Start with the Documentation page for Upgrading ClamAV: <http://www.clamav.net/doc/upgrade.html>
> • How do I verify the integrity of ClamAV sources? > Using GnuPG you can easily verify the authenticity of your stable release > downloads by using the following method: Download the Sourcefire VRT key from > the VRT labs site <http://labs.snort.org/contact.html>. Import the key into > your local public keyring: $ gpg --import vrt.gpg. > > Download the stable release AND the corresponding .sig file to the same > directory. Verify that the stable release download is signed with the > Sourcefire VRT key <http://labs.snort.org/contact.html>: $ gpg --verify > clamav-X.XX.tar.gz.sig > > Please note that the resulting output should look like the following: > > gpg: Signature made <some date> using DSA key ID 15497F03 > gpg: Good signature from Sourcefire VRT <email address> On Thu, Jul 16, 2015 at 08:21 AM, Bowie Bailey wrote: > > Where can I find the gpg key for the clamav tarball? I've poked through the > website and sourceforge and can't find it anywhere. -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
