On 10/10/2025 14:20, Val Snyder (micasnyd) via clamav-users wrote:
The certs directory in 1.5.0 only has the root certificate for
verifying ClamAV signature database (.cvd and .cdiff) digital signatures.
Perhaps we could add the "GTS Root R4" root certificate if that is needed?
I saw an issue with freshclam SSL certificate checks failing on just
one of our WIndows devices, an ARM64 Windows 11 device. I haven't seen
it fail elsewhere, but perhaps some other software, like an openssl
installation, added the certificate in advance of our testing.
On my PC it works, because the GTS Root R4 certificate is in the store.
Some others are failing. I tried with a fresh (but fully updated)
Windows 11 for problem solving, and that failed, because the root
certificate is missing. I'm not sure what added the root cert to my PC.
I have the OpenSSL toolkit installed as well as lots of other 'techie'
software, so it could have been anything.
(It's possible that Windows updates its root certificates some other way
than via the normal update process, but I can't see anything)
This is an extract from the output of 'freshclam -v' on the fresh Win11
install:
--------------------
downloadFile: Download destination:
.\clamav-b0e33f8c3dd63515c24f229911cd129d.tmp
* Host database.clamav.net:443 was resolved.
* IPv6: (none)
* IPv4: 104.18.203.90, 104.17.196.15
* Trying 104.18.203.90:443...
Certificate loaded from Windows certificate store: Microsoft Root
Certificate Authority
Certificate loaded from Windows certificate store: Thawte Timestamping CA
Certificate loaded from Windows certificate store: Microsoft Root Authority
Certificate loaded from Windows certificate store: Symantec Enterprise
Mobile Root for Microsoft
Certificate loaded from Windows certificate store: Microsoft Root
Certificate Authority 2011
Certificate loaded from Windows certificate store: Microsoft
Authenticode(tm) Root
Certificate loaded from Windows certificate store: Microsoft Root
Certificate Authority 2010
Certificate loaded from Windows certificate store: Microsoft ECC TS Root
Certificate Authority 2018
Certificate loaded from Windows certificate store: Microsoft Timestamp Root
Certificate loaded from Windows certificate store: VeriSign Time Stamping CA
Certificate loaded from Windows certificate store: Microsoft ECC Product
Root Certificate Authority 2018
Certificate loaded from Windows certificate store: Microsoft Time Stamp
Root Certificate Authority 2014
Certificate loaded from Windows certificate store: DigiCert Global Root G2
Certificate loaded from Windows certificate store: DigiCert Baltimore Root
Certificate loaded from Windows certificate store: Sectigo (AAA)
Certificate loaded from Windows certificate store: ISRG Root X1
Certificate loaded from Windows certificate store: DigiCert
Certificate loaded from Windows certificate store: DigiCert Global Root G3
Certificate loaded from Windows certificate store: VeriSign Class 3
Public Primary CA
Certificate loaded from Windows certificate store: Sectigo
* ALPN: curl offers h2,http/1.1
* SSL certificate problem: unable to get local issuer certificate
---------------------------
On my PC, the GTS Root R4 is there (as well as many more), eg:
Certificate loaded from Windows certificate store: Go Daddy Root
Certificate Authority û G2
Certificate loaded from Windows certificate store: SECOM Trust Systems
CO LTD
Certificate loaded from Windows certificate store: VeriSign Universal
Root Certification Authority
Certificate loaded from Windows certificate store: Atos TrustedRoot 2011
Certificate loaded from Windows certificate store: Sectigo
Certificate loaded from Windows certificate store: GTS Root R4
Certificate loaded from Windows certificate store: Go Daddy Class 2
Certification Authority
Certificate loaded from Windows certificate store: Entrust Root
Certification Authority - EC1
Certificate loaded from Windows certificate store: GlobalSign ECC Root
CA - R5
Paul
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
