I'm working on a web server which caches and serves up a private mirror for definition files, and I wanted to be able to validate if the definition file signature. I'm writing a parser which reads and validates the MD5/Digital Signature hashes before adding it into the cache.
The header seems to be 512 bytes before the binary blob begins. The CVD header is inserted at the beginning of the file, after the build and hashes have been calculated, correct? To validate the hashes, I would calculate the hash with the data from from byte 513 -> EOF? I was looking `libclamav/dsig.c/cli_decodesig()` to understand how the CVD header signature is read and validated on a definition blob, and but I'm not really understanding how it's validating the signature. I'm not familiar enough with C to follow the typedefs. How does it validate the signature? Thanks! -- Respectfully, Mike Lloyd *Sr. Solutions Architect* *Cell: +1-719-766-1923* *Email: mll...@pivotal.io <mll...@pivotal.io> | **Github: mxplusb | **Twitter: mxplusc | **Keybase: mlloyd* _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net http://www.clamav.net/contact.html#ml
