[clamav-users] Freshclam Non-repudiation
scalio at gmail.com
Fri Jan 29 17:12:50 EST 2016
I think I answered my own question, Sansecurity.
On Fri, Jan 29, 2016 at 4:41 PM, Brad Scalio <scalio at gmail.com> wrote:
> Thanks Steve that does help, who's the CA or at least the certs aren't
> self-signed correct?
> On Fri, Jan 29, 2016, 14:42 Steven Morgan <smorgan at sourcefire.com> wrote:
>> The official ClamAV virus database is digitally signed before posting to
>> the ClamAV mirrors. The CVD signature is checked before database load
>> Virus names of signatures from non-signed databases are appended with
>> Hope this helps,
>> On Thu, Jan 28, 2016 at 5:29 PM, Brad Scalio <scalio at gmail.com> wrote:
>> > Is there any integrity or authenticity checks within freshclam when it
>> > connects to the clamAV servers to download the virus signature
>> > Also is there any non-repudiation of the servers hosting the virus
>> > signature databases, that is who gets to be a host and is there any
>> > procedures to ensure those servers hosting the files are secured and the
>> > files genuine?
>> > Sorry for ambiguity I'm just looking for anything, I'm not suggesting
>> > changes if there aren't just need fodder if there are any.
>> > Thanks!
>> > _______________________________________________
>> > Help us build a comprehensive ClamAV guide:
>> > https://github.com/vrtadmin/clamav-faq
>> > http://www.clamav.net/contact.html#ml
>> Help us build a comprehensive ClamAV guide:
More information about the clamav-users