On Jul 16, 2015, at 2:45 PM, Bowie Bailey <bowie_bai...@buc.com<mailto:bowie_bai...@buc.com>> wrote:
On 7/16/2015 1:30 PM, Al Varnell wrote: Start with the Documentation page for Upgrading ClamAV: <http://www.clamav.net/doc/upgrade.html> • How do I verify the integrity of ClamAV sources? Using GnuPG you can easily verify the authenticity of your stable release downloads by using the following method: Download the Sourcefire VRT key from the VRT labs site <http://labs.snort.org/contact.html>. Import the key into your local public keyring: $ gpg --import vrt.gpg. Download the stable release AND the corresponding .sig file to the same directory. Verify that the stable release download is signed with the Sourcefire VRT key <http://labs.snort.org/contact.html>: $ gpg --verify clamav-X.XX.tar.gz.sig Please note that the resulting output should look like the following: gpg: Signature made <some date> using DSA key ID 15497F03 gpg: Good signature from Sourcefire VRT <email address> On Thu, Jul 16, 2015 at 08:21 AM, Bowie Bailey wrote: Where can I find the gpg key for the clamav tarball? I've poked through the website and sourceforge and can't find it anywhere. Wow. They certainly buried it well enough! You would think they would put a link on the download page or somewhere a bit more visible. I skimmed through a bunch of the documentation previously, but I guess I missed it. Interesting that they don't even mention checking the signature in the install instructions. I even had to dig the sig file out of the sourceforge project page. As far as I can tell, it's not linked from the main site at all. Hey guys sorry about this, I read the email and thought I responded because I started looking into fixing the problem, and got sidetracked with some other stuff. Anyway, we’re going to put it on the main site. Also going to move the downloads off of SourceForge. No time frame yet. -- Joel Esler Manager, Threat Intelligence Team & Open Source Talos Group http://www.talosintel.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
