# This file contains user configuration settings for the clamav-unofficial-sigs.sh # script provide by Bill Landry (bill@inetmsg.com). # # Script documentation and updates can be viewed/downloaded from: # # http://www.inetmsg.com/pub/ # # The latest version will always be named: clamav-unofficial-sigs.tar.gz # Older versions can be found in the "archive" directory. ################################################################################ # USER CONFIGURATION FILE FOR SCRIPT: # # * * * # # clamav-unofficial-sigs.sh # # * * * # # SET PROGRAM PATHS AND OTHER VARIABLE OPTIONS FOR THE SCRIPT IN THIS FILE # ################################################################################ # Edit the quoted variables below to meet your own particular needs # and requirements, but do not remove the "quote" marks. # Be sure to set the appropriate shell for your OS Platform. It's been # reported that "sh" works best for BSD variants, "ksh" for Sun Solaris, # and "bash" for Linux variants. If you experience problems running the # script, please try editing the top line of the script file and changing # "sh" to either "ksh" or "bash" before reporting a problem. # Set and export the appropriate program paths for your OS platform. Required # utilities include: find, xargs, sed, awk, cut, dig, grep, tail, chown, chmod, # cmp, diff, gzip, ls, cp, mv, test, gpg, host, sleep, cksum, rsync, curl, perl, # and optionally socat. It's been reported that on Sun systems, the GNU utilities # should be used rather than the default Sun OS versions of these utilities. PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" export PATH # Set the appropriate ClamD user and group accounts for your system. # If you do not want the script to set user and group permissions on # files and directories, comment the next two variables. clam_user="clamav" clam_group="clamav" # Set path to ClamAV database files location. If unsure, check # your clamd.conf file for the "DatabaseDirectory" path setting. clam_dbs="/var/lib/clamav" # Set path to clamd.pid file (see clamd.conf for path location). clamd_pid="/var/run/clamav/clamd.pid" # To enable "ham" (non-spam) directory scanning and removal of # signatures that trigger on ham messages, uncomment the following # variable and set it to the appropriate ham message directory. #ham_dir="/path/to/ham-test/directory" # If you would like to reload the clamd databases after an update, # change the following variable to "yes". reload_dbs="yes" # Set the reload or restart option if the "reload_dbs" variable above # is set to "yes" (only select 'ONE' of the following variables or the # last uncommented variable option will be the one used). # - The next variable signals clamd daemon to reload databases (this is the recommended reload option) #reload_opt="clamdscan --reload" # Default # - The next variable signals clamd's Process ID (PID) to reload databases reload_opt="kill -USR2 `cat $clamd_pid`" # - The next variable signals linux based systems to do a full clamd service stop/start #reload_opt="service clamd restart" # - Use the next variable to set a custom or system specific reload/restart option #reload_opt="" # If running clamd in "LocalSocket" mode (*NOT* in TCP/IP mode), and # either "SOcket Cat" (socat) or the "IO::Socket::UNIX" perl module # are installed on the system, and you want to report whether clamd # is running or not, uncomment the "clamd_socket" variable below (you # will be warned if neither socat nor IO::Socket::UNIX are found, but # the script will still run). You will also need to set the correct # path to your clamd socket file (if unsure of the path, check the # "LocalSocket" setting in your clamd.conf file for socket location). #clamd_socket="/var/run/clamd.socket" clamd_socket="/var/run/clamav/clamd.ctl" # If you would like to attempt to restart ClamD if detected not running, # uncomment the next 2 lines. Confirm the path to the "clamd_lock" file # (usually can be found in the clamd init script) and also enter the clamd # start command for your particular distro for the "start_clamd" variable # (the sample start command shown below should work for most linux distros). # NOTE: these 2 variables are dependant on the "clamd_socket" variable # shown above - if not enabled, then the following 2 variables will be # ignored, whether enabled or not. #clamd_lock="/var/lock/subsys/clamd" #start_clamd="service clamd start" start_clamd="/etc/init.d/clamav-daemon start" # Enable or disable download time randomization. This allows the script to # be executed via cron, but the actual database file checking will pause # for a random number of seconds between the "min" and "max" time settings # specified below. This helps to more evenly distribute load on the host # download sites. To disable, set the following variable to "no". enable_random="yes" # If download time randomization is enabled above (enable_random="yes"), # then set the min and max radomization times intervals (in seconds). min_sleep_time="1" # Default minimum is 60 seconds (1 minute). max_sleep_time="59" # Default maximum is 600 seconds (10 minutes). # ======================== # Sanesecurity Database(s) # ======================== # Add or remove database file names between quote marks as needed. To # disable usage of any of the Sanesecurity distributed database files # shown, remove the database file name from the quoted section below. # To disable usage of all Sanesecurity distributed databases, comment # all of the quoted lines below. Only the following "low" risk define # signature databases have been enabled by default (for additional # information about the signature database ratings, see: # http://www.sanesecurity.com/clamav/databases.htm). Finally, make # sure that the database names are spelled correctly or you will # experience issues when the script runs. ss_dbs=" junk.ndb jurlbl.ndb phish.ndb rogue.hdb sanesecurity.ftm scam.ndb spamimg.hdb winnow_malware.hdb winnow_malware_links.ndb " # Additional Sanesecruity distributed database that can be used and # their associated potential fales-positive ratings: # # USE 'ONLY' ONE OF THE FOLLOWING TWO SIGNATURE DATABASES: # # INetMsg-SpamDomains-2w.ndb : MEDIUM false-positive rating # INetMsg-SpamDomains-2m.ndb : MEDIUM false-positive rating # # ONE DATABASE CONTAINS THE LAST TWO WEEKS OF COLLECTED SPAM DOMAINS (2w), AND # THE OTHER DATABASE CONTAINS THE LAST TWO MONTHS OF COLLECTED SPAM DOMAINS (2m). # # jurlbla.ndb : MEDIUM false-positive rating # lott.ndb : MEDIUM false-positive rating # spam.ldb : MEDIUM false-positive rating # spear.ndb : MEDIUM false-positive rating # scamnailer.ndb : MEDIUM false-positive rating # winnow.complex.patterns.ldb : MEDIUM false-positive rating # winnow_phish_complete.ndb : HIGH false-positive rating # winnow_phish_complete_url.ndb : MEDIUM false-positive rating # winnow_spam_complete.ndb : MEDIUM false-positive rating # # USE 'ONLY' ONE OF THE FOLLOWING TWO SIGNATURE DATABASES: # # winnow_phish_complete.ndb : HIGH false-positive rating # winnow_phish_complete_url.ndb : MEDIUM false-positive rating # # ONE CONTAINS THE COMPLETE URL PATH (MEDIUM RISK), AND THE OTHER # CONTAINS ONLY THE URL, WITHOUT THE FULL PATH (HIGH RISK). # ======================== # SecuriteInfo Database(s) # ======================== # Add or remove database file names between quote marks as needed. To # disable any SecuriteInfo database downloads, remove the appropriate # lines below. To disable all SecuriteInfo database file downloads, # comment all of the following lines. si_dbs=" honeynet.hdb securiteinfobat.hdb securiteinfodos.hdb securiteinfoelf.hdb securiteinfo.hdb securiteinfohtml.hdb securiteinfooffice.hdb securiteinfopdf.hdb securiteinfosh.hdb " # Since the SecuriteInfo databases are only updated a few time each # month, set a time interval to do database update checks. si_update_hours="4" # Default is 4 hours (6 update checks daily). # ========================= # MalwarePatrol Database(s) # ========================= # Add or remove database file names between quote marks as needed. To # disable any of the MalwarePatrol database file downloads, remove the # appropriate database file name lines below. To disable MalwarePatrol # database downloads, comment all of the following lines. #mbl_dbs=" # mbl.ndb #" # Since the MalwarePatrol database file is dynamically created, # there is no way to test for changes prior to downloading. For this # reason, you will need to set a reasonable time interval in "hours" # for MBL database file downloads. As shown below, this has been # set to update every "6" hours, which seems appropriate (that's 4 # file downloads per day) Change only if you REALLY feel you must. # However, I would not suggest going below every 4 hour lest you risk # being blacklisted by the MalwarePatrol site. mbl_update_hours="6" # Default is 6 hours (4 downloads daily). # Additional signature databases can be specified here in the following # format: PROTOCOL://URL-or-IP/PATH/TO/FILE-NAME (use a trailing "/" in # place of the "FILE-NAME" to download all files from specified location, # but this *ONLY* works for files downloaded via rsync). For non-rsync # downloads, curl is used. For download protocols supported by curl, see # "man curl". This also works well for locations that have many ClamAV # servers that use 3rd party signature databases, as only one server need # download the remote databases, and all others can update from the local # mirror's copy. See format examples below. To use, remove the comments # and examples shown and add your own sites between the quote marks. #add_dbs=" # rsync://192.168.1.50/new-db/sigs.hdb # rsync://rsync.example.com/all-dbs/ # ftp://ftp.example.net/pub/sigs.ndb # http://www.example.org/sigs.ldb #" # Set working directory paths (edit to meet your own needs). If these # directories do not exist, the script will attempt to create them. # Top level working directory path: work_dir="/var/clamav-unofficial-sigs" #Top level working directory # Sub-directory names: ss_dir="$work_dir/ss-dbs" # Sanesecurity sub-directory si_dir="$work_dir/si-dbs" # SecuriteInfo sub-directory mbl_dir="$work_dir/mbl-dbs" # MalwarePatrol sub-directory config_dir="$work_dir/configs" # Script configs sub-directory gpg_dir="$work_dir/gpg-key" # Sanesecurity GPG Key sub-directory add_dir="$work_dir/add-dbs" # User defined databases sub-directory # If you would like to make a backup copy of the current running database # file before updating, leave the following variable set to "yes". keep_db_backup="no" # If you want to silence the information reported by curl, rsync, gpg # or the general script comments, change the following variables to # "yes". If all variables are set to "yes", the script will output # nothing except error conditions. curl_silence="yes" # Default is "no" to report curl statistics rsync_silence="yes" # Default is "no" to report rsync statistics gpg_silence="yes" # Default is "no" to report gpg signature status comment_silence="yes" # Default is "no" to report script comments # Log update information to '$log_file_path/$log_file_name'. enable_logging="yes" log_file_path="/var/log" log_file_name="clamav-unofficial-sigs.log" # Since logging is turned on, make sure you place the clamav-unofficial-sigs-logrotate # file in the /etc/logrotate.d/ directory or the logs will grow forever. # If necessary to proxy database downloads, define the rsync and/or curl # proxy settings here. For rsync, the proxy must support connections to # port 873. Both curl and rsync proxy setting need to be defined in the # format of "hostname:port". For curl, also note the -x and -U flags, # which must be set as "-x hostname:port" and "-U username:password". rsync_proxy="" curl_proxy="" # After you have completed the configuration of this file, set the # following variable to "yes". user_configuration_complete="yes" ################################################################################ # END OF USER CONFIGURATION # ################################################################################