The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Yara-Rules Project, etc. The clamav-unofficial-sigs script will also generate and install cron, logrotate, and man files. See: clamav-unofficial-sigs for more information.
• Rysnc requires that port 873 TCP OUT be opened if you are using a firewall.
• The ClamAV daemon can use over 800MB RAM when enabling the all the signatures together.
• The estimated time to complete the installation is around 15 minutes.
// RHEL/Centos yum install rsync wget unzip // Debian/Ubuntu apt-get install rsync wget unzip wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip unzip master.zip cd clamav-unofficial-sigs-master/ cp -f clamav-unofficial-sigs.sh /usr/local/bin/ chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh mkdir /etc/clamav-unofficial-sigs/ cp -r config/* /etc/clamav-unofficial-sigs/ cd /etc/clamav-unofficial-sigs/ // Copy /etc/clamav-unofficial-sigs/os/os.your-distro.conf to the parent directory as /etc/clamav-unofficial-sigs/os.conf, // where your-distro is your distribution and version e.g. cp /etc/clamav-unofficial-sigs/os/os.centos7.conf /etc/clamav-unofficial-sigs/os.conf // We recommend disabling the Yara rules as the rules and the ClamAV Yara engine aren't 100% compatible. echo 'enable_yararules="no"' >> /etc/clamav-unofficial-sigs/user.conf
Edit the file
/etc/clamav-unofficial-sigs/user.conf and uncomment your user config options making sure to set
default_dbs_rating to LOW, MEDIUM, or HIGH and uncomment the
option after you are done.
# Default dbs rating # valid rating: LOW, MEDIUM, HIGH default_dbs_rating="MEDIUM" # Uncomment the following line to enable the script user_configuration_complete="yes"
Run the script once as your superuser to set all the permissions and create the relevant directories:
Install the cron, log rotate and man pages:
/usr/local/bin/clamav-unofficial-sigs.sh --install-cron /usr/local/bin/clamav-unofficial-sigs.sh --install-logrotate /usr/local/bin/clamav-unofficial-sigs.sh --install-man
clamscan --debug 2>&1 /dev/null | grep "loaded"
To fix the cron error:
WARNING - Clamscan reports database XX integrity tested BAD - SKIPPING
setsebool -P antivirus_can_scan_system true
We do not recommend using MalwarePatrol due to the high number of false positives from that signature provider.