Update Clamav FC8

mathfedora · #1 25th January 2012, 03:27 PM

Hi all,

Currently i'm running a FC8 as a mail server + AV Scanner + Antispam.
Everything is ok but i'd like to update Clamav.

Using the fresclam command i only update the signatures and i get a message saying that my version of AV is discontinued.

Yum doesnt permit to upgrade the clamav package.

Indeed, this is a general question.
How can you update package when you have an old version? Everytime i try to force an update i get dependancies errors messages. This is very annonying. I dont want to update my full system for ONE package.

What do you think?

Best regards,

Math

PS= Sorry english is not my native language;

William Haller · #2 25th January 2012, 03:34 PM

Fedora updates are only produced for very recent versions. Old versions are not supported. The only route I can suggest to you is to go to clamav.net and pull down their source and compile from source. You may have library issues that you will have to resolve yourself or you might get lucky.

While I'm not one of the forum members who refuse to put Fedora on a internet facing server, I do recommend CentOS for that purpose and if you are going to use Fedora, you must keep it up to date. I would perhaps recommend staying a version behind the latest as a precaution as most bugs get worked out on the new stuff slowly and n-1 seems to be much more stable, but you really do need to keep up to date.

If you have only a couple outward facing services like a mail server might and want to keep an existing version, then you just will have to get comfortable building from source to keep those outward facing services free of known security problems.

yum will never find any updates for you anywhere once a fedora version goes end of life (EOL) because there are none there to find.

---

To answer the next question, upgrading from FC8 to FC15 or 16 would be a nightmare. Get another box. Install CentOS or Fedora 15. Move your mail accounts across. You'll be much happier with the result than trying to wade through the upgrades. You'd basically have to do each release to have any hope of success and that's a lot of ISOs and updates to download.

mathfedora · #3 25th January 2012, 08:11 PM

Thank you very much William,

I didnt know Centos. I visited their website and they say that Centos is a Redhat Enterprise Clone.
It's exactly what i'm looking for, many many thanks.

But just for my personnal knowledge, how people upgrade only one software?
I mean, if someone download and install FC16 today with spamassassin X or firefox X, what would happen in two months when FC17 will be released (with SA Y and Firefox Y).... Unable to upgrade using yum ???? You have to do a manual specific install using tarball, or hope someone build an unofficial rpm... ?

William Haller · #4 25th January 2012, 08:27 PM

People generally don't upgrade just one package. As new versions of Fedora are released, the vast majority of its users download the new distribution and upgrade all their packages to the most recent version. Using yum will keep all your packages up to date as new releases are pushed out from Fedora until a particular release reaches end of life. By that point, you have moved on to the next Fedora release.

Moving from one release to the next can usually be done with a simple in-place upgrade, however I find that in practice there are usually a few old packages on the box from earlier releases that must be removed to make an upgrade work. At that point, you reboot and with luck are on the next release. Then you need to do a search through the /etc directory for any .rpmnew or .rpmsave type file names that indicate the configuration changed and you may need to take action to make the service work by editing your old configuration files to match new options. There is usually a little grumbling involved at the changes they decided to make. Sometimes it takes a few weeks till things settle down and they get update patches out that work for most people on the new version.

This checking /etc for changes isn't any different with CentOS upgrades between minor points. The only difference is there is no upgrade process between major versions of CentOS/RHEL. When they went from 5.? to 6.0, you had to reinstall from scratch and reload all the applicable mail / web / etc. information from the old backups. For Fedora, on the other hand, I had one box at home that I have just retired that had upgraded from FC1 through FC16 using this process.

You just have to keep updating to new versions of Fedora in order to allow yum to keep updating your packages with security fixes. If you have an internet facing important box, you can still stay one release behind, because they keep pushing out updates for the previous release until after the next release is shipped. So now, for example, there are still F15 updates even though F16 is the most recent release, and they will continue till F17 is out. That is usually a safe course unless you have some hardware that simply won't work with an old release. Not all packages get the latest updates - a few must wait till the next Fedora release - but most do, and they try to get all security updates back-ported to all fedora releases that aren't end of life.

With any O/S, it is always good if you are running a service, to try things out on a test box first - even upgrades - just to make sure all is well and then do the update on the live box. When you actually do move between versions with Fedora, you can even do the updates live if you want, restarting various services as they are updated, with not much end user noticeable impact - presuming you've done a test run somewhere else to make sure there are no show stoppers.

CentOS had some hiccups getting 6.0 and 6.1 out - there was a long delay after RHEL released their original till the new one was out on CentOS. They did much better with 6.2 and are hoping to actually make a 2-4 week upgrade window for 6.3 when it comes out.