[Clamav-devel] Override the CA bundle file when using freshclam.

Micah Snyder (micasnyd) micasnyd at cisco.com
Sat Jun 6 12:51:42 EDT 2020 

We have a mechanism for changing the CA path coming in 0.103 as well:
https://github.com/Cisco-Talos/clamav-devel/commit/5485787a925c9824f422f4e6728c0bb0d45274b2

Regards,
Micah

On 6/6/20, 8:30 AM, "clamav-devel on behalf of Gianluigi Tiesi" <clamav-devel-bounces at lists.clamav.net on behalf of sherpya at netfarm.it> wrote:

    On 6/6/20 8:37 AM, Ladar Levison wrote:
    > I was having trouble using the latest freshclam version on CentOS 6,
    > because the system wide CA bundle file used by libcurl is unable to
    > validate the ClamAV HTTPS certificates.  So I fixed the problem with a
    > small patch that allows the user to override the CA bundle file
    > freshclam uses. You can set the path via the "CAFile" directive in the
    > freshclam.conf file, or dictate the path using freshclam command line,
    > as --ca=FILE" ... the patch is a little rough, I didn't test/document
    > the conf file option, and I haven't written unit tests for it, but since
    > it's a pretty important feature I'm submitting the patch to the list ... L~
    > 
    > 

    just add to system store:
    https://cacerts.digicert.com/BaltimoreCyberTrustRoot.crt


    instruction also for centos 6:

    https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

    Regards

    -- 
    Gianluigi Tiesi <sherpya at netfarm.it>
    Chief Technology Officer
    Netfarm S.r.l. - http://www.netfarm.it/
    Free Software: http://oss.netfarm.it/

    Q: Because it reverses the logical flow of conversation.
    A: Why is putting a reply at the top of the message frowned upon?
    _______________________________________________

    clamav-devel mailing list
    clamav-devel at lists.clamav.net
    https://lists.clamav.net/mailman/listinfo/clamav-devel

    Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

    Help us build a comprehensive ClamAV guide:
    https://github.com/vrtadmin/clamav-faq

    http://www.clamav.net/contact.html#ml

More information about the clamav-devel mailing list