Open miurahr opened 3 years ago
Generic installation
mkdir -p /usr/local/sbin/
wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O /usr/local/sbin/clamav-unofficial-sigs.sh && chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh
mkdir -p /etc/clamav-unofficial-sigs/
wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O /etc/clamav-unofficial-sigs/master.conf
wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/user.conf -O /etc/clamav-unofficial-sigs/user.conf
https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/INSTALL.md
Looks like freshclam
could handle this https://wiki.gentoo.org/wiki/ClamAV_Unofficial_Signatures
There are two good approaches to using unofficial signatures on Gentoo (and elsewhere). The first is to use {{Package|app-antivirus/fangfrisch}}, and the second is to use freshclam itself. The eXtremeSHOK clamav-unofficial-sigs script is '''not''' a secure option.
== Using freshclam ==
Freshclam now supports https URLs, so if your unofficial signatures are available direct from an http(s) URL, then adding them to freshclam is easy. For example,
/etc/freshclam.conf
These HTTP mirrors aren't quite official, but I've asked about them
on the sanesecurity mailing list and someone offered them to the public.
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/badmacro.ndb DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/blurl.ndb DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/junk.ndb DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbl.ndb DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbla.ndb DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/lott.ndb
There are only a few downsides to using freshclam:
- Freshclam can't rename the downloaded file, so if the source file is incorrectly named, freshclam will fail to validate it (because clamav won't know how to read it).
- Freshclam only supports http(s), so you're out of luck if your database is only served over rsync.
- There's currently [https://bugzilla.clamav.net/show_bug.cgi?id=12522 a bug in freshclam] that causes it to validate malformed databases, which will crash clamav. So if there's a chance that you'll download a bad database, freshclam may not be the best choice (until that bug is fixed).
SO do you want me to go to the file and change it and hope all goes well @djdefi?
Is your feature request related to a problem? Please describe. There are
clamav-unofficial-sigs
that can be used for scan. It will be nice to check these sigs too.Describe the solution you'd like
Describe alternatives you've considered