But what are they signed *by*? If it’s using a public/private keypair, where is the public key? Is it baked into freshclam/clamd/clamscan somewhere?
- Luke > On Oct 24, 2018, at 11:59 AM, Noel Jones <[email protected]> wrote: > > On 10/23/2018 2:17 PM, Luke Massa wrote: >> >> In short, is there any way I can setup clamav/freshclam and be >> confident that a malicious user isn’t adding/removing signatures >> from the upstream mirrors? > > The .cvd files have an internal cryptographic signature that's > checked by freshclam and clamd/clamscan. If freshclam and/or clamd > accepts the files, you can be assured they are official and > unmodified. This is built into clam; no external tools are called. > > > > _______________________________________________ > clamav-users mailing list > [email protected] > https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.clamav.net_cgi-2Dbin_mailman_listinfo_clamav-2Dusers&d=DwIGaQ&c=9Hv6XPedRSA-5PSECC38X80c1h60_XWA4z1k_R1pROA&r=kBR20qCRpw_COsjokFR0DeDlBjL9wibcGzBBJtTubwc&m=ubAc0_qBT9TvSWB9vjS80Ms_3NrthlFbqGFdf4SnHnI&s=4z3Dmbis3lgzZCwuTZLvD73r3WkvhFQDX5PNfriNroU&e= > > > Help us build a comprehensive ClamAV guide: > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vrtadmin_clamav-2Dfaq&d=DwIGaQ&c=9Hv6XPedRSA-5PSECC38X80c1h60_XWA4z1k_R1pROA&r=kBR20qCRpw_COsjokFR0DeDlBjL9wibcGzBBJtTubwc&m=ubAc0_qBT9TvSWB9vjS80Ms_3NrthlFbqGFdf4SnHnI&s=mKsCe7GnAu-_iumtzjklXt4uvxURW8H8jZPNpv1EgFg&e= > > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clamav.net_contact.html-23ml&d=DwIGaQ&c=9Hv6XPedRSA-5PSECC38X80c1h60_XWA4z1k_R1pROA&r=kBR20qCRpw_COsjokFR0DeDlBjL9wibcGzBBJtTubwc&m=ubAc0_qBT9TvSWB9vjS80Ms_3NrthlFbqGFdf4SnHnI&s=gyItpqPZCd_ddSzi93tJXOU6DbhXlZZECSjFSpkF38s&e= _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
