Monday, September 25, 2017

security - How to install up-to-date virus scanner ClamAv in 12.04?


ClamAV is in the official security software repositories from Canonical, but on running freshclam, it reports:


ClamAV update process started at Tue Jan 21 10:31:59 2014
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.8 Recommended version: 0.98.1

(I have backports repo enabled, too.)


I would assume that there's little point with a virus scanner that is not up to date. I can think of two answers, I'm hoping the second is correct:



  1. Canonical don't take security seriously in this regard, you'll have to go outside the software centre to download something from elsewhere. I can't accept this from the most secure popular OS available


    EDIT: I feel me stating my opinion on Canonical's policy in the question has skewed the tone of answers. All answers say (2) but in fact answer (1): you have to fetch in code from outside Ubuntu LTS, probably because those people can accept this as fine.


  2. You clearly haven't done X. Type this or click that, and you'll get proper security updates for Ubuntu LTS from official sources.



Please advise! Thanks.



There is an option three:


3. The packagers at Canonical make a well-considered trade-off between stability and security, and you should worry less.


As the next three lines of your freshclam output most likely show (please add them to the question), your virus definitions are up to date. That's because Canonical -- or rather Debian, who do the original packaging of the package -- take security seriously.


What your freshclam output does show is that the installed software version (0.97.8) is behind the current production release (0.98.1). That's because Debian and Canonical are also serious about stability, in particular for an LTS release. You are on 12.04 for a reason, right?


To judge how well the packagers have made the stability-security trade-off, examine the ClamAV change log. I count 18 changes, 11 of which are not security-related or for different target platforms, leaving us with the following 7 potential security improvements (against an unknown number of newly introduced bugs):


 * Improvements to OLE2 extraction and scanning
* xz file type support
* bb #1570: Support ADC compression in DMG
* libclamav: Add support for scanning xar/pkg archive files.
* bb #8385: PDF ASCII85Decode zero-length fix
* libclamav: SCAN_ALL mode fixes
* bb #7436: elf64 header early exit

Trade-offs like security-stability are difficult to make, in particular for someone who isn't well informed. That's why I generally put more trust in the packagers than in my own judgment. And in case I need more certainty, I make sure that I base it on evidence rather than gut feeling.


No comments:

Post a Comment

11.10 - Can't boot from USB after installing Ubuntu

I bought a Samsung series 5 notebook and a very strange thing happened: I installed Ubuntu 11.10 from a usb pen drive but when I restarted (...