LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Thanks! (ClamAV users: Please enable stats)

Thanks! (ClamAV users: Please enable stats)

Posted May 13, 2010 13:59 UTC (Thu) by dskoll (subscriber, #1630)
In reply to: Thanks! (ClamAV users: Please enable stats) by ringerc
Parent article: ClamAV 0.96 adds executable virus signatures and more

I'm grateful to ClamAV also. But saying It "just works" isn't always correct. The Clam developers deliberately forced older versions to stop working on 2010-04-15, and they accidentally forced versions < 0.96 to stop working on 2010-05-11: http://www.gossamer-threads.com/lists/clamav/users/48283

This latter accident has me really concerned... is signing the bytecode really safe enough?

(Log in to post comments)

Thanks! (ClamAV users: Please enable stats)

Posted May 13, 2010 19:13 UTC (Thu) by rahvin (subscriber, #16953) [Link]

The killer for me was I couldn't find a single attempt by Debian to update the package as a security update. They just let it die and recommended everyone install the unstable package. I found it highly unpleasant to install a single unstable package to get my email server running again (I didn't want to disable virus scanning). If killing the signatures database doesn't count as a security update, what does?

Thanks! (ClamAV users: Please enable stats)

Posted May 14, 2010 9:47 UTC (Fri) by TRS-80 (subscriber, #1804) [Link]

An updated clamav package is available in the stable volatile repository, which is a supported Debian service.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds