[clamav-users] Database updated over unencrypted connection?

Leonardo Rodrigues leolistas at solutti.com.br
Thu Mar 14 15:08:47 EDT 2019


Em 14/03/2019 15:26, instaham--- via clamav-users escreveu:
> Hi everybody,
>
> Or is some kind of verification of the data happening in the 
> background (such as apt in Debian is using GPG)?

     the databases are digitally signed, and any modification, such in a 
man-in-the-middle attack, would break the signature and freshclam would 
refuse to run the files.

     http is not *ALWAYS* insecure, it's just not encrypted by the 
protocol itself.

-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes at solutti.com.br
	My SPAMTRAP, do not email it





More information about the clamav-users mailing list