SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
Additional Signatures
ClamAV Unofficial Signatures Updater
Download the script and accompanying files:
cd /extra/src
wget -O clamav-unofficial-sigs-4.9.2.tar.gz \
https://github.com/extremeshok/clamav-unofficial-sigs/archive/4.9.2.tar.gz
tar zxf clamav-unofficial-sigs-4.9.2.tar.gz
cd clamav-unofficial-sigs-4.9.2
Make the scripts executable:
chmod 755 *.sh
Edit clamav-unofficial-sigs.conf
to reflect our setup:
clam_user="clamav"
clam_group="clamav"
clam_dbs="/usr/local/share/clamav"
clamd_pid="/var/run/clamd.pid"
yararules_enabled="yes"
Create a directory for the log files:
mkdir /var/log/clamav-unofficial-sigs
Edit clamavh-unofficial-sigs.sh
to add "yararules_dir"
to the mkdir
command on line 636 so that it has a directory to download the YARA rules into:
mkdir -p "$work_dir" "$securiteinfo_dir" "$malwarepatrol_dir" "$linuxmalwaredetect_dir" "$sanesecurity_dir" "$config_dir" "$gpg_dir" "$add_dir" "$yararules_dir"
Install the files:
cp -f clamav-unofficial-sigs.sh /usr/local/bin/clamav-unofficial-sigs.sh
cp -f clamav-unofficial-sigs.conf /etc/clamav-unofficial-sigs.conf
Test out the script:
/usr/local/bin/clamav-unofficial-sigs.sh
By default, the script will only download SaneSecurity's and Linux Malware Detect's ClamAV signatures. There's a couple others that can be configured, but they require signing up:
YARA signatures can also be downloaded, but they require ClamAV 0.99.
Automatic updating
cd /extra/src/clamav-unofficial-sigs-4.9.2
cp -f clamav-unofficial-sigs-cron /etc/cron.d/
chmod 755 /etc/cron.d/clamav-unofficial-sigs-cron
touch /etc/crontab
Resources
http://wiki.contribs.org/Virus:Additional_Signatures
Enhancing ClamAV with Extra Signatures
- Log in to post comments
Credits
Various bits of code, scripts, and procedures were put together with information from John Simpson's qmail.jms1.net website. It's an excellent resource on managing and setting up a Qmail server.