[clamav-users] Freshclam Non-repudiation
Steve Basford
steveb_clamav at sanesecurity.com
Fri Jan 29 08:27:52 UTC 2016
On Thu, January 28, 2016 10:29 pm, Brad Scalio wrote:
> Is there any integrity or authenticity checks within freshclam when it
> connects to the clamAV servers to download the virus signature databases?
Hi Brad,
Just to cover 3rd Party (.UNOFFICIAL) signatures.
Signatures produced by Sanesecurity and/or distributed by Sanesecurity
mirrors are first created and/or downloaded then checked against a HAM
folder and finally signed with GPG.
In addition, md5/sha256 hashes are also produced.
Download scripts check the GPG and/or hashes depending on which script
you use.
As Sanesecurity have been doing this for 10 years this year, hopefully
the GPG key can be trusted ;)
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity
More information about the clamav-users
mailing list