Bug 33683
| Summary: | ClamAV too old to update signatures | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Tobias Birkefeld <birkefeld> |
| Component: | clamav | Assignee: | Moritz Muehlenhoff <jmm> |
| Status: | CLOSED FIXED | QA Contact: | Erik Damrose <damrose> |
| Severity: | normal | ||
| Priority: | P5 | CC: | birkefeld, gohmann, petersen, steuwer |
| Version: | UCS 3.1 | ||
| Target Milestone: | UCS 3.2-0-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
|
Description
Tobias Birkefeld
occures with UCS 2.4, UCS 3.1 and UCS 3.2 A backport for UCS 3.1 and 2.4 should also be checked. This is a misleading status message by ClamAV; the check is only based on a comparison of version strings. While the FAQ may indicate differently, the current versions in UCS 2.4 to 3.1 can actually process all current malware signatures:
From the output of freshclam:
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 18223, sigs: 596031, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 233, sigs: 44, f-level: 63, builder: dgoddard)
The required engine features for clamav are denoted in "functionality levels", i.e. the most recent level required by the standard CVD files is 63.
Unfortunately the current functionality level of the installed cannot easily be detected with any of the tools shipped by ClamAV, but only through the API:
#include <stdio.h>
#include "clamav.h"
int main(void)
{
printf("%d", cl_retflevel());
}
The clamav version in UCS 2.4/3.1 provides functionality level 68 and the version in UCS 3.2 functionality level 69.
Nonetheless, the status message will be removed since it's a source of confusion (previously also reported as Bug 25808)
In addition Bug 33716 was created to integrate ClamAV tests for non-processable signatures into the daily ucs-test runs.
(In reply to Moritz Muehlenhoff from comment #3) > This is a misleading status message by ClamAV; the check is only based on a > comparison of version strings. While the FAQ may indicate differently, the > current versions in UCS 2.4 to 3.1 can actually process all current malware > signatures: I meant 2.4 to 3.2 *** Bug 25808 has been marked as a duplicate of this bug. *** The misleading error is now removed. YAML: 2013-12-12-clamav.yaml OK: Warning message from comment 0 removed. FAIL: The duplicate bug mentions a different warning message. It is printed in libclamav/cvd.c: LibClamAV Warning: *********************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq *** LibClamAV Warning: *********************************************************** It should also be removed. (In reply to Erik Damrose from comment #7) > OK: Warning message from comment 0 removed. > > FAIL: The duplicate bug mentions a different warning message. It is printed > in libclamav/cvd.c: > > LibClamAV Warning: > *********************************************************** > LibClamAV Warning: *** This version of the ClamAV engine is outdated. > *** > LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq > *** > LibClamAV Warning: > *********************************************************** > > It should also be removed. The additional log message has been removed as well. OK: Patch removes the second warning message OK: YAML file -> Verified |