[clamav-users] Freshclam Non-repudiation
steveb_clamav at sanesecurity.com
Fri Jan 29 03:27:52 EST 2016
On Thu, January 28, 2016 10:29 pm, Brad Scalio wrote:
> Is there any integrity or authenticity checks within freshclam when it
> connects to the clamAV servers to download the virus signature databases?
Just to cover 3rd Party (.UNOFFICIAL) signatures.
Signatures produced by Sanesecurity and/or distributed by Sanesecurity
mirrors are first created and/or downloaded then checked against a HAM
folder and finally signed with GPG.
In addition, md5/sha256 hashes are also produced.
Download scripts check the GPG and/or hashes depending on which script
As Sanesecurity have been doing this for 10 years this year, hopefully
the GPG key can be trusted ;)
Web : sanesecurity.com
More information about the clamav-users