ClamAV Unofficial Signatures Installation and configuration

ClamAV Unofficial Signatures Updater is a script made to empower Clamav antivirus database signature by making it download additional virus signatures from third parties and automatically updates these signatures.
The signature databases provided by
Securiteinfo (2.500.000 Sig), Sanesecurity (100.000 Sig), MalwarePatrol (90.000 Sig), FOXHOLE, OITC (60.000S Sig), Scamnailer (50.000 Sig), BOFHLAND (50.000 Sig), CRDF, Porcupine (30.000 Sig), Yara-Rules Project, etc.
The script also generates and install cron, logrotate, and man files.

You will not need to install Linux Malware Detect tool (Maldet) by installing this tool as it includes Maldet signatures.
Probably you will find some false positive and some duplicated detection, which two (or more) signature providers will detect the same file, which to me is good, I better get more suspected files than being blind then check manually each.

To install the script:
First, ensure that you have installed ClamAV:

-Cloning the repository.

cd /tmp

git clone

cd ClamAV-unofficial-sigs

Copy and set its permissions. /usr/local/bin/

chmod 755 /usr/local/bin/

Make a directory for config files and copy configurations to it.
mkdir /etc/ClamAV-unofficial-sigs

cp config/* /etc/clamav-unofficial-sigs/

Make a directory for log files.
mkdir /var/log/clamav-unofficial-sigs/


Rename your distribution or system to "os.conf" from the list in "/etc/clamav-unofficial-sigs"
So, if for example your OS is Centos7, rename your config file using:
mv /etc/clamav-unofficial-sigs/os.centos7.conf /etc/clamav-unofficial-sigs/os.conf

Most of the signatures are enabled by default except two that requires free registration:
Has 2.500.000 signatures, you can get a free account at

  • Activate your account, then login to, click setup, then copies the 128 authorization string key.

    -Enter the authorization signature into "user.conf" (in /etc/clamav-unofficial-sigs/) securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER

2- MalwarePatrol:
Have about 90.000 signatures
Sign up for a free account at
You will receive an email containing your password/receipt number, enter the receipt number into the config malwarepatrol_receipt_code: replacing YOUR-RECEIPT-NUMBER with your receipt number from the email in the file "user.conf"

Finally uncomment
user_configuration_complete="yes", and save the file.

Installation: --install-cron --install-logrotate --install-man

comments powered by Disqus