| Line 135: |
Line 135: |
| | | | |
| | ===Anti Virus=== | | ===Anti Virus=== |
| − | The SME Server uses the Clam AntiVirus (www.clamav.net) as the default and build-in anti virus engine.
| + | SME Server uses Clam AntiVirus (http://www.clamav.net) as the default and built-in anti virus engine. |
| | | | |
| | ====Signatures==== | | ====Signatures==== |
| − | By default this system will automatically get virus signature updates from the clamav database. Other people and organizations have developed additional signatures which can be used with ClamAV. | + | By default SME Server will automatically get virus signature database updates from ClamAV. |
| | | | |
| − | * Sane Security (http://www.sanesecurity.com/clamav/) - who maintains nine signature databases (Phishing and Scam)
| + | Other people and organizations have developed additional signatures which can also be used with ClamAV to provide extra protection. Databases of these signatures can be downloaded and installed on SME Server, and used by ClamAV |
| − | * Security Info (http://www.securiteinfo.com/) - maintains four signature databases
| |
| − | * MSRBL (http://www.msrbl.com/) - Realtime Black Lists who maintains two databases (Images and Spam)
| |
| − | * Malware Block List (http://www.malware.com.br/) - who maintains a database for Malware
| |
| | | | |
| − | In order to use these addition databases with your Clam AV installation you need to download the databases. I have modified a script from San Security to work with SME 7.x which can be used to obtain the databases from Sane Security, MSRBL and the Malware Block List. The addition of these 5 new databases provides ~75.000 new signatures for Clam AV to work with. | + | In order to automate the download and installation of the additional databases, as well as control which databases you use, follow the instruction in [[Virus:Additional_Signatures]] |
| − | | |
| − | ''Installation''
| |
| − | cd /etc
| |
| − | wget http://sme.swerts-knudsen.dk/downloads/unofficial-clamav-sigs-2.4/unofficial-clamav-sigs.conf
| |
| − | | |
| − | cd /etc/cron.hourly
| |
| − | wget http://sme.swerts-knudsen.dk/downloads/unofficial-clamav-sigs-2.4/unofficial-clamav-sigs.cron
| |
| − | chmod +x unofficial-clamav-sigs.cron
| |
| − | | |
| − | cd /usr/bin
| |
| − | wget http://sme.swerts-knudsen.dk/downloads/unofficial-clamav-sigs-2.4/unofficial-clamav-sigs.sh
| |
| − | chmod +x unofficial-clamav-sigs.sh
| |
| − | | |
| − | When you run it manually the first time it will complain about missing GPG keys - Just run it again.
| |
| − | | |
| − | ./unofficial-clamav-sigs.sh
| |
| − | | |
| − | ClamAV will by default reload its databases every 1800 secs (30mins) but you can force a reload with:
| |
| − | | |
| − | signal-event email-update
| |
| − | | |
| − | You can choose which additional signature editing /etc/unofficial-clamav-sigs.conf file
| |
| − | # ========================
| |
| − | # SaneSecurity Database(s)
| |
| − | # ========================
| |
| − | # Add/remove/modify database file names between quote marks as needed.
| |
| − | # To disable any of the SaneSecurity database file downloads, remove
| |
| − | # the appropriate database file name line(s) below. To disable all
| |
| − | # SaneSecurity database downloads, comment out all of the following lines.
| |
| − | #ss_dbs="
| |
| − | # phish.ndb
| |
| − | # scam.ndb
| |
| − | # junk.ndb
| |
| − | # rogue.hdb
| |
| − | # spear.ndb
| |
| − | # spamimg.hdb
| |
| − | # lott.ndb
| |
| − | # spam.ldb
| |
| − | # sanesecurity.ftm
| |
| − | #"
| |
| − | | |
| − | {{Note box | Adding unofficial signatures increases memory usage. To increase the ''clamd'' memory limit try setting ''MemLimit'' to a value greater than 300000000 (see [http://wiki.contribs.org/DB_Variables_Configuration#Clam_AntiVirus_.28clamav.29 here] for reference). Since clamav-0.96 and smeserver-clamav-2.0.0-8 the default ''MemLimit'' for ''clamd'' has been 600000000. }}
| |
| | | | |
| | ====Heuristic Scan==== | | ====Heuristic Scan==== |
