ClamAV v. 0.65 has a serious vulnerability, which version 0.66 fixes. Also, clamav now has a new download site. Reproducible: Always Steps to Reproduce: See http://www.secunia.com/advisories/10826 new clamav-0.66.ebuils: # Copyright 1999-2004 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 # $Header: /home/cvsroot/gentoo-x86/net-mail/clamav/clamav-0.65.ebuild,v 1.1 2004/01/20 19:03:02 hanno Exp $ IUSE="milter" inherit eutils flag-o-matic has_version =sys-libs/glibc-2.2* && filter-flags -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE DESCRIPTION="Clam Anti-Virus Scanner" HOMEPAGE="http://www.clamav.net/" SRC_URI="http://clamav.catt.com/stable/${P}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64" DEPEND="virtual/glibc" PROVIDE="virtual/antivirus" pkg_setup() { enewgroup clamav enewuser clamav -1 /bin/false /dev/null clamav pwconv || die } src_compile() { local myconf use milter && myconf="--enable-milter" econf ${myconf} --with-dbdir=/var/lib/clamav || die emake || die } src_install() { make DESTDIR=${D} install || die dodoc AUTHORS BUGS NEWS README ChangeLog TODO FAQ INSTALL exeinto /etc/init.d ; newexe ${FILESDIR}/clamd.rc clamd insinto /etc/conf.d ; newins ${FILESDIR}/clamd.conf clamd dodoc ${FILESDIR}/clamav-milter.README.gentoo } pkg_postinst() { if [ `use milter` ]; then einfo "For simple instructions howto setup the clamav-milter..." einfo "" einfo "less /usr/share/doc/${PVR}/clamav-milter.README.gentoo.gz" fi } new digest-clamav-0.66: MD5 f0a5d7f35106fb7b176bca5cd28a1bed clamav-0.66.tar.gz 2275692
*** Bug 41237 has been marked as a duplicate of this bug. ***
Most archs have 0.65 has unstable, 0.60 is stable for x86, ppc, sparc. Hanno, can you take a look at this? *added package maintainer hanno@gentoo.org
*** Bug 41686 has been marked as a duplicate of this bug. ***
I've just commited 0.67-ebuild. We should mark it stable on all platforms as soon as possible. A GLSA should be written about two issues: 1. the security vulnerability 2. 0.60 uses a deprecated virus-db-format, so you won't get updates for up-to-date viruses
could you arch peeps please emerge 0.67 and make sure everything is ok for stable ?
Everything looks good. Marked stable on sparc.
All set on alpha and ia64
As we've already released the GLSA on this, is there any reason not to close?
aight well i just marked it stable for mips/arm/amd64 i'll let hanno clean out the old ebuilds