On Thu Jul 14 2011 23:25:34 GMT+0200 (CET) James Ralston <qralston+ml.clamav-us...@andrew.cmu.edu> wrote:
>> The CLD files are digitally signed too, so you get almost the same >> integrity checks as with the CVD already. > > Are you sure about that? Because sigtool says: > > $ sigtool -i safebrowsing.cvd > File: safebrowsing.cvd > Build time: 14 Jul 2011 14:45 -0400 > Version: 30807 > Signatures: 710259 > Functionality level: 60 > Builder: google > MD5: 2b1b2e868dd74f2aab83bb79c55a68d8 > Digital signature: > ZstS5RdHytv71PgvErgszQPaVbPqtqgmNrE+w//3lgS0bhP6rrPb87NVfncufL9H2kh/LLx1wwyMPPIJVWsbSYKck4vcwz+ErezX+81gTilryxcrmmEMTWH6WjRvKj24wuqSIF78473JuZWB6Wwi8q2Wgojh1BgBaCB7ghuV/3j > LibClamAV Warning: Detected duplicate databases safebrowsing.cvd and > safebrowsing.cld, please manually remove one of them > Verification OK. > > $ sigtool -i safebrowsing.cld > File: safebrowsing.cld > Build time: 14 Jul 2011 14:45 -0400 > Version: 30807 > Signatures: 710259 > Functionality level: 60 > Builder: google > Verification OK. > > The CLD file lacks the "MD5" and "Digital signature" info. Is there > another signature that sigtool isn't displaying? Yes, there's an additional digital signature stored in the .info file inside the CLD container. Cheers, -- oo ..... Tomasz Kojm <tk...@clamav.net> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Jul 14 23:33:11 CEST 2011 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
