On Thu, 18 Nov 2004 18:05:26 +0000 Brian Morrison <[EMAIL PROTECTED]> wrote:
On Thu, 18 Nov 2004 19:08:49 +0100 in [EMAIL PROTECTED] Bogus_aw Brandys <[EMAIL PROTECTED]> wrote:
Wondering if freshclam should verify database integrity before downloading updates ? I tested corrupted daily.cvd and it's not detected.Any new option for freshclam (--verify) to verify and
delete corrupted database?
Doesn't it already use md5sum to ensure the files are intact?
It (and all scanners that load databases) uses both MD5 and digital signature to ensure db integrity.
Well not exactly. Just try this :
- corrupt daily.cvd by putting some garbagge inside
Now of course clamscan and other based on libclamav refuse to scan but freshclam will not recognize that this file is corrupted and so wouldn't be able to download the same but not broken database version.
This is a small security problem (not in Linux becouse of proper permissions) in Windows becouse someone *must* delete broken database
(some malware could corrupt database for example)
There is slighty small window in time before new release incoming when clamav will not work and *manual* intervention is needed.
Option --verify (or whatever we could define) could delete corrupted database and download proper signed database *even* if there is no new release.
But forget about it. It is no so usefull as I thought.
P.S.
I know clamav source a little , this is not related eighter. This is just a small idea poping in my mind ;-)
Regards Boguslaw Brandys _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
