[clamav-users] Freshclam Non-repudiation

Steve Basford steveb_clamav at sanesecurity.com
Fri Jan 29 03:27:52 EST 2016

On Thu, January 28, 2016 10:29 pm, Brad Scalio wrote:
> Is there any integrity or authenticity checks within freshclam when it
> connects to the clamAV servers to download the virus signature databases?

Hi Brad,

Just to cover 3rd Party (.UNOFFICIAL) signatures.

Signatures produced by Sanesecurity and/or distributed by Sanesecurity
mirrors are first created and/or downloaded then checked against a HAM
folder and finally signed with GPG.

In addition, md5/sha256 hashes are also produced.

Download scripts check the GPG and/or hashes depending on which script
you use.

As Sanesecurity have been doing this for 10 years this year, hopefully
the GPG key can be trusted ;)


Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity

More information about the clamav-users mailing list