How can I install third party unofficial signatures for ClamAV to improve the virus detection rate?

Enabling ClamAV Third Party Signatures

The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Yara-Rules Project, etc. The clamav-unofficial-sigs script will also generate and install cron, logrotate, and man files. See: clamav-unofficial-sigs for more information.

Important
• Rysnc requires that port 873 TCP OUT be opened if you are using a firewall. It must be opened in order to use the script.
• The ClamAV daemon will use over 1GB RAM when enabling the all the signatures together.
• The new signatures will be downloaded to the /var/lib/clamav directory.

Centos/RHEL/Cloudlinux

There are packages in the EPEL repo that make it easy to install the third party signatures. Signatures will be updated automatically using a cron that the package installs.

yum install rsync wget unzip bind-utils clamav-unofficial-sigs 

// the config file is located at 
/etc/clamav-unofficial-sigs/user.conf

// run the command once to test (run as root)
/usr/sbin/clamav-unofficial-sigs.sh

// you can view the log using the command
tail -f /var/log/clamav-unofficial-sigs/clamav-unofficial-sigs.log

You should see the new signatures downloaded to the /var/lib/clamav directory.

Debian/Ubuntu

There are no up-to-date packages for Debian/Ubuntu so we must install it manually.

apt-get install rsync wget unzip dnsutils
wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip
unzip master.zip
cd clamav-unofficial-sigs-master/
cp -f clamav-unofficial-sigs.sh /usr/local/bin/
chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh
mkdir /etc/clamav-unofficial-sigs/
cp -r config/* /etc/clamav-unofficial-sigs/
cd /etc/clamav-unofficial-sigs/

// Copy /etc/clamav-unofficial-sigs/os/os.your-distro.conf to the parent directory as /etc/clamav-unofficial-sigs/os.conf where your-distro is your distribution and version e.g.
cp /etc/clamav-unofficial-sigs/os/os.ubuntu.conf /etc/clamav-unofficial-sigs/os.conf   

Edit the file /etc/clamav-unofficial-sigs/user.conf and uncomment your user config options making sure to set default_dbs_rating to LOW, MEDIUM, or HIGH and uncomment the user_configuration_complete
option after you are done.

# Default dbs rating 
# valid rating: LOW, MEDIUM, HIGH
default_dbs_rating="MEDIUM"

# Uncomment the following line to enable the script
user_configuration_complete="yes"

Run the script once as your superuser to set all the permissions and create the relevant directories:

/usr/local/bin/clamav-unofficial-sigs.sh --force

Install the cron, log rotate and man pages:

/usr/local/bin/clamav-unofficial-sigs.sh --install-cron
/usr/local/bin/clamav-unofficial-sigs.sh --install-logrotate
/usr/local/bin/clamav-unofficial-sigs.sh --install-man

You should see the new signatures downloaded to the /var/lib/clamav directory.

Signatures Requiring Registration:

MalwarePatrol Free
- We do not recommend using MalwarePatrol due to the high number of false positives from that signature provider.

 

  • unofficial, signatures
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

How can I fix the daily cron error: /etc/cron.daily/maldet: line 69: [: ==: unary operator expected?

There is a bug in the Linux Malware Detect v1.6.4 daily cron script. You can fix the error by...

The maldet real-time monitoring daemon will not start. How can I fix this?

1. Double check that the default_monitor_mode is set: Edit /usr/local/maldetect/conf.maldet and...

How can I view what SpamAssassin rules were matched by a message?

Go to Warden -> Settings -> Filter Settings and change the Log template option from short...

How can I reset and regenerate the mail statistics for the server?

You can reset and regenerate the statistics for all domains and mailboxes using the following...