[clamav-users] Database updated over unencrypted connection?

instaham at posteo.org instaham at posteo.org
Thu Mar 14 14:26:51 EDT 2019

Hi everybody,

I assume that when I run "freshclam", the virus database is updated over 
an unencrypted and plain http connection.

The default configuration doesn't seem to use https.

Isn't this kind of insecure (Man-in-the-middle-attacks, etc.)?

Are there any https mirrors available and, if yes, how can I configure 
ClamAV to use these instead?

Or is some kind of verification of the data happening in the background 
(such as apt in Debian is using GPG)?

Hope you can help me with this. Thanks

More information about the clamav-users mailing list