[clamav-users] gpg key
Al Varnell
alvarnell at mac.com
Thu Jul 16 17:30:43 UTC 2015
Start with the Documentation page for Upgrading ClamAV:
<http://www.clamav.net/doc/upgrade.html>
> • How do I verify the integrity of ClamAV sources?
> Using GnuPG you can easily verify the authenticity of your stable release downloads by using the following method: Download the Sourcefire VRT key from the VRT labs site <http://labs.snort.org/contact.html>. Import the key into your local public keyring: $ gpg --import vrt.gpg.
>
> Download the stable release AND the corresponding .sig file to the same directory. Verify that the stable release download is signed with the Sourcefire VRT key <http://labs.snort.org/contact.html>: $ gpg --verify clamav-X.XX.tar.gz.sig
>
> Please note that the resulting output should look like the following:
>
> gpg: Signature made <some date> using DSA key ID 15497F03
> gpg: Good signature from Sourcefire VRT <email address>
On Thu, Jul 16, 2015 at 08:21 AM, Bowie Bailey wrote:
>
> Where can I find the gpg key for the clamav tarball? I've poked through the website and sourceforge and can't find it anywhere.
-Al-
--
Al Varnell
Mountain View, CA
More information about the clamav-users
mailing list