ClamAV Unofficial Signatures Updater
The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, urlhaus, MalwareExpert, interServer etc. The script will also generate and install cron, logrotate, and man files.
- Travis-CI
- Linting with markdownlint-cli and shellcheck
- Testing with Ubuntu Focal and macOS / OSX
Please post them on the issue tracker: https://github.com/micneon/clamav-unofficial-sigs/issues
- rsync: TCP port 873
- wget/curl: TCP port 443
Debian, Ubuntu, Raspbian, CentOS (RHEL and clones), OpenBSD, FreeBSD, OpenSUSE, Archlinux, Mac OS X, Slackware, Solaris (Sun OS), pfSense, Zimbra and derivative systems
https://github.com/micneon/clamav-unofficial-sigs/tree/master/INSTALL.md
- CentOS: https://github.com/micneon/clamav-unofficial-sigs/tree/master/guides/centos7.md
- Ubuntu: https://github.com/micneon/clamav-unofficial-sigs/tree/master/guides/ubuntu-debian.md
- Debian: https://github.com/micneon/clamav-unofficial-sigs/tree/master/guides/ubuntu-debian.md
- macOS: https://github.com/micneon/clamav-unofficial-sigs/tree/master/guides/macos.md
- pFsense: https://github.com/micneon/clamav-unofficial-sigs/tree/master/guides/pfsense.md
clamav-unofficial-sigs.sh --upgrade
clamav-unofficial-sigs.sh
Please use the included os.*.conf sample config file as a base for your os.conf, this will disable automatic updates, update notifications and the uninstallation feature. https://github.com/micneon/clamav-unofficial-sigs/tree/master/config/packaging
Always Run the script once as your superuser to set all the permissions and create the relevant directories
- Default configs are loaded in the following order if they exist:
- master.conf -> os.conf -> os.*.conf -> user.conf or your-specified.config
- user.conf will always override os.conf and master.conf, os.conf will override master.conf
- please do not alter the master.conf, rather create a user.conf
- A minimum of 1 config is required.
- Specifying a config on the command line (-c | --config) will override the loading of the default configs
**Run the following command to display which signatures are being loaded by clamav
clamscan --debug 2>&1 /dev/null | grep "loaded"
WARNING - Clamscan reports ________ database integrity tested BAD - SKIPPING
Run the following command to allow clamav selinux support
setsebool -P antivirus_can_scan_system true
Since usage yara rules requires clamav 0.100 or above, they will be automatically deactivated if your clamav is older than the required version
Usage of free URLhaus Database: https://urlhaus.abuse.ch
- Enabled by default
Usage of free Yara-Rules Project: http://yararules.com
- Enabled by default
Current limitations of clamav support: http://blog.clamav.net/search/label/yara
Usage of interServer: http://rbluri.interserver.net
Usage of Malware Expert: https://www.malware.expert
- Sign up for an account: https://www.malware.expert
- You will receive an email containing your serial key
- Enter the serial key into the config malwareexpert_serial_key: replacing YOUR-SERIAL-KEY with your serial key from the email
Usage of MalwarePatrol 2015 free clamav signatures: https://www.malwarepatrol.net
- Sign up for a free account: https://www.malwarepatrol.net/free-guard-upgrade-option/
- You will receive an email containing your password/receipt number
- Enter the receipt number into the config malwarepatrol_receipt_code: replacing YOUR-RECEIPT-NUMBER with your receipt number from the email
Usage of SecuriteInfo 2015 free clamav signatures: https://www.securiteinfo.com
- Sign up for a free account: https://www.securiteinfo.com/clients/customers/signup
- You will receive an email to activate your account and then a followup email with your login name
- Login and navigate to your customer account: https://www.securiteinfo.com/clients/customers/account
- Click on the Setup tab
- You will need to get your unique identifier from one of the download links, they are individual for every user
- The 128 character string is after the http://www.securiteinfo.com/get/signatures/
- Example https://www.securiteinfo.com/get/signatures/your_unique_and_very_long_random_string_of_characters/securiteinfo.hdb Your 128 character authorisation signature would be: your_unique_and_very_long_random_string_of_characters
- Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link
Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/projects/linux-malware-detect/
- Enabled by default, no configuration required
Please post on the issue tracker: https://github.com/micneon/clamav-unofficial-sigs/issues
Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE]
-c, --config Use a specific configuration file or directory
eg: '-c /your/dir' or ' -c /your/file.name'
Note: If a directory is specified the directory must contain at least:
master.conf, os.conf or user.conf
Default Directory: /etc/clamav-unofficial-sigs
-F, --force Force all databases to be downloaded, could cause ip to be blocked
-h, --help Display this script's help and usage information
-V, --version Output script version and date information
-v, --verbose Be verbose, enabled when not run under cron
-s, --silence Only output error messages, enabled when run under cron
-d, --decode-sig Decode a third-party signature either by signature name
(eg: Sanesecurity.Junk.15248) or hexadecimal string.
