[clamav-users] Database updated over unencrypted connection?
Leonardo Rodrigues
leolistas at solutti.com.br
Thu Mar 14 19:08:47 UTC 2019
Em 14/03/2019 15:26, instaham--- via clamav-users escreveu:
> Hi everybody,
>
> Or is some kind of verification of the data happening in the
> background (such as apt in Debian is using GPG)?
the databases are digitally signed, and any modification, such in a
man-in-the-middle attack, would break the signature and freshclam would
refuse to run the files.
http is not *ALWAYS* insecure, it's just not encrypted by the
protocol itself.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes at solutti.com.br
My SPAMTRAP, do not email it
More information about the clamav-users
mailing list