[EMAIL PROTECTED] wrote: > The company I work for has implemented a firewall that only allows certain > activity through it. I have requested that the user agent string > "clamav/*" be allowed to communicate with the internet. The request has > been refused because of security concerns. The approving authority is > concerned that there does not appear to be any way of verifying that the > web site the database is being downloaded from is the official site. The > authority would like to see either a way of supplying a user id and > password for authentication to the site or an exchange of SSLv2 keys. With > the current clamav software is authentication possible? > Someone doesn't want you to succeed I'm afraid.
We run similar rules in our DMZes - and I can tell you that most commercial AVs *also* don't run from specific sites. The AVs we use (I won't name names) also load-share their pattern downloads - and most of the sites the files can end up coming down from don't even have PTR records, or at best don't match back to the domains owned by the AV companies! (i.e. they outsource to content carriers like Akami) I can't see how your "approving authority" has managed to allow other AV products while applying such harsh rules to your ClamAV proposal... Of course, I'd be quite willing to set up a permanent site that you can have HTTPS pattern access to for a really big fee!! ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
