[clamav-users] clamsubmit error
Micah Snyder (micasnyd)
micasnyd at cisco.com
Wed May 9 13:39:10 EDT 2018
It should be working again.
It appears that the move to force HTTPS redirection broke clamsubmit.
As you've noted, clamsubmit has not yet been upgraded to support HTTPS. It's not ideal, and I certainly wish to upgrade clamsubmit so it protects sensitive submissions, and so we can re-enable forced HTTPS redirection for all of clamav.net<http://clamav.net>.
The web interface, however, can do both http and https.
Cisco Systems, Inc.
On May 9, 2018, at 10:07 AM, Arnaud Jacques <webmaster at securiteinfo.com<mailto:webmaster at securiteinfo.com>> wrote:
clamsubmit with ClamAV 0.100.0 should work fine. I am surprised to see that error. We fixed code in the near vicinity to that error statement shortly before the 0.100 release.
I got deeper today : I listened HTTP flow when I use
clamsubmit version 0.100.0 :
GET /reports/malware HTTP/1.1
HTTP/1.1 301 Moved Permanently
Date: Wed, 09 May 2018 13:56:37 GMT
Expires: Wed, 09 May 2018 14:56:37 GMT
It seems clamsubmit use wrong (old) URL.
How is it possible in v0.100.0 ?
Bonus : it sends malware or false positive using HTTP, non encrypted submission. So it could transfert sensitive information on the network in clear text using clamsubmit.
Cordialement / Best regards,
Gérant de SecuriteInfo.com<http://SecuriteInfo.com>
Téléphone : +33-(0)220.127.116.11.46
E-mail : aj at securiteinfo.com<mailto:aj at securiteinfo.com>
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois
clamav-users mailing list
clamav-users at lists.clamav.net
Help us build a comprehensive ClamAV guide:
More information about the clamav-users