Any progress toward ClamAV 0.102.x ?

[Metro2]

I know that when ClamAV introduced the clamonacc utility in 0.102.0 ClamAV 0.102.0 has been released , it posed an issue of how the cPanel development team would approach adapting it into cPanel's ClamAV , but it's been a year now since 0.102.0 released so I'm just wondering if there's been any progress on that front.

I have 49 23 * * * /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings in my crontab and my ClamAV is still stuck at:
cpanel-clamav-virusdefs-0.101.5-5.cp1186.x86_64
cpanel-clamav-0.101.5-5.cp1186.x86_64
cpanel-perl-530-File-Scan-ClamAV-1.95-1.cp1186.noarch

And so of course I'm getting the logwatch messages:
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.102.4

I understand big changes take time, but with the ever-increasing cyber threats / site / server attacks I'm just really hoping that this is still on cPanel's team radar, as we could all really benefit from the many bug fixes, vulnerability fixes, and enhancements of the newer versions. (In fact, 0.103.0 just released this month, but I'd be thrilled to even just have 0.102.4 instead the very outdated 0.101.5)

Thanks for any consideration on this from the cPanel team.

 

[cPanelLauren]

I see that there is a case for this but it does not have any updates, I know that it was added to a backlog but because of the work it's going to take to make the changes the team has not been able to add it into development cycle yet.

 

[Metro2]

This issue is becoming more and more critical.

"ClamAV For Cpanel" is still stuck at version 0.101.5 which is an 18-month old "patch" from November of 2019 and there have been a lot of important updates to ClamAV since then... CVE / Vulnerability / Security patches are obviously the most important changes since then up to the now current 0.103.2 , but also the outdated ClamAV For Cpanel version 0.101.5 is failing to detect more and more viruses and they're getting through in user emails even with Mailscanner installed. It is documented that keeping the databases updated via /usr/local/cpanel/3rdparty/bin/freshclam is simply not enough.

# /usr/local/cpanel/3rdparty/bin/freshclam
ClamAV update process started at Fri Apr 23 18:55:46 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.2

I do understand that the cPanel dev team is always facing a number of challenges and can empathize, but at this point we're missing some very critical updates and the version we're stuck on has become too outdated to be effective. Does anyone from the team have any idea when some development resources will be appropriated to this important issue?

 

[cPRex]

I've spoken with our email team and they are aware but just hasn't been something they've got to yet. All the drama around CentOS 8 has pushed many things around, but it's definitely on the list.

 

[Metro2]

Thank you for acknowledging that it hasn't been forgotten.

 

[otakudes]

I'm also hoping Cpanel updates their version of Clamav.

 

[Metro2]

Just in case this matters to devs or anyone else , the "clamav-devel" GitHub repository name is changing to "clamav" - "clamav-devel" GitHub repository name change to "clamav"

 

[kodeslogic]

@cPRex
Is there any progress on this?

 

[cPRex]

Nope - nothing yet.

 

[Metro2]

HELLO! EOL! ClamAV EOL of 0.100.x versions

 

[cPRex]

I reached out to our email development team and they are aware of the EOL, but we don't have a specific date as to when that will be updated on our side. It's definitely going to happen, I just don't have any type of timeframe at this point.

 

[Metro2]

Thank you for the assurance cPRex. The EOL announcement makes me a bit nervous.

 

[cPRex]

Me too! There's an incredible amount of work happening behind the scenes with email right now - Mail Node things, Ubuntu things, and really, if it all turns out well, end-users shouldn't notice anything except stuff just working. Then things like this come up and you have to work them into the dev cycles.

But it'll happen, and our email team is definitely aware - I can confirm that.

 

[Metro2]

ClamAV 0.104.0 released

ClamAV 0.104.0 is available as an official release as of today. We are also announcing a new Long Term Support (LTS) program today in an upd...

blog.clamav.net

Just sayin'

 

[Metro2]

0.101 and 0.102 EOL in 2 months - New Thread - ClamAV 0.101 and 0.102 EOL on January 3rd

 

[cPanelAnthony]

Hello! As responded in the new thread, I am speaking with my team and will try to get some more information tomorrow. Thank you for your patience.