[clamav-users] Introducing OpenSSL as a dependency to ClamAV

Paul Kosinski clamav at iment.com
Mon Mar 3 02:38:42 EST 2014



On Fri, 28 Feb 2014 12:00:00 -0500
clamav-users-request at lists.clamav.net wrote:

There are only a few of reasons I can imagine that SSL (OpenSSL)
would be a *required* addition to ClamAV:

1. A "better" way of signing signature downloads than whatever is
   currently done (not sure what that is, if anything).

2. A mechanism to secure the CLAMD port to restrict LAN access
   (pretty far-fetched).

3. A mechanism to encrypt signature downloads so that you have to pay
   if you want the latest and greatest (like for Snort).

4. A mechanism to encrypt signatures to keep them pretty much secret
   from the users of ClamAV.

I would be quite disappointed if ClamAV turned its back on the spirit
of GPL software by charging for signature data (#3 above, like Snort
has done). I would find it quite unacceptable if ClamAV signatures
could no longer even be examined to see what they detect (#4 above),
as this would mean that ClamAV had effectively become Closed Source.


> Message: 5
> Date: Thu, 27 Feb 2014 15:55:55 -0800
> From: Dennis Peterson <dennispe at inetnw.com>
> To: clamav-users at lists.clamav.net
> Subject: Re: [clamav-users] clamav-users Digest, Vol 113, Issue 18
> Message-ID: <530FD08B.6010107 at inetnw.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> On 2/27/14, 3:43:08PM, Paul Kosinski wrote:
> > The blog post concerning OpenSSL being required for ClamAV only
> > has one reason as to why it might *benefit* ClamAV, the other
> > reasons are why OpenSSL *itself* in good.
> >
> > That single reason is:
> >
> >    "We will be able to provide a better freshclam experience in a
> >    future release."
> >
> > What exactly does this mean? (The phrase "freshclam experience" is
> > marketing speak, not a technical explanation.)
> >
> > Since adding complexity to a system tends to increase bugs and
> > decrease security, I am leery of seeing ClamAV become even more
> > complicated than it already has become.
> >
> > Paul  
> 
> I took it to mean there is a cloud on the horizon like they have
> for Snort.
> 
> http://www.snort.org/snort-rules/
> 
> Instead of Oinkcode you get gastrocode.
> 
> dp



More information about the clamav-users mailing list