MIR report for CLAMAV

Bug #261249 reported by Leonel Nunez
6
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: clamav

Part of the ClamavSpamassassin in Main

https://wiki.ubuntu.com/ClamavSpamassassinInMain

Revision history for this message
Leonel Nunez (leonelnunez) wrote :
Revision history for this message
Scott Kitterman (kitterman) wrote :

Still need MIR for arj and unzoo, but subscribing ubuntu-mir for a review since this is a complex package.

Revision history for this message
Scott Kitterman (kitterman) wrote :

mir and unzoo are done now, so just waiting for review.

Revision history for this message
Martin Pitt (pitti) wrote :

The MIR mentions that upstream often changes "interfaces". What does that entail? Newer clam signatures don't work with older package versions, so we had to continuously put newer upstream versions into stables? The MTA-side API changes, so that we have to update our MTAs in stables for changes in new clamav versions?

Packaging is ok.

This package will need a serious amount of maintenance, but since it is in an approved spec, I guess the server team is willing to spend the efforts on it.

Changed in clamav:
status: New → Incomplete
Revision history for this message
Scott Kitterman (kitterman) wrote :

They did change the on disk signature database format once, but the old versions could still get data across the network. The impact of that was that libclamav3 and libclamav4 could not reasonably be made co-installable.

It's mostly ABI/API changes in libclamav and changes in options/names for clamscan. This isn't generallly problematic for clamav itself, but for the libclamav and clamav rdpends, but those will all stay in Universe, so I don't think it directly relates to the MIR. Clamd integration (which is what is used for the use case that's planned to be supported with amavisd-new) is stable (unchanged since at least Dapper AFAICT).

Fortunately Debian actively maintains this package and with the new pkg-clamav team should do even better, so we can largely benifit from their work.

I think the biggest supportability issue for this package is the volume of security updates. Since clamav always (well almost always) commits their security updates right before release it's generally reasonably easy to work out what needs to be dealt with.

Changed in clamav:
status: Incomplete → New
Revision history for this message
Martin Pitt (pitti) wrote :

Thanks for the clarifications. Approved.

Changed in clamav:
status: New → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

I promoted the source and following binaries to main:

  clamav clamav-daemon clamav-base clamav-freshclam libclamav4 libclamav-dev clamav-docs

(-docs wasn't requested in the MIR, but it doesn't make sense to not put the documentation into main as well)

Please seed clamav to server.

Changed in clamav:
status: In Progress → Fix Released
Revision history for this message
Scott Kitterman (kitterman) wrote :

clamav and clamav-daemon added to server-ship. The rest should get pulled in via depends or supported extra-include.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers