Line 135: |
Line 135: |
| The SME Server used the Clam AntiVirus (www.clamav.net) as the default and build-in anti virus engine. By default this system will automatically get virus signatures updates from the clamav database. Other people and organizations has developed additional signatures which can be used with ClamAV. | | The SME Server used the Clam AntiVirus (www.clamav.net) as the default and build-in anti virus engine. By default this system will automatically get virus signatures updates from the clamav database. Other people and organizations has developed additional signatures which can be used with ClamAV. |
| | | |
− | * Sane Security (http://www.sanesecurity.com/clamav/) - who maintains two signatures databases (Phishing and Scam) | + | * Sane Security (http://www.sanesecurity.com/clamav/) - who maintains nine signatures databases (Phishing and Scam) |
| + | * Security Info (http://www.securiteinfo.com/) - maintains four signature databases |
| * MSRBL (http://www.msrbl.com/) - Realtime Black Lists who maintains two databases (Images and Spam) | | * MSRBL (http://www.msrbl.com/) - Realtime Black Lists who maintains two databases (Images and Spam) |
| * Malware Block List (http://www.malware.com.br/) - who maintains a database for Malware | | * Malware Block List (http://www.malware.com.br/) - who maintains a database for Malware |
Line 142: |
Line 143: |
| | | |
| ====Installation==== | | ====Installation==== |
− | cd /etc/cron.daily | + | cd /etc |
− | wget http://sme.swerts-knudsen.com/downloads/update_sanesecurity | + | wget http://sme.swerts-knudsen.dk/downloads/unofficial-clamav-sigs-2.4/unofficial-clamav-sigs.conf |
− | chmod +x update_sanesecurity
| |
| | | |
− | You can now run it the first with debug enabled to see that all is OK.
| + | cd /etc/cron.hourly |
| + | wget http://sme.swerts-knudsen.dk/downloads/unofficial-clamav-sigs-2.4/unofficial-clamav-sigs.cron |
| + | chmod +x unofficial-clamav-sigs.cron |
| | | |
− | ./update_sanesecurity -d | + | mkdir -p /usr/unofficial-dbs |
| + | cd /usr/unofficial-dbs |
| + | wget http://sme.swerts-knudsen.dk/downloads/unofficial-clamav-sigs-2.4/unofficial-clamav-sigs.sh |
| + | chmod +x unofficial-clamav-sigs.sh |
| | | |
− | Your output should look something like this (even though yours will hopefully be updated).
| + | When you run it manually the first time it will complain about missing GPG keys - Just run it again. |
| | | |
− | update_sanesecurity: [debug] Debug mode is ON | + | ./unofficial-clamav-sigs.sh |
− | update_sanesecurity: [debug] Starting.
| |
− | update_sanesecurity: [debug] Created temporary directory: '/tmp/update_sanesecurity.uwlP7014'
| |
− | update_sanesecurity: [debug] Checking for ClamAV database directory...
| |
− | update_sanesecurity: [debug] Found ClamAV database directory: /var/clamav
| |
− | update_sanesecurity: [debug] PHISH_SIGS : http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz
| |
− | update_sanesecurity: [debug] SCAM_SIGS : http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz
| |
− | update_sanesecurity: [debug] SPAM_SIGS : rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-SPAM.ndb
| |
− | update_sanesecurity: [debug] IMAGE_SIGS : rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images.hdb
| |
− | update_sanesecurity: [debug] VX_SIGS : http://clamav.securiteinfo.com/vx.hdb.gz
| |
− | update_sanesecurity: [debug] SECURITEINFO_SIGS : http://clamav.securiteinfo.com/securiteinfo.hdb.gz
| |
− | update_sanesecurity: [debug] HONEYNET_SIGS : http://clamav.securiteinfo.com/honeynet.hdb.gz
| |
− | update_sanesecurity: [debug] ANTISPAM_SIGS : http://clamav.securiteinfo.com/antispam.ndb.gz
| |
− | update_sanesecurity: [debug] MALWARE_SIGS : http://www.malware.com.br/cgi/submit?action=list_clamav
| |
− | update_sanesecurity: [debug] ClamScan : /usr/bin/clamscan
| |
− | update_sanesecurity: [debug] CURL : /usr/bin/curl
| |
− | update_sanesecurity: [debug] GunZip : /bin/gunzip
| |
− | update_sanesecurity: [debug] RSync : /usr/bin/rsync
| |
− | update_sanesecurity: [debug] ClamAV db dir : /var/clamav
| |
− | update_sanesecurity: [debug] temp dir : /tmp/update_sanesecurity.uwlP7014
| |
− | update_sanesecurity: [debug] Created temporary directory: '/tmp/update_sanesecurity.XTJi7125'
| |
− | update_sanesecurity: [debug] Checking for ClamAV database directory...
| |
− | update_sanesecurity: [debug] Found ClamAV database directory: /var/clamav
| |
− | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/scam.ndb.gz'
| |
− | update_sanesecurity: [info] '/var/clamav/scam.ndb.gz' was updated
| |
− | update_sanesecurity: [info] '/var/clamav/scam.ndb' was updated
| |
− | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/phish.ndb.gz'
| |
− | update_sanesecurity: [info] '/var/clamav/phish.ndb.gz' was NOT updated
| |
− | update_sanesecurity: [info] '/var/clamav/phish.ndb' was NOT updated
| |
− | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/MSRBL-SPAM.ndb'
| |
− | update_sanesecurity: [info] '/var/clamav/MSRBL-SPAM.ndb' was NOT updated
| |
− | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/MSRBL-Images.hdb'
| |
− | update_sanesecurity: [info] '/var/clamav/MSRBL-Images.hdb' was updated
| |
− | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/vx.hdb.gz'
| |
− | update_sanesecurity: [info] '/var/clamav/vx.hdb.gz' was NOT updated
| |
− | update_sanesecurity: [info] '/var/clamav/vx.hdb' was NOT updated
| |
− | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/securiteinfo.hdb.gz'
| |
− | update_sanesecurity: [info] '/var/clamav/securiteinfo.hdb.gz' was NOT updated
| |
− | update_sanesecurity: [info] '/var/clamav/securiteinfo.hdb' was NOT updated
| |
− | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/honeynet.hdb.gz'
| |
− | update_sanesecurity: [info] '/var/clamav/honeynet.hdb.gz' was NOT updated
| |
− | update_sanesecurity: [info] '/var/clamav/honeynet.hdb' was NOT updated
| |
− | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/antispam.ndb.gz'
| |
− | update_sanesecurity: [info] '/var/clamav/antispam.ndb.gz' was NOT updated
| |
− | update_sanesecurity: [info] '/var/clamav/antispam.ndb' was NOT updated
| |
− | update_sanesecurity: [debug] '/var/clamav/mbl.db.gz' does not exist, so doing initial download
| |
− | update_sanesecurity: [info] '/var/clamav/mbl.db.gz' was updated
| |
− | update_sanesecurity: [info] '/var/clamav/mbl.db' was updated
| |
− | update_sanesecurity: [debug] Exiting.
| |
| | | |
| + | ClamAV will by default reload its databases every 1800 secs (30mins) but you can force a reload with: |
| | | |
− | ClamAV will by default reload its databases every 1800 secs (30mins) but you can force a reload with:
| |
| signal-event email-update | | signal-event email-update |
| | | |