-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jfvacher wrote:
> I am supporting a small network of Linux boxes running RH3 in a restricted > area, with no connection to an outside network; hence I do not use > freshclam to update the virus data base files, but rather download > main.cvd and daily.cvd and manually upgrade each of the four machines. My > question is this- is there a digital signature capability for these files > that is associated with a manual download? If so, what are the steps I > need to follow? I am using gnupg 1.2.1 and am familiar with adding public > keys, such as the ones on the dag/wieers website used to sign the binary > RPMs. Are there signature files associated with the main.cvd and > daily.cvd files posted on the home page of clamav.net? If so, whose key > is used to encrypt? (You may correctly ask "why bother running Clam or > mess with digital signatures if you're not on the public net?" The reason > is, that due to the sensitive nature of the processing that goes on using > these machines, the powers that be worry about protection from viruses > period, and using open source is a further cause for their concern, so the > ability to at least download from trusted sources is a big thing to them). > > The answers to FAQ questions 20 and 36 do not seem to apply to my > situation, but I may not be smart enough to know if they do, as I am a > very inexperienced Linux newbie. I wasn't able to find any other postings > that seemed to be relevant to my situation either. > > Any help would be greatly appreciated. sigtool does the checking. Man sigtool says: "It's also to verify digital signatures of databases...", and option -i or --info does "Print a CVD information and verify MD5 and a digital signature." How it does it? I don't know, I haven't checked, but no mention is made that it may need an Internet connection. To be sure you'll have to try it or perhaps look at the source code. I did once compared the MD5 checksum showed with the output of the usual md5sum, and they are different. - -- René Berber -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFZNE3L3NNweKTRgwRAkhPAKCa2kH3vTQvOzQ5ZdsBARJ3zotn0gCfbMtX VRzvh8a+75DTeaw1D+5Be3Q= =eIwM -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
