How can I enable third party anti-virus signatures within Sentinel to improve the ClamAV detection rate?

Sentinel supports enabling third party anti-virus signatures to improve the detection rate. Full documentation can be found below:

  1. Navigate to Sentinel Anti-malware -> Settings -> Anti-virus Settings -> Signature Providers
  2. Enable the Interserver signature provider.
  3. Press the update button on the page then the restart button to restart the Anti-virus signature service. You can view the signature download logs under Sentinel Anti-malware -> Logs -> Signature log.
  4. Once the new signatures have been downloaded to the /var/lib/clamav/ directory they will be loaded into ClamAV within the hour. You can press the Signature reload button on the dashboard or issue the command clamdscan --reload if you want to load them earlier.
  5. Important: Remember to disable automatic quarantine under Quarantine Settings -> Quarantine hits when first enabling any third party signatures so that you can work out any false positives.

Signature Providers

  • 0 Пользователи нашли это полезным
Помог ли вам данный ответ?

Связанные статьи

How can I view the contents of a file in the quarantine?

To View the File Contents Navigate to Sentinel Anti-malware -> Quarantine Click on a File...

How can I test that the Anti-malware detection is working?

Testing Sentinel Anti-malware Detection Download the eicar test malware into the httpdocs...

How can I change the interface language of the extension?

You can change the interface language under Settings -> Application Settings -> Locale...

Where are the configuration files for Sentinel located?

Centos/RHEL/CloudLinux/AlmaLinux Configuration files: // Linux malware detect (Anti-malware...

How can I report a virus or malware that was not detected by ClamAV?

If you have a virus or malware that is not detected by ClamAV, please fill out:...