I asked about this a couple weeks ago, and Renaud provided some useful insight.
What is happening here is that the download aborts before it completes, so the downloaded MD5 hash doesn't match the actual digest of the partial (truncated) archive file. Renaud said that EVERYONE schedules their downloads on the hour and on the half-hour, and that this overloads the server. He suggested trying a less-common schedule, like 2:53 or 1:19... you get the idea. I followed his advice and saw about a 50% improvement. I still get the error occasionally, but not nearly so often. (FYI, we purchased a direct plugin feed, which made absolutely no difference with regard to this error, so the $1200/year subscription doesn't buy you out of competing with everyone else for bandwidth). John Scherff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of I am WE4SEL Sent: Thursday, September 15, 2005 3:51 AM To: [email protected] Subject: Re: nessus-update-plugins invalid signature Hi, what's your Nessus version? I had this once and had to upgrade. Greetz Chris ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[email protected]> Sent: Thursday, September 15, 2005 12:18 PM Subject: nessus-update-plugins invalid signature Hi, I'm getting this every night, at about 03:30: all-2.0.sig is not the valid signature for all-2.0.tar.gz Aborting Here's some debug. If you need anything more doing, please ask. [EMAIL PROTECTED] nessus-update-plugins-31126]# ls -ld . drwx------ 2 root root 4096 Sep 15 03:23 . [EMAIL PROTECTED] nessus-update-plugins-31126]# ls -l total 3528 -rw------- 1 root root 1025 Sep 15 03:23 all-2.0.sig -rw------- 1 root root 3598899 Sep 15 03:23 all-2.0.tar.gz -rw------- 1 root root 56 Sep 15 03:15 all-2.0.tar.gz.md5 [EMAIL PROTECTED] nessus-update-plugins-31126]# md5sum all-2.0.tar.gz 1dc99abd5f46a02c298032cf9c40a043 all-2.0.tar.gz [EMAIL PROTECTED] nessus-update-plugins-31126]# cat all-2.0.tar.gz.md5 MD5 (all-2.0.tar.gz) = a4ae78df132b21ff6673002103643e1f [EMAIL PROTECTED] nessus-update-plugins-31126]# nessus-check-signature all-2.0.tar.gz all-2.0.sig all-2.0.sig is not the valid signature for all-2.0.tar.gz Regards, Paul -- Paul Johnston IT Security Services HBOS Plc [EMAIL PROTECTED] Tel: +44 (0)113 235 3071 (Internal 53071) Fax: +44 (0)113 235 3206 (Internal 53206) Internal Postal Reference : PDC/1/IT/SEC -- ------------------------------------------------------------------------ ------ HBOS plc, Registered in Scotland No. SC218813. Registered Office: The Mound, Edinburgh EH1 1YZ. HBOS plc is a holding company, subsidiaries of which are authorised and regulated by the Financial Services Authority. ======================================================================== ====== _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