This flag will 'NOT' decode image signatures
-e, --encode-string Hexadecimal encode an entire input string that can
be used in any '*.ndb' signature database file
-f, --encode-formatted Hexadecimal encode a formatted input string containing
signature spacing fields '{}, (), *', without encoding
the spacing fields, so that the encoded signature
can be used in any '*.ndb' signature database file
-g, --gpg-verify GPG verify a specific Sanesecurity database file
eg: '-g filename.ext' (do not include file path)
-i, --information Output system and configuration information for
viewing or possible debugging purposes
-m, --make-database Make a signature database from an ascii file containing
data strings, with one data string per line. Additional
information is provided when using this flag
-t, --test-database Clamscan integrity test a specific database file
eg: '-t filename.ext' (do not include file path)
-o, --output-triggered If HAM directory scanning is enabled in the script's
configuration file, then output names of any third-party
signatures that triggered during the HAM directory scan
-w, --whitelist <signature-name> Adds a signature whitelist entry in the newer ClamAV IGN2
format to 'my-whitelist.ign2' in order to temporarily resolve
a false-positive issue with a specific third-party signature.
Script added whitelist entries will automatically be removed
if the original signature is either modified or removed from
the third-party signature database
--check-clamav If ClamD status check is enabled and the socket path is correctly
specified then test to see if clamd is running or not
--upgrade Upgrades this script and master.conf to the latest available version
--install-all Install and generate the cron, logrotate and man files, autodetects the values
based on your config files
--install-cron Install and generate the cron file, autodetects the values
based on your config files
--install-logrotate Install and generate the logrotate file, autodetects the
values based on your config files
--install-man Install and generate the man file, autodetects the
values based on your config files
--remove-script Remove the clamav-unofficial-sigs script and all of
its associated files and databases from the system
- eXtremeSHOK.com Maintenance
- Added : os.centos7-cpanel.conf
- Refactor : bsd support for tar, remove gnu-tar requirement
- Refactor : remove gnu-sed requirement
- Refactor : bsd support for stat command
- eXtremeSHOK.com Maintenance
- Disabled winnow_malware.yara , duplicated in EMAIL_Cryptowall.yar and no longer maintained
- Removed gtar requirement (--wildcards is the default)
- Incremented the config to version 97
- eXtremeSHOK.com Maintenance
- Whitelist support for yararules (whitelist signature tracking is disabled for yararules)
- Disable JJencode.yar , due to excessive CPU usage
- Disable scamnailer , discontinued
- Fix working directory variable "urlhausy" to "urlhaus"
- Update pfsense guide for 2.5
- Fix missing tracker-tmp.txt
- Thank you @perplexityjeff
- eXtremeSHOK.com Maintenance
- Use POSIX character classes instead of literals
- Prevent linuxmalwaredetect yara files being extracted when yara is not supported
- Replace echo with xshok_pretty_echo_and_log to silence database cleanup cron messages
- eXtremeSHOK.com Maintenance
- Change yararule email/Email_generic_phishing.yar to HIGH
- New config option: force_host, by default dig is used when dig and host is present.
- Refactor and correct the assigning of binaries/commands
- Fix broken yara rule database names: Maldoc_hancitor_dropper and Maldoc_APