Mailing List Archive

Override the CA bundle file when using freshclam.
I was having trouble using the latest freshclam version on CentOS 6,
because the system wide CA bundle file used by libcurl is unable to
validate the ClamAV HTTPS certificates.  So I fixed the problem with a
small patch that allows the user to override the CA bundle file
freshclam uses. You can set the path via the "CAFile" directive in the
freshclam.conf file, or dictate the path using freshclam command line,
as --ca=FILE" ... the patch is a little rough, I didn't test/document
the conf file option, and I haven't written unit tests for it, but since
it's a pretty important feature I'm submitting the patch to the list ... L~
Re: Override the CA bundle file when using freshclam. [ In reply to ]
On 6/6/20 8:37 AM, Ladar Levison wrote:
> I was having trouble using the latest freshclam version on CentOS 6,
> because the system wide CA bundle file used by libcurl is unable to
> validate the ClamAV HTTPS certificates.  So I fixed the problem with a
> small patch that allows the user to override the CA bundle file
> freshclam uses. You can set the path via the "CAFile" directive in the
> freshclam.conf file, or dictate the path using freshclam command line,
> as --ca=FILE" ... the patch is a little rough, I didn't test/document
> the conf file option, and I haven't written unit tests for it, but since
> it's a pretty important feature I'm submitting the patch to the list ... L~
>
>

just add to system store:
https://cacerts.digicert.com/BaltimoreCyberTrustRoot.crt


instruction also for centos 6:

https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

Regards

--
Gianluigi Tiesi <sherpya@netfarm.it>
Chief Technology Officer
Netfarm S.r.l. - http://www.netfarm.it/
Free Software: http://oss.netfarm.it/

Q: Because it reverses the logical flow of conversation.
A: Why is putting a reply at the top of the message frowned upon?
_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Override the CA bundle file when using freshclam. [ In reply to ]
We have a mechanism for changing the CA path coming in 0.103 as well:
https://github.com/Cisco-Talos/clamav-devel/commit/5485787a925c9824f422f4e6728c0bb0d45274b2

Regards,
Micah

?On 6/6/20, 8:30 AM, "clamav-devel on behalf of Gianluigi Tiesi" <clamav-devel-bounces@lists.clamav.net on behalf of sherpya@netfarm.it> wrote:

On 6/6/20 8:37 AM, Ladar Levison wrote:
> I was having trouble using the latest freshclam version on CentOS 6,
> because the system wide CA bundle file used by libcurl is unable to
> validate the ClamAV HTTPS certificates. So I fixed the problem with a
> small patch that allows the user to override the CA bundle file
> freshclam uses. You can set the path via the "CAFile" directive in the
> freshclam.conf file, or dictate the path using freshclam command line,
> as --ca=FILE" ... the patch is a little rough, I didn't test/document
> the conf file option, and I haven't written unit tests for it, but since
> it's a pretty important feature I'm submitting the patch to the list ... L~
>
>

just add to system store:
https://cacerts.digicert.com/BaltimoreCyberTrustRoot.crt


instruction also for centos 6:

https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

Regards

--
Gianluigi Tiesi <sherpya@netfarm.it>
Chief Technology Officer
Netfarm S.r.l. - http://www.netfarm.it/
Free Software: http://oss.netfarm.it/

Q: Because it reverses the logical flow of conversation.
A: Why is putting a reply at the top of the message frowned upon?
_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml