clamav-base package contains very big clamav data files (main.cvd and daily.cvd) from clamav-data package

Bug #460316 reported by Mantas Kriaučiūnas on 2009-10-25
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Baltix
Undecided
Unassigned
clamav (Debian)
Fix Released
Unknown
clamav (Ubuntu)
Wishlist
Scott Kitterman

Bug Description

Binary package hint: clamav

I've noticed, that clamav installation in Ubuntu takes ~20MB more space than in other Linux distros. Problem is in clamav-base package - /usr/share/doc/clamav-base/examples/ contains very big clamav data files (main.cvd and daily.cvd), which also exist in clamav-data package (/var/lib/clamav/*.cvd)

/$ ls -lh /usr/share/doc/clamav-base/examples/
total 21M
-rw-r--r-- 1 root root 12K 2009-09-09 13:42 clamd.conf
-rw-r--r-- 1 root root 717K 2009-09-09 13:45 daily.cvd
-rw-r--r-- 1 root root 21M 2009-09-09 13:45 main.cvd

Please remove unneeded main.cvd and daily.cvd files from clamav-base package.

Chuck Short (zulcss) on 2010-01-09
Changed in clamav (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
Changed in clamav (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Scott Kitterman (kitterman)
Changed in clamav (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.96~rc1+dfsg-0ubuntu2

---------------
clamav (0.96~rc1+dfsg-0ubuntu2) lucid; urgency=low

  * Drop initial signature definitions from clamav-base (LP: #460316)
    - Signatures will have to be obtained via freshclam or clamav-data
  * Remove deprecated MailFollowURLs option from default clamd.conf in
    clamav-base.postinst.in (LP: #538417)
 -- Scott Kitterman <email address hidden> Sat, 13 Mar 2010 13:35:18 -0500

Changed in clamav (Ubuntu):
status: Fix Committed → Fix Released
Mantas Kriaučiūnas (mantas) wrote :

I'm reopening this bug because initial signature definitions isn't removed from clamav-base package since clamav version 0.97.1+dfsg-1ubuntu1 (oneiric) :(
Now newest clamav-base packages from oneiric, natty and precise are 31Mb size (previously size was only 0.1Mb)!!!

I'm pasting important moments from debian/changelog:
1. Latest correct version was 0.97+dfsg-2ubuntu1:
clamav (0.97+dfsg-2ubuntu1.1) natty-security; urgency=low
  * SECURITY UPDATE: denial of service via hash manager off-by-one
    - libclamav/matcher-hash.c: fix count.
    - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=656dfd0b86817c05cc67964823fb4da8790f243d
    - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5
    - CVE-2011-2721
 -- Marc Deslauriers <email address hidden> Wed, 27 Jul 2011 13:31:36 -0400

clamav (0.97+dfsg-2ubuntu1) natty; urgency=low
  * Merge from debian unstable. Remaining Ubuntu changes:
    - Drop initial signature definitions from clamav-base
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer script changes
 -- Scott Kitterman <email address hidden> Fri, 11 Mar 2011 08:07:46 -0500

2. First bad version without "Dropped initial signature definitions from clamav-base":

clamav (0.97.1+dfsg-1ubuntu1) oneiric; urgency=low
  * Merge from debian unstable. Remaining changes:
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer script changes
 -- Scott Kitterman <email address hidden> Sat, 18 Jun 2011 11:56:34 -0400

Changed in clamav (Ubuntu):
status: Fix Released → New
Scott Kitterman (kitterman) wrote :

The claamav-data package is no longer maintained, so the assumptions underlying this bug are no longer valid. Switching back to shipping the definitions in the package was not accidental.

Changed in clamav (Ubuntu):
assignee: Scott Kitterman (kitterman) → nobody
assignee: nobody → Scott Kitterman (kitterman)
status: New → Invalid
Mantas Kriaučiūnas (mantas) wrote :

Please don't force Ubuntu users to download big unneeded files with every clamav update and remove /usr/share/doc/clamav-base/examples/main.cvd and daily.cvd files from clamav-base package:

1. It's waste of space to keep big (30MB) unneeded and outdated signature definition files in DOC folder (/usr/share/doc/clamav-base/examples/), because clamav antivirus doesn't use signature definition files from /usr/share/doc/clamav-base/examples/ folder.

2. Also it's a big waste of internet traffic for Ubuntu users (some users pay for internet traffic), because clamav package is often updated and with every update users get 30MB of unneeded files.

3. Actual signature definitions are fetched by clamav-freshclam package, but this package depends on clamav-base package, so, now Ubuntu users get 2 copies of big signature definition files with every clamav update. It's a nonsense. If clamav- freshclam package should depend on clamav-base, then unneeded and outdated signature definition files should be moved from clamav-base to another package, like clamav-data.
AFAIK it's not hard to create additional package from the same clamav source package.

I can report another bug "Please remove (30MB) of unneeded and outdated signature definition files from clamav-base (or move to another package)" if you think that assumptions underlying this bug are no longer valid, just tell me :)

Scott Kitterman (kitterman) wrote:
> clamav-data package is no longer maintained, so the assumptions underlying this bug are no longer valid.
> Switching back to shipping the definitions in the package was not accidental.

Changed in clamav (Ubuntu):
status: Invalid → Incomplete
Changed in clamav (Debian):
status: Unknown → New
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.97.5+dfsg-1ubuntu1

---------------
clamav (0.97.5+dfsg-1ubuntu1) quantal; urgency=low

  * Merge from Debian Unstable. Remaining Ubuntu changes:
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer
      script changes
  * New upstream version no longer includes virus definition files
   (LP: #460316)

clamav (0.97.5+dfsg-1) unstable; urgency=medium

  [ Scott Kitterman ]
  * Urgency medium due to security fixes
  * New upstream release (Closes: #669370)
    - Addresses possible evasion cases in some archive formats (CVE-2012-1419,
      CVE-2012-1457, CVE-2012-1458, CVE-2012-1459) (Closes: #668273)
    - Repack tarball to remove non-free unrar code and win32 directory
    - Add contrib/split-tarball.sh and docs/man/clambc.1 in the diff.gz
      (these used to be added to the Debian specific upstream tarball, but
      aren't upstream so are better in the diff)
    - Change etc/clamav-milter.conf to Debian defaults
  * Enabled hardened build flags (Closes: #653958)
    - Thanks to Moritz Muehlenhoff for the patch
  * Remove var/lib/clamav/daily.cvd and main.cvd from clamav-base.examples
    because they aren't installed by the build system anymore (and are
    provided only as empty files in the upstream tarball)
  * Fix typos in README.Debian (Closes: #667831)
  * Update libclamav6 binary lintian override to match current filename
  * Bump standards version to 3.9.3 without further change

  [ Stephen Gran ]
    - Add a note about RAR functionality to README.Debian (Closes: #652009)

clamav (0.97.3+dfsg-2.2) unstable; urgency=low

  * Non-maintainer upload.
  * Fix "FTBFS: llvm/lib/ExecutionEngine/JIT/Intercept.cpp:69:67: error:
    'lseek64' was not declared in this scope": add missing <unistd.h> include.
    Also fixed in upstream git already [bb8ab5c].
    (Closes: #674330)
 -- Scott Kitterman <email address hidden> Fri, 15 Jun 2012 21:20:04 -0400

Changed in clamav (Ubuntu):
status: Incomplete → Fix Released
Changed in clamav (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.