i.e.: sa-update by default will verify update archives by use of a SHA1 checksum and GPG signature.
SHA1 hashes can verify whether or not the downloaded archive has been corrupted, but it does not offer any form of security regarding whether or not the downloaded archive is legitimate (aka: non-modifed by evildoers).
Mailborder was created by Jerry Benton, the owner of the Mail Scanner project.Each of the packages above is a compressed tar file. Warning: Not using the install script will more than likely leave you with an incomplete or broken installation.Special note for Clam AV on RHEL/Cent OS 7 Clam AV 0.100-1 introduced some breaking changes to its own package.--gpgkey key Trust the key id to sign releases Use multiple times for multiple keys --gpgkeyfile file Trust the key ids in the file to sign releases --gpghomedir path Store the GPG keyring in this directory --gpg and --nogpg Use (or do not use) GPG to verify updates (--gpg is assumed by use of the above --gpgkey and --gpgkeyfile options) --import file Import GPG key(s) from file into sa-update's keyring.Use multiple times for multiple files sa-update can update multiple channels at the same time.
With sa-update, those rules can quickly (potentially within minutes) be distributed and the new spam caught.