Tomasz Kojm wrote:
On Thu, 18 Nov 2004 18:05:26 +0000 Brian Morrison <[EMAIL PROTECTED]> wrote:
On Thu, 18 Nov 2004 19:08:49 +0100 in [EMAIL PROTECTED] Bogus_aw Brandys <[EMAIL PROTECTED]> wrote:
Wondering if freshclam should verify database integrity before downloading updates ? I tested corrupted daily.cvd and it's not detected.Any new option for freshclam (--verify) to verify and
delete corrupted database?
Doesn't it already use md5sum to ensure the files are intact?
It (and all scanners that load databases) uses both MD5 and digital signature to ensure db integrity.
Well not exactly. Just try this :
- corrupt daily.cvd by putting some garbagge inside
Now of course clamscan and other based on libclamav refuse to scan but freshclam will not recognize that this file is corrupted and so wouldn't be able to download the same but not broken database version.
This is a small security problem (not in Linux becouse of proper permissions) in Windows becouse someone *must* delete broken database
(some malware could corrupt database for example)
There is slighty small window in time before new release incoming when clamav will not work and *manual* intervention is needed.
Option --verify (or whatever we could define) could delete corrupted database and download proper signed database *even* if there is no new release.
But forget about it. It is no so usefull as I thought.
I dont know about that. This seems like it could potentially be a large problem...atleast like you say on windows machines. It would be pretty easy to corrupt the database (by adding to it, overwriting it, whatever) which would prevent anything from being virus scanned. I guess an option to freshclam to verify the integrity of the already downloaded database files would be a good thing. I would think everything that uses these database files should be checking the integrity first..
Just my thoughts..
-Jim
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
