On Fri, 13 Aug 2004 at 19:48:34 +0200, Erich Titl wrote: [...] > 7) rebuild a .CVD file > > I have not been able to rebuild the cvd file using sigtool, so this is for > someone with more sigtool experience, but the diff of the two files show > that a patch is easily feasible
You can't rebuild a .cvd file with sigtool. Only virusdb maintainers can. Cvd files are digitally signed by them. It is on purpose - to make faking database impossible.
Oh, I thought the database was signed and the public key(s) published.
I understand the reason behind this, although a self contained, automated process might do as well (if incremented update should become an issue). I believe if such a process can verify the md5sum of the input file against a publicly known md5sum of the original input, then to some extent a cdv file could be created locally. The signature would not have the same weight, but creating an identical md5sum for the fake input and/or .cvd file would be quite a challenge.....
cheers Erich
THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
