[clamav-users] clamsubmit error

Micah Snyder (micasnyd) micasnyd at cisco.com
Wed May 9 13:39:10 EDT 2018

It should be working again.

It appears that the move to force HTTPS redirection broke clamsubmit.
As you've noted, clamsubmit has not yet been upgraded to support HTTPS.  It's not ideal, and I certainly wish to upgrade clamsubmit so it protects sensitive submissions, and so we can re-enable forced HTTPS redirection for all of clamav.net<http://clamav.net>.

The web interface, however, can do both http and https.


Micah Snyder
ClamAV Development
Cisco Systems, Inc.

On May 9, 2018, at 10:07 AM, Arnaud Jacques <webmaster at securiteinfo.com<mailto:webmaster at securiteinfo.com>> wrote:


clamsubmit with ClamAV 0.100.0 should work fine.  I am surprised to see that error. We fixed code in the near vicinity to that error statement shortly before the 0.100 release.

I got deeper today : I listened HTTP flow when I use
clamsubmit version 0.100.0 :

GET /reports/malware HTTP/1.1
Host: www.clamav.net<http://www.clamav.net>
Accept: */*

HTTP/1.1 301 Moved Permanently
Date: Wed, 09 May 2018 13:56:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 09 May 2018 14:56:37 GMT
Location: https://www.clamav.net/reports/malware
Server: cloudflare
CF-RAY: 4184aba783bb68ba-CDG

It seems clamsubmit use wrong (old) URL.
How is it possible in v0.100.0 ?

Bonus : it sends malware or false positive using HTTP, non encrypted submission. So it could transfert sensitive information on the network in clear text using clamsubmit.

Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com<http://SecuriteInfo.com>

Téléphone : +33-(0)
E-mail : aj at securiteinfo.com<mailto:aj at securiteinfo.com>
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois
clamav-users mailing list
clamav-users at lists.clamav.net

Help us build a comprehensive ClamAV guide:


More information about the clamav-users mailing list