Package: clamav-freshclam
Version: 0.102.1+dfsg-1
User: debian-ad...@lists.debian.org
Usertags: needed-by-DSA-Team
Control: found -1 0.102.1+dfsg-0+deb9u1
Hi,
With 0.102, Freshclam started using libcurl for database downloads, but
appears to provide no way to configure which certificates should be
trusted.
This causes issues on debian.org systems, which have a very limited set
of trusted certificates by default. We're working around this with:
<quote>
# /etc/systemd/system/clamav-freshclam.service.d/override.conf
[Service]
BindReadOnlyPaths=/etc/ssl/ca-global:/etc/ssl/certs
</quote>
but this isn't ideal. A configuration option to allow specifying an
alternative bundle / root, or even respecting CURL_CA_BUNDLE, would be
much appreciated.
Regards,
Adam
