Now that the virtualmin install script runs again I have installed virtualmin on a brand new debian lenny server. After apt-get update, apt-get upgrade tell me everything is up to date. However if I run freshclam I get a warning that I am running quite an old clamAV version:
lars:/var/log/clamav# freshclam
ClamAV update process started at Sun Mar 14 01:37:26 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.94.2 Recommended version: 0.95.3
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
daily.cld is up to date (version: 10573, sigs: 24182, f-level: 44, builder: guitar)
How can I upgrade clamAV to the latest version?
And why isn't apt-get upgrade not showing the latest version?
Jan Derk
After some searching this seems a virtualmin package issue (somebody correct me if I am wrong).
I filed a bug report here:
https://www.virtualmin.com/node/13759
Jan Derk
Howdy,
After some searching this seems a virtualmin package issueI suspect that the research you did dug up an issue on CentOS, where Virtualmin provides the ClamAV packages.
Debian provides it's own Clam package -- which at this point is a couple of versions behind ClamAV's most recent version:
http://packages.debian.org/lenny/clamav-base
The issue you're seeing is common to all Debian servers, and is because the Debian package is a few versions behind the most recent ClamAV.
I wouldn't be too concerned since you're running the latest Debian version -- Debian will backport any significant fixes into your current version.
Outside of that, the only way to get rid of that warning is to use an alternate repository for Clam packages, and pull down a non-standard ClamAV version.
-Eric
Thanks Eric,
I suspect that the research you did dug up an issue on CentOS, where Virtualmin provides the ClamAV packages.
Yes indeed. That caused me to think it was a Virtualmin issue.
Debian provides it's own Clam package -- which at this point is a couple of versions behind ClamAV's most recent version:
Aha. So it is a Debian issue and is caused by the fact that Debian is very conservative updating clamAV. Good thing I posted this in the newbies section :)
I just learned that one can use the volatile distribution if one wants to keep up to date with ClamAV. If I tell sources.list to use use debian volatile, apt-get indeed shows the ClamAV update.
I will do some more reading if it is wise to use Debian Volatile.
Jan Derk
I will do some more reading if it is wise to use Debian Volatile.
Is is wise to use Debian volatile, with caution and understanding. Enabling alternate repositories should always been done only after reading a bit (which you're doing!), and making sure you know what packages are provided by it, and whether they will conflict or otherwise have problems with other packages on your system. Likewise, you should probably opt out of using volatile for packages that you don't need to be super recent. The volatile packages get less testing, and are thus more likely to have unfixed bugs. For ClamAV and SpamAssassin, however, it is a great option.
--
Check out the forum guidelines!
Is is wise to use Debian volatile, with caution and understanding.I changed the sources.list to volatile and the only new upgrade aptitude showed was clamav. It gave me a good feeling that volatile was very very similar to stable. Which is what I prefer.
Changes to volatile are announced here:
http://lists.debian.org/debian-volatile-announce/
which show mostly clamav and spamassassin changes.