Thanks Steve that does help, who's the CA or at least the certs aren't self-signed correct?
On Fri, Jan 29, 2016, 14:42 Steven Morgan <smor...@sourcefire.com> wrote: > Brad, > > The official ClamAV virus database is digitally signed before posting to > the ClamAV mirrors. The CVD signature is checked before database load time. > Virus names of signatures from non-signed databases are appended with > ".UNOFFICIAL". > > Hope this helps, > Steve > > On Thu, Jan 28, 2016 at 5:29 PM, Brad Scalio <sca...@gmail.com> wrote: > > > Is there any integrity or authenticity checks within freshclam when it > > connects to the clamAV servers to download the virus signature databases? > > > > Also is there any non-repudiation of the servers hosting the virus > > signature databases, that is who gets to be a host and is there any > > procedures to ensure those servers hosting the files are secured and the > > files genuine? > > > > Sorry for ambiguity I'm just looking for anything, I'm not suggesting > > changes if there aren't just need fodder if there are any. > > > > Thanks! > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
