[clamav-users] secure download of .cvd files ?
Al Varnell
alvarnell at mac.com
Fri Aug 31 11:15:25 UTC 2018
And the answer is the same as it was then. There is nothing to be gained by supporting https. There is nothing sensitive about the database. Each component is verified as genuine after downloaded. And the impact on the servers is less.
-Al-
On Fri, Aug 31, 2018 at 04:07 AM, Arnaud Jacques wrote:
>
> That's why I asked in 2014 about freshclam support of SSL :
>
> http://lists.clamav.net/pipermail/clamav-users/2014-December/001098.html
>
>
> Le 31/08/2018 à 12:08, Al Varnell a écrit :
>> I'm not aware of any, but all database components are verified for authenticity by freshclam after download.
>> -Al-
>> On Fri, Aug 31, 2018 at 02:00 AM, Henrik Hoeg Thomsen1 wrote:
>>> Do clamav offer a encrypted download alternative to the unencrypted http based wget used to update the signatue database?
>>>
>>> wget -q -m -nd -P /tmp --retry-connrefused http://db.local.clamav.net: <http://db.local.clamav.net:4/>/daily.cvd
>>> wget -q -m -nd -P /tmp --retry-connrefused http://db.local.clamav.net: <http://db.local.clamav.net:4/>/main.cvd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5260 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180831/b3f33687/attachment.bin>
More information about the clamav-users
mailing list