When you install things the first time you get the current packages from the archive and they will start updating definitions in the background.
You'd see something like this in the log
Jan 02 12:01:24 f freshclam[3128]: Tue Jan 2 12:01:24 2024 -> ^Your ClamAV installation is OUTDATED!
Jan 02 12:01:24 f freshclam[3128]: Tue Jan 2 12:01:24 2024 -> ^Local version: 0.103.9 Recommended version: 0.103.11
Jan 02 12:01:24 f freshclam[3128]: Tue Jan 2 12:01:24 2024 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
Two things can be updated:
#1 The program version
This is regularly updated, usually when there is a real problem (SRU) or security issue.
You can see that in [1] and e.g. as this is for focal see how it changed over the years from 0.102.2+dfsg-2ubuntu1 to 0.103.9+dfsg-0ubuntu0.20.04.1.
This will continue to happen, but as I said not just for fun but on real issues (users appreciate stability as well).
#2 the definitions
This is exactly what freshclam does ...
$ systemctl status clamav-freshclam.service ...
Jan 02 12:01:24 f freshclam[3128]: Tue Jan 2 12:01:24 2024 -> daily database available for download (remote version: 27142)
Jan 02 12:01:33 f freshclam[3128]: Tue Jan 2 12:01:33 2024 -> Testing database: '/var/lib/clamav/tmp.4e9c5b0713/clamav-9207ebd076a9f486650f6f56e16e2946.tmp-daily.cvd' ...
Jan 02 12:01:39 f freshclam[3128]: Tue Jan 2 12:01:39 2024 -> Database test passed.
Jan 02 12:01:39 f freshclam[3128]: Tue Jan 2 12:01:39 2024 -> daily.cvd updated (version: 27142, sigs: 2050085, f-level: 90, builder: raynman)
Jan 02 12:01:39 f freshclam[3128]: Tue Jan 2 12:01:39 2024 -> main database available for download (remote version: 62)
Jan 02 12:02:03 f freshclam[3128]: Tue Jan 2 12:02:03 2024 -> Testing database: '/var/lib/clamav/tmp.4e9c5b0713/clamav-1136c9f80d7afd14a1faaf58bea4ac66.tmp-main.cvd' ...
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> Database test passed.
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> bytecode database available for download (remote version: 334)
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> Testing database: '/var/lib/clamav/tmp.4e9c5b0713/clamav-5166218e129a54860e985aa9ae7009e1.tmp-bytecode.cvd' ...
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> Database test passed.
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> bytecode.cvd updated (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
And it does so regularly ~24 times a day in the default config.
After this update nothing complains anymore.
I can run e.g. clamscan without any notions of not being up to date.
root@f:~# clamscan /tmp/
----------- SCAN SUMMARY -----------
Known viruses: 8681833
Engine version: 0.103.9
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 18.811 sec (0 m 18 s)
Start Date: 2024:01:02 12:07:13
End Date: 2024:01:02 12:07:32
And as shown in the freshclam log it started with old content as expected and automatically updated it.
And it would continue to do so.
The only thing left not on the very most recent version are the program binaries, but as I said those are only updated for real issues and not on any version that appears.
Functional updates have to follow the SRU policy [2] and CVE related fixes usually bump to the latest version as you can see in [1] and you could check individual CVE from being created to triage to fixes at [3] (Link configured for focal as this was how the bug was opened)
When you install things the first time you get the current packages from the archive and they will start updating definitions in the background.
You'd see something like this in the log
Jan 02 12:01:24 f freshclam[3128]: Tue Jan 2 12:01:24 2024 -> ^Your ClamAV installation is OUTDATED! /docs.clamav. net/manual/ Installing. html
Jan 02 12:01:24 f freshclam[3128]: Tue Jan 2 12:01:24 2024 -> ^Local version: 0.103.9 Recommended version: 0.103.11
Jan 02 12:01:24 f freshclam[3128]: Tue Jan 2 12:01:24 2024 -> DON'T PANIC! Read https:/
Two things can be updated: dfsg-2ubuntu1 to 0.103.9+ dfsg-0ubuntu0. 20.04.1.
#1 The program version
This is regularly updated, usually when there is a real problem (SRU) or security issue.
You can see that in [1] and e.g. as this is for focal see how it changed over the years from 0.102.2+
This will continue to happen, but as I said not just for fun but on real issues (users appreciate stability as well).
#2 the definitions freshclam. service ... clamav/ tmp.4e9c5b0713/ clamav- 9207ebd076a9f48 6650f6f56e16e29 46.tmp- daily.cvd' ... clamav/ tmp.4e9c5b0713/ clamav- 1136c9f80d7afd1 4a1faaf58bea4ac 66.tmp- main.cvd' ... clamav/ tmp.4e9c5b0713/ clamav- 5166218e129a548 60e985aa9ae7009 e1.tmp- bytecode. cvd' ...
This is exactly what freshclam does ...
$ systemctl status clamav-
Jan 02 12:01:24 f freshclam[3128]: Tue Jan 2 12:01:24 2024 -> daily database available for download (remote version: 27142)
Jan 02 12:01:33 f freshclam[3128]: Tue Jan 2 12:01:33 2024 -> Testing database: '/var/lib/
Jan 02 12:01:39 f freshclam[3128]: Tue Jan 2 12:01:39 2024 -> Database test passed.
Jan 02 12:01:39 f freshclam[3128]: Tue Jan 2 12:01:39 2024 -> daily.cvd updated (version: 27142, sigs: 2050085, f-level: 90, builder: raynman)
Jan 02 12:01:39 f freshclam[3128]: Tue Jan 2 12:01:39 2024 -> main database available for download (remote version: 62)
Jan 02 12:02:03 f freshclam[3128]: Tue Jan 2 12:02:03 2024 -> Testing database: '/var/lib/
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> Database test passed.
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> bytecode database available for download (remote version: 334)
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> Testing database: '/var/lib/
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> Database test passed.
Jan 02 12:02:10 f freshclam[3128]: Tue Jan 2 12:02:10 2024 -> bytecode.cvd updated (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
And it does so regularly ~24 times a day in the default config.
After this update nothing complains anymore.
I can run e.g. clamscan without any notions of not being up to date.
root@f:~# clamscan /tmp/
----------- SCAN SUMMARY -----------
Known viruses: 8681833
Engine version: 0.103.9
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 18.811 sec (0 m 18 s)
Start Date: 2024:01:02 12:07:13
End Date: 2024:01:02 12:07:32
And as shown in the freshclam log it started with old content as expected and automatically updated it.
And it would continue to do so.
The only thing left not on the very most recent version are the program binaries, but as I said those are only updated for real issues and not on any version that appears.
Functional updates have to follow the SRU policy [2] and CVE related fixes usually bump to the latest version as you can see in [1] and you could check individual CVE from being created to triage to fixes at [3] (Link configured for focal as this was how the bug was opened)
[1]: https:/ /launchpad. net/ubuntu/ +source/ clamav/ +publishinghist ory /wiki.ubuntu. com/StableRelea seUpdates /ubuntu. com/security/ cves?q= &package= clamav& priority= &version= focal&status=
[2]: https:/
[3]: https:/