Join Log in
Score:0
avatar Server

How does ClamAV secure its updates online?

in flag
bnoeafk

Two questions, the second related to the first...

How does ClamAV secure its update virus definition operations from its online servers? I will assume (?) that it uses HTTPS for security, but a security specialist has posed the thoughtful question: seeing as ClamAV updates regularly with definitions obtained from an online server, it creates an opportunity for exploitation - all calls made from ClamAV should be routed through a "next-generation" firewall.

I'm not sure what advantage that would have over the existing firewall (provided by an online hosting agency) traffic being routed out through?

40
0 + 5
Michael Hampton avatar
cz flag
Michael Hampton
Your "security specialist" sounds more like a marketing person rather than a security person. What does he mean by "next generation firewall"? What would such a device do that would be helpful in his imagined scenario? For that matter, what _is_ his imagined scenario?
2
Reply
in flag
bnoeafk
That's exactly what I'm trying to ascertain - and he's not marketing nor does he have any financial return on comments made. It's actually a Cloud Security team for a customer and they've ascertained that ClamAV calls out for update without going through a firewall make them exploitable. I'm trying to get to grips with what they're trying to get at. If the calls are HTTPS (does anyone know if they are?) then one would/could assume that there can't be MITM attacks on either the server issuing the updates, nor on the payload that comes from those servers.
0
Reply
tilleyc avatar
us flag
tilleyc
Your security specialist sounds dubious. Ask them to be explicit with their recommendations and not to use marketing terms. Additionally, you can setup your own ClamAV mirror if you’re worried about such things - check out cvdupdate.
2
Reply
Michael Hampton avatar
cz flag
Michael Hampton
Anyway the update files themselves are digitally signed, and have been forever, so none of that matters. https://clamav-users.clamav.narkive.com/VvnJstQh/update-virus-definitions-using-ssl
1
Reply
in flag
bnoeafk
Thank you both - I'm hoping that the digital signature will appease those. Appreciate the feedback.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.