Clamav unofficial sigs

From SME Server
Revision as of 04:56, 13 June 2022 by Unnilennium (talk | contribs)
Jump to navigationJump to search

Maintainer

Daniel B.
Firewall Services
mailto:daniel@firewall-services.com

Version

Contrib 10:
smeserver-clamav-unofficial-sigs
The latest version of smeserver-clamav-unofficial-sigs is available in the SME repository, click on the version number(s) for more information.


fws

About

ClamAV comes with a default database that is regularly and automatically updated. Next to the default database there are additional 'unofficial' databases that can be added to ClamAV. This contrib smeserver-clamav-unofficial-sigs adds various and well known databases to the default installation of SME Server, providing better chance of protection to viruses, malware, ransomeware and phishing attempts.

Note for Securiteinfo sigs

read this before installing : https://wiki.contribs.org/Talk:Clamav_unofficial_sigs

Installation

Important.png Note:
The Koozal SME v10 version of the contrib does not do anything.


You can just install clamav-unofficial-sigs from EPEL and it should work.

We could add some configuration options into the contrib if required - see the bug below.


Warning.png Warning:
Do not use the The Koozal SME v10 contrib as it does not work correctly


The smeserver-clamav-unofficial-sigs contrib is available from the fws and the epel repositories. These repo's should be enabled first. Please see fws and epel on how to enable these repositories. After both repositories have been enabled you can install smeserver-unofficial-sigs by the following command:

yum install smeserver-clamav-unofficial-sigs --enablerepo=fws,epel

Since there are much more signatures, ClamAV needs more memory to operate correctly. To set the required memory enter the following command:

config setprop clamd MemLimit 1610612736

followed by

signal-event clamav-update

To invoke the download of the unofficial signature databases the following script has to be run once (it's in the SME Server $PATH):

clamav-unofficial-sigs.sh

That's it, ClamAV now has a lot more signatures to work with, and will automatically update all signature databases.

Configuration

/etc/clamav-unofficial-sigs/os.conf is templated and will override the default in /etc/clamav-unofficial-sigs/master.conf.

Avoid to update manually the content of /etc/clamav-unofficial-sigs/master.conf as it could be updated by the script itself.

You can manually override what you want by editing /etc/clamav-unofficial-sigs/user.conf.

clamav-unofficial-sigs
property default values
status enabled enabled,disabled
securiteinfo_premium yes yes,no
securiteinfo_authorisation_signature YOUR-SIGNATURE-NUMBER set your serial there to use the service
securiteinfo_enabled yes yes,no default to disabled if key is not set
malwareexpert_serial_key YOUR-SERIAL-KEY set your serial there to use the service
malwareexpert_enabled yes yes,no default to disabled if key is not set
malwarepatrol_receipt_code YOUR-RECEIPT-NUMBER set your serial there to use the service
malwarepatrol_enabled yes yes,no default to disabled if key is not set
malwarepatrol_list clamav_basic clamav_basic,clamav_ext
additional_enabled yes yes,no
additionnal coma separated urls list of url you want to download from additional db
interserver_enabled yes yes,no
linuxmalwaredetect_enabled yes yes,no
sanesecurity_enabled yes yes,no
urlhaus_enabled yes yes,no
yararulesproject_enabled yes yes,no


just do

config setprop clamav-unofficial-sigs securiteinfo_authorisation_signature  XXXXXXXXXXXXXXXXXXXXXXXX securiteinfo_premium no 
expand-template /etc/clamav-unofficial-sigs/os.conf
signal-event clamav-update

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-clamav-unofficial-sigs component or use this link .


IDProductVersionStatusSummary
11995SME Contribs10.0CONFIRMEDNFR: panel