[users] ClamAV tampered or corrupt

Nicolas Thierry-Mieg Nicolas.Thierry-Mieg at imag.fr
Mon Jan 7 15:39:26 CET 2008


RPMForge Users-list Readers wrote:
> Hi guys...
> 
> The following has been happening to me ever since the new clam engine
> became available -- it's not just a one-off today.
> 
> I dare not install _anything_ while packages are publicly available with
> digests and signatures broken... it leaves me a little anxious about
> integrity in general.
> 
> Has anyone else seen this? Can anyone shed some light? Thanks!
> 
<snip>
>         ************ GPG VERIFICATION ERROR ****************
>         The package clamav-0.92-1.el4.rf failed its gpg signature
>             verification. This means the package is corrupt.
>         ****************************************************
> 
> (Just an excerpt from running up2date -u --download as usual.)

I just manually downloaded that package from dag.wieers.com as well as 
fr2.rpmfind.net, in both cases all is well:
$ rpm -K clamav-0.92-1.el4.rf.i386.rpm
clamav-0.92-1.el4.rf.i386.rpm: (sha1) dsa sha1 md5 gpg OK

so, I guess it's either the mirror you use that's corrupted, or your 
tool (up2date or whatever it relies on) that's caching a corrupt package.
'locate clamav-0.92-1.el4.rf.i386.rpm' might shed some light.

cheers,



More information about the users mailing list