From d806b8939460f35d24135b4e0cd439b34d33cf0a Mon Sep 17 00:00:00 2001 From: eXtremeSHOK Date: Fri, 17 Mar 2017 13:23:55 +0200 Subject: [PATCH 1/4] Minor code climate fixes --- .codeclimate.yml | 10 +++++++--- clamav-unofficial-sigs.sh | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.codeclimate.yml b/.codeclimate.yml index 7584fc4f..9531be25 100644 --- a/.codeclimate.yml +++ b/.codeclimate.yml @@ -5,15 +5,19 @@ engines: checks: SC2001: enabled: false - SC2154: - enabled: false SC2076: enabled: false SC2086: enabled: false + SC2119: + enabled: false + SC2128: + enabled: false + SC2154: + enabled: false fixme: enabled: true ratings: paths: [] exclude_paths: - - .t/ \ No newline at end of file + - .t/ diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 710b4bff..341a73be 100755 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -1405,7 +1405,7 @@ xshok_pretty_echo_and_log "" "#" "80" while true ; do case "$1" in -h|--help) help_and_usage; exit ;; - -V|--version) exit ;; # FIXME + -V|--version) exit ;; *) break ;; esac done From a0a50c20d7b7b43a234c0f540e4729d18092e480 Mon Sep 17 00:00:00 2001 From: eXtremeSHOK Date: Fri, 17 Mar 2017 13:32:05 +0200 Subject: [PATCH 2/4] Packers/Javascript_exploit_and_obfuscation.yar false positive rating increased to HIGH Incremented the config to version 73 --- README.md | 6 ++++++ clamav-unofficial-sigs.sh | 4 ++-- config/master.conf | 4 ++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index bdc5e4ed..9c94d721 100644 --- a/README.md +++ b/README.md @@ -173,6 +173,12 @@ Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE] ## Change Log +### Version 5.6.1 (updated 2017-03-18) + - eXtremeSHOK.com Maintenance + - Packers/Javascript_exploit_and_obfuscation.yar false posirtive rating increased to HIGH + - Codeclimate fixes + - Incremented the config to version 73 + ### Version 5.6 (updated 2017-03-17) - eXtremeSHOK.com Maintenance - PGP is now optional and no longer a requirement and pgp support is auto-detected diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 341a73be..e17d67d7 100755 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -1284,8 +1284,8 @@ else ################################################################################ # Script Info -script_version="5.6" -script_version_date="2017-03-17" +script_version="5.6.1" +script_version_date="2017-03-18" minimum_required_config_version="72" minimum_yara_clamav_version="0.99" diff --git a/config/master.conf b/config/master.conf index e3830827..96cd82c0 100644 --- a/config/master.conf +++ b/config/master.conf @@ -340,7 +340,6 @@ Exploit-Kits/EK_Zeus.yar|LOW # Zeus Exploit Kit Detection # MEDIUM Malicious_Documents/maldoc_somerules.yar|MEDIUM # documents with malicious code Malicious_Documents/Maldoc_Hidden_PE_file.yar|MEDIUM # Detect a hidden PE file inside a sequence of numbers (comma separated) -Packers/Javascript_exploit_and_obfuscation.yar|MEDIUM # JavaScript Obfuscation Detection Packers/packer.yar|MEDIUM # well-known sofware packers CVE_Rules/CVE-2010-0805.yar|MEDIUM # CVE 2010 0805 CVE_Rules/CVE-2010-0887.yar|MEDIUM # CVE 2010 0887 @@ -349,6 +348,7 @@ CVE_Rules/CVE-2013-0074.yar|MEDIUM # CVE 2013 0074 CVE_Rules/CVE-2013-0422.yar|MEDIUM # CVE 2013 0422 CVE_Rules/CVE-2015-5119.yar|MEDIUM # CVE 2015 5119 # HIGH +Packers/Javascript_exploit_and_obfuscation.yar|HIGH # JavaScript Obfuscation Detection Crypto/crypto.yar|HIGH # detect the existence of cryptographic algoritms ) #END yararulesproject DATABASES @@ -539,6 +539,6 @@ yararulesproject_url="https://raw.githubusercontent.com/Yara-Rules/rules/master" # ======================== # DO NOT EDIT ! -config_version="72" +config_version="73" # https://eXtremeSHOK.com ###################################################### From