[clamav-users] Freshclam Non-repudiation

Brad Scalio scalio at gmail.com
Fri Jan 29 05:32:12 EST 2016


Thanks for the quick replies and information, this helps greatly and is
much appreciated!
On Jan 29, 2016 03:28, "Steve Basford" <steveb_clamav at sanesecurity.com>
wrote:

>
> On Thu, January 28, 2016 10:29 pm, Brad Scalio wrote:
> > Is there any integrity or authenticity checks within freshclam when it
> > connects to the clamAV servers to download the virus signature databases?
>
> Hi Brad,
>
> Just to cover 3rd Party (.UNOFFICIAL) signatures.
>
> Signatures produced by Sanesecurity and/or distributed by Sanesecurity
> mirrors are first created and/or downloaded then checked against a HAM
> folder and finally signed with GPG.
>
> In addition, md5/sha256 hashes are also produced.
>
> Download scripts check the GPG and/or hashes depending on which script
> you use.
>
> As Sanesecurity have been doing this for 10 years this year, hopefully
> the GPG key can be trusted ;)
>
> Cheers,
>
> Steve
> Web : sanesecurity.com
> Blog: sanesecurity.blogspot.com
> Twitter: @sanesecurity
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



More information about the clamav-users mailing list