Since upgrading to ClamAV 1.4.3, we're having trouble with Freshclam on
Windows failing to download definitions with this error
WARNING: Download failed (60) WARNING: Message: SSL peer certificate or
SSH remote key was not OK
After investigation it appears that the problem is that the Windows
certificate store is missing the "GTS Root R4" root certificate which is
needed for Cloudflare sites (https://database.clamav.net). If I add it
manually to the Windows certificate store, it works OK, but that's a pain
Is there any way to put the root certificate in a file that Freshclam on
Windows can access and trust, without it needing to be in the Windows
certificate store?
(Chrome etc browsers have their own root certificate stores, which do
contain the GTS Root R4 certificate, so web browsers can access the
https://database.clamav.net site OK, but curl is just using the Windows
root certificates, which has fewer certificates)
Paul
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
