date:20191212

Re: [clamav-users] Why virus definition DB download url is not https?

2019-12-12 Thread Paul Kosinski via clamav-users

Yeah, I also don't see that "plain" HTTPS adds to security. Unless ...
the download mechanism (libcurl?) makes sure the certificate presented
by the HTTPS server is really owned by ClamAV. (E.g., it could use its
builtin public key, rather than using the one sent by the HTTPS server.)

Otherwise, DNS hijacking (etc.) might route freshclam to a bogus server
which delivers a bogus DB using its *own* HTTPS cert. The DBs' embedded
signature(s) should be able to catch this, of course.

P.S. Validating the HTTPS cert would fail if freshclam is behind one of
those unpleasant HTTPS MITM proxies that some organizations use.

On Thu, 12 Dec 2019 11:56:20 -0800
Al Varnell via clamav-users  wrote:

> Each DB's integrity is protected by an embedded signature, so https
> adds little or nothing to security here.
> 
> -Al-
> 
> On Dec 12, 2019, at 11:45, kaifeng zeng via clamav-users
>  wrote:
> > 
> > Hi,
> > 
> > One of the recommended way to get the latest Virus definition DB is
> > through the following link. Why they are not https? Thanks!
> > 
> > http://database.clamav.net/main.cvd
> > 
> > 
> > http://database.clamav.net/daily.cvd
> > 
> > 
> > http://database.clamav.net/bytecode.cvd
> > 
> > 
> > Kaifeng

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Why virus definition DB download url is not https?

2019-12-12 Thread Gene Heskett via clamav-users

On Thursday 12 December 2019 17:15:01 Joel Esler (jesler) via 
clamav-users wrote:

> They are served over https. But only 102.x supports https.  So as soon
> as everyone moves to https, I’ll gladly decommission http.
>
Does freshclam support both, if so, how do we force it to https?  
Surprises aren't always funny.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Why virus definition DB download url is not https?

2019-12-12 Thread Joel Esler (jesler) via clamav-users

They are served over https. But only 102.x supports https.  So as soon as 
everyone moves to https, I’ll gladly decommission http.  

Sent from my  iPhone

> On Dec 12, 2019, at 15:01, Nick Howitt  wrote:
> 
> But If you are behind another virus scanner, it can't so easily be 
> intercepted and trip up the scanner.
> 
>> On 12/12/2019 19:56, Al Varnell via clamav-users wrote:
>> Each DB's integrity is protected by an embedded signature, so https adds 
>> little or nothing to security here.
>> 
>> -Al-
>> 
>>> On Dec 12, 2019, at 11:45, kaifeng zeng via clamav-users 
>>> mailto:clamav-users@lists.clamav.net>> 
>>> wrote:
>>> 
>>> Hi,
>>> 
>>> One of the recommended way to get the latest Virus definition DB is through 
>>> the following link. Why they are not https? Thanks!
>>> 
>>> http://database.clamav.net/main.cvd
>>> 
>>> http://database.clamav.net/daily.cvd
>>> 
>>> http://database.clamav.net/bytecode.cvd
>>> 
>>> Kaifeng
>> 
>> ___
>> 
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Why virus definition DB download url is not https?

2019-12-12 Thread Nick Howitt

But If you are behind another virus scanner, it can't so easily be 
intercepted and trip up the scanner.


On 12/12/2019 19:56, Al Varnell via clamav-users wrote:
Each DB's integrity is protected by an embedded signature, so https 
adds little or nothing to security here.


-Al-

On Dec 12, 2019, at 11:45, kaifeng zeng via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:


Hi,

One of the recommended way to get the latest Virus definition DB is 
through the following link. Why they are not https? Thanks!


http://database.clamav.net/main.cvd

http://database.clamav.net/daily.cvd

http://database.clamav.net/bytecode.cvd

Kaifeng


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Why virus definition DB download url is not https?

2019-12-12 Thread Al Varnell via clamav-users

Each DB's integrity is protected by an embedded signature, so https adds little 
or nothing to security here.

-Al-

On Dec 12, 2019, at 11:45, kaifeng zeng via clamav-users 
 wrote:
> 
> Hi,
> 
> One of the recommended way to get the latest Virus definition DB is through 
> the following link. Why they are not https? Thanks!
> 
> http://database.clamav.net/main.cvd 
> 
> http://database.clamav.net/daily.cvd 
> 
> http://database.clamav.net/bytecode.cvd 
> 
> 
> Kaifeng

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Why virus definition DB download url is not https?

2019-12-12 Thread Arnaud Jacques


Hello,

As far as I know, only the lastest version of freshclam (0.102.x) does 
support https.



Le 12/12/2019 à 20:45, kaifeng zeng via clamav-users a écrit :

Hi,

One of the recommended way to get the latest Virus definition DB is 
through the following link. Why they are not https? Thanks!


http://database.clamav.net/main.cvd

http://database.clamav.net/daily.cvd

http://database.clamav.net/bytecode.cvd

Kaifeng


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Why virus definition DB download url is not https?

2019-12-12 Thread kaifeng zeng via clamav-users


Hi,

One of the recommended way to get the latest Virus definition DB is 
through the following link. Why they are not https? Thanks!


http://database.clamav.net/main.cvd

http://database.clamav.net/daily.cvd

http://database.clamav.net/bytecode.cvd

Kaifeng


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Why virus definition DB download url is not https?

Re: [clamav-users] Why virus definition DB download url is not https?

Re: [clamav-users] Why virus definition DB download url is not https?

Re: [clamav-users] Why virus definition DB download url is not https?

Re: [clamav-users] Why virus definition DB download url is not https?

Re: [clamav-users] Why virus definition DB download url is not https?

[clamav-users] Why virus definition DB download url is not https?

7 matches

Site Navigation

Mail list logo

Footer information