Ubuntu – How to upgrade ClamAV on Ubuntu Hardy Heron 8.04 LTS

aptitudeclamavUbuntuubuntu-8.04

I'm running a server on Ubuntu Hardy Heron 8.04 LTS, and when I installed ClamAV via aptitude, it installed version 0.94. That version has now been EOL'ed, but when I run "aptitude upgrade", it doesn't update ClamAV to the more recent version (0.96).

I then followed these instructions on Installing ClamAV from the PPA, but when I did that, I get a message saying "The following packages have been kept back: … clamav clamav-base clamav-daemon clamav-freshclam …"

Does anyone know how to get Ubuntu 8.04 to do this update via aptitude or apt-get (I'm hoping to avoid having to compile from source, etc.)?

Best Answer

Yeah, it messed up my server last night. I am running Debian Lenny though. I had to add debian-volatile repository to be able to upgrade to 0.95.3.

You need to add deb http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu hardy main to your /etc/apt/sources.list and run apt-get update After that apt-get upgrade clamav

If apt-get upgrade does not work, do

apt-get install clamav clamav-base clamav-daemon clamav-freshclam

Related Solutions

Ubuntu – Clarifying Debian Dist-Upgrade Process

The command apt-get upgrade will not add or remove packages. apt-get dist-upgrade will add or remove packages as required.

The command apt-get dist-upgrade will not automatically upgrade you from one release to another unless you have also updated your sources (/etc/apt/sources.list) to point at a newer release.

man apt-get

upgrade
    upgrade is used to install the newest versions of all packages 
    currently installed on the system from the sources enumerated 
    in /etc/apt/sources.list.

dist-upgrade
    dist-upgrade, in addition to performing the function of upgrade, 
    also intelligently handles changing dependencies with new versions 
    of packages;

Are there special concerns to be aware of when doing a dist-upgrade vs upgrade?

For the most part I always apt-get dist-upgrade to apply updates to a system. Of course pay attention to exactly what new packages are being added or removed. Frequently this happens when something is being added like a newer kernel that isn't compatible with the previous and you will have to recompile modules. If you have some kernel module you had to build on your own, then you may need to make sure you recompile it for the new kernel. I have a couple systems with network interfaces not supported by the stock kernel that I have to recompile the network driver after each kernel update.

Ubuntu – the proper way to keep Ubuntu Server 8.04 updated

Update: per sparks' comment, I should note that 'aptitude' can be used in place of 'apt-get' in my answer below, with one exception: 'apt-get upgrade' would be replaced by 'aptitude safe-upgrade'. The aptitude front-end to APT has some nice features compared to apt-get, as outlined in this blog post. However, if you've already got a system that you've been managing with apt-get, you can certainly continue using apt-get, and probably should. We don't do a lot of software installation / uninstallation on a server, so I don't find the use of aptitude to be of critical importance, but if I was to fire up a brand new server today I would probably use it.

The latest Ubuntu Server documentation still details using apt-get, and only discusses aptitude as a graphical front end to APT. While this is certainly an oversight, it certainly does imply that there's nothing wrong with using apt-get.

I use Ubuntu's unattended-upgrades package to automatically apply security updates. Here are my notes on setting it up (on an Ubuntu 8.04 LTS server):

    $apt-get install unattended-upgrades update-notifier-common
    Edit /etc/apt/apt.conf/50unattended-upgrades.  Select only security upgrades, and set mail address
        Unattended-Upgrade::Allowed-Origins {
                "Ubuntu hardy-security";
        //      "Ubuntu hardy-updates";
        };
        Unattended-Upgrade::Mail "youremail@yourdomain.com";
    Install mailx (required for unattended-upgrades mail to work)
        $apt-get install mailx
    Edit /etc/apt/apt.conf.d/10periodic :
        APT::Periodic::Update-Package-Lists "1";
        APT::Periodic::Download-Upgradeable-Packages "1";
        APT::Periodic::AutocleanInterval "1";
        APT::Periodic::Unattended-Upgrade "1";

Using this configuration, security updates will be automatically applied, and the list of updates will be emailed to you. While it may be considered dangerous to automatically apply any update, I believe that keeping up with security updates is a task worthy of the risk... and franky, "keeping up" requires automation.

As far as keeping packages up to date, I asked a question to clarify the meaning of dist-upgrade that you might find applicable. Basically, when you do an apt-get upgrade, installed packages will be upgraded only if the upgrade doesn't require new packages or the removal of a package (e.g. the dependencies don't change). If an upgraded package has new dependencies, then you need to use apt-get dist-upgrade instead. Since apt-get dist-upgrade also does everything that apt-get upgrade does, I typically use it by default. It's important to keep an eye on which packages are going to be modified and take any precautions you may find necessary.

In short:

apt-get update
apt-get dist-upgrade

If I'm nervous about what dist-upgrade wants to do, I'll do:

apt-get update
apt-get upgrade

To at least upgrade packages that don't have new dependencies until I do a little research. There's always a chance that something will break no matter what you do, however, so you just gotta have some faith :)

As a final note, as long as you're applying security updates, and you trust that Canonical is doing a good job keeping things patched, you may find it's not terribly necessary to keep packages up to date. If the server is working without fault, well... it's working.

Best Answer

Related Solutions

Ubuntu – Clarifying Debian Dist-Upgrade Process

Ubuntu – the proper way to keep Ubuntu Server 8.04 updated

Related Topic