Back to Community Threads
1
ClamAV 1.2.2 in SmarterMail Build 8825 and newer: Why not 1.3.0?
Question asked by Stefan Mössner - 3/1/2024 at 4:22 AM
Answered
Hi all,

this is written in the release notes of SmarterMail build 8825: "Changed: Updated ClamAV to 1.2.2"

ClamAV 1.2.2 isn't an old version. It's an actual critical hotfix of the 1.2 release, see https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.2.2. So thank you, SmarterTools, for providing SmarterMail with this recent version of the 1.2 release.

But if you look at the website of ClamAV there's release 1.3.0 available, see https://www.clamav.net/downloads.

So why is ClamAV still an older release in the newest SmarterMail build 8825?

Kind Regards

4 Replies

Reply to Thread
3
Matt Petty Replied
3/1/2024 at 7:06 PM
Employee Post
It was one of the last things we did with the update, so I decided not to jump major versions since we didn't have a ton of testing time on it. We've also got a linux release we're working on which involves some changes on these third-party tools which is a great time to do the bigger updates. If we do another release soon I can see about jumping to 1.3.0, we'll see.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
1
Stefan Mössner Replied
4/18/2024 at 2:44 AM
There's a vulnerability regarding ClamAV, see https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html. So there's an update of ClamAV needed!
2
Matt Petty Replied
4/18/2024 at 7:26 AM
Employee Post Marked As Answer
That DOS vulnerability is only for 1.3.0. I guess it was a good idea to not immediately move to 1.3.0 after all. The upcoming builds we have in development (intended for beta) are on 1.3.0 though, so I'll make sure to update. 

There still is an update to 1.2.2 ->1.2.3 though, so I'll make sure the next production release has it.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
3
Stefan Mössner Replied
4/18/2024 at 9:54 PM
With the newest build 8874 ClamAV is now updated to version 1.2.3. Thank you for your fast implementation.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

TLS 1.0/1.1 Deprecation InformationGeneral Topics
SmarterMail Servers and TLS SupportSmarterMail > Installation and Configuration
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Configure an Alternative Linux Web Server for SmarterMailSmarterMail > Server Configuration and Management
Migrate SmarterMail to a Different Server (Using Robocopy)SmarterMail > Installation and Configuration