Re: [clamav-users] GPG key where? (was: Re: GPG signature problem with clamav-0.99.2.tar.gz)

2018-01-29 Thread Paul Kosinski 
I tend to get keys via GPG's "--recv-key" command, since it often is
not clear from the Web site where to get the key.

E.g., when "gpg --verify" reports the key is missing, the command below
will usually retrieve it (when it is provided, of course, with the right
fingerprint in place of "BCA5BFAD"):

  ~/Downloads/Linux/ClamAV> gpg --recv-key BCA5BFAD
  gpg: requesting key BCA5BFAD from hkp server keys.gnupg.net
  gpg: key BCA5BFAD: public key "Talos (Talos, Cisco Systems Inc.)
  <resea...@sourcefire.com>" imported gpg: Total number processed: 1
  gpg:   imported: 1  (RSA: 1)

This approach works in almost all situations. I don't know whether a
fake key being planted on the key server is more or less likely than
the software's Web page being compromised. I suppose one could get the
alleged key both ways (when possible) and compare the two results.




On Mon, 29 Jan 2018 23:13:16 +
SCOTT PACKARD <scott.pack...@raytheon.com> wrote:

> https://talosintelligence.com/about  click on box "Talos PGP Public
> Key". Maybe that one works?  If it was its own URL I'd include it,
> but it looks like it's javascript, in the same page.
> 
> Regards, Scott
> 
> > -Original Message-
> > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net]
> > On Behalf Of Tomasz Papszun Sent: Monday, January 29, 2018 2:26 PM
> > To: clamav-users@lists.clamav.net
> > Subject: [External] [clamav-users] GPG key where? (was: Re: GPG
> > signature problem with clamav-0.99.2.tar.gz)
> > 
> > On Fri, 30 Jun 2017 at 20:12:11 +, Joel Esler (jesler) wrote:
> > > Jim,
> > >
> > > Thanks.  This look like the vulndev key.  The correct key is on
> > > the contact page of Talosintelligence.com.
> > >
> > > We'll take a look here.
> > 
> > Hi, Joel.
> > 
> > I went to http://www.clamav.net/downloads, got
> > http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz  and
> > http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz.sig
> > and wanted to verify the tarball and compile ASAP - there are bugs
> > in 0.99.2 after all.
> > 
> > For half an hour or so I tried to find the public key at various
> > places:
> > 
> > Talosintelligence.com, Cisco.com, http://labs.snort.org/contact.html
> > (linked at
> > https://github.com/Cisco-Talos/clamav-faq/blob/master/faq/faq-upgrade.md),
> > a keyserver - all to no avail.
> > 
> > Where is the key?
> > 
> > 
> > >
> > > > On Jun 30, 2017, at 13:46, Jim Michaud
> > > > <jjmich...@constantcontact.com> wrote:
> > > >
> > > > I just downloaded clamav-0.99.2.tar.gz from
> > > > https://www.clamav.net/downloads and tried to check the
> > > > signature using the "Talos PGP Public Key" on the same page.
> > > > It looks like it was signed with a different public key.
> > > >
> > > > $ gpg --import ../Talos-PGP-Public-Key
> > > > gpg: key 0B3BB3A7: public key "vuln...@cisco.com
> > > > <vuln...@cisco.com>" imported gpg: Total number processed: 1
> > > > gpg:   imported: 1  (RSA: 1)
> > > >
> > > > $ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz
> > > > gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA
> > > > key ID 260429A0 gpg: Can't check signature: No public key
> > > >
> > > > I was able to do some digging and did find the key using
> > > > https://pgp.key-server.io/
> > > > (https://pgp.key-server.io/search/Talos+GPG+Key).  However that
> > > > key expired in April 2017. I'm guessing someone needs to update
> > > > the signature file using the new public key.
> > > >
> > > > $ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz
> > > > gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA
> > > > key ID 260429A0 gpg: Good signature from "Talos (Talos GPG Key)
> > > > <resea...@sourcefire.com>" gpg: Note: This key has expired!
> > > > Primary key fingerprint: F79F B2D0 8751 574C 5D3F  DFFB B3D5
> > > > 342C 2604 29A0
> > >
> > 
> > --
> >  Tomasz Papszun  | And it's only
> >  tomek at lodz.tpsa.pl linkedin.com/in/tomaszpapszun | ones and
> > zeros. ___

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] GPG key where? (was: Re: GPG signature problem with clamav-0.99.2.tar.gz)

2018-01-29 Thread Tomasz Papszun 
On Mon, 29 Jan 2018 at 23:28:42 +, Joel Esler (jesler) wrote:
> That's the correct one, thank you Scott.
> 
> --
> Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
> 
> 
> On Jan 29, 2018, at 6:13 PM, SCOTT PACKARD 
> <scott.pack...@raytheon.com<mailto:scott.pack...@raytheon.com>> wrote:
> 
> https://talosintelligence.com/about  click on box "Talos PGP Public Key".
> Maybe that one works?  If it was its own URL I'd include it, but it 
looks like it's javascript, in the same page. 
> 
> Regards, Scott
> 

Oh, indeed.

At first, JS didn't work.

Thanks, Scott.


To Joel:

why make getting the key harder than necessary? :-(


> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf 
> Of Tomasz Papszun
> Sent: Monday, January 29, 2018 2:26 PM
> To: clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> Subject: [External] [clamav-users] GPG key where? (was: Re: GPG signature 
> problem with clamav-0.99.2.tar.gz)
> 
> On Fri, 30 Jun 2017 at 20:12:11 +, Joel Esler (jesler) wrote:
> Jim,
> 
> Thanks.  This look like the vulndev key.  The correct key is on the contact 
> page of Talosintelligence.com<http://Talosintelligence.com>.
> 
> We'll take a look here.
> 
> Hi, Joel.
> 
> I went to http://www.clamav.net/downloads, got
> http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz  and
> http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz.sig
> and wanted to verify the tarball and compile ASAP - there are bugs in
> 0.99.2 after all.
> 
> For half an hour or so I tried to find the public key at various places:
> 
> Talosintelligence.com, Cisco.com, http://labs.snort.org/contact.html
> (linked at
> https://github.com/Cisco-Talos/clamav-faq/blob/master/faq/faq-upgrade.md),
> a keyserver - all to no avail.
> 
> Where is the key?
> 

-- 
 Tomasz Papszun  | And it's only
 tomek at lodz.tpsa.pl linkedin.com/in/tomaszpapszun | ones and zeros.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] GPG key where? (was: Re: GPG signature problem with clamav-0.99.2.tar.gz)

2018-01-29 Thread Joel Esler (jesler) 
That's the correct one, thank you Scott.

--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>






On Jan 29, 2018, at 6:13 PM, SCOTT PACKARD 
<scott.pack...@raytheon.com<mailto:scott.pack...@raytheon.com>> wrote:

https://talosintelligence.com/about  click on box "Talos PGP Public Key".
Maybe that one works?  If it was its own URL I'd include it, but it looks like 
it's javascript, in the same page.

Regards, Scott

-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Tomasz Papszun
Sent: Monday, January 29, 2018 2:26 PM
To: clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
Subject: [External] [clamav-users] GPG key where? (was: Re: GPG signature 
problem with clamav-0.99.2.tar.gz)

On Fri, 30 Jun 2017 at 20:12:11 +, Joel Esler (jesler) wrote:
Jim,

Thanks.  This look like the vulndev key.  The correct key is on the contact 
page of Talosintelligence.com<http://Talosintelligence.com>.

We'll take a look here.

Hi, Joel.

I went to http://www.clamav.net/downloads, got
http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz  and
http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz.sig
and wanted to verify the tarball and compile ASAP - there are bugs in
0.99.2 after all.

For half an hour or so I tried to find the public key at various places:

Talosintelligence.com, Cisco.com, http://labs.snort.org/contact.html
(linked at
https://github.com/Cisco-Talos/clamav-faq/blob/master/faq/faq-upgrade.md),
a keyserver - all to no avail.

Where is the key?



On Jun 30, 2017, at 13:46, Jim Michaud <jjmich...@constantcontact.com> wrote:

I just downloaded clamav-0.99.2.tar.gz from
https://www.clamav.net/downloads and tried to check the signature
using the "Talos PGP Public Key" on the same page.  It looks like it
was signed with a different public key.

$ gpg --import ../Talos-PGP-Public-Key
gpg: key 0B3BB3A7: public key "vuln...@cisco.com <vuln...@cisco.com>" imported
gpg: Total number processed: 1
gpg:   imported: 1  (RSA: 1)

$ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz
gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA key ID 260429A0
gpg: Can't check signature: No public key

I was able to do some digging and did find the key using
https://pgp.key-server.io/
(https://pgp.key-server.io/search/Talos+GPG+Key).  However that key
expired in April 2017. I'm guessing someone needs to update the
signature file using the new public key.

$ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz
gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA key ID 260429A0
gpg: Good signature from "Talos (Talos GPG Key) <resea...@sourcefire.com>"
gpg: Note: This key has expired!
Primary key fingerprint: F79F B2D0 8751 574C 5D3F  DFFB B3D5 342C 2604 29A0


--
Tomasz Papszun  | And it's only
tomek at lodz.tpsa.pl linkedin.com/in/tomaszpapszun | ones and zeros.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] GPG key where? (was: Re: GPG signature problem with clamav-0.99.2.tar.gz)

2018-01-29 Thread SCOTT PACKARD 
https://talosintelligence.com/about  click on box "Talos PGP Public Key".
Maybe that one works?  If it was its own URL I'd include it, but it looks like 
it's javascript, in the same page.

Regards, Scott

> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf 
> Of Tomasz Papszun
> Sent: Monday, January 29, 2018 2:26 PM
> To: clamav-users@lists.clamav.net
> Subject: [External] [clamav-users] GPG key where? (was: Re: GPG signature 
> problem with clamav-0.99.2.tar.gz)
> 
> On Fri, 30 Jun 2017 at 20:12:11 +, Joel Esler (jesler) wrote:
> > Jim,
> >
> > Thanks.  This look like the vulndev key.  The correct key is on the contact 
> > page of Talosintelligence.com.
> >
> > We'll take a look here.
> 
> Hi, Joel.
> 
> I went to http://www.clamav.net/downloads, got
> http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz  and
> http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz.sig
> and wanted to verify the tarball and compile ASAP - there are bugs in
> 0.99.2 after all.
> 
> For half an hour or so I tried to find the public key at various places:
> 
> Talosintelligence.com, Cisco.com, http://labs.snort.org/contact.html
> (linked at
> https://github.com/Cisco-Talos/clamav-faq/blob/master/faq/faq-upgrade.md),
> a keyserver - all to no avail.
> 
> Where is the key?
> 
> 
> >
> > > On Jun 30, 2017, at 13:46, Jim Michaud <jjmich...@constantcontact.com> 
> > > wrote:
> > >
> > > I just downloaded clamav-0.99.2.tar.gz from
> > > https://www.clamav.net/downloads and tried to check the signature
> > > using the "Talos PGP Public Key" on the same page.  It looks like it
> > > was signed with a different public key.
> > >
> > > $ gpg --import ../Talos-PGP-Public-Key
> > > gpg: key 0B3BB3A7: public key "vuln...@cisco.com <vuln...@cisco.com>" 
> > > imported
> > > gpg: Total number processed: 1
> > > gpg:   imported: 1  (RSA: 1)
> > >
> > > $ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz
> > > gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA key ID 
> > > 260429A0
> > > gpg: Can't check signature: No public key
> > >
> > > I was able to do some digging and did find the key using
> > > https://pgp.key-server.io/
> > > (https://pgp.key-server.io/search/Talos+GPG+Key).  However that key
> > > expired in April 2017. I'm guessing someone needs to update the
> > > signature file using the new public key.
> > >
> > > $ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz
> > > gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA key ID 
> > > 260429A0
> > > gpg: Good signature from "Talos (Talos GPG Key) <resea...@sourcefire.com>"
> > > gpg: Note: This key has expired!
> > > Primary key fingerprint: F79F B2D0 8751 574C 5D3F  DFFB B3D5 342C 2604 
> > > 29A0
> >
> 
> --
>  Tomasz Papszun  | And it's only
>  tomek at lodz.tpsa.pl linkedin.com/in/tomaszpapszun | ones and zeros.
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] GPG key where? (was: Re: GPG signature problem with clamav-0.99.2.tar.gz)

2018-01-29 Thread Tomasz Papszun 
On Fri, 30 Jun 2017 at 20:12:11 +, Joel Esler (jesler) wrote:
> Jim,
> 
> Thanks.  This look like the vulndev key.  The correct key is on the contact 
> page of Talosintelligence.com. 
> 
> We'll take a look here.  

Hi, Joel.

I went to http://www.clamav.net/downloads, got 
http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz  and
http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz.sig
and wanted to verify the tarball and compile ASAP - there are bugs in 
0.99.2 after all.

For half an hour or so I tried to find the public key at various places:

Talosintelligence.com, Cisco.com, http://labs.snort.org/contact.html 
(linked at 
https://github.com/Cisco-Talos/clamav-faq/blob/master/faq/faq-upgrade.md), 
a keyserver - all to no avail.

Where is the key?


> 
> > On Jun 30, 2017, at 13:46, Jim Michaud  
> > wrote:
> > 
> > I just downloaded clamav-0.99.2.tar.gz from
> > https://www.clamav.net/downloads and tried to check the signature
> > using the "Talos PGP Public Key" on the same page.  It looks like it
> > was signed with a different public key.
> > 
> > $ gpg --import ../Talos-PGP-Public-Key
> > gpg: key 0B3BB3A7: public key "vuln...@cisco.com " 
> > imported
> > gpg: Total number processed: 1
> > gpg:   imported: 1  (RSA: 1)
> > 
> > $ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz
> > gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA key ID 
> > 260429A0
> > gpg: Can't check signature: No public key
> > 
> > I was able to do some digging and did find the key using
> > https://pgp.key-server.io/
> > (https://pgp.key-server.io/search/Talos+GPG+Key).  However that key
> > expired in April 2017. I'm guessing someone needs to update the
> > signature file using the new public key.
> > 
> > $ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz
> > gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA key ID 
> > 260429A0
> > gpg: Good signature from "Talos (Talos GPG Key) "
> > gpg: Note: This key has expired!
> > Primary key fingerprint: F79F B2D0 8751 574C 5D3F  DFFB B3D5 342C 2604 29A0
> 

-- 
 Tomasz Papszun  | And it's only
 tomek at lodz.tpsa.pl linkedin.com/in/tomaszpapszun | ones and zeros.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml