Hi there, On Wed, 17 Oct 2018, Sean wrote:
We have created a private mirror of clam data updates on a network that is not Internet connected. We are required to encrypt network traffic, e.g. the mirror server must redirect http -> https.
This all seems a little strange. Perhaps you can explain.
... freshclam ... port is hard coded to 80. Is there a reason for this? Should I file a bug? I would think that utilizing https as much as possible would be a good idea.
There's nothing remotely private about a *public* database of malware signatures, so (especially on a network that is not connected to the Internet!) it makes very little sense to encrypt freshclam's traffic. You might as well encrypt Sky News. It would just mean a lot of extra work/code/issues/cycles for no purpose, diverting scarce resources from where they're actually needed. Don't do it. Will your accountants want you to encrypt NTP traffic too? Oh - your network isn't connected to the Internet anyway, so it won't know what time it is, and so it can't decide when to do, well, anything, and the timestamps in the logs will just be guesses, so forensics is right off the menu and if you use Kerberos then it probably won't be long before nobody will be able to log in, and... Tell them it's a lot better to let you apply your intelligence to this stuff than to get you running around in circles doing so many things that make no sense that you have no time to implement real security. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
