On Fri, May 14, 2010 at 06:34:33PM -0400, Nathan Gibbs wrote: > > At our site, the "update server" hosts clamav DBs, snort rules, some conf > files, etc. The ability to protect the other data would be a plus. It would > add another layer of defense to our setup. However its not workable if > Freshclam cannot speak https. Its redundant as far as ClamAV's data integrity > goes. However, I think its worth doing as far as "hack value" and > interoperability go.
Using https sounds silly in favor of more robust methods like rsync+ssh. I certainly would trust rsyncing a verified set of signatures more than using freshclam code which has had bugs in past. -1 for adding yet another external library dependency for little purpose. As far as the original poster goes, I don't think https protocol was the issue, only TCP port. Such human generated firewall "problems" are solvable in many ways if desired and IMHO has nothing to do with ClamAV. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
