[Clamav-devel] Introducing OpenSSL as a dependency to ClamAV

Shawn Webb swebb at sourcefire.com
Tue Mar 4 09:34:27 EST 2014


On Tue, Mar 4, 2014 at 6:58 AM, Mark Allan <markjallan at gmail.com> wrote:

> Looks like relying on OpenSSL might cause problems for ClamAV on OS X.
>
> Al (a regular contributor to this list) pointed me towards the following
> blog post
>
> https://hynek.me/articles/apple-openssl-verification-surprises/
>
> It explains some of the problems with Apple's installation of OpenSSL, and
> offers some workarounds.  Relying on homebrew or MacPorts isn't an option
> for me because I produce compiled pre-packaged installers for ClamAV on OS
> X; I provide these to the general public, so have to expect users to be
> running the standard Apple-supplied OpenSSL.
>
> Can I ask you to consider one of the two code-level solutions proposed in
> that blog post please?  Presumably it would have to be implemented as a
> configure flag rather than for all Mac builds as I suspect some of the more
> advanced ClamAV users out there *will* have compiled their own OpenSSL.
>
> Thanks
> Mark


Hey Mark,

We're currently only using the hashing functionality in OpenSSL. For the
time being, we're not doing anything with X509 certificates, certificate
chains, or SSL. We're only using OpenSSL for MD5, SHA1, and SHA256.

Thanks,

Shawn


More information about the clamav-devel mailing list