On Thu, January 28, 2016 10:29 pm, Brad Scalio wrote: > Is there any integrity or authenticity checks within freshclam when it > connects to the clamAV servers to download the virus signature databases?
Hi Brad, Just to cover 3rd Party (.UNOFFICIAL) signatures. Signatures produced by Sanesecurity and/or distributed by Sanesecurity mirrors are first created and/or downloaded then checked against a HAM folder and finally signed with GPG. In addition, md5/sha256 hashes are also produced. Download scripts check the GPG and/or hashes depending on which script you use. As Sanesecurity have been doing this for 10 years this year, hopefully the GPG key can be trusted ;) Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com Twitter: @sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
