[clamav-users] Database updated over unencrypted connection?
dw at thedave.ca
Sat Mar 16 17:43:06 EDT 2019
On 2019-03-15 09:53, Franky Van Liedekerke via clamav-users wrote:
> I wonder why the http/https discussion is still relevant. Almost all sites use https now, http is getting slowly banned and a lot of companies just don't want to allow incoming http traffic towards a server. Certifcates cost nothing anymore (you have free ones), so that's no longer an issue too. And the cpu issue might've been relevant years ago, but it shouldn't be now (offloading https to a high-performant frontend server can help if you really have issues).
> Just my 2 cents here ...
One other consideration here is historical: ClamAV relied on donated
mirrors, some of which struggled to keep a bare minimum configuration
working. Deploying HTTPS and getting the mirror operators to keep up
with certificates, secure TLS configuration and other details would add
a lot more load to what I understand was already a challenge for the
The situation has changed somewhat today with Cloudflare's involvement
as there would only be one party involved in deploying certificates to
all nodes, and a party that can sign and maintain certificates
themselves completely automatically at that.
As noted elsewhere in the thread, freshclam work needs to be done before
freshclam itself could actually use this capability.
More information about the clamav-users