Is there any integrity or authenticity checks within freshclam when it connects to the clamAV servers to download the virus signature databases?
Also is there any non-repudiation of the servers hosting the virus signature databases, that is who gets to be a host and is there any procedures to ensure those servers hosting the files are secured and the files genuine? Sorry for ambiguity I'm just looking for anything, I'm not suggesting changes if there aren't just need fodder if there are any. Thanks! _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml