Univention Bugzilla – Bug 42348
Outdated ClamAV AntiVirus databases
Last modified: 2020-07-04 09:07:10 CEST
$ file ./mail/univention-antivir-mail/*.cvd
./mail/univention-antivir-mail/daily.cvd: Clam AntiVirus database 15 Jul 2012 18-46 -0400, version 1513, gzipped
./mail/univention-antivir-mail/main.cvd: Clam AntiVirus database 11 Oct 2011 10-34 -0400, version 54, gzipped
(In reply to Philipp Hahn from comment #0)
> $ file ./mail/univention-antivir-mail/*.cvd
> ./mail/univention-antivir-mail/daily.cvd: Clam AntiVirus database 15 Jul
> 2012 18-46 -0400, version 1513, gzipped
> ./mail/univention-antivir-mail/main.cvd: Clam AntiVirus database 11 Oct
> 2011 10-34 -0400, version 54, gzipped
Is it a real problem? freshclam should immediately download and update the signature files.
The Enterprise Customer affected flag is set but neither a Ticket number is referenced nor a Customer ID is set. Please set a Ticket number or a Customer ID. Otherwise the Enterprise Customer affected flag will be reset.
Please look at this blogpost to see why this actually IS a problem: http://lutz.donnerhacke.de/Blog/ClamAV-aktualisiert-sich-nicht-mehr
(In reply to The Preacher from comment #3)
> Please look at this blogpost to see why this actually IS a problem:
But Philipp listed files from our internal SVN. And these files are by design outdated. That's why freshclam is there.
It's another problem, if freshclam locks itself up. I'm aware of this problem.
This issue has been filed against UCS 4.2.
UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.
If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.
So we should either update those files at least with each UCS release, or replace them with an empty file as upstream ClamAV does. But shipping 10 years old signature database is bad.
Please also note Bug #48356: Shipping those *.cvd files is incompatible with AGPL as far as I know.