these cases, it's best
to reach out to the wider community. This is one such case.
Ubuntu is, more or less, Debian unstable (except it's stable). Things in the Debian repos
[autosync][1] to the Ubuntu repos. By that logic, we should have the [latest clamav][2]
considering we are [before the freeze][3]. If you read about [sync requests][4], you'll
find they are applicable only to packages where the Ubuntu patches are no longer relevant
but this package may need them as the Ubuntu version has five (that's the meaning of the
"ubuntu5" at the end of the version string), so you need to look into a
[merge][5].
Interestingly, clamav is not on the merge list, so I'm not sure what's going on
there. You may wish to check with the [Ubuntu Developers Team][6] to figure out
what the situation is.
[1]: https://wiki.ubuntu.com/DebianImportFreeze
<https://wiki.ubuntu.com/DebianImportFreeze>
[2]: https://packages.debian.org/unstable/clamav
<https://packages.debian.org/unstable/clamav>
[3]: https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule
<https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule>
[4]: https://wiki.ubuntu.com/SyncRequestProcess
<https://wiki.ubuntu.com/SyncRequestProcess>
[5]: https://wiki.ubuntu.com/UbuntuDevelopment/Merging
<https://wiki.ubuntu.com/UbuntuDevelopment/Merging>
[6]: https://wiki.ubuntu.com/UbuntuDevelopment#Communication
<https://wiki.ubuntu.com/UbuntuDevelopment#Communication>
p.s. Don't forget the females in your greetings! Ubuntu means, roughly, humanness—
and that means all genders. http://women.ubuntu.com/ <http://women.ubuntu.com/>
@wxl | http://polka.bike <http://polka.bike>
Lubuntu Release Manager & Head of QA
Ubuntu PPC Point of Contact
Ubuntu Oregon Team Leader
Ubuntu Membership Board & LoCo Council Member
Eugene Unix & GNU/Linux User Group Co-organizer
On Feb 4, 2016 5:48 AM, "Peter Golis" <[email protected] <[email protected]>>
wrote:
Hello Gentleman,
During check of my logs I had found outdated ClamAV binaries (reported by
freshclam). Is there any continuous plan for making antivirus up to date?
I know, this is only warning. But why to not have periodically updated
antivirus on the same way like web browser firefox which is allways up to date
on all *buntu derrivates?
According to http://www.clamav.net/downloads <http://www.clamav.net/downloads>
the latest stable version of ClamAV is 0.99.0 from 2015-12-01 18:15:38 UTC and
pervious version in Lubuntu is 0.98.7 from 2015-10-12 19:49:40 UTC which is allmost 5
months old.
Clamav and freshclam actual versions:
clamav-freshclam/xenial,now 0.98.7+dfsg-0ubuntu5 powerpc [installed,automatic]
anti-virus utility for Unix - virus database update utility
clamav/xenial,now 0.98.7+dfsg-0ubuntu5 powerpc [installed,automatic]
anti-virus utility for Unix - command-line interface
Log with complaint:
$ tail -17 /var/log/clamav/freshclam.log
Thu Feb 4 14:06:13 2016 -> --------------------------------------
Thu Feb 4 14:06:13 2016 -> ERROR: Can't save PID to file
/var/run/clamav/freshclam.pid: No such file or directory
Thu Feb 4 14:06:13 2016 -> freshclam daemon 0.98.7 (OS: linux-gnu, ARCH: ppc,
CPU: powerpc)
Thu Feb 4 14:06:13 2016 -> ClamAV update process started at Thu Feb 4
14:06:13 2016
Thu Feb 4 14:06:13 2016 -> WARNING: Can't query current.cvd.clamav.net
<http://current.cvd.clamav.net>
Thu Feb 4 14:06:13 2016 -> WARNING: Invalid DNS reply. Falling back to HTTP
mode.
Thu Feb 4 14:06:13 2016 -> Reading CVD header (main.cvd): Thu Feb 4 14:06:13 2016
-> WARNING: Can't get information about db.local.clamav.net
<http://db.local.clamav.net>: Temporary failure in name resolution
Thu Feb 4 14:06:13 2016 -> WARNING: Can't read main.cvd header from
db.local.clamav.net <http://db.local.clamav.net> (IP: )
Thu Feb 4 14:06:15 2016 -> Trying again in 5 secs...
Thu Feb 4 14:06:20 2016 -> ClamAV update process started at Thu Feb 4
14:06:20 2016
Thu Feb 4 14:06:20 2016 -> WARNING: Your ClamAV installation is OUTDATED!
Thu Feb 4 14:06:20 2016 -> WARNING: Local version: 0.98.7 Recommended version:
0.99
Thu Feb 4 14:06:20 2016 -> DON'T PANIC! Read http://www.clamav.net/support/faq
<http://www.clamav.net/support/faq>
Thu Feb 4 14:06:20 2016 -> main.cvd is up to date (version: 55, sigs: 2424225,
f-level: 60, builder: neo)
Thu Feb 4 14:06:20 2016 -> daily.cld is up to date (version: 21341, sigs:
1827592, f-level: 63, builder: neo)
Thu Feb 4 14:06:20 2016 -> bytecode.cld is up to date (version: 271, sigs: 47,
f-level: 63, builder: anvilleg)
Thu Feb 4 14:07:31 2016 -> --------------------------------------
Have a nice day,
Peter.
--
Lubuntu-users mailing list
[email protected] <[email protected]>
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
<https://lists.ubuntu.com/mailman/listinfo/lubuntu-users>
--
@wxl | http://polka.bike <http://polka.bike>
Lubuntu Release Manager & Head of QA
Ubuntu PPC Point of Contact
Ubuntu Oregon LoCo Team Leader
Ubuntu Membership Board & LoCo Council Member
Eugene Unix & GNU/Linux User Group Co-Organizer
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
Lubuntu-users mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
