ClamAV Unofficial Signatures Installation and configuration

ClamAV Unofficial Signatures Updater is a script made to empower Clamav antivirus database signature by making it download additional virus signatures from third parties and automatically updates these signatures.
The signature databases provided by
Securiteinfo (2.500.000 Sig), Sanesecurity (100.000 Sig), MalwarePatrol (90.000 Sig), FOXHOLE, OITC (60.000S Sig), Scamnailer (50.000 Sig), BOFHLAND (50.000 Sig), CRDF, Porcupine (30.000 Sig), Yara-Rules Project, etc.
The script also generates and install cron, logrotate, and man files.

You will not need to install Linux Malware Detect tool (Maldet) by installing this tool as it includes Maldet signatures.
Probably you will find some false positive and some duplicated detection, which two (or more) signature providers will detect the same file, which to me is good, I better get more suspected files than being blind then check manually each.

https://github.com/extremeshok/clamav-unofficial-sigs

To install the script:
First, ensure that you have installed ClamAV:

-Cloning the repository.

cd /tmp

git clone https://github.com/extremeshok/clamav-unofficial-sigs.git

cd ClamAV-unofficial-sigs

Copy clamav-unofficial-sigs.sh and set its permissions.
clamav-unofficial-sigs.sh /usr/local/bin/

chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh

Make a directory for config files and copy configurations to it.
mkdir /etc/ClamAV-unofficial-sigs

cp config/* /etc/clamav-unofficial-sigs/

Make a directory for log files.
mkdir /var/log/clamav-unofficial-sigs/

Configurations:

Rename your distribution or system to "os.conf" from the list in "/etc/clamav-unofficial-sigs"
So, if for example your OS is Centos7, rename your config file using:
mv /etc/clamav-unofficial-sigs/os.centos7.conf /etc/clamav-unofficial-sigs/os.conf

Most of the signatures are enabled by default except two that requires free registration:
1-SecuriteInfo:
Has 2.500.000 signatures, you can get a free account at https://www.securiteinfo.com/clients/customers/signup

  • Activate your account, then login to https://www.securiteinfo.com/clients/customers/account, click setup, then copies the 128 authorization string key.

    -Enter the authorization signature into "user.conf" (in /etc/clamav-unofficial-sigs/) securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER

2- MalwarePatrol:
Have about 90.000 signatures
Sign up for a free account at https://www.malwarepatrol.net/signup-free.shtml
You will receive an email containing your password/receipt number, enter the receipt number into the config malwarepatrol_receipt_code: replacing YOUR-RECEIPT-NUMBER with your receipt number from the email in the file "user.conf"

Finally uncomment
user_configuration_complete="yes", and save the file.

Installation:

clamav-unofficial-sigs.sh --install-cron

clamav-unofficial-sigs.sh --install-logrotate

clamav-unofficial-sigs.sh --install-man

comments powered by Disqus