[Clamav-devel] HTTPS Support?

Matthew Bearup matthew.bearup at gmail.com
Mon Oct 13 13:14:08 EDT 2014


That would be perfect, thanks so much for your help! I'll continue
investigating the updates to manager.c.
--
Matt Bearup

> Date: Sat, 11 Oct 2014 08:41:07 +0200
> Subject: Re: [Clamav-devel] HTTPS Support?
> Content-Type: text/plain; charset=us-ascii
>
> Hello,
>
>   I think this is really not required, but still I can add a certificate
> for our official mirror at https://clamav.upjs.sk/.
> But still I think this will be only one official mirror with https
support.
> Content to this mirror is uploaded over ssh, so also our source is secure.
>
>                                                 SAL
>
>> Date: Fri, 10 Oct 2014 11:36:08 -0700
>> Subject: [Clamav-devel] HTTPS Support?
>> Content-Type: text/plain; charset=UTF-8
>>
>> My team is currently evaluating AV solutions and we're interesting in
using
>> ClamAV. However, due to policy requirements the updates need to be
>> downloaded via a secure protocol (e.g. https). Yes, I'm aware that this
is
>> pointless because the signature of downloaded CVDs is verified to
>> identify/prevent tampering, but the policy requirement still stands for
us.
>> Has anyone considered supporting HTTPS for retrieving updates? I don't
see
>> any mention of it in the archives so I'm guessing no...
>>
>> 1. I see that the code in manager.c is hard-coded to use http. I could
>> update that to read an option from the config file for either http or
https
>> and then pull updates from our own https mirror...
>> 2. Due to the same policy requirements, our mirror will also have to get
*its
>> *definitions via a secure protocol. Considering that manager.c is
>> hard-coded to use http, I assume there are no https mirrors out there,
>> correct? Alternatively the sync method for public mirrors (rsync overssh)
>> would meet that need, but that would require us to make the mirror
public,
>> which I'm not sure we could do.
>>
>> Appreciate any answers/feedback
>>
>> --
>> Matt Bearup


More information about the clamav-devel mailing list