[Clamav-devel] HTTPS Support?
matthew.bearup at gmail.com
Mon Oct 13 13:14:08 EDT 2014
That would be perfect, thanks so much for your help! I'll continue
investigating the updates to manager.c.
> Date: Sat, 11 Oct 2014 08:41:07 +0200
> Subject: Re: [Clamav-devel] HTTPS Support?
> Content-Type: text/plain; charset=us-ascii
> I think this is really not required, but still I can add a certificate
> for our official mirror at https://clamav.upjs.sk/.
> But still I think this will be only one official mirror with https
> Content to this mirror is uploaded over ssh, so also our source is secure.
>> Date: Fri, 10 Oct 2014 11:36:08 -0700
>> Subject: [Clamav-devel] HTTPS Support?
>> Content-Type: text/plain; charset=UTF-8
>> My team is currently evaluating AV solutions and we're interesting in
>> ClamAV. However, due to policy requirements the updates need to be
>> downloaded via a secure protocol (e.g. https). Yes, I'm aware that this
>> pointless because the signature of downloaded CVDs is verified to
>> identify/prevent tampering, but the policy requirement still stands for
>> Has anyone considered supporting HTTPS for retrieving updates? I don't
>> any mention of it in the archives so I'm guessing no...
>> 1. I see that the code in manager.c is hard-coded to use http. I could
>> update that to read an option from the config file for either http or
>> and then pull updates from our own https mirror...
>> 2. Due to the same policy requirements, our mirror will also have to get
>> *definitions via a secure protocol. Considering that manager.c is
>> hard-coded to use http, I assume there are no https mirrors out there,
>> correct? Alternatively the sync method for public mirrors (rsync overssh)
>> would meet that need, but that would require us to make the mirror
>> which I'm not sure we could do.
>> Appreciate any answers/feedback
>> Matt Bearup
More information about the clamav-devel