3,250
edits
Changes
Jump to navigation
Jump to search
Line 13:
Line 13: + + + + + − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
→Installation
==Installation==
==Installation==
<tabs container><tab name="For SME 10">
You can just install clamav-unofficial-sigs from smecontribs/epel and it should work OR use the full contrib:
yum install smeserver-clamav-unofficial-sigs --enablerepo=smecontribs
</tab>
<tab name="For SME 9">
The '''smeserver-clamav-unofficial-sigs''' contrib is available from the [[fws|'''fws''']] and the [[epel|'''epel''']] repositories. These repo's should be enabled first. Please see [[fws|'''fws''']] and [[epel|'''epel''']] on how to enable these repositories. After both repositories have been enabled you can install smeserver-unofficial-sigs by the following command:
The '''smeserver-clamav-unofficial-sigs''' contrib is available from the [[fws|'''fws''']] and the [[epel|'''epel''']] repositories. These repo's should be enabled first. Please see [[fws|'''fws''']] and [[epel|'''epel''']] on how to enable these repositories. After both repositories have been enabled you can install smeserver-unofficial-sigs by the following command:
yum install smeserver-clamav-unofficial-sigs --enablerepo=fws,epel
yum install smeserver-clamav-unofficial-sigs --enablerepo=fws,epel
Since there are much more signatures, ClamAV needs more memory to operate correctly. To set the required memory enter the following command:
Since there are much more signatures, ClamAV needs more memory to operate correctly. To set the required memory enter the following command:
config setprop clamd MemLimit 1500000000
config setprop clamd MemLimit 1610612736
followed by
followed by
signal-event clamav-update
signal-event clamav-update
</tab>
</tabs>
To invoke the download of the unofficial signature databases the following script has to be run once (it's in the SME Server $PATH):
To invoke the download of the unofficial signature databases the following script has to be run once (it's in the SME Server $PATH):
clamav-unofficial-sigs.sh
clamav-unofficial-sigs.sh
That's it, ClamAV now has a lot more signatures to work with, and will automatically update all signature databases.
That's it, ClamAV now has a lot more signatures to work with, and will automatically update all signature databases.
=== Configuration ===
/etc/clamav-unofficial-sigs/os.conf is templated and will override the default in /etc/clamav-unofficial-sigs/master.conf.
Avoid to update manually the content of /etc/clamav-unofficial-sigs/master.conf as it could be updated by the script itself.
You can manually override what you want by editing /etc/clamav-unofficial-sigs/user.conf.
{| class="wikitable"
|+clamav-unofficial-sigs
!property
!default
!values
!
|-
|status
|enabled
|enabled,disabled
|
|-
|securiteinfo_premium
|no
|yes,no
|
|-
|securiteinfo_authorisation_signature
|YOUR-SIGNATURE-NUMBER
|
|set your serial there to use the service
|-
|securiteinfo_enabled
|yes
|yes,no
|default to disabled if key is not set
|-
|malwareexpert_serial_key
|YOUR-SERIAL-KEY
|
|set your serial there to use the service
|-
|malwareexpert_enabled
|yes
|yes,no
|default to disabled if key is not set
|-
|malwarepatrol_receipt_code
|YOUR-RECEIPT-NUMBER
|
|set your serial there to use the service
|-
|malwarepatrol_enabled
|yes
|yes,no
|default to disabled if key is not set
|-
|malwarepatrol_list
|clamav_basic
|clamav_basic,clamav_ext
|
|-
|additional_enabled
|yes
|yes,no
|
|-
|additionnal
|
|coma separated urls
|list of url you want to download from additional db
|-
|interserver_enabled
|yes
|yes,no
|
|-
|linuxmalwaredetect_enabled
|yes
|yes,no
|
|-
|sanesecurity_enabled
|yes
|yes,no
|
|-
|urlhaus_enabled
|yes
|yes,no
|
|-
|yararulesproject_enabled
|yes
|yes,no
|Enables yararules in the various databases, automatically
|-
|enable_yararules
|no
|yes,no
|Enables yararules in the various databases, automatically
|-
|default_dbs_rating
|MEDIUM
|LOW, MEDIUM, HIGH, DISABLE
|
|-
|linuxmalwaredetect_dbs_rating
|
|<nowiki>LOW | MEDIUM | HIGH | DISABLE</nowiki>
|These ratings will override the global rating for the specific database
|-
|sanesecurity_dbs_rating
|
|<nowiki>LOW | MEDIUM | HIGH | DISABLE</nowiki>
|These ratings will override the global rating for the specific database
|-
|securiteinfo_dbs_rating
|
|<nowiki>LOW | MEDIUM | HIGH | DISABLE</nowiki>
|These ratings will override the global rating for the specific database
|-
|urlhaus_dbs_rating
|
|<nowiki>LOW | MEDIUM | HIGH | DISABLE</nowiki>
|These ratings will override the global rating for the specific database
|-
|yararulesproject_dbs_rating
|
|<nowiki>LOW | MEDIUM | HIGH | DISABLE</nowiki>
|These ratings will override the global rating for the specific database
|-
|
|
|
|
|}
just do
config setprop clamav-unofficial-sigs securiteinfo_authorisation_signature XXXXXXXXXXXXXXXXXXXXXXXX securiteinfo_premium no
expand-template /etc/clamav-unofficial-sigs/os.conf
signal-event clamav-update
=== Known issue ===
If you want to disable a single database from one provider, there are two way to do it : either this is known database that have a high risk of false positive then you can set the rating for this provider lower :
For securite info spam_marketing.ndb is set as HIGH in master.conf. If you set default_dbs_rating to MEDIUM/LOW or securiteinfo_dbs_rating to MEDIUM/LOW this db will be excluded.
Let's say that the db bothering you is provided by securite info which also provides other db that are important for you, you could edit the master.conf manually and either comment out the line with the db name or increase the level of it. However, the file could be updated by the main script and you might lost the changes.
=== Bugs ===
=== Bugs ===