[clamav-users] Database updated over unencrypted connection?

Luke Massa lmassa at tripadvisor.com
Fri Mar 15 15:02:42 EDT 2019


I had this question a while back, and this is what I was able to track down:

The files are not signed via any PKI trusted by your system, but rather by a specific RSA key that is trusted by the code itself. If you look in libclamav/dsig.c, there is an implementation of RSA inspired by http://www.erikyyy.de/yyyRSA/, and the public parameters of an RSA key are hard-coded in that file.

- Luke

On Mar 15, 2019, at 11:04 AM, instaham--- via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:

Leonardo Rodrigues wrote:
    the databases are digitally signed, and any modification, such in
a man-in-the-middle attack, would break the signature and freshclam
would refuse to run the files.

Sounds good. Can you please explain how this works in detail?

Apt places GPG keys in the system and uses them to verify downloaded data.

It doesn't seem that ClamAV placed any GPG keys in my system. So how is the verification happening?

Thanks

_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.clamav.net_mailman_listinfo_clamav-2Dusers&d=DwIGaQ&c=9Hv6XPedRSA-5PSECC38X80c1h60_XWA4z1k_R1pROA&r=kBR20qCRpw_COsjokFR0DeDlBjL9wibcGzBBJtTubwc&m=Am934oxvGJUzY7zjAMr7LsAoh1QKFMW_pCV9H3D-XAY&s=32-aBf3kPc7KjmlElZ_x56PEUwoQoMgpezWIVZtdnHc&e=


Help us build a comprehensive ClamAV guide:
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vrtadmin_clamav-2Dfaq&d=DwIGaQ&c=9Hv6XPedRSA-5PSECC38X80c1h60_XWA4z1k_R1pROA&r=kBR20qCRpw_COsjokFR0DeDlBjL9wibcGzBBJtTubwc&m=Am934oxvGJUzY7zjAMr7LsAoh1QKFMW_pCV9H3D-XAY&s=iFxlVSJ2ckNdLBVhTcgERy1eec3jp4yRZnbzcDlxDrE&e=

https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clamav.net_contact.html-23ml&d=DwIGaQ&c=9Hv6XPedRSA-5PSECC38X80c1h60_XWA4z1k_R1pROA&r=kBR20qCRpw_COsjokFR0DeDlBjL9wibcGzBBJtTubwc&m=Am934oxvGJUzY7zjAMr7LsAoh1QKFMW_pCV9H3D-XAY&s=ncrTAyYChjf7wK4-1nqUY9gKjgolYUlQpjB0FKybCqw&e=

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190315/93297752/attachment.html>


More information about the clamav-users mailing list