> I use EPEL RPM files to upgrade Clamav on my Linux systems. > > When urgent vulnerability fixes are released is it advisable to wait for > stable rpm? I don't know if it is safe to apply testing rpm. > > Usually EPEL stable rpms are released after weeks of delay from new > Clamav versions. > > Do you have any hints about use of clamav rpm distributions?
I guess the right answer is "it depends on your situation"... If you are wanting to update just because there's some security patches, it's probably not going to hurt to wait. If you are wanting to update because of some new feature and can't / don't want to wait, then obviously you would have to build your own. Alternatively there are 3rd party Repositories that usually update certain packages much faster than the main channels. https://pkgs.org is a nice searchable source, but it does not cover all 3rd party repos. I have built my own RPMs for ClamAV before. It's pretty quick and easy, usually just updating the source file, a couple lines in the .spec, sometimes the signature updates, all the other files rarely require any editing. If you have never built RPMs it can be a little bit of a learning curve and require installing a handful of packages, but it's not too terribly difficult, there are lots of guides out there if you search. I always build / test new RPMs on a dedicated little VM before rolling it out to my production server. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
