On Thu, 23 Jun 2005 14:39:47 -0700 in [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Damian wrote: > > So, if you didn't do it, and none of the other team-members did it, > > then who did? This raises an interesting issue: if an attacker > > figures out how to poison the DNS server, nobody would get updates. > > Worse, an attacker could point the records to a server under their own > control, with malicious virus definitions. I'll let everyone imagine > the worst-case consequences of that. > But they would need access to the signing keys used by the database creators or ClamAV would simply ignore the new versions as being tainted. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
