Wednesday, 19 September 2007

SaneSecurity News: Corrupt Signatures

For a few hours today, one of the mirrors had a corrupt version of phish.ndb.gz.

After being alerted to the fact by a user, I informed the mirror admin about the issue and the problem was then fixed.

The scripts on the SaneSecurity site, check the integrity of the signatures before being moved into the ClamAV database directory for use... and have done for some time.

This is important not only for the SaneSecurity signatures but indeed for any Third-Party signatures, as if you move a corrupt signature file into the ClamAV directory, it's going to stop ClamAV from scanning your emails, until you sort the problem out.

If you're running your own script or have an old version of the SaneSecurity scripts, it might be worth updating them:

http://sanesecurity.co.uk/clamav/usage.htm

I do always check signature integrity before uploading... so they leave here fine... but the end-user must always double-check their download integrity before use.

Apologies for the corrupt file and any problems caused.

Cheers,

Steve

1 comment:

Miel Vanacker said...

First of all, thanks for all the great work, Steve!

A question: What is the recommended way for scripts to test this integrity? The example scripts let clamscan load the signatures, scan empty input and check the exit code, but clamscan does not really seem designed to be used in this manner.

Have you considered digitally signing the signatures you release? This would protect against any corruption or tampering in transport.

miel.vanacker@defraine.net