The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Yara-Rules Project, etc. The clamav-unofficial-sigs script will also generate and install cron, logrotate, and man files. See: clamav-unofficial-sigs for more information.
• Rysnc requires that port 873 TCP OUT be opened if you are using a firewall.
• The ClamAV daemon can use over 800MB RAM when enabling the all the signatures together.
• The estimated time to complete the installation is around 15 minutes.
// RHEL/Centos
yum install rsync wget unzip
// Debian/Ubuntu
apt-get install rsync wget unzip
wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip
unzip master.zip
cd clamav-unofficial-sigs-master/
cp -f clamav-unofficial-sigs.sh /usr/local/bin/
chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh
mkdir /etc/clamav-unofficial-sigs/
cp -r config/* /etc/clamav-unofficial-sigs/
cd /etc/clamav-unofficial-sigs/
// Copy /etc/clamav-unofficial-sigs/os/os.your-distro.conf to the parent directory as /etc/clamav-unofficial-sigs/os.conf,
// where your-distro is your distribution and version e.g.
cp /etc/clamav-unofficial-sigs/os/os.centos7.conf /etc/clamav-unofficial-sigs/os.conf
// We recommend disabling the Yara rules as the rules and the ClamAV Yara engine aren't 100% compatible.
echo 'enable_yararules="no"' >> /etc/clamav-unofficial-sigs/user.conf
Edit the file /etc/clamav-unofficial-sigs/user.conf
and uncomment your user config options making sure to set default_dbs_rating
to LOW, MEDIUM, or HIGH and uncomment the user_configuration_complete
option after you are done.
# Default dbs rating
# valid rating: LOW, MEDIUM, HIGH
default_dbs_rating="MEDIUM"
# Uncomment the following line to enable the script
user_configuration_complete="yes"
Run the script once as your superuser to set all the permissions and create the relevant directories:
/usr/local/bin/clamav-unofficial-sigs.sh --force
Install the cron, log rotate and man pages:
/usr/local/bin/clamav-unofficial-sigs.sh --install-cron
/usr/local/bin/clamav-unofficial-sigs.sh --install-logrotate
/usr/local/bin/clamav-unofficial-sigs.sh --install-man
clamscan --debug 2>&1 /dev/null | grep "loaded"
To fix the cron error: WARNING - Clamscan reports database XX integrity tested BAD - SKIPPING
setsebool -P antivirus_can_scan_system true
We do not recommend using MalwarePatrol due to the high number of false positives from that signature provider.