0

Two questions, the second related to the first...

How does ClamAV secure its update virus definition operations from its online servers? I will assume (?) that it uses HTTPS for security, but a security specialist has posed the thoughtful question: seeing as ClamAV updates regularly with definitions obtained from an online server, it creates an opportunity for exploitation - all calls made from ClamAV should be routed through a "next-generation" firewall.

I'm not sure what advantage that would have over the existing firewall (provided by an online hosting agency) traffic being routed out through?

bnoeafk
  • 145
  • 3
  • 2
    Your "security specialist" sounds more like a marketing person rather than a security person. What does he mean by "next generation firewall"? What would such a device do that would be helpful in his imagined scenario? For that matter, what _is_ his imagined scenario? – Michael Hampton Aug 24 '21 at 00:46
  • That's exactly what I'm trying to ascertain - and he's not marketing nor does he have any financial return on comments made. It's actually a Cloud Security team for a customer and they've ascertained that ClamAV calls out for update without going through a firewall make them exploitable. I'm trying to get to grips with what they're trying to get at. If the calls are HTTPS (does anyone know if they are?) then one would/could assume that there can't be MITM attacks on either the server issuing the updates, nor on the payload that comes from those servers. – bnoeafk Aug 24 '21 at 01:24
  • 2
    Your security specialist sounds dubious. Ask them to be explicit with their recommendations and not to use marketing terms. Additionally, you can setup your own ClamAV mirror if you’re worried about such things - check out cvdupdate. – Ackack Aug 24 '21 at 01:25
  • 1
    Anyway the update files themselves are digitally signed, and have been forever, so none of that matters. https://clamav-users.clamav.narkive.com/VvnJstQh/update-virus-definitions-using-ssl – Michael Hampton Aug 24 '21 at 01:46
  • Thank you both - I'm hoping that the digital signature will appease those. Appreciate the feedback. – bnoeafk Aug 26 '21 at 22:33

0 Answers0