For what it's worth, one of the tasks we're working on for 0.102 is https
support for freshclam.
It's more than just adding an "s" to the URL. The plan is to make libcurl a
hard requirement for ClamAV, which will also mean including libcurl on Windows.
Then we'll have to rewrite the freshclam code to use libcurl instead of doing
the http 1.0 connections the hard way. This should give us http 1.1 and 2.0
support, as well has https support, and will make it possible to build
clamsubmit for Windows.
No one is arguing with you because they don't want https support. However, as
noted in previous conversations, we're comfortable with the security of
plaintext/http connects because of how the databases are verified. We do agree
though, that https would be desirable.
Micah
On 3/15/19, 11:54 AM, "clamav-users on behalf of Franky Van Liedekerke via
clamav-users" <clamav-users-boun...@lists.clamav.net on behalf of
clamav-users@lists.clamav.net> wrote:
Op Vrijdag, 15-03-2019 om 16:04 schreef instaham--- via clamav-users:
> Leonardo Rodrigues wrote:
> > the databases are digitally signed, and any modification, such in
> > a man-in-the-middle attack, would break the signature and freshclam
> > would refuse to run the files.
>
> Sounds good. Can you please explain how this works in detail?
>
> Apt places GPG keys in the system and uses them to verify downloaded
> data.
>
> It doesn't seem that ClamAV placed any GPG keys in my system. So how is
> the verification happening?
>
I wonder why the http/https discussion is still relevant. Almost all sites
use https now, http is getting slowly banned and a lot of companies just don't
want to allow incoming http traffic towards a server. Certifcates cost nothing
anymore (you have free ones), so that's no longer an issue too. And the cpu
issue might've been relevant years ago, but it shouldn't be now (offloading
https to a high-performant frontend server can help if you really have issues).
Just my 2 cents here ...
Franky
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
