[clamav-users] rpm files question [was: ClamAV 0.101.2 announcement?]

J.R. themadbeaker at gmail.com
Fri Mar 29 09:19:33 EDT 2019


> I use EPEL RPM files to upgrade Clamav on my Linux systems.
>
> When urgent vulnerability fixes are released is it advisable to wait for
> stable rpm? I don't know if it is safe to apply testing rpm.
>
> Usually EPEL stable rpms are released after weeks of delay from new
> Clamav versions.
>
> Do you have any hints about use of clamav rpm distributions?

I guess the right answer is "it depends on your situation"...

If you are wanting to update just because there's some security
patches, it's probably not going to hurt to wait.

If you are wanting to update because of some new feature and can't /
don't want to wait, then obviously you would have to build your own.
Alternatively there are 3rd party Repositories that usually update
certain packages much faster than the main channels. https://pkgs.org
is a nice searchable source, but it does not cover all 3rd party
repos.

I have built my own RPMs for ClamAV before. It's pretty quick and
easy, usually just updating the source file, a couple lines in the
.spec, sometimes the signature updates, all the other files rarely
require any editing. If you have never built RPMs it can be a little
bit of a learning curve and require installing a handful of packages,
but it's not too terribly difficult, there are lots of guides out
there if you search. I always build / test new RPMs on a dedicated
little VM before rolling it out to my production server.


More information about the clamav-users mailing list