[clamav-users] Introducing OpenSSL as a dependency to ClamAV

Shawn Webb swebb at sourcefire.com
Thu Mar 13 19:01:48 EDT 2014


On Wed, Mar 12, 2014 at 4:48 PM, Paul Kosinski <clamav at iment.com> wrote:

> I'm not worried about dependency on external libraries per se. I just
> want to know *why*? With libz and libz2, it's pretty obvious, with
> SSL, it's not clear.
>
> Decrypting encrypted data while scanning would need the key. Is the
> idea to crack open encrypted malware which comes with its own key?
> That would be great. Is the idea to do Man-in-the-Middle AV in an
> enterprise environment? Unethical if done without notification.
> Somehow locking up ClamAV usage ("Tivoing"). Not very nice.


Hey Paul,

We're currently only using the hashing functionality in OpenSSL, nothing
else. Additionally, planned work in Freshclam will depend on OpenSSL.

Thanks,

Shawn



More information about the clamav-users mailing list