Leonardo Rodrigues wrote:
the databases are digitally signed, and any modification, such in
a man-in-the-middle attack, would break the signature and freshclam
would refuse to run the files.
Sounds good. Can you please explain how this works in detail?
Apt places GPG keys in the system and uses them to verify downloaded
data.
It doesn't seem that ClamAV placed any GPG keys in my system. So how is
the verification happening?
Thanks
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml