In Progress ClamAV 0.101 and 0.102 EOL on January 3rd

[Metro2]

This is serious since cPanel is still running ClamAV 0.101

Quoted from ClamAV 0.100 End of Life TODAY and reminder of upcoming 0.101 and 0.102 EOL

ClamAV 0.101 and 0.102 releases will reach EOL in a little over two month's time on Jan. 3, 2022. After this date, ClamAV 0.101 and 0.102 and all patch versions will be blocked from downloading new signatures from database.clamav.net.

Please upgrade to ClamAV 0.103.3 LTS or newer to ensure continued access to the latest official malware detection signature databases.

Looks like it's time to either re-title or close / redirect my old thread at Any progress toward ClamAV 0.102.x ? to this one, since in 2 months even 0.102 will be EOL , leaving only 0.103.3 and higher functional. The latest current version of ClamAV as of last month is 0.104 - ClamAV 0.104.0 released

 

[cPanelAnthony]

Hello! I will reach out to our team tomorrow during normal business hours and see if I can get an update on this for you.

 

[Metro2]

@cPanelAnthony were you able to get any update on this? Thanks very much!

 

[Metro2]

Reminder: ClamAV 0.102, 0.101 End of Life is Jan 3, 2022

As a reminder, the ClamAV 0.102 and 0.101 releases will reach its end of life (EOL) in less than one month's time on Jan. 3, 2022. After th...

blog.clamav.net

 

[cPanelAnthony]

Hello! It looks like version .104 has been rolled out for cPanel version 102 and higher. Can you let me know if you still have issues after updating to version 102? I am not aware if this will be backported to earlier cPanel versions at this time.

 

[Metro2]

@cPanelAnthony thank you so much for your reply.

Pardon my confusion when you refer to cPanel version 102 - when looking at 100 Change Log | cPanel & WHM Documentation it appears that there is no cPanel v 102 yet, and appears that the latest release tier available it 100.0.5 , which is the version of cPanel I'm running.

And the following result is:


[~]# /usr/local/cpanel/3rdparty/bin/freshclam
ClamAV update process started at Thu Dec 23 01:52:14 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.4
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav


Which appears to suggest that the latest release tier of cPanel (100.0.5) is still running ClamAV 0.101.5 and only mentions "Recommending" ClamAV 0.103.4 , much less ClamAV .104 , and from what we've been told - the version of ClamAV running on cPanel is actually controlled by cPanel itself and that the ClamAV plugin is updated automatically with cPanel updates - SOLVED - Clamav update question - with no need (or ability) manually do it.

Please let me know what I'm overlooking if anything, and how to get this critical component updated.

Thanks so much for your guidance!

 

[Metro2]

Hello! It looks like version .104 has been rolled out for cPanel version 102 and higher. Can you let me know if you still have issues after updating to version 102? I am not aware if this will be backported to earlier cPanel versions at this time.

Found this - A Farewell To Paper Lantern | cPanel Blog - cPanel 102 is not available until next year. (And then I assume there will be the wait for it to make it through Edge and Current before becoming available to those of us running Release tier in our production environment servers).

 

[cPanelAnthony]

Hello again! My apologies for making it seem like 102 was available now. That is correct, it isn't yet available. And that is also correct; cPanel maintains this version. So, while it is end of life, it should be safe to simply keep running the older version until cPanel version 102.

 

[Metro2]

Safe? Maybe. Security-minded? No, and way behind the curve by years. Thankfully 102 has made it to Edge, so hopefully 102 will make it to the suggested standard of Release tier fairly soon. Thank you for the response.

 

[cPanelAnthony]

Safe? Maybe. Security-minded? No, and way behind the curve by years. Thankfully 102 has made it to Edge, so hopefully 102 will make it to the suggested standard of Release tier fairly soon. Thank you for the response.

While I can never make any one-hundred percent guarantees, version 102 should be going to release in February.

Product Versions and the Release Process | cPanel & WHM Documentation

This document explains the cPanel & WHM version system and release process.

docs.cpanel.net

 

[Metro2]

@cPanelAnthony - thank you for your replies, and my apologies if my last response sounded a little snippy. I hope that you can understand why, since the outdated ClamAV situation has been an item for well over a year now and I was getting worried, but still I didn't mean to be short with you. And as we have discovered - cPanel 102 it's making it's way to release, and during the process we've seen some related anomalies to the code / prep changes as we saw in ClamAV fails to start on CloudLinux 6 after updating to 100.0.8 solution , but those are "growing pains" but ultimately a good sign that cPanel devs have been hard at work on this along with the cascade of other challenges we've all been facing recently. I think we're all overworked! But it's definitely a big relief to see that time has been allotted for this to be addressed and it's almost finally completely out of the way. Cheers!