Thanks for the update Micah! While I'm not a developer, libcurl would seem to be the way to go. We use other software based on it and it works very well with SSL validation especially in areas where self-signed or not publicly trusted CAs are used (assuming that the local system's pki is trusting the CAs correctly).
--Sean On Thu, Oct 18, 2018 at 12:23 PM Micah Snyder (micasnyd) <micas...@cisco.com> wrote: > > Hi Sean, > > Sorry to say -- freshclam presently doesn't support HTTPS. It is not simply > a matter of connecting over port 443 and performing TLS encryption > handshakes. Certificate validation is also required. We're considering > rewriting a lot of freshclam code to use libcurl to handle HTTPS connections, > but feature planning for 0.102 is not complete and I can't promise that it > will make it the next version of ClamAV. > > Regards, > Micah > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > > > On Oct 17, 2018, at 10:51 AM, Sean <smalde...@gmail.com> wrote: > > Hi, > I'm new to the list, but have been using clam for a good while, it's > just always worked :) > > We have created a private mirror of clam data updates on a network > that is not Internet connected. We are required to encrypt network > traffic, e.g. the mirror server must redirect http -> https. I was > hoping to configure freshclam.conf to use the PrivateMirror setting as > detailed at > https://github.com/Cisco-Talos/clamav-faq/blob/master/mirrors/CvdPrivateMirror.md > Option #2. We wish to go with #2, because we will not control all > clients, and it will be simpler to user freshclam with proper > configuration than having to support clients configuring a custom > script and having the right things installed to run it. > > I see in the code > (https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/freshclam/manager.c#L225) > that unless a proxy is used, the port is hard coded to 80. > > Is there a reason for this? Should I file a bug? I would think that > utilizing https as much as possible would be a good idea. > > Thanks! > > --Sean > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
