[clamav-users] Database updated over unencrypted connection?

[instaham at posteo.org]

Hi everybody,

I assume that when I run "freshclam", the virus database is updated over 
an unencrypted and plain http connection.

The default configuration doesn't seem to use https.

Isn't this kind of insecure (Man-in-the-middle-attacks, etc.)?

Are there any https mirrors available and, if yes, how can I configure 
ClamAV to use these instead?

Or is some kind of verification of the data happening in the background 
(such as apt in Debian is using GPG)?

Hope you can help me with this. Thanks