bf208d438166292eba1ef91bd15a033581679591 Mon Sep 17 00:00:00 2001 From: eXtremeSHOK Date: Fri, 17 Mar 2017 13:36:55 +0200 Subject: [PATCH 3/4] updated travis testing for different user configs --- .t/tests/{user.conf => user1.conf} | 0 .t/tests/user2.conf | 42 ++++++++++++++++++++++++++++++ .travis.yml | 3 ++- 3 files changed, 44 insertions(+), 1 deletion(-) rename .t/tests/{user.conf => user1.conf} (100%) create mode 100644 .t/tests/user2.conf diff --git a/.t/tests/user.conf b/.t/tests/user1.conf similarity index 100% rename from .t/tests/user.conf rename to .t/tests/user1.conf diff --git a/.t/tests/user2.conf b/.t/tests/user2.conf new file mode 100644 index 00000000..f9bdc651 --- /dev/null +++ b/.t/tests/user2.conf @@ -0,0 +1,42 @@ +################### +# This is property of eXtremeSHOK.com +# You are free to use, modify and distribute, however you may not remove this notice. +# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +# License: BSD (Berkeley Software Distribution) +################## + +malwarepatrol_enabled="yes" +malwarepatrol_receipt_code=$ci_malwarepatrol_receipt_code +malwarepatrol_product_code=$ci_malwarepatrol_receipt_code +malwarepatrol_list=$ci_malwarepatrol_receipt_code +malwarepatrol_free=$ci_malwarepatrol_free + +securiteinfo_enabled="yes" +securiteinfo_authorisation_signature=$ci_securiteinfo_authorisation_signature + +sanesecurity_enabled="yes" + +linuxmalwaredetect_enabled="yes" + +yararules_enabled="no" + +# Default dbs rating +# valid rating: LOW, MEDIUM, HIGH +default_dbs_rating="MEDIUM" + +# Per Database +# These ratings will override the global rating for the specific database +# valid rating: LOW, MEDIUM, HIGH, DISABLE +sanesecurity_dbs_rating="HIGH" +#securiteinfo_dbs_rating="" +#linuxmalwaredetect_dbs_rating="" +#yararulesproject_dbs_rating="" + +enable_gpg="no" + +user_configuration_complete="yes" + +declare -a additional_dbs=( +https://raw.githubusercontent.com/wmetcalf/clam-punch/master/miscreantpunch099.ldb +https://raw.githubusercontent.com/wmetcalf/clam-punch/master/MiscreantPunch099-Low.ldb +) #END ADDITIONAL DATABASES diff --git a/.travis.yml b/.travis.yml index 7c0a3a34..48c67a28 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,7 +49,6 @@ install: - sudo mkdir -p /etc/clamav-unofficial-sigs - sudo cp -f config/master.conf /etc/clamav-unofficial-sigs/master.conf - sudo cp -f config/os.ubuntu.conf /etc/clamav-unofficial-sigs/os.conf - - sudo cp -f .t/tests/user.conf /etc/clamav-unofficial-sigs/user.conf - sudo cp -f clamav-unofficial-sigs.sh /usr/sbin/clamav-unofficial-sigs script: @@ -58,11 +57,13 @@ script: - sudo sh -e .t/ci-clamav-download-default-databases-git.sh - sudo sh -e .t/ci-clamav-install-default.sh - sudo sh -e .t/ci-clamav-install-default-database.sh + - sudo cp -f .t/tests/user1.conf /etc/clamav-unofficial-sigs/user.conf - sudo sh -e .t/ci-test.sh - sudo sh -e .t/ci-clamav-clean.sh - sudo sh -e .t/ci-clamav-install-wheezy.sh - sudo sh -e .t/ci-clamav-install-default-database.sh - sudo sh -e .t/ci-disable-gpg.sh + - sudo cp -f .t/tests/user2.conf /etc/clamav-unofficial-sigs/user.conf - sudo sh -e .t/ci-test.sh addons: From 869aa1f9c5dda39b53c329ba2a9862dacdd7097b Mon Sep 17 00:00:00 2001 From: eXtremeSHOK Date: Fri, 17 Mar 2017 13:41:47 +0200 Subject: [PATCH 4/4] fix yaml format --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 48c67a28..4737d8ee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -63,7 +63,7 @@ script: - sudo sh -e .t/ci-clamav-install-wheezy.sh - sudo sh -e .t/ci-clamav-install-default-database.sh - sudo sh -e .t/ci-disable-gpg.sh - - sudo cp -f .t/tests/user2.conf /etc/clamav-unofficial-sigs/user.conf + - sudo cp -f .t/tests/user2.conf /etc/clamav-unofficial-sigs/user.conf - sudo sh -e .t/ci-test.sh addons: