Keeping a package up to date with puppet

Today I came into work with the following messages in my logwatch emails:

Last Status:
   WARNING: Your ClamAV installation is OUTDATED!
   WARNING: Local version: 0.97.4 Recommended version: 0.97.5
   DON'T PANIC! Read http://www.clamav.net/support/faq
   main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
   daily.cld is up to date (version: 15042, sigs: 218148, f-level: 63, builder: mcichosz)
   bytecode.cld is up to date (version: 185, sigs: 39, f-level: 63, builder: neo)

Ah crap, time to touch all the boxes and make sure that the package is up to date right? Nope, not when you manage your boxes with puppet.

Checking into my manifest file for my clam module, I see that I have set the package to be installed, but there is a better option for packages that you want to make sure are always up to date.

Before:

Before:
  package
  {
    'clamav-db':
      ensure => installed;

    'clamav':
      ensure  => installed;
  }

New and improved. Always make sure you’re running the latest version of the software.

  package
  {
    'clamav-db':
      ensure => latest;

    'clamav':
      ensure  => latest;
  }

One simple change will ensure that whenever there is an update for the clamAV software, they will automatically update. Now I just need to wait for CentOS to update their repos.