[clamav-users] Secure download/verification of clamav database?

[Noel Jones]

On 10/23/2018 2:17 PM, Luke Massa wrote:
> 
> In short, is there any way I can setup clamav/freshclam and be
> confident that a malicious user isn’t adding/removing signatures
> from the upstream mirrors?

The .cvd files have an internal cryptographic signature that's
checked by freshclam and clamd/clamscan.  If freshclam and/or clamd
accepts the files, you can be assured they are official and
unmodified.  This is built into clam; no external tools are called.