In Progress ClamAV 0.101 and 0.102 EOL on January 3rd

Metro2

Well-Known Member
May 24, 2006
554
90
178
USA
cPanel Access Level
Root Administrator
This is serious since cPanel is still running ClamAV 0.101

Quoted from ClamAV 0.100 End of Life TODAY and reminder of upcoming 0.101 and 0.102 EOL

ClamAV 0.101 and 0.102 releases will reach EOL in a little over two month's time on Jan. 3, 2022. After this date, ClamAV 0.101 and 0.102 and all patch versions will be blocked from downloading new signatures from database.clamav.net.

Please upgrade to ClamAV 0.103.3 LTS or newer to ensure continued access to the latest official malware detection signature databases.
Looks like it's time to either re-title or close / redirect my old thread at Any progress toward ClamAV 0.102.x ? to this one, since in 2 months even 0.102 will be EOL , leaving only 0.103.3 and higher functional. The latest current version of ClamAV as of last month is 0.104 - ClamAV 0.104.0 released
 

Metro2

Well-Known Member
May 24, 2006
554
90
178
USA
cPanel Access Level
Root Administrator
@cPanelAnthony thank you so much for your reply.

Pardon my confusion when you refer to cPanel version 102 - when looking at 100 Change Log | cPanel & WHM Documentation it appears that there is no cPanel v 102 yet, and appears that the latest release tier available it 100.0.5 , which is the version of cPanel I'm running.

And the following result is:


[~]# /usr/local/cpanel/3rdparty/bin/freshclam
ClamAV update process started at Thu Dec 23 01:52:14 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.4
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav


Which appears to suggest that the latest release tier of cPanel (100.0.5) is still running ClamAV 0.101.5 and only mentions "Recommending" ClamAV 0.103.4 , much less ClamAV .104 , and from what we've been told - the version of ClamAV running on cPanel is actually controlled by cPanel itself and that the ClamAV plugin is updated automatically with cPanel updates - SOLVED - Clamav update question - with no need (or ability) manually do it.

Please let me know what I'm overlooking if anything, and how to get this critical component updated.

Thanks so much for your guidance!
 
Last edited:

Metro2

Well-Known Member
May 24, 2006
554
90
178
USA
cPanel Access Level
Root Administrator
Hello! It looks like version .104 has been rolled out for cPanel version 102 and higher. Can you let me know if you still have issues after updating to version 102? I am not aware if this will be backported to earlier cPanel versions at this time.
Found this - A Farewell To Paper Lantern | cPanel Blog - cPanel 102 is not available until next year. (And then I assume there will be the wait for it to make it through Edge and Current before becoming available to those of us running Release tier in our production environment servers).
 

Metro2

Well-Known Member
May 24, 2006
554
90
178
USA
cPanel Access Level
Root Administrator
Safe? Maybe. Security-minded? No, and way behind the curve by years. Thankfully 102 has made it to Edge, so hopefully 102 will make it to the suggested standard of Release tier fairly soon. Thank you for the response.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,045
111
118
Houston, TX
cPanel Access Level
Root Administrator
Safe? Maybe. Security-minded? No, and way behind the curve by years. Thankfully 102 has made it to Edge, so hopefully 102 will make it to the suggested standard of Release tier fairly soon. Thank you for the response.
While I can never make any one-hundred percent guarantees, version 102 should be going to release in February.

 
  • Like
Reactions: Metro2

Metro2

Well-Known Member
May 24, 2006
554
90
178
USA
cPanel Access Level
Root Administrator
@cPanelAnthony - thank you for your replies, and my apologies if my last response sounded a little snippy. I hope that you can understand why, since the outdated ClamAV situation has been an item for well over a year now and I was getting worried, but still I didn't mean to be short with you. And as we have discovered - cPanel 102 it's making it's way to release, and during the process we've seen some related anomalies to the code / prep changes as we saw in ClamAV fails to start on CloudLinux 6 after updating to 100.0.8 solution , but those are "growing pains" but ultimately a good sign that cPanel devs have been hard at work on this along with the cascade of other challenges we've all been facing recently. I think we're all overworked! But it's definitely a big relief to see that time has been allotted for this to be addressed and it's almost finally completely out of the way. Cheers!