[clamav-users] Database updated over unencrypted connection?
instaham at posteo.org
instaham at posteo.org
Fri Mar 15 15:04:45 UTC 2019
Leonardo Rodrigues wrote:
> the databases are digitally signed, and any modification, such in
> a man-in-the-middle attack, would break the signature and freshclam
> would refuse to run the files.
Sounds good. Can you please explain how this works in detail?
Apt places GPG keys in the system and uses them to verify downloaded
data.
It doesn't seem that ClamAV placed any GPG keys in my system. So how is
the verification happening?
Thanks
More information about the clamav-users
mailing list