Re: [clamav-users] What is OpenSSL used for in ClamAV?

Wed, 07 Aug 2019 10:53:06 -0700 

J.R.,

Openssl had been used exclusively for performing hashes up until ClamAV 0.100.1 
where it was used [indirectly] by libcurl to enable HTTPS for clamsubmit.  I 
suppose that libcurl may use an alternative like GnuTLS; it depends on which 
libcurl package you're using.

In 0.102, OpenSSL is used via libcurl for HTTPS for freshclam as well.  In 
addition, when adding HTTPS support to freshclam we realized that Mac and 
Windows builds would need to query each respective system certificate store 
(KeyChain on macOS) to validate certificates.  While the actual HTTPS protocol 
implementation and certificate checking is done by libcurl indirectly, this 
system certificate lookup is done directly in our own code.  The imported  
certs are cached (in memory) on freshclam startup to speed up cert validation 
for subsequent HTTPS connections.

On Windows, our recent releases were built with OpenSSL 1.1.1c, though on other 
OS's we primarily do our testing with 1.0.2 versions (1.0.2s, on my Macbook). 

If anyone is interested in reviewing/auditing correct usage of OpenSSL in 
ClamAV we always appreciate the help!

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
 


On 8/7/19, 10:55 AM, "clamav-users on behalf of J.R. via clamav-users" 
<clamav-users-boun...@lists.clamav.net on behalf of 
clamav-users@lists.clamav.net> wrote:

    I was compiling the new version of ClamAV and figured I would see if
    it would build against OpenSSL 1.1.1 (which apparently it did).
    
    That got me to thinking, what exactly is it used for? I did some
    searching and only found one little post that didn't give any real
    detail. Is it just used to verify the databases, or does it work with
    scanning / hashing files?
    
    I guess I'm just wondering if it is worth doing, or if I'm asking for
    trouble. Has ClamAV been verified against OpenSSL 1.1.1?
    
    _______________________________________________
    
    clamav-users mailing list
    clamav-users@lists.clamav.net
    https://lists.clamav.net/mailman/listinfo/clamav-users
    
    
    Help us build a comprehensive ClamAV guide:
    https://github.com/vrtadmin/clamav-faq
    
    http://www.clamav.net/contact.html#ml
    


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to