Re: [Clamav-users] Re: Digital signatures for virus database files
On Wed, 22 Nov 2006 at 16:37:43 -0600, René Berber wrote: sigtool does the checking. Man sigtool says: It's also to verify digital signatures of databases..., and option -i or --info does Print a CVD information and verify MD5 and a digital signature. How it does it? I don't know, I haven't checked, but no mention is made that it may need an Internet connection. To be sure you'll have to try it or perhaps look at the source code. I did once compared the MD5 checksum showed with the output of the usual md5sum, and they are different. - -- This is because the MD5 checksum shown by sigtool is of the naked database, i.e. before prepending it with the CVD header. Once you remove the header, md5sum(1) of the database is the same as printed by sigtool. As (e.g.) http://www.clamav.net/doc/0.88.5/html/node45.html says: CVD format CVD (ClamAV Virus Database) is a digitally signed tarball file that contains one or more databases. The header is a 512 bytes long string with colon separated fields: ClamAV-VDB:build time:version:number of signatures:functionality level required:MD5 checksum:digital signature:builder name:build time (sec). How we can compare both checksums: First we'll print the MD5 checksum with sigtool (cutting off the string MD5: for easier comparing later). Then we'll take all but first 512 bytes of the CVD file (to remove the header). Finally we'll generate the MD5 checksum of the naked database. The result: both checksums are identical. $ sigtool -i /var/lib/clamav/main.cvd | grep MD5 | cut -d -f 2 bbd0a1fe83da562a1d6b43e22f4c0626 $ tail -c +513 /var/lib/clamav/main.cvd main.cvd.tmp $ md5sum main.cvd.tmp bbd0a1fe83da562a1d6b43e22f4c0626 main.cvd.tmp -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Digital signatures for virus database files
On 22/11/2006 21:59, [EMAIL PROTECTED] wrote: I am supporting a small network of Linux boxes running RH3 in a restricted area, with no connection to an outside network; hence I do not use freshclam to update the virus data base files, but rather download main.cvd and daily.cvd and manually upgrade each of the four machines. My If the machines are networked together, you could set up a local mirror on one of the machines and let freshclam load the updated files from that. Then you just need to update the local mirror manually. My question is this- is there a digital signature capability for these files that is associated with a manual download? If so, what are the steps I need to follow? If the GMP library was detected by ./configure, digital signature verification will be compiled in. The CVD files have digital signatures in them. I am using gnupg 1.2.1 and am familiar with adding public keys, such as the ones on the dag/wieers website used to sign the binary RPMs. Are there signature files associated with the main.cvd and daily.cvd files posted on the home page of clamav.net? If so, whose key is used to encrypt? (You may correctly ask why bother running Clam or mess with digital signatures if you're not on the public net? The reason is, that due to the sensitive nature of the processing that goes on using these machines, the powers that be worry about protection from viruses period, and using open source is a further cause for their concern, so the ability to at least download from trusted sources is a big thing to them). I'm not sure what algorithm is used, but I guess the digital signatures in the database files are checked against a public key embedded in the source code. Only certain trusted people who package the database files will have access to the corresponding private key. Correct me if I'm wrong! -- -=( Ian Abbott @ MEV Ltd.E-mail: [EMAIL PROTECTED])=- -=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Digital signatures for virus database files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jfvacher wrote: I am supporting a small network of Linux boxes running RH3 in a restricted area, with no connection to an outside network; hence I do not use freshclam to update the virus data base files, but rather download main.cvd and daily.cvd and manually upgrade each of the four machines. My question is this- is there a digital signature capability for these files that is associated with a manual download? If so, what are the steps I need to follow? I am using gnupg 1.2.1 and am familiar with adding public keys, such as the ones on the dag/wieers website used to sign the binary RPMs. Are there signature files associated with the main.cvd and daily.cvd files posted on the home page of clamav.net? If so, whose key is used to encrypt? (You may correctly ask why bother running Clam or mess with digital signatures if you're not on the public net? The reason is, that due to the sensitive nature of the processing that goes on using these machines, the powers that be worry about protection from viruses period, and using open source is a further cause for their concern, so the ability to at least download from trusted sources is a big thing to them). The answers to FAQ questions 20 and 36 do not seem to apply to my situation, but I may not be smart enough to know if they do, as I am a very inexperienced Linux newbie. I wasn't able to find any other postings that seemed to be relevant to my situation either. Any help would be greatly appreciated. sigtool does the checking. Man sigtool says: It's also to verify digital signatures of databases..., and option -i or --info does Print a CVD information and verify MD5 and a digital signature. How it does it? I don't know, I haven't checked, but no mention is made that it may need an Internet connection. To be sure you'll have to try it or perhaps look at the source code. I did once compared the MD5 checksum showed with the output of the usual md5sum, and they are different. - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFZNE3L3NNweKTRgwRAkhPAKCa2kH3vTQvOzQ5ZdsBARJ3zotn0gCfbMtX VRzvh8a+75DTeaw1D+5Be3Q= =eIwM -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html