# Trusted and Revoked Certificates Clamav 0.98 checks signed PE files for certificates and verifies each certificate in the chain against a database of trusted and revoked certificates. The signature format is ``` Name;Trusted;Subject;Serial;Pubkey;Exponent;CodeSign;TimeSign;CertSign; NotBefore;Comment[;minFL[;maxFL]] ``` where the corresponding fields are: - `Name:` name of the entry - `Trusted:` bit field, specifying whether the cert is trusted. 1 for trusted. 0 for revoked - `Subject:` sha1 of the Subject field in hex - `Serial:` the serial number as clamscan –debug –verbose reports - `Pubkey:` the public key in hex - `Exponent:` the exponent in hex. Currently ignored and hardcoded to 010001 (in hex) - `CodeSign:` bit field, specifying whether this cert can sign code. 1 for true, 0 for false - `TimeSign:` bit field. 1 for true, 0 for false - `CertSign:` bit field, specifying whether this cert can sign other certs. 1 for true, 0 for false - `NotBefore:` integer, cert should not be added before this variable. Defaults to 0 if left empty - `Comment:` comments for this entry The signatures for certs are stored inside `.crb` files.