On Mon, Feb 28, 2011 at 7:39 AM, Bowie Bailey <bowie_bai...@buc.com> wrote: > ClamAV 0.96 was released in April of 2010. How much time do you need to > schedule an upgrade? If my servers were still running an old version a > month after an update, I would consider it a serious problem. AV > programs need to be kept up to date in order to provide the best protection.
All, please realize that I'm trying to be constructive here - just exploring the options. I realize that today's problem was unexpected fallout, not a planned breakage. And Edwin really helped us when we had a FreeBSD-specific memory problem, getting on one of our systems directly, investigating, and creating a patch on the spot -- so I'm a huge fan of the team and its efforts. The team clearly took the "lessons learned" from the 0.94.x issue and applied them -- adding versioning such that some types of signature version mismatches will be ignored. My "tag field" idea is really just trying make that mechanism more flexible. Bowie - ah, to clarify: we were running 0.96.2, so we were still bitten by the outage last week (but not the one today). Your answer implied that you thought we were running 0.95.x, which we were not. My apologies for not being clear. But speaking for the folks who were/are running 0.95.x, was there an end-of-life announcement for 0.95.x that we missed? Searching the RSS feed, the mailing list and Google with this: (clamav OR "Clam Antivirus") (end-of-life OR "end of life" OR "not supported" OR unsupported OR "no longer supported") (0.95 OR 0.95.x) .... yield nothing other than 0.94.x information. If 0.95.x is EOL and the folks still running it missed that, then it's their fault for being caught unawares. After the scars from last time :-), I busted my butt to make sure that I was subscribed to the RSS feed and mailing list. If the only place this was announced was when the daemon starts up, and my systems have been running fine and haven't needed to be rebooted, how else would I find out? But if it's not EOL, some shops are dramatically short-handed enough that "if it ain't broke, don't fix it" is sometimes not just a good rule of thumb, but the only feasible option. :-) Depending on your definition of "an old version", upgrading within a month every time a "new version" comes out -- when the old one is not EOL -- could even be considered reckless. :-) Tomasz' point about some folks preferring to have ClamAV "working" than actually detecting malware is an oversimplification. Having 99.99% of signatures work when something breaks is better than having to turn the whole thing off - which is exactly what my shop had to do last week. In other words: we couldn't detect *any* malware, which in my mind is worse. I see the larger point -- that enabling a good admin to do a graceful upgrade a few hours later also enables a bad admin to put off an upgrade for months. I'm not sure how to resolve that, but I do know that even a few hours' worth of breathing room can make the difference between unrevertable upgrades and a more proper, sysadminly process. Will bad admins abuse a grace period? Probably. But it would also help good admins to the Right Thing. Again, just trying to come up with a win-win here. Royce _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
