[clamav-users] 99.3 for Ubuntu

Marcus Schopen lists at localguru.de
Sat Jan 27 22:22:13 UTC 2018

Am Freitag, den 26.01.2018, 16:25 +0100 schrieb Reindl Harald:
> if you use distribution packages you are supposed to wait for a
> update 
> from the distribution or learn to proper package at your own
> i heard that's not that easy as on Redhat systems because you don't
> have 
> everything in a .src.rpm and just need to replace the tarball after 
> unpack the src.rpm and edit the version in the spec file but again:

That's not right. Building a 0.99.3 deb package based on the current
0.99.2 deb source package are just a few shell commands, e.g.:

0. set up an build environment e.g. on a fresh box:

 aptitude install dpkg-dev devscripts equivs quilt

 export QUILT_PATCHES=debian/patches

1. get the current 0.99.2 clamav src package, e.g. for 14.04 TLS from


wget http://archive.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.99.2+

wget http://archive.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.99.2+

wget http://archive.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.99.2+

2. unpack the source package
 dpkg-source -x clamav_0.99.2+addedllvm-0ubuntu0.14.04.2.dsc

3. download the new original 0.99.3 clamav source


4. upgrade the old 0.99.2 deb source package

 cd clamav-0.99.2+addedllvm
 uupdate -v 0.99.3 ../clamav-0.99.3.tar.gz

5. enter the new 0.99.3 deb source package dir

  cd ../clamav-0.99.3

6. remove old patches from ./debian/patches dir which are not longer

 In this case (to my mind) on 14.04 LTS CVE-2017-6418 and CVE-2017-6420 
are already patched in 0.99.3. Unsure about CVE-2017-6419 (didn't find
it in the README); I removed it, because 0.99.3 original source doesn't
come up with this patch. May be someone knows better.

 quilt pop -a
 quilt delete -r CVE-2017-6418
 quilt delete -r CVE-2017-6419
 quilt delete -r CVE-2017-6420
 quilt delete -r CVE-2017-6420-2

7. maintenance debian/changelog and add your suffix, e.g.

 dch --local ~yoursuffix

8. finally build new deb package

 dpkg-buildpackage -us -uc

That's it. So basically it's replacing the orig tar ball and update
changelog too.


More information about the clamav-users mailing list