[Clamav-users] Re: virus.db2 md5 mismatch

[gabriel russell]

I just installed clamav and found it immediately useful. Then I went to 
run freshclam only to have it give me an md5 check error. I ran it 
again, and I got the same error. So I downloaded the databases and md5 
sums manually. I generated my own md5 sums and checked them against the 
md5 sums that I downloaded and found them to be the same. So, then I 
guessed that they may have just been updated and I re-ran freshclam and 
it still gave me an md5 error. So now I just think that there must be a 
bug in freshclam.

This all got me wondering what the freekin md5 was for. It wont protect 
you from server compromises. It's not a secure signature, remember, it's 
only a secure fingerprint. Anyone compromising the server and replacing 
the database with a trojan will happily replace the md5 file. The only 
thing you get is protection from corruption, which is very unlikely to 
happen on modern hardware.

What would be nice is to have a secure signature. Whatever script 
uploads the database can sign the file with a private key, then it 
upload the file and the signature. freshclam can then check the file 
against the signature using the public key. This would actually offer us 
some sort of guarentee that the file has not been compromised.

I'm not sure how much need there is for this. Then again if there is no 
need for this, there had to be less need for checkng the md5's.

- gabriel



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users