Re: [volatile] Updated clamav-related packages available fortesting
On Friday 16 April 2010 10:01:46 you wrote:
> Jason Self wrote/schrieb @ 15.04.2010 21:52:
> > Kurt Roeckx <email@example.com> wrote ..
> >> What does this mean exactly?
> deb http://volatile.debian.org/debian-volatile \
> lenny-proposed-updates/volatile main contrib non-free
The imho more interesting point is: What does it mean in the long term?
The current situation is:
Volatile has clamav 0.95, while upstream has 0.96. There are security related
issues in 0.95 (DoS etc.?)  that might affect(?) volatile - futhermore the
clamav-people are suggesting to use the latest version  - that is 0.96.
Volatile itself is not supported by the security team  and the security
team refuses the support the current stable version .
As a sysop running lenny/clamav on a few hosts, I started building clamav from
source and reading clamav's announce list.
But I wonder, what does it mean in the long run:
- Will volatile be updated to 0.96 soon?
- Will clamav (in volatile) receive official security support?
- Are there any (better supported) alternatives to clamav in lenny?
- Afair there is no specific EOL-/Kill-Switch in clamav: ClamAV <= 0.94 is
unable to handle "big" incremental updates and a "too" big update was
shipped. Is it - from a naive point of view - just a bug that can be fixed in
debian ? Just apply the given patch  in lenny's clamav and be