On 22/11/2006 21:59, [EMAIL PROTECTED] wrote:
I am supporting a small network of Linux boxes running RH3 in a restricted
area, with no connection to an outside network; hence I do not use
freshclam to update the virus data base files, but rather download
main.cvd and daily.cvd and manually upgrade each of the four machines. My
If the machines are networked together, you could set up a local mirror
on one of the machines and let freshclam load the updated files from
that. Then you just need to update the local mirror manually.
My
question is this- is there a digital signature capability for these files
that is associated with a manual download? If so, what are the steps I
need to follow?
If the GMP library was detected by ./configure, digital signature
verification will be compiled in. The CVD files have digital signatures
in them.
I am using gnupg 1.2.1 and am familiar with adding public
keys, such as the ones on the dag/wieers website used to sign the binary
RPMs. Are there signature files associated with the main.cvd and
daily.cvd files posted on the home page of clamav.net? If so, whose key
is used to encrypt? (You may correctly ask "why bother running Clam or
mess with digital signatures if you're not on the public net?" The reason
is, that due to the sensitive nature of the processing that goes on using
these machines, the powers that be worry about protection from viruses
period, and using open source is a further cause for their concern, so the
ability to at least download from trusted sources is a big thing to them).
I'm not sure what algorithm is used, but I guess the digital signatures
in the database files are checked against a public key embedded in the
source code. Only certain trusted people who package the database files
will have access to the corresponding private key. Correct me if I'm wrong!
--
-=( Ian Abbott @ MEV Ltd. E-mail: <[EMAIL PROTECTED]> )=-
-=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=-
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
