Ah I see it now!
For those following along, in libclamav/dsig.c, there is an implementation of
RSA inspired by http://www.erikyyy.de/yyyRSA/, and the public parameters of an
RSA key are hard-coded in that file.
Thanks again!
- Luke
On Oct 24, 2018, at 2:01 PM, Noel Jones
mailto:njo...@megan.v
Baked in.
On 10/24/2018 12:10 PM, Luke Massa wrote:
> But what are they signed *by*? If it’s using a public/private keypair, where
> is the public key? Is it baked into freshclam/clamd/clamscan somewhere?
>
> - Luke
>
>> On Oct 24, 2018, at 11:59 AM, Noel Jones wrote:
>>
>> On 10/23/2018 2:1
But what are they signed *by*? If it’s using a public/private keypair, where is
the public key? Is it baked into freshclam/clamd/clamscan somewhere?
- Luke
> On Oct 24, 2018, at 11:59 AM, Noel Jones wrote:
>
> On 10/23/2018 2:17 PM, Luke Massa wrote:
>>
>> In short, is there any way I can set
On 10/23/2018 2:17 PM, Luke Massa wrote:
>
> In short, is there any way I can setup clamav/freshclam and be
> confident that a malicious user isn’t adding/removing signatures
> from the upstream mirrors?
The .cvd files have an internal cryptographic signature that's
checked by freshclam and clamd
> As a follow-up, in response to a question as to why they just block
I meant "don't just block", of course ...
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a co
Hi,
> * Alex :
> > Another malwarepatrol fp for docs.google.com
> >
> > # sigtool --find-sigs MBL_17713260 |sigtool --decode-sigs
> > VIRUS NAME: MBL_17713260
> > TARGET TYPE: ANY FILE
> > OFFSET: *
> > DECODED SIGNATURE:
> > https://docs.google.com
> >
> > I don't even know what to do anymore. Is
If you are testing connectivity, please state what version of ClamAV you are
using.
If you are not using the most up to date, please try that.
Sent from my iPhone
> On Oct 24, 2018, at 04:00, Michael Da Cova wrote:
>
> Hi
>
>> On 24/10/2018 04:09, Dave Warren wrote:
>>> On Tue, Oct 23, 20
On Wed, October 24, 2018 9:05 am, Al Varnell wrote:
> I cannot argue that malware does not show up in Google Docs which is wide
> open to anybody that wants to post there, as I know it has occurred. Not
> sure how big a problem it has become for Google to police. I think it
> would be better if m
* Al Varnell :
> I cannot argue that malware does not show up in Google Docs which is
> wide open to anybody that wants to post there,
Amen to that!
> as I know it has occurred. Not sure how big a problem it has become for
> Google to police. I think it would be better if malwarepatrol were to
>
I cannot argue that malware does not show up in Google Docs which is wide open
to anybody that wants to post there, as I know it has occurred. Not sure how
big a problem it has become for Google to police. I think it would be better if
malwarepatrol were to list the specific site where the malwa
* Alex :
> Hi,
>
> Thought I'd follow up with the response from Malwarepatrol:
>
> "The classification of a sample hosted on that domain, according to
> MBL# 17713260 (MD5: 88a1265b2f954a1fb06b6a67f198645e9617007e), is
> backed by 12 anti-virus products. Therefore, this is not a false
> positive.
* Alex :
> Another malwarepatrol fp for docs.google.com
>
> # sigtool --find-sigs MBL_17713260 |sigtool --decode-sigs
> VIRUS NAME: MBL_17713260
> TARGET TYPE: ANY FILE
> OFFSET: *
> DECODED SIGNATURE:
> https://docs.google.com
>
> I don't even know what to do anymore. Is it worth it to keep malw
Hi
On 24/10/2018 04:09, Dave Warren wrote:
> On Tue, Oct 23, 2018, at 11:50, Paul Kosinski wrote:
>> "...it works smoothly for a very large number of people, myself
>> included."
>>
>> It would be interesting to know what percentage have experienced our
>> original problem of all mirrors ending up
13 matches
Mail list logo