[clamav-users] Database updated over unencrypted connection?

instaham at posteo.org instaham at posteo.org
Fri Mar 15 11:04:45 EDT 2019


Leonardo Rodrigues wrote:
>     the databases are digitally signed, and any modification, such in
> a man-in-the-middle attack, would break the signature and freshclam
> would refuse to run the files.

Sounds good. Can you please explain how this works in detail?

Apt places GPG keys in the system and uses them to verify downloaded 
data.

It doesn't seem that ClamAV placed any GPG keys in my system. So how is 
the verification happening?

Thanks


More information about the clamav-users mailing list