[clamav-users] Introducing OpenSSL as a dependency to ClamAV

Paul Kosinski clamav at iment.com
Wed Mar 12 16:48:43 EDT 2014


I'm not worried about dependency on external libraries per se. I just
want to know *why*? With libz and libz2, it's pretty obvious, with
SSL, it's not clear.

Decrypting encrypted data while scanning would need the key. Is the
idea to crack open encrypted malware which comes with its own key?
That would be great. Is the idea to do Man-in-the-Middle AV in an
enterprise environment? Unethical if done without notification.
Somehow locking up ClamAV usage ("Tivoing"). Not very nice.


> Message: 2
> Date: Wed, 12 Mar 2014 12:17:28 +0100
> From: Andreas Schulze <andreas.schulze at datev.de>
> To: ClamAV users ML <clamav-users at lists.clamav.net>
> Subject: Re: [clamav-users] Introducing OpenSSL as a dependency to
> 	ClamAV
> Message-ID: <53204248.3050901 at datev.de>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Am 03.03.2014 08:38, schrieb Paul Kosinski:
> > There are only a few of reasons I can imagine that SSL (OpenSSL)
> > would be a *required* addition to ClamAV:  
> 
> Hello,
> 
> I thinks that's the keyquestion. *Which* problem should SSL solve.
> Focus the problem, not one possible solution ...
> 
> Btw.
> my clamav binary and libraries depend on libz and libbz2 and I never
> worry about that...
> 
> Andreas



More information about the clamav-users mailing list