Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alpine apk pulling old clamav version #39

Closed
davidheerema opened this issue Feb 25, 2020 · 5 comments
Closed

Alpine apk pulling old clamav version #39

davidheerema opened this issue Feb 25, 2020 · 5 comments

Comments

@davidheerema
Copy link

davidheerema commented Feb 25, 2020
edited

Tue Feb 25 15:08:17 2020 -> ^Your ClamAV installation is OUTDATED!
Tue Feb 25 15:08:17 2020 -> ^Local version: 0.102.1 Recommended version: 0.102.2

It seems that the build is pulling 0.102.1 from apk:

Step 4/11 : RUN apk add --no-cache clamav rsyslog wget clamav-libunrar
---> Running in b7a24ba2cfc7
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
(1/19) Installing ca-certificates (20191127-r1)
(2/19) Installing nghttp2-libs (1.40.0-r0)
(3/19) Installing libcurl (7.67.0-r0)
(4/19) Installing libltdl (2.4.6-r7)
(5/19) Installing pcre (8.43-r0)
(6/19) Installing clamav-libs (0.102.1-r0)
(7/19) Installing freshclam (0.102.1-r0)
Executing freshclam-0.102.1-r0.pre-install
(8/19) Installing clamav-scanner (0.102.1-r0)
(9/19) Installing clamav-daemon (0.102.1-r0)
Executing clamav-daemon-0.102.1-r0.pre-install
(10/19) Installing fts (1.2.7-r1)
(11/19) Installing clamav (0.102.1-r0)
(12/19) Installing libgcc (9.2.0-r3)
(13/19) Installing libstdc++ (9.2.0-r3)
(14/19) Installing clamav-libunrar (0.102.1-r0)
(15/19) Installing libestr (0.1.11-r1)
(16/19) Installing libfastjson (0.99.8-r2)
(17/19) Installing libuuid (2.34-r1)
(18/19) Installing rsyslog (8.1911.0-r1)
(19/19) Installing wget (1.20.3-r0)
@chrisgilmerproj
Copy link

I am also seeing this and my security auditing group is giving me trouble about it. Is there anything we can do to help get this updated to a newer version?

This was referenced Mar 5, 2020
Closed
Merged
@mko-x
Copy link
Owner

mko-x commented Mar 6, 2020

I would leave the regular install as is, as the maintainers of clamav would provide the latest stable version I suppose.

If you need another version you should use your own version of this image and stick the version to the one your security team agrees with.

See https://superuser.com/questions/1055060/how-to-install-a-specific-package-version-in-alpine as well.

@chrisgilmerproj
Copy link

I'm curious why it is a warning if the latest stable version is installed. Anyway, I appreciate your response and might build on top of your image if it remains an issue with my folks.

@mko-x mko-x closed this as completed Mar 16, 2020
@mko-x mko-x mentioned this issue Apr 11, 2020
Closed
@mko-x
Copy link
Owner

mko-x commented Apr 11, 2020

See #45

@mko-x
Copy link
Owner

mko-x commented Apr 11, 2020

See new alpine-edge version here or use it directly

     docker run mkodockx/docker-clamav:alpine-edge

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chrisgilmerproj @mko-x @davidheerema