I'm not worried about dependency on external libraries per se. I just
want to know *why*? With libz and libz2, it's pretty obvious, with
SSL, it's not clear.
Decrypting encrypted data while scanning would need the key. Is the
idea to crack open encrypted malware which comes with its own key?
That would be great. Is the idea to do Man-in-the-Middle AV in an
enterprise environment? Unethical if done without notification.
Somehow locking up ClamAV usage ("Tivoing"). Not very nice.
> Message: 2
> Date: Wed, 12 Mar 2014 12:17:28 +0100
> From: Andreas Schulze <[email protected]>
> To: ClamAV users ML <[email protected]>
> Subject: Re: [clamav-users] Introducing OpenSSL as a dependency to
> ClamAV
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Am 03.03.2014 08:38, schrieb Paul Kosinski:
> > There are only a few of reasons I can imagine that SSL (OpenSSL)
> > would be a *required* addition to ClamAV:
>
> Hello,
>
> I thinks that's the keyquestion. *Which* problem should SSL solve.
> Focus the problem, not one possible solution ...
>
> Btw.
> my clamav binary and libraries depend on libz and libbz2 and I never
> worry about that...
>
> Andreas
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
