Releases: extremeshok/clamav-unofficial-sigs
Releases · extremeshok/clamav-unofficial-sigs
7.2.5
7.2.4
- eXtremeSHOK.com Maintenance
- Disabled winnow_malware.yara , duplicated in EMAIL_Cryptowall.yar and no longer maintained
- Removed gtar requirement (--wildcards is the default)
- Incremented the config to version 97
7.2.3
- eXtremeSHOK.com Maintenance
- Whitelist support for yararules (whitelist signature tracking is disabled for yararules)
- Disable JJencode.yar , due to excessive CPU usage
- Disable scamnailer , discontinued
- Update pfsense guide for 2.5
- Fix working directory variable "urlhausy" to "urlhaus"
- Fix missing tracker-tmp.txt
- Thank you @perplexityjeff
7.2.2
- eXtremeSHOK.com Maintenance
- Use POSIX character classes instead of literals
- Prevent linuxmalwaredetect yara files being extracted when yara is not supported
- Replace echo with xshok_pretty_echo_and_log to silence database cleanup cron messages
7.2.1
- eXtremeSHOK.com Maintenance
- Change yararule email/Email_generic_phishing.yar to HIGH
- New config option: force_host, by default dig is used when dig and host is present.
- Refactor and correct the assigning of binaries/commands
- Fix broken yara rule database names: Maldoc_hancitor_dropper and Maldoc_APT19_CVE-2017-1099
- Ensure only dig or host is used when either dig or host is enabled
- Enable remove_disabled_databases by default
- Fix disabled databases removed when "$remove_disabled_databases" is set to "no"
- Incremented the config to version 95
7.2
- eXtremeSHOK.com maintenance
- Database rating downgrades are now supported, eg, changing from HIGH to LOW will remove the HIGH and MEDIUM rated databases.
- Disabled databases are automatically removed
- Disable databases by setting the rating to "DISABLED" eg. securiteinfo_dbs_rating="DISABLED" will disable all securiteinfo databases
- Added Malware Expert databases (non-free)
- Added interServer databases (free)
- Reworked securiteinfo premium databases (non-free)
- Added malwarepatrol_db to specify the exact database name (default: malwarepatrol.db)
- Added detection of tar executable (use gtar on mac and bsd)
- Config os.macosx.conf renamed to os.macos.conf
- Fix: set ownership of last-version-check.txt
- More automated linting and testing (markdown and macOS / osx) via travis-ci
- Updated macOS installation guide for Big Sur (OSX 11)
- Incremented the config to version 94
- Thank you @dandanio @jkellerer @msapiro @shawniverson
- Enforce HTTPS validation by default
- Updated sanesecurity publickey.gpg url to use SSL
- Ignore yara files that include modules
- Enabled yararulesproject rules by default
- os.gentoo.conf: disable updates and upgrade checks
- Fix: URLhaus log message
- Fix wrong download URL for MalwarePatrol
- Fix: fallback to host if dig is not used
- Disable cron MAILTO
- BSD read config fix
- Incremented the config to version 92
- Thank you @dandanio @jkellerer @m0urs @Mrothyr @msapiro @orlitzky @RobbieTheK @SlothOfAnarchy
7.0.1
Disable yara project rules duplicated in rxfn.yara (Thanks @dominicraf)
Incremented the config to version 91
7.0
- eXtremeSHOK.com Maintenance
- Added urlhaus database
- Added extra yararulesproject databases
- Added new linuxmalwaredetect yara file
- Automatic upgrades ( --upgrade )
- Added --upgrade command line option
- Option to disable automatic upgrades ( allow_upgrades )
- Option to disable update checks (allow_update_checks)
- Increase download time to 1800 seconds from 600 seconds
- os.conf takes preference over os.***.conf
- Warn if there are multiple os.***.conf files
- More sanity checks to help users and prevent errors
- Better output of --info
- Fix all known bugs
- Implement all suggestions
- Fixed yararulesproject database names
- Correctly silence curl and wget
- New linuxmalwaredetect logic
- New malwarepatrol logic
- Suppress --- and === from the logs
- Update the documentation / guides
- Increase minimum clamav version for yara rules to 0.100 or above
- Fix systemd.timer and systemd.service files
- More travis-ci tests
- Added os.alpine.conf
- Added debug options/mode to config
- Set minimum config required to 90
- Lots of refactoring and optimizing
- Only check for and notify about script updates every 12hours
- Incremented the config to version 90
6.1.1
eXtremeSHOK.com Maintenance
Update os.archlinux.conf, thanks @amishmm
master.conf set default dbs rating to medium
user.conf better suggested values
Default to using curl, less logic required (lower cpu)
force_curl replaced with force_wget
Fix: suppress all non-error output under cron/non interactive terminal
Fix: check log file is not a link before setting permissions, only set if owned by root.
Fix: failed to create symbolic link
Fix: curl --compress ->> curl --compressed
Minor enhancement to travis-ci checks
Incremented the config to version 77
6.1.0
- eXtremeSHOK.com Maintenance
- Thanks Reio Remma & Oliver Nissen
- fail added to all curl commands
- Fix: Missing logic for LOWMEDIUMONLY | MEDIUMHIGHONLY | HIGHONLY databases
- Support for either os.osname.conf or os.conf files (no more needing to rename the os.osname.conf to os.conf)
- Where possible replaced echo with xshok_pretty_echo_and_log
- Refactor xshok_pretty_echo_and_log and make all notices styles consistent
- Silence output when run under cron
- add MAILTO=root to the generated cron file
- Add full proxy support for wget, curl, rsync, dig, host
- Better support for proxy config variables
- New config variable: git_branch (defaults to master for the update checks)
- allow -w signature for quicker whitelisting
- Sanitize whitelist input string (Remove quotes and .UNOFFICIAL)
- Added Full support for Hash-based Signature Databases
- User.conf is pre-configured with default options to allow for quicker setup
- Default sanesecurity and linuxmalwaredetect to enabled
- Increase default retries from 3 to 5
- Ensure log file permissions are correct
- Better update comparison check, only notify if newer
- Incremented the config to version 76