Mailing List Archive

Hello,

As far as I know, only the lastest version of freshclam (0.102.x) does
support https.


Le 12/12/2019 à 20:45, kaifeng zeng via clamav-users a écrit :
> Hi,
>
> One of the recommended way to get the latest Virus definition DB is
> through the following link. Why they are not https? Thanks!
>
> http://database.clamav.net/main.cvd
>
> http://database.clamav.net/daily.cvd
>
> http://database.clamav.net/bytecode.cvd
>
> Kaifeng
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : aj@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Each DB's integrity is protected by an embedded signature, so https adds little or nothing to security here.

-Al-

On Dec 12, 2019, at 11:45, kaifeng zeng via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> Hi,
>
> One of the recommended way to get the latest Virus definition DB is through the following link. Why they are not https? Thanks!
>
> http://database.clamav.net/main.cvd <http://database.clamav.net/main.cvd>
>
> http://database.clamav.net/daily.cvd <http://database.clamav.net/daily.cvd>
>
> http://database.clamav.net/bytecode.cvd <http://database.clamav.net/bytecode.cvd>
>
> Kaifeng

But If you are behind another virus scanner, it can't so easily be
intercepted and trip up the scanner.

On 12/12/2019 19:56, Al Varnell via clamav-users wrote:
> Each DB's integrity is protected by an embedded signature, so https
> adds little or nothing to security here.
>
> -Al-
>
> On Dec 12, 2019, at 11:45, kaifeng zeng via clamav-users
> <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>>
> wrote:
>>
>> Hi,
>>
>> One of the recommended way to get the latest Virus definition DB is
>> through the following link. Why they are not https? Thanks!
>>
>> http://database.clamav.net/main.cvd
>>
>> http://database.clamav.net/daily.cvd
>>
>> http://database.clamav.net/bytecode.cvd
>>
>> Kaifeng
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

They are served over https. But only 102.x supports https. So as soon as everyone moves to https, I’ll gladly decommission http.

Sent from my ? iPhone

> On Dec 12, 2019, at 15:01, Nick Howitt <nick@howitts.co.uk> wrote:
>
> ?But If you are behind another virus scanner, it can't so easily be intercepted and trip up the scanner.
>
>> On 12/12/2019 19:56, Al Varnell via clamav-users wrote:
>> Each DB's integrity is protected by an embedded signature, so https adds little or nothing to security here.
>>
>> -Al-
>>
>>> On Dec 12, 2019, at 11:45, kaifeng zeng via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote:
>>>
>>> Hi,
>>>
>>> One of the recommended way to get the latest Virus definition DB is through the following link. Why they are not https? Thanks!
>>>
>>> http://database.clamav.net/main.cvd
>>>
>>> http://database.clamav.net/daily.cvd
>>>
>>> http://database.clamav.net/bytecode.cvd
>>>
>>> Kaifeng
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Thursday 12 December 2019 17:15:01 Joel Esler (jesler) via
clamav-users wrote:

> They are served over https. But only 102.x supports https. So as soon
> as everyone moves to https, I’ll gladly decommission http.
>
Does freshclam support both, if so, how do we force it to https?
Surprises aren't always funny.

Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Yeah, I also don't see that "plain" HTTPS adds to security. Unless ...
the download mechanism (libcurl?) makes sure the certificate presented
by the HTTPS server is really owned by ClamAV. (E.g., it could use its
builtin public key, rather than using the one sent by the HTTPS server.)

Otherwise, DNS hijacking (etc.) might route freshclam to a bogus server
which delivers a bogus DB using its *own* HTTPS cert. The DBs' embedded
signature(s) should be able to catch this, of course.

P.S. Validating the HTTPS cert would fail if freshclam is behind one of
those unpleasant HTTPS MITM proxies that some organizations use.


On Thu, 12 Dec 2019 11:56:20 -0800
Al Varnell via clamav-users <clamav-users@lists.clamav.net> wrote:

> Each DB's integrity is protected by an embedded signature, so https
> adds little or nothing to security here.
>
> -Al-
>
> On Dec 12, 2019, at 11:45, kaifeng zeng via clamav-users
> <clamav-users@lists.clamav.net> wrote:
> >
> > Hi,
> >
> > One of the recommended way to get the latest Virus definition DB is
> > through the following link. Why they are not https? Thanks!
> >
> > http://database.clamav.net/main.cvd
> > <http://database.clamav.net/main.cvd>
> >
> > http://database.clamav.net/daily.cvd
> > <http://database.clamav.net/daily.cvd>
> >
> > http://database.clamav.net/bytecode.cvd
> > <http://database.clamav.net/bytecode.cvd>
> >
> > Kaifeng

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 12.12.19 22:15, Joel Esler (jesler) via clamav-users wrote:
>They are served over https. But only 102.x supports https. So as soon as
> everyone moves to https, I’ll gladly decommission http.

HTTP is easily cacheable, people may like that.

>> On Dec 12, 2019, at 15:01, Nick Howitt <nick@howitts.co.uk> wrote:
>>
>> ?But If you are behind another virus scanner, it can't so easily be intercepted and trip up the scanner.
>>
>>> On 12/12/2019 19:56, Al Varnell via clamav-users wrote:
>>> Each DB's integrity is protected by an embedded signature, so https adds little or nothing to security here.
>>>
>>> -Al-
>>>
>>>> On Dec 12, 2019, at 11:45, kaifeng zeng via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> One of the recommended way to get the latest Virus definition DB is through the following link. Why they are not https? Thanks!
>>>>
>>>> http://database.clamav.net/main.cvd
>>>>
>>>> http://database.clamav.net/daily.cvd
>>>>
>>>> http://database.clamav.net/bytecode.cvd

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows. -- Matthew D. Fuller

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

The definitions are cached by our CDN now.

Https just makes the transport layer encrypted. The definitions are already signed, as you all know.

Sent from my ? iPhone

> On Dec 13, 2019, at 04:43, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>
> ?On 12.12.19 22:15, Joel Esler (jesler) via clamav-users wrote:
>> They are served over https. But only 102.x supports https. So as soon as
>> everyone moves to https, I’ll gladly decommission http.
>
> HTTP is easily cacheable, people may like that.
>
>>>> On Dec 12, 2019, at 15:01, Nick Howitt <nick@howitts.co.uk> wrote:
>>>
>>> ?But If you are behind another virus scanner, it can't so easily be intercepted and trip up the scanner.
>>>
>>>> On 12/12/2019 19:56, Al Varnell via clamav-users wrote:
>>>> Each DB's integrity is protected by an embedded signature, so https adds little or nothing to security here.
>>>>
>>>> -Al-
>>>>
>>>>> On Dec 12, 2019, at 11:45, kaifeng zeng via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> One of the recommended way to get the latest Virus definition DB is through the following link. Why they are not https? Thanks!
>>>>>
>>>>> http://database.clamav.net/main.cvd
>>>>>
>>>>> http://database.clamav.net/daily.cvd
>>>>>
>>>>> http://database.clamav.net/bytecode.cvd
>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> There's a long-standing bug relating to the x86 architecture that
> allows you to install Windows. -- Matthew D. Fuller
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 13.12.19 12:01, Joel Esler (jesler) via clamav-users wrote:
>The definitions are cached by our CDN now.

this helps on your side. cacheable content on proxy could help on the
clients' side.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Freshclam in ClamAV 0.102 will use https by default and will NOT fall back to http. If you need to use http, you can change the DatabaseMirror option in freshclam.conf to "http://database.clamav.net" and that will force it to use http. I agree that surprises aren't always funny, which is why there is no automatic fallback.

Micah

?On 12/12/19, 5:39 PM, "clamav-users on behalf of Gene Heskett via clamav-users" <clamav-users-bounces@lists.clamav.net on behalf of clamav-users@lists.clamav.net> wrote:

On Thursday 12 December 2019 17:15:01 Joel Esler (jesler) via
clamav-users wrote:

> They are served over https. But only 102.x supports https. So as soon
> as everyone moves to https, I’ll gladly decommission http.
>
Does freshclam support both, if so, how do we force it to https?
Surprises aren't always funny.

Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

As I understand it, many users of ClamAV just use their distro's
version, which, in the case of LTS distro versions, may be quite behind
the latest ClamAV version. Thus *removing* the ability to download the
DB's via plain HTTP should remain for quite a while, so as not to cut
off ClamAV users who are not as sophisticated as people on this list.

P.S. Although I have always built ClamAV from source (for several
different Linux versions) since I started using it (as far back as
version 0.88.4 at least), I still haven't moved from 0.101.5 to 0.102.x
(the first HTTPS versions), since I have some other things to do first.


On Mon, 16 Dec 2019 22:18:54 +0000
"Micah Snyder \(micasnyd\) via clamav-users"
<clamav-users@lists.clamav.net> wrote:

> Freshclam in ClamAV 0.102 will use https by default and will NOT fall
> back to http. If you need to use http, you can change the
> DatabaseMirror option in freshclam.conf to
> "http://database.clamav.net" and that will force it to use http. I
> agree that surprises aren't always funny, which is why there is no
> automatic fallback.
>
> Micah
>
> ?On 12/12/19, 5:39 PM, "clamav-users on behalf of Gene Heskett via
> clamav-users" <clamav-users-bounces@lists.clamav.net on behalf of
> clamav-users@lists.clamav.net> wrote:
>
> On Thursday 12 December 2019 17:15:01 Joel Esler (jesler) via
> clamav-users wrote:
>
> > They are served over https. But only 102.x supports https. So
> > as soon as everyone moves to https, I’ll gladly decommission
> > http.
> >
> Does freshclam support both, if so, how do we force it to https?
> Surprises aren't always funny.
>
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> If we desire respect for the law, we must first make the law
> respectable.
> - Louis D. Brandeis
> Genes Web page <http://geneslinuxbox.net:6309/gene>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Agreed. We'll have to wait for quite a long time before we can disable plain HTTP.

Micah

?On 12/17/19, 7:38 PM, "clamav-users on behalf of Paul Kosinski via clamav-users" <clamav-users-bounces@lists.clamav.net on behalf of clamav-users@lists.clamav.net> wrote:

As I understand it, many users of ClamAV just use their distro's
version, which, in the case of LTS distro versions, may be quite behind
the latest ClamAV version. Thus *removing* the ability to download the
DB's via plain HTTP should remain for quite a while, so as not to cut
off ClamAV users who are not as sophisticated as people on this list.

P.S. Although I have always built ClamAV from source (for several
different Linux versions) since I started using it (as far back as
version 0.88.4 at least), I still haven't moved from 0.101.5 to 0.102.x
(the first HTTPS versions), since I have some other things to do first.


On Mon, 16 Dec 2019 22:18:54 +0000
"Micah Snyder \(micasnyd\) via clamav-users"
<clamav-users@lists.clamav.net> wrote:

> Freshclam in ClamAV 0.102 will use https by default and will NOT fall
> back to http. If you need to use http, you can change the
> DatabaseMirror option in freshclam.conf to
> "http://database.clamav.net" and that will force it to use http. I
> agree that surprises aren't always funny, which is why there is no
> automatic fallback.
>
> Micah
>
> On 12/12/19, 5:39 PM, "clamav-users on behalf of Gene Heskett via
> clamav-users" <clamav-users-bounces@lists.clamav.net on behalf of
> clamav-users@lists.clamav.net> wrote:
>
> On Thursday 12 December 2019 17:15:01 Joel Esler (jesler) via
> clamav-users wrote:
>
> > They are served over https. But only 102.x supports https. So
> > as soon as everyone moves to https, I’ll gladly decommission
> > http.
> >
> Does freshclam support both, if so, how do we force it to https?
> Surprises aren't always funny.
>
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> If we desire respect for the law, we must first make the law
> respectable.
> - Louis D. Brandeis
> Genes Web page <http://geneslinuxbox.net:6309/gene>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml