ClamAV Unofficial Signatures Updater is a script made to empower Clamav antivirus database signature by making it download additional virus signatures from third parties and automatically updates these signatures.
The signature databases provided by
Securiteinfo (2.500.000 Sig), Sanesecurity (100.000 Sig), MalwarePatrol (90.000 Sig), FOXHOLE, OITC (60.000S Sig), Scamnailer (50.000 Sig), BOFHLAND (50.000 Sig), CRDF, Porcupine (30.000 Sig), Yara-Rules Project, etc.
The script also generates and install cron, logrotate, and man files.
You will not need to install Linux Malware Detect tool (Maldet) by installing this tool as it includes Maldet signatures.
Probably you will find some false positive and some duplicated detection, which two (or more) signature providers will detect the same file, which to me is good, I better get more suspected files than being blind then check manually each.
To install the script:
First, ensure that you have installed ClamAV:
-Cloning the repository.
git clone https://github.com/extremeshok/clamav-unofficial-sigs.git
Copy clamav-unofficial-sigs.sh and set its permissions.
chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh
Make a directory for config files and copy configurations to it.
cp config/* /etc/clamav-unofficial-sigs/
Make a directory for log files.
Rename your distribution or system to "os.conf" from the list in "/etc/clamav-unofficial-sigs"
So, if for example your OS is Centos7, rename your config file using:
mv /etc/clamav-unofficial-sigs/os.centos7.conf /etc/clamav-unofficial-sigs/os.conf
Most of the signatures are enabled by default except two that requires free registration:
Has 2.500.000 signatures, you can get a free account at https://www.securiteinfo.com/clients/customers/signup
- Activate your account, then login to https://www.securiteinfo.com/clients/customers/account, click setup, then copies the 128 authorization string key.
-Enter the authorization signature into "user.conf" (in /etc/clamav-unofficial-sigs/) securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER
Have about 90.000 signatures
Sign up for a free account at https://www.malwarepatrol.net/signup-free.shtml
You will receive an email containing your password/receipt number, enter the receipt number into the config malwarepatrol_receipt_code: replacing YOUR-RECEIPT-NUMBER with your receipt number from the email in the file "user.conf"
user_configuration_complete="yes", and save the file.