[MacPorts] #56378: clamav - freshclam blocked by little snitch as code signature is not valid
MacPorts
noreply at macports.org
Sun Apr 29 00:52:07 UTC 2018
#56378: clamav - freshclam blocked by little snitch as code signature is not valid
---------------------------+-----------------------
Reporter: facelikeapig | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.4.3
Resolution: | Keywords: freshclam
Port: clamav |
---------------------------+-----------------------
Comment (by pmetzger):
Regardless,
1. Allowing particular binaries to make particular connections (like to
fetch new virus definitions) seems fine, and if you want clamav to work
you're going to have to allow that. Further, just because something is
signed doesn't mean it can't do mischief. Indeed, executables with buffer
overflows in them can be made to run entirely arbitrary Turing-equivalent
programs. See, for example, this famous paper:
https://cseweb.ucsd.edu/~hovav/dist/geometry.pdf
2. I don't think that MacPorts is going to sign things. I don't even
think, given the model under which MacPorts works, with users downloading
and building their own code, that we reasonably could do this. One does
indeed need a paid Apple Dev account, and we can't reasonably require that
all MacPorts users have one.
I think I'll be closing this.
--
Ticket URL: <https://trac.macports.org/ticket/56378#comment:4>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list