Hi Ged,
Thank you for your reply! Let me explain more about what we plan to use clamav
for, or the previous questions might be confusing. We're planning to use clamav
in company's internal platform to do malware scanning. Downloading the source
package is the best way to make sure we have the latest stable version and it's
pretty convenient to do so as a user(we appreciate it very much). While since
we use it at company, I'm not so sure if it complies with company's open source
software usage policy and we might need to contact the related team to discuss
this. Getting the package from package distribution is an easier way for us as
such usage is already approved by the open source team at our company. Thank
you for the information you provide, based on your response, I still wanna ask
several more questions to make sure I understand correctly.
1. If we use a relatively older version, for example, 0.103.6, which is
supported by "RedHat & Fedora" and "Fedora & EPEL" package distribution
currently. I will expect some new features and changes added to version 105
don't exist in version 103. While could I still assume version 103 is still
supported(new patches will be added) and could still give decent malware
scanning results?
2. If we already use older versions (like version 103), upgrading it to a minor
version with patch release(like 103.6) will install the bug fixes and give us a
better using experience. While upgrading it to a new major version(like 105)
may require more extra work, such as rust toolchain setup which is mentioned in
the release note. I guess that's the reason why we release new major version
105 and patch release versions for 103 and 104 together?
Sorry I may have some misunderstanding before. I thought we must upgrade to the
latest version 105 or there might be security concern. So we're exploring ways
to get the latest version installed in the internal platform once the new
version is available. While if the previous versions still work, the delay
might be acceptable and we can get more time to investigate into the
downloading source package approach and see how we can apply it to our platform.
Thank you very much! Looking forward to hearing from you.
Best,
Jiayi
On 7/27/22, 12:10 PM, "clamav-users on behalf of G.W. Haywood via
clamav-users" <clamav-users-boun...@lists.clamav.net on behalf of
clamav-users@lists.clamav.net> wrote:
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you can confirm the sender and know the
content is safe.
Hi there,
On Wed, 27 Jul 2022, Yang, Jiayi via clamav-users wrote:
> We want to get the latest stable version of clamav and use it in our
> environment. From the release note
> (https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html),
> we see the v0.105.0 is released with 0.104.3 and 0.103.6(it seems
> the latest stable version has also upgraded to 0.105.1 now). ...
Please look again at the blog. You will see that updates have been
published very recently.
> when we intall the package via yum, we still only get the version 103
You did not say which distribution you are using but they all have
their own policies on updates. Some of them backport security patches
for you. You must look to the distribution for more information about
it, the ClamAV development team can't help you very much with that.
> 1. ClamAv 0.105,0, 0.104.3, 0.103.6 got released on the same day. We
> don't see any major version change. Then why ClamAv released patch
> for 0.014 and 0.103 when 0.105 is release. Since its a minor version
> change, we think everyone should get the update?
Are you offering to pay for extra work to be done?
> 2. What are the differences between 0.105 and 0.103.6? We see the
> yum and rpm packages currently only support latest clamav version as
> 0.103.6 although these versions seem released in the meantime. Are
> there any new changes in 0.105 causing the delay in package
> distribution update?
Please read the blog and the release notes for information about the
enhancements. You may also wish to follow developments on Github.
> 3. Do you have any suggestions that except downloading latest source
> package for clamav
What's wrong with the source package? There's a school of thought
which holds that for security software, the only way to go is to do
exactly that.
> how can we make sure we get the latest version without delay?
You can subscribe to the announcement mailing list:
https://lists.clamav.net/mailman/listinfo/clamav-announce
and then watch your distribution's equivalent (if there is one).
> Yum and rpm don¢t have the latest 105 version for now. While we¢re
> wondering if you know any other package provider and its repo may
> always have the latest updates.
Yum and RPM are simply package installation tools. They are used to
obtain packages from repositories. The repositories are maintained by
people who are not part of the ClamAV development team and who usually
have a set of guidelines to which they work - often only when they can
find the time - and which differ from one repository to the next. It's
up to you to choose a repository which has policies which suit you and
your intended use of the packages they provide. The alternative to the
use of repositories is to build software from source. It's up to you.
Version 0.103.x is now provided with Long Term Support.
What do you plan to do with ClamAV?
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
