Adding clamav-unofficial-sigs

October 30, 2020 Roberto Puzzanghera 0 comments

The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, urlhaus, etc. The script will also generate and install cron, logrotate, and man files.

Download the script and the config files

cd /usr/local/sbin/
chmod 755 /usr/local/sbin/
mkdir -p /etc/clamav-unofficial-sigs/

cd /etc/clamav-unofficial-sigs/

Select your operating system config from (adjust os_conf to your needs)

wget "${os_conf}"

user.conf will always override os.conf and master.conf, os.conf will override master.conf. Of course it's not a good idea to make changes in master.conf.

Check your os.*.conf file and create the following lines if not already present. Be aware that your clamdctl script must have a restart function, if this is not the case update it.

clamd_restart_opt="/usr/local/bin/clamdctl restart"

Now run the script as root

/usr/local/sbin/ --force

Install logrotate and man files

/usr/local/sbin/ --install-logrotate
/usr/local/sbin/ --install-man

Install configs. This is for those using cron

/usr/local/sbin/ --install-cron

and this is for systemd users

mkdir -p /etc/systemd/system/
wget -O /etc/systemd/system/clamav-unofficial-sigs.service
wget -O /etc/systemd/system/clamav-unofficial-sigs.timer

systemctl enable clamav-unofficial-sigs.service
systemctl enable clamav-unofficial-sigs.timer
systemctl start clamav-unofficial-sigs.timer

Run the following command to display which signatures have been loaded by clamav and check for errors. If the list contains the new databases the installation went well.

clamscan --debug 2>&1 /dev/null | grep "loaded"

Add a comment