I was just pointed to this post by Ubuntu Support. Ticket ID 00440991 Our Scenario. -Running an OVA appliance based on Ubuntu 22.04 LTS (Because this is still the latest version with FIPS support as of 6-18-26) https://ubuntu.com/pro/subscribe -22.04 LTS offers ClamAV 1.4 by default -Once FIPS is enabled via an Ubuntu Pro key, ClamAV 1.4 remains (Along with its MD5 Hash usage attempts) -Since it's running in FIPS mode, definition updates fail due to ClamAV 1.4 attempting to still use MD5 hashes. -Working with the vendor, they supplied a hotfix to install ClamAV 1.5.1 which corrected the definition update issues. -Sometime later, I believe auto updates from Ubuntu reinstalled or reconfigured ClamAV causing a conflict. -The vendor then had to supply another hotfix which essentially prevents Ubuntu from causing the conflict again.
Potential Solutions: 1. Backport ClamAV 1.5.1 (now 1.5.2 as of this writing) to Ubuntu 22.04 LTS to work with it's FIPS compliance option. (Which has obviously been talked about at length here) 2. Add additional scripting to FIPS enablement on 22.04 LTS to cut over to ClamAV 1.5.1 and disable usage of ClamAV 1.4 3. Get 24.04 LTS, or 26.04 LTS FIPS certified, as well add ClamAV1.5.2 to the repo (Seems to be missing: https://packages.ubuntu.com/search?keywords=clamav&searchon=names&suite=all§ion=all) I believe the lack of FIPS options for the later versions is why this appliance has stuck to 22.04 LTS Solutions outside of Ubuntu: 4. Install a different AV. (This wont work long term for us, as a major update to our OVA appliance would likely wipe out the add-on AV installation, necessitating setting it up again, or potentially other issues.) 5. I guess the vendor could re-write how they handle AV installations on the OVA appliance. 6. ClamAV to update the definitions check on 1.4, stop using MD5 hashes, and move to something else that happens to be FIPS compliant. ------------------------- So far, option 2, seems to have been the best "limp along" solution which was provided by the vendor. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106024 Title: Backport fix for Ubuntu 22.04 FIPS-enabled environments To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2106024/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
