forked from extremeshok/clamav-unofficial-sigs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
INSTALL
174 lines (128 loc) · 7.76 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
====================
GENERAL INFORMATION:
====================
This is property of eXtremeSHOK.com
You are free to use, modify and distribute, however you may not remove this notice.
Copyright (c) Adrian Jon Kriel :: [email protected]
Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
Script provide by Bill Landry ([email protected]).
## Description
The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, etc. The script will also generate and install cron, logrotate, and man files.
Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
==========================
INSTALLATION INSTRUCTIONS:
==========================
WARNING: Renaming any of the files included in the tarball may cause the script to fail to remove
all files, databases, and work directories from the system if the '-r' (remove script) flag is used.
Make sure you do not have the package installed via yum/apt
Debian/Ubuntu:
apt-get purge clamav-unofficial-sigs
RHEL/CentOS:
yum purge clamav-unofficial-sigs
Download the latest archive
wget -q --no-check-certificate https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip -O /tmp/clamav-unofficial-sigs.zip
Uncompress/Unpackage the archive:
unzip -j -qq -o /tmp/clamav-unofficial-sigs.zip -d /tmp/clamav-unofficial-sigs/
### Quick Install Guide
* Download the files to /tmp/
* Copy clamav-unofficial-sigs.sh to /usr/local/bin/
* Set 755 permissions on /usr/local/bin/clamav-unofficial-sigs.sh
* Make the directory /etc/clamav-unofficial-sigs/
* Copy the contents of config/ into /etc/clamav-unofficial-sigs/
* Rename the your os.your-distro.conf to os.conf, where your-distro is your distribution
* Set your user config options in the configs /etc/clamav-unofficial-sigs/user.conf
* Run the script with --install-cron to install the cron file
* Run the script with --install-logrotate to install the logrotate file
* Run the script with --install-man to install the man file
Install:
* mkdir -p /usr/local/bin/
* mkdir -p /var/log/clamav-unofficial-sigs/
* mkdir -p /etc/clamav-unofficial-sigs/
* cp -f /tmp/clamav-unofficial-sigs/clamav-unofficial-sigs.sh /usr/local/bin/clamav-unofficial-sigs.sh
* chmod +x /usr/local/bin/clamav-unofficial-sigs.sh
* cp -f /tmp/clamav-unofficial-sigs/config/*.* /etc/clamav-unofficial-sigs/
Install Systemd configs:
* cp -f /tmp/clamav-unofficial-sigs/systemd/*.* /etc/systemd/
Configure:
* Rename the /etc/clamav-unofficial-sigs/os.your-distro.conf to os.conf
* Edit the /etc/clamav-unofficial-sigs/master.conf, os.conf , user.conf files
* Edit the /etc/logrotate.d/clamav-unofficial-sigs file
* Edit the /etc/cron.d/clamav-unofficial-sigs file
Install Cron configs:
* After the configs have been configured
* Run: bash clamav-unofficial-sigs.sh --install-cron:
Install logrotate configs::
* After the configs have been configured
* Run: bash clamav-unofficial-sigs.sh --install-logrotate
Install man (help) file:
* After the configs have been configured
* Run: bash clamav-unofficial-sigs.sh --install-man:
### First Usage
* Run the script once as your superuser to set all the permissions and create the relevant directories
IMPORTANT CONFIGURATION CONSIDERATIONS:
* Make sure that the PATH statement correctly defines the location of your binary files. These include: find, sed, awk, cut, grep, tail, chown, chmod, cmp, diff, dig, host, gzip, ls, cp, mv, test, gpg, xargs, sleep, urandom, cksum, rsync, curl, socat, etc. It has been reported that on Sun systems, the GNU utilities should be used rather than the default Sun versions.
* System shell setting: Based on user feedback, it has been reported that "sh" works best for BSD variants, "ksh" for Sun Solaris, and "bash" for Linux variants. If you experience problems running the script, please try editing the top line of the script file and changing "sh" to either "ksh" or "bash" before reporting a problem.
* Adjust configuration settings to meet your system requirements.
==================
USAGE INFORMATION:
==================
To run at specific time intervals, either use the include cron file or edit the user crontab:
/etc/cron.d/clamav-unofficial-sigs
To run manually:
/usr/local/bin/clamav-unofficial-sigs.sh
===================
SCRIPT FLAGS USAGE:
===================
## USAGE
Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE]
-c, --config Use a specific configuration file or directory
eg: '-c /your/dir' or ' -c /your/file.name'
Note: If a directory is specified the directory must contain atleast:
master.conf, os.conf or user.conf
Default Directory: /etc/clamav-unofficial-sigs
-F, --force Force all databases to be downloaded, could cause ip to be blocked
-h, --help Display this script's help and usage information
-V, --version Output script version and date information
-v, --verbose Be verbose, enabled when not run under cron
-s, --silence Only output error messages, enabled when run under cron
-d, --decode-sig Decode a third-party signature either by signature name
(eg: Sanesecurity.Junk.15248) or hexadecimal string.
This flag will 'NOT' decode image signatures
-e, --encode-string Hexadecimal encode an entire input string that can
be used in any '*.ndb' signature database file
-f, --encode-formatted Hexadecimal encode a formatted input string containing
signature spacing fields '{}, (), *', without encoding
the spacing fields, so that the encoded signature
can be used in any '*.ndb' signature database file
-g, --gpg-verify GPG verify a specific Sanesecurity database file
eg: '-g filename.ext' (do not include file path)
-i, --information Output system and configuration information for
viewing or possible debugging purposes
-m, --make-database Make a signature database from an ascii file containing
data strings, with one data string per line. Additional
information is provided when using this flag
-t, --test-database Clamscan integrity test a specific database file
eg: '-s filename.ext' (do not include file path)
-o, --output-triggered If HAM directory scanning is enabled in the script's
configuration file, then output names of any third-party
signatures that triggered during the HAM directory scan
-w, --whitelist Adds a signature whitelist entry in the newer ClamAV IGN2
format to 'my-whitelist.ign2' in order to temporarily resolve
a false-positive issue with a specific third-party signature.
Script added whitelist entries will automatically be removed
if the original signature is either modified or removed from
the third-party signature database
--check-clamav If ClamD status check is enabled and the socket path is correctly
specifiedthen test to see if clamd is running or not
--install-all Install and generate the cron, logroate and man files, autodetects the values
based on your config files
--install-cron Install and generate the cron file, autodetects the values
based on your config files
--install-logrotate Install and generate the logrotate file, autodetects the
values based on your config files
--install-man Install and generate the man file, autodetects the
values based on your config files
--remove-script Remove the clamav-unofficial-sigs script and all of
its associated files and databases from the system
### Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
Original Script can be found at: http://sourceforge.net/projects/unofficial-sigs