Hi Eugene, > Not directly related, but still... > I am using a clamav based antivirus solution on a rather big mail system > (non Cobalt). I beleive that freshclam probably checks MD5 of the > downloaded signature database to prevent accidental curruption of the > file.
That's correct. Therefore the updater which Clam AV uses (freshclam) is a lot more relieable than the updater which Kaspersky uses. Although Kaspersky checks the downloaded definitions for virii or corruption it has no fallback mechanism to revert back to a good set of definitions if the downloaded ones are corrupt. Which is kinda crazy. > But the signature files are *not* signed with public key crypto, and > therefore is someone breaks into the main distribution server and > replaces a signature file *together* with the md5 sum of it, everyone in > the world who uses clamav will be in very big trouble. A lot of critical sourcecode is available only with an md5 sum to check for tampering. It's better than nothing, but you're right: Ideally it should be signed with PGP. -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
