forked from extremeshok/clamav-unofficial-sigs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
INSTALL
141 lines (107 loc) · 6.72 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
====================
GENERAL INFORMATION:
====================
This is property of eXtremeSHOK.com
You are free to use, modify and distribute, however you may not remove this notice.
Copyright (c) Adrian Jon Kriel :: [email protected]
Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
Script provide by Bill Landry ([email protected]).
## Description
The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party
signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine,
Securiteinfo, MalwarePatrol. The package also contains cron, logrotate, and man files.
The two files needed to download, test and update third-party ClamAV database files are the script itself
(clamav-unofficial-sig.sh), and the user configuration file (clamav-unofficial-sigs.conf).
Since the user configuration section has been separated from the script itself, the script now
needs to reference the configuration file when run by using the "-c" flag when running the script.
It is also recommended that a copy of the configuration file be place in the "default" location
"/etc" so that it can be used when running the script manually without using the "-c" flag, or
when running the script with the "-d" (decode virus signature), "-g" (check gpg signature), or
"-s" (check database integrity) flags. This also provides a way to run the script with different
configuration options when run via cron versus when run manually.
Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
==========================
INSTALLATION INSTRUCTIONS:
==========================
WARNING: Renaming any of the files included in the tarball may cause the script to fail to remove
all files, databases, and work directories from the system if the '-r' (remove script) flag is used.
Make sure you do not have the package installed via yum/apt
Debian/Ubuntu:
apt-get purge clamav-unofficial-sigs
RHEL/CentOS:
yum purge clamav-unofficial-sigs
Download the latest archive
wget -q --no-check-certificate https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip -O /tmp/clamav-unofficial-sigs.zip
Uncompress/Unpackage the archive:
unzip -j -qq -o /tmp/clamav-unofficial-sigs.zip -d /tmp/clamav-unofficial-sigs/
Install:
mkdir -p /usr/local/bin/
mkdir -p /var/log/clamav-unofficial-sigs/
cp -f /tmp/clamav-unofficial-sigs/clamav-unofficial-sigs.sh /usr/local/bin/clamav-unofficial-sigs.sh
chmod +x /usr/local/bin/clamav-unofficial-sigs.sh
cp -f /tmp/clamav-unofficial-sigs/clamav-unofficial-sigs.conf /etc/clamav-unofficial-sigs.conf
cp -f /tmp/clamav-unofficial-sigs/clamav-unofficial-sigs.8 /usr/share/man/man8/clamav-unofficial-sigs.8
cp -f /tmp/clamav-unofficial-sigs/clamav-unofficial-sigs-cron /etc/cron.d/clamav-unofficial-sigs-cron
cp -f /tmp/clamav-unofficial-sigs/clamav-unofficial-sigs-logrotate /etc/logrotate.d/clamav-unofficial-sigs-logrotate
Configure:
Edit the /etc/clamav-unofficial-sigs.conf file
Edit the /etc/logrotate.d/clamav-unofficial-sigs-logrotate file
IMPORTANT CONFIGURATION CONSIDERATIONS:
- Make sure that the PATH statement correctly defines the location of your binary files. These
include: find, sed, awk, cut, grep, tail, chown, chmod, cmp, diff, dig, host, gzip, ls, cp, mv,
test, gpg, xargs, sleep, urandom, cksum, rsync, curl, socat, etc. It has been reported that
on Sun systems, the GNU utilities should be used rather than the default Sun versions.
- System shell setting: Based on user feedback, it has been reported that "sh" works best for
BSD variants, "ksh" for Sun Solaris, and "bash" for Linux variants. If you experience problems
running the script, please try editing the top line of the script file and changing "sh" to
either "ksh" or "bash" before reporting a problem.
- Adjust configuration settings to meet your system requirements.
==================
USAGE INFORMATION:
==================
To run at specific time intervals, either use the include cron file or edit the user crontab:
/etc/cron.d/clamav-unofficial-sigs-cron
To run manually:
/usr/local/bin/clamav-unofficial-sigs.sh
===================
SCRIPT FLAGS USAGE:
===================
Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE]
-c, --config Direct script to use a specific configuration file
eg: '-c /path/to/clamav-unofficial-sigs.conf'
Optional if the default config is available
Default: /etc/clamav-unofficial-sigs.conf
--force Force all databases to be downloaded, could cause ip to be blocked
-h, --help Display this script's help and usage information
-v, --version Output script version and date information
-d, --decode-sig Decode a third-party signature either by signature name
(eg: Sanesecurity.Junk.15248) or hexadecimal string.
This flag will 'NOT' decode image signatures
-e, --encode-string Hexadecimal encode an entire input string that can
be used in any '*.ndb' signature database file
-f, --encode-formatted Hexadecimal encode a formatted input string containing
signature spacing fields '{}, (), *', without encoding
the spacing fields, so that the encoded signature
can be used in any '*.ndb' signature database file
-g, --gpg-verify GPG verify a specific Sanesecurity database file
eg: '-g filename.ext' (do not include file path)
-i, --information Output system and configuration information for
viewing or possible debugging purposes
-m, --make-database Make a signature database from an ascii file containing
data strings, with one data string per line. Additional
information is provided when using this flag
-r, --remove-script Remove the clamav-unofficial-sigs script and all of
its associated files and databases from the system
-s, --test-database Clamscan integrity test a specific database file
eg: '-s filename.ext' (do not include file path)
-t, --output-triggered If HAM directory scanning is enabled in the script's
configuration file, then output names of any third-party
signatures that triggered during the HAM directory scan
-w, --whitelist Adds a signature whitelist entry in the newer ClamAV IGN2
format to 'my-whitelist.ign2' in order to temporarily resolve
a false-positive issue with a specific third-party signature.
Script added whitelist entries will automatically be removed
if the original signature is either modified or removed from
the third-party signature database
--check-clamav If ClamD status check is enabled and the socket path is correctly specified
then test to see if clamd is running or not