[Clamav-devel] WRT support for older ClamAV releases and older distros
Micah Snyder (micasnyd)
micasnyd at cisco.com
Thu Feb 13 12:26:45 EST 2020
A couple a people have asked regarding ongoing maintenance of previous releases and of support for CentOS 6. I wanted to write one email instead of respond a few times to each person.
The TL;DR is: We're no longer publishing new ClamAV 0.100 or 0.101 patch versions. I advise everyone to upgrade to 0.102.2.
We make an effort to test on the two latest LTS releases of some of the more popular operating systems. Now that CentOS 8 is out, we're discontinuing testing on CentOS 6.
Regarding a question about CentOS 32bit, specifically: There is a known compatibility issue with ClamAV 0.100+ and zlib released older than 1.2.7 (provided with CentOS 5/6). The CentOS 6 package maintainers had a workaround for 0.100 (see https://bugzilla.clamav.net/show_bug.cgi?id=12162 for details). This compatibility issue is not something we ever had the time or interest to fix.
RHEL/CentOS in general:
CentOS releases are very long-lived, lasting 10 years from release until EOL.
CentOS 6 EOL: November 30, 2020
CentOS 7 EOL: June 30, 2024
CentOS 8 EOL: May 31, 2029.
If you take a peek at the EPEL packages for RHEL/CentOS 8 ( https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/c/ ), you'll notice that they're still packaging ClamAV 0.101.5. Regression testing and preparing each patch version is relatively time consuming and our development team is small. To limit the scope of our work so we can make progress with fixes and improvements to ClamAV, we're only patching the current stable release and a previous stable releases in the event that the current stable release is very new, so as to provide some overlap for users that might have some difficulty updating.
There is certainly no way our team can continue to support ClamAV 0.101 until 2029. I think the EPEL package maintainers will have to decide if they want to invest the time to backport fixes themselves, or if they're willing to provide newer versions of ClamAV.
Cisco Systems, Inc.
More information about the clamav-devel