WARNING: Your ClamAV installation is OUTDATED!

HappyFeat

• May 05, 2025 02:50

I just started receiving this in my logwatch email

WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 1.0.5 Recommended version: 1.0.8
DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
daily database available for update (local version: 27612, remote version: 27614)
WARNING: downloadFile: file not found: http://httpupdate.cpanel.net/cpanelsync/clamav/daily-27614.cdiff
WARNING: downloadPatch: Can't download daily-27614.cdiff from http://httpupdate.cpanel.net/cpanelsync/clamav/daily-27614.cdiff
WARNING: downloadFile: file not found: http://httpupdate.cpanel.net/cpanelsync/clamav/daily-27614.cdiff
WARNING: downloadPatch: Can't download daily-27614.cdiff from http://httpupdate.cpanel.net/cpanelsync/clamav/daily-27614.cdiff
WARNING: downloadFile: file not found: http://httpupdate.cpanel.net/cpanelsync/clamav/daily-27614.cdiff
WARNING: downloadPatch: Can't download daily-27614.cdiff from http://httpupdate.cpanel.net/cpanelsync/clamav/daily-27614.cdiff
Downloaded 1 patches for daily, which is fewer than the 2 expected patches.

Do I need to follow the instructions and update ClamAV myself or do I just wait for a cPanel update to handle it?

• 

  HappyFeat

  • May 05, 2025 03:02

  If I follow the instructions provided in this warning and update ClamAV using the RPM package, will cPanel still be able to manage it in future or will I always have to update it manually from then on?

  0
• 

  HappyFeat

  • May 05, 2025 03:11

  As an experiment, I uninstalled and re-installed ClamAV via WHM >> Manage Plugins >> ClamAV and it still installed version 1.0.5

  So I'm having trouble reconciling the warning in the logwatch email with cPanel's chosen behavior.

  0
• 

  cPRex Jurassic Moderator

  • May 05, 2025 04:46

  No, it is not recommended to try and manually install a new version.  Our team is working on a fix for this and we hope to have it released soon.

  0
• 

  HappyFeat

  • May 05, 2025 23:30

  Thank you 

  0
• 

  cPRex Jurassic Moderator

  • May 06, 2025 13:57

  You're welcome!

  0
• 

  Daniel Mullen

  • May 02, 2026 12:23

  It's been a year!

  I'm pretty sure 1.0.8 fixes CVE-2025-20128.

  What else are we missing out on by not having the latest version?

  0
• 

  cPRex Jurassic Moderator

  • May 04, 2026 13:24

  The latest version is 1.0.9-2.  Is there a specific issue you're seeing on the system?  

  0
• 

  Daniel Mullen

  • May 04, 2026 14:09

  Hmm.  Yes, I keep seeing this in my LogWatch email:

  Local version: 1.0.5 Recommended version: 1.0.8

  0
• 

  cPRex Jurassic Moderator

  • May 04, 2026 14:13

  That's odd, what cPanel and operating system version are you running?  

  0
• 

  Daniel Mullen

  • May 04, 2026 15:54

  OS: AlmaLinux v9.7.0 STANDARD kvm

  cPanel Version: 134.0.23

   

  Thanks!

  0
• 

  cPRex Jurassic Moderator

  • May 04, 2026 17:59

  Thanks for that information - I don't have a good explanation on why that is happening.  Could you try removing it through WHM >> Manage Plugins and the reinstall to see if you get an updated version?

  If that doesn't change anything it would be best to create a ticket so the server can be checked directly.

  0
• 

  net@work

  • May 04, 2026 20:07

  Hello,

  I have the same problem. Seems after a WHM update 2-3 weeks ago. I notice that on logwatch.

  Almalinux 8.10

  WHM: 134.0.20

  Why clamav 1.0.5? What happened to cPanel? How the number 1 web hosting panel goes so terrible wrong?? 

  What are our machines running?

  Before the new LTS version 134 clamav version was OK updated in version LTS 126.

  Investigate the error of clamAV version ASAP.

  0
• 

  cPRex Jurassic Moderator

  • May 05, 2026 01:31

  Would you be able to open a ticket on this?  So far I can't reproduce this on a test machine.

  0
• 

  net@work

  • May 05, 2026 09:56

  Hello cPRex

  To clarify here the situation with logwatch and OUTDATED warning of clamav.

  Seems to be false positive on version running cPanel 134.0.x and I'll explain.

  Since the upgrade from 126.0.x to 134.0.x and 1-2 weeks later I see on logwatch a warning says: 

  The following ERRORS and/or WARNINGS were detected when
  running the ClamAV update process.  If these ERRORS and/or
  WARNINGS do not show up in the "Last Status" section above,
  then their underlying cause has probably been corrected.
  WARNINGS:
    Local version: 1.0.5 Recommended version: 1.0.8: 1 Time(s)
    Your ClamAV installation is OUTDATED!: 1 Time(s) 

  I don't see the error warning in "Last Status". In the past when cPanel version was OUTDATED also the Last status reported this.

  From server I checked and see:

  rpm -qa | grep clam
  
  cpanel-clamav-1.0.9-2.cp130~el8.x86_64
  cpanel-perl-542-file-scan-clamav-1.96-2.cp130~el8.noarch

  /usr/local/cpanel/3rdparty/bin/clamscan -V
  ClamAV 1.0.9

  I don't know why 134.0.x trigger that but seems false positive.

   

  0
• 

  cPRex Jurassic Moderator

  • May 05, 2026 15:47

  If this is coming from Logwatch I'm not sure there's much I can do on my end as that isn't a tool that we manage.

  0

Please sign in to leave a comment.