Any progress toward ClamAV 0.102.x ?

Metro2

Well-Known Member
May 24, 2006
530
76
178
USA
cPanel Access Level
Root Administrator
I know that when ClamAV introduced the clamonacc utility in 0.102.0 ClamAV 0.102.0 has been released , it posed an issue of how the cPanel development team would approach adapting it into cPanel's ClamAV , but it's been a year now since 0.102.0 released so I'm just wondering if there's been any progress on that front.

I have 49 23 * * * /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings in my crontab and my ClamAV is still stuck at:
cpanel-clamav-virusdefs-0.101.5-5.cp1186.x86_64
cpanel-clamav-0.101.5-5.cp1186.x86_64
cpanel-perl-530-File-Scan-ClamAV-1.95-1.cp1186.noarch

And so of course I'm getting the logwatch messages:
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.102.4

I understand big changes take time, but with the ever-increasing cyber threats / site / server attacks I'm just really hoping that this is still on cPanel's team radar, as we could all really benefit from the many bug fixes, vulnerability fixes, and enhancements of the newer versions. (In fact, 0.103.0 just released this month, but I'd be thrilled to even just have 0.102.4 instead the very outdated 0.101.5)

Thanks for any consideration on this from the cPanel team.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
I see that there is a case for this but it does not have any updates, I know that it was added to a backlog but because of the work it's going to take to make the changes the team has not been able to add it into development cycle yet.
 

Metro2

Well-Known Member
May 24, 2006
530
76
178
USA
cPanel Access Level
Root Administrator
This issue is becoming more and more critical.

"ClamAV For Cpanel" is still stuck at version 0.101.5 which is an 18-month old "patch" from November of 2019 and there have been a lot of important updates to ClamAV since then... CVE / Vulnerability / Security patches are obviously the most important changes since then up to the now current 0.103.2 , but also the outdated ClamAV For Cpanel version 0.101.5 is failing to detect more and more viruses and they're getting through in user emails even with Mailscanner installed. It is documented that keeping the databases updated via /usr/local/cpanel/3rdparty/bin/freshclam is simply not enough.

Code:
# /usr/local/cpanel/3rdparty/bin/freshclam
ClamAV update process started at Fri Apr 23 18:55:46 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.2
I do understand that the cPanel dev team is always facing a number of challenges and can empathize, but at this point we're missing some very critical updates and the version we're stuck on has become too outdated to be effective. Does anyone from the team have any idea when some development resources will be appropriated to this important issue?
 
  • Like
Reactions: otakudes

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,027
313
cPanel Access Level
Root Administrator
I reached out to our email development team and they are aware of the EOL, but we don't have a specific date as to when that will be updated on our side. It's definitely going to happen, I just don't have any type of timeframe at this point.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,027
313
cPanel Access Level
Root Administrator
Me too! There's an incredible amount of work happening behind the scenes with email right now - Mail Node things, Ubuntu things, and really, if it all turns out well, end-users shouldn't notice anything except stuff just working. Then things like this come up and you have to work them into the dev cycles.

But it'll happen, and our email team is definitely aware - I can confirm that.
 
  • Like
Reactions: Metro2
Thread starter Similar threads Forum Replies Date
V Security 0