[clamav-users] Database updated over unencrypted connection?

Arnaud Jacques webmaster at securiteinfo.com
Fri Mar 15 11:47:02 EDT 2019


Hello,

Le 15/03/2019 à 16:04, instaham--- via clamav-users a écrit :
> Leonardo Rodrigues wrote:
>>     the databases are digitally signed, and any modification, such in
>> a man-in-the-middle attack, would break the signature and freshclam
>> would refuse to run the files.
>
> Sounds good. Can you please explain how this works in detail?
>
> Apt places GPG keys in the system and uses them to verify downloaded 
> data.
>
> It doesn't seem that ClamAV placed any GPG keys in my system. So how 
> is the verification happening?

Read on 
https://lists.clamav.net/pipermail/clamav-users/2018-October/007053.html :

"

The .cvd files have an internal cryptographic signature that's
checked by freshclam and clamd/clamscan.  If freshclam and/or clamd
accepts the files, you can be assured they are official and
unmodified.  This is built into clam; no external tools are called.

"

Btw, it is working for official signatures. 3rd party signatures provide 
hash based checksum files.

-- 
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : aj at securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190315/7132e3d6/attachment.html>


More information about the clamav-users mailing list