[clamav-users] Freshclam Non-repudiation
Steven Morgan
smorgan at sourcefire.com
Fri Jan 29 19:41:58 UTC 2016
Brad,
The official ClamAV virus database is digitally signed before posting to
the ClamAV mirrors. The CVD signature is checked before database load time.
Virus names of signatures from non-signed databases are appended with
".UNOFFICIAL".
Hope this helps,
Steve
On Thu, Jan 28, 2016 at 5:29 PM, Brad Scalio <scalio at gmail.com> wrote:
> Is there any integrity or authenticity checks within freshclam when it
> connects to the clamAV servers to download the virus signature databases?
>
> Also is there any non-repudiation of the servers hosting the virus
> signature databases, that is who gets to be a host and is there any
> procedures to ensure those servers hosting the files are secured and the
> files genuine?
>
> Sorry for ambiguity I'm just looking for anything, I'm not suggesting
> changes if there aren't just need fodder if there are any.
>
> Thanks!
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list