Friday, February 21, 2014

Introducing OpenSSL as a dependency to ClamAV

In an upcoming release, we are planning on introducing OpenSSL as a dependency to ClamAV.  We wanted to get this out to the community for any feedback that could be provided in order for everyone to understand why we are doing it.  So first, I'll cover a few reasons we are planning to introduce it, then outline some Pros and Cons:

  1. Performance. OpenSSL has code optimized for many platforms. In several tests that we've performed, we've averaged a 70% increase in performance.
  2. OpenSSL’s code has had a lot of eyes on it. Cryptography is hard to get right.
  3. Planned future work depends on it.
Pros for OpenSSL:

  1. Industry-standard cryptography code
  2. Many, many eyes have looked over OpenSSL’s code.
  3. It’s used pretty much everywhere.
  4. We will be able to provide a better freshclam experience in a future release.
  6. Portability. OpenSSL works pretty much everywhere.
  7. Maintainability. With OpenSSL backing major infrastructure, operating systems provide quick patches/updates to OpenSSL.

Cons for OpenSSL:

  1. Possibly bigger memory footprint
  2. First required dependency for ClamAV’s engine
As always we are receptive to feedback from the community.  It is always welcome over on the ClamAV-Users list: