Hi clamav-users, I just upgraded one of our Linux machines from Ubuntu 18.04 to 20.04. It seems that the ClamAV package (although having the same version as in 18.04) has been built with stronger OpenSSL/cURL flags.
Freshclam is no longer able to fetch definition updates due to a weak SSL certificate that is presented by our (crappy) corporate proxy: * Connected to proxy.company.lan (172.22.xxx.yyy) port 8080 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to database.clamav.net:443 > CONNECT database.clamav.net:443 HTTP/1.1 Host: database.clamav.net:443 User-Agent: ClamAV/0.102.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Proxy-Connection: Keep-Alive < HTTP/1.1 200 Connection established < Proxy-Connection: keep-alive < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * CONNECT phase completed! * CONNECT phase completed! * SSL certificate problem: *EE certificate key too weak* * Closing connection 0 I know that the proxy is bad and you can't imagine how much I hate SSL-breaking 'enterprise' security gear, but I cannot do anything about it. Is there a way to make freshclam (or the SSL library it uses) accept weak certificates? Something like '-k' for curl? I've already tried changing to plain HTTP for database downloads, but this doesn't work either: !downloadFile: Unexpected response (0) from http://database.clamav.net/daily.cvd (Proxy: proxy.company.lan:8080) Thanks in advance for any recommendations! Best regards, Alex _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
