On Fri, 30 Jun 2017 at 20:12:11 +0000, Joel Esler (jesler) wrote: > Jim, > > Thanks. This look like the vulndev key. The correct key is on the contact > page of Talosintelligence.com. > > We'll take a look here.
Hi, Joel. I went to http://www.clamav.net/downloads, got http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz and http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz.sig and wanted to verify the tarball and compile ASAP - there are bugs in 0.99.2 after all. For half an hour or so I tried to find the public key at various places: Talosintelligence.com, Cisco.com, http://labs.snort.org/contact.html (linked at https://github.com/Cisco-Talos/clamav-faq/blob/master/faq/faq-upgrade.md), a keyserver - all to no avail. Where is the key? > > > On Jun 30, 2017, at 13:46, Jim Michaud <jjmich...@constantcontact.com> > > wrote: > > > > I just downloaded clamav-0.99.2.tar.gz from > > https://www.clamav.net/downloads and tried to check the signature > > using the "Talos PGP Public Key" on the same page. It looks like it > > was signed with a different public key. > > > > $ gpg --import ../Talos-PGP-Public-Key > > gpg: key 0B3BB3A7: public key "vuln...@cisco.com <vuln...@cisco.com>" > > imported > > gpg: Total number processed: 1 > > gpg: imported: 1 (RSA: 1) > > > > $ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz > > gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA key ID > > 260429A0 > > gpg: Can't check signature: No public key > > > > I was able to do some digging and did find the key using > > https://pgp.key-server.io/ > > (https://pgp.key-server.io/search/Talos+GPG+Key). However that key > > expired in April 2017. I'm guessing someone needs to update the > > signature file using the new public key. > > > > $ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz > > gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA key ID > > 260429A0 > > gpg: Good signature from "Talos (Talos GPG Key) <resea...@sourcefire.com>" > > gpg: Note: This key has expired! > > Primary key fingerprint: F79F B2D0 8751 574C 5D3F DFFB B3D5 342C 2604 29A0 > -- Tomasz Papszun | And it's only tomek at lodz.tpsa.pl linkedin.com/in/tomaszpapszun | ones and zeros. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml