Anti-virus Hints

Enabling ClamAV Third Party Signatures

The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Yara-Rules Project, etc. The clamav-unofficial-sigs script will also generate and install cron, logrotate, and man files. See: clamav-unofficial-sigs for more information.

• Rysnc requires that port 873 TCP OUT be opened if you are using a firewall.
• The ClamAV daemon can use over 800MB RAM when enabling the all the signatures together.
• The estimated time to complete the installation is around 15 minutes.

Install and Configure Clamav-unofficial-sigs

// RHEL/Centos
yum install rsync wget unzip

// Debian/Ubuntu
apt-get install rsync wget unzip

wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip
unzip master.zip
cd clamav-unofficial-sigs-master/
cp -f clamav-unofficial-sigs.sh /usr/local/bin/
chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh
mkdir /etc/clamav-unofficial-sigs/
cp config/* /etc/clamav-unofficial-sigs/
cd /etc/clamav-unofficial-sigs/
Rename the os.your-distro.conf to os.conf, where your-distro is your distribution and version

// We recommend disabling the Yara rules as the rules and the ClamAV Yara engine aren't 100% compatible.
echo 'enable_yararules="no"' >> /etc/clamav-unofficial-sigs/user.conf

Edit the file /etc/clamav-unofficial-sigs/user.conf and uncomment your user config options making sure to set default_dbs_rating to LOW, MEDIUM, or HIGH and uncomment the user_configuration_complete option after you are done.

# Default dbs rating 
# valid rating: LOW, MEDIUM, HIGH
default_dbs_rating="MEDIUM"

# Uncomment the following line to enable the script
user_configuration_complete="yes"

Run the script once as your superuser to set all the permissions and create the relevant directories:

/usr/local/bin/clamav-unofficial-sigs.sh 

Install the cron, log rotate and man pages:

/usr/local/bin/clamav-unofficial-sigs.sh --install-cron
/usr/local/bin/clamav-unofficial-sigs.sh --install-logrotate
/usr/local/bin/clamav-unofficial-sigs.sh --install-man

Checking Signatures

clamscan --debug 2>&1 /dev/null | grep "loaded"

SELinux

To fix the cron error: WARNING - Clamscan reports database XX integrity tested BAD - SKIPPING

setsebool -P antivirus_can_scan_system true

Signatures Requiring Registration

MalwarePatrol Free

We do not recommend using MalwarePatrol due to the high number of false positives from that signature provider.