Do clamav offer a encrypted download alternative to the unencrypted http
based wget used to update the signatue database?
wget -q -m -nd -P /tmp --retry-connrefused http://db.local.clamav.net:
/daily.cvd
wget -q -m -nd -P /tmp --retry-connrefused http://db.local.clamav.net:
/main.cvd
---
Le 31/08/2018 à 11:00, Henrik Hoeg Thomsen1 a écrit :
Do clamav offer a encrypted download alternative to the unencrypted http
based wget used to update the signatue database?
May be : https://packages.microsoft.com/clamav/
Should be enough reliable.
--
Cordialement / Best regards,
Arnaud
I'm not aware of any, but all database components are verified for authenticity
by freshclam after download.
-Al-
On Fri, Aug 31, 2018 at 02:00 AM, Henrik Hoeg Thomsen1 wrote:
> Do clamav offer a encrypted download alternative to the unencrypted http
> based wget used to update the signatue dat
That's why I asked in 2014 about freshclam support of SSL :
http://lists.clamav.net/pipermail/clamav-users/2014-December/001098.html
Le 31/08/2018 à 12:08, Al Varnell a écrit :
I'm not aware of any, but all database components are verified for
authenticity by freshclam after download.
-Al-
You should be able to do it it now. However, freshclam doesn’t support ssl.
When we get ssl built into freshclam, https redirection would be available.
But I couldn’t do it before with the mirrors the way they were. We can now.
Sent from my iPhone
> On Aug 31, 2018, at 07:07, Arnaud Jac
And the answer is the same as it was then. There is nothing to be gained by
supporting https. There is nothing sensitive about the database. Each component
is verified as genuine after downloaded. And the impact on the servers is less.
-Al-
On Fri, Aug 31, 2018 at 04:07 AM, Arnaud Jacques wrote
OK, well then it's almost the same as it was back in 2014.
-Al-
On Fri, Aug 31, 2018 at 04:09 AM, Joel Esler (jesler) wrote:
>
> You should be able to do it it now. However, freshclam doesn’t support ssl.
> When we get ssl built into freshclam, https redirection would be available.
>
> But
Agreed. But it wasn’t something we could support. Now we can. It that it
matters, but at least we can now.
Sent from my iPhone
> On Aug 31, 2018, at 07:16, Al Varnell wrote:
>
> And the answer is the same as it was then. There is nothing to be gained by
> supporting https. There is noth
Thank you Arnaud.
This will mitigate my compliance issue.
---
Henrik Høg Thomsen
Senior IT Specialist - IBM - IPG
IBM Danmark ApS
Kongevejen 495 B
2840 Holte, Danmark
CVR nr.: 65305216
tl
The one thing that we do know is that you shouldnt have expectations of
ClamAV to be effective for Zero Hour, or even Zero Day (or some could
argue more) effective and you really shouldnt expect such immediate
response or effectiveness. (They will have their reasons - team size,
techology, reli
Am 27.08.2018 um 20:16 schrieb Mark G Thomas:
> This seems to be an ongoing trend.
>
> I can't believe someone thought this would be a good idea!
>
> # sigtool --find-sigs MBL_13087222 | sigtool --decode-sigs
> VIRUS NAME: MBL_13087222
> DECODED SIGNATURE:
> https://docs.google
On 08/31/2018 05:00 AM, Henrik Hoeg Thomsen1 wrote:
> wget -q -m -nd -P /tmp --retry-connrefused http://db.local.clamav.net
This is probably exploitable by anyone on the system to gain root. If I
create the file /tmp/daily.cvd (remember that /tmp is world-writable),
$ touch -d '2018-01-01 00:00
Hi,
And YET ANOTHER today. I figured others here might want the heads up.
[root@imx0 conf]# sigtool --find-sigs MBL_13226139 | sigtool --decode-sigs
VIRUS NAME: MBL_13226139
DECODED SIGNATURE:
https://linkprotect.cudasvc.com/url
-Mark
On Wed, Aug 29, 2018 at 09:12:34PM +0100, Steve Basford wr
Mark G Thomas skrev den 2018-08-31 18:51:
And YET ANOTHER today. I figured others here might want the heads up.
[root@imx0 conf]# sigtool --find-sigs MBL_13226139 | sigtool
--decode-sigs
VIRUS NAME: MBL_13226139
DECODED SIGNATURE:
https://linkprotect.cudasvc.com/url
why is https even bloc
On 31 August 2018 17:52:26 Mark G Thomas wrote:
Hi,
And YET ANOTHER today. I figured others here might want the heads up.
[root@imx0 conf]# sigtool --find-sigs MBL_13226139 | sigtool --decode-sigs
Sigh.
I've just added to the main Sansecurity whitelist.
Thanks for the heads up.
Cheers
Benny Pedersen wrote:
why is https even blocked ? :(
please whitelist https signatures
There's no reason a hacked HTTPS website couldn't host malware. And
there's no reason a spam domain couldn't get a certificate (from Let's
Encrypt, or somewhere else) if they carefully time their actions.
Kris Deugau skrev den 2018-08-31 19:44:
Benny Pedersen wrote:
why is https even blocked ? :(
please whitelist https signatures
There's no reason a hacked HTTPS website couldn't host malware. And
there's no reason a spam domain couldn't get a certificate (from Let's
Encrypt, or somewhere else
17 matches
Mail list logo
