Anti-virus Hints

Enabling ClamAV Third Party Signatures

The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Yara-Rules Project, etc. The clamav-unofficial-sigs script will also generate and install cron, logrotate, and man files. See: clamav-unofficial-sigs for more information.

• Rysnc requires that port 873 TCP OUT be opened if you are using a firewall.
• The ClamAV daemon can use over 1GB RAM when enabling the all the signatures together.

Install and Configure Clamav-unofficial-sigs

Centos/RHEL/Cloudlinux/AlmaLinux

There are packages in the EPEL repo that make it easy to install the third party signatures. Signatures will be updated automatically using a cron that the package installs.

yum install rsync wget unzip bind-utils clamav-unofficial-sigs 

// run the command once to test (run as root)
/usr/sbin/clamav-unofficial-sigs.sh

// you can view the log using the command
tail -f /var/log/clamav-unofficial-sigs/clamav-unofficial-sigs.log

Debian/Ubuntu

There are no up to date packages for Debian/Ubuntu so we must install it manually.

apt-get install rsync wget unzip dnsutils
wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip
unzip master.zip
cd clamav-unofficial-sigs-master/
cp -f clamav-unofficial-sigs.sh /usr/local/bin/
chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh
mkdir /etc/clamav-unofficial-sigs/
cp -r config/* /etc/clamav-unofficial-sigs/
cd /etc/clamav-unofficial-sigs/

// Copy /etc/clamav-unofficial-sigs/os/os.your-distro.conf to the parent directory as /etc/clamav-unofficial-sigs/os.conf where your-distro is your distribution and version e.g.
cp /etc/clamav-unofficial-sigs/os/os.ubuntu.conf /etc/clamav-unofficial-sigs/os.conf   

Edit the file /etc/clamav-unofficial-sigs/user.conf and uncomment your user config options making sure to set default_dbs_rating to LOW, MEDIUM, or HIGH and uncomment the user_configuration_complete option after you are done.

# Default dbs rating 
# valid rating: LOW, MEDIUM, HIGH
default_dbs_rating="MEDIUM"

# Uncomment the following line to enable the script
user_configuration_complete="yes"

Run the script once as your superuser to set all the permissions and create the relevant directories:

/usr/local/bin/clamav-unofficial-sigs.sh --force

Install the cron, log rotate and man pages:

/usr/local/bin/clamav-unofficial-sigs.sh --install-cron
/usr/local/bin/clamav-unofficial-sigs.sh --install-logrotate
/usr/local/bin/clamav-unofficial-sigs.sh --install-man

Checking Signatures

clamscan --debug 2>&1 /dev/null | grep "loaded"

SELinux

To fix the cron error: WARNING - Clamscan reports database XX integrity tested BAD - SKIPPING

setsebool -P antivirus_can_scan_system true

Signatures Requiring Registration

MalwarePatrol Free

We do not recommend using MalwarePatrol due to the high number of false positives from that signature provider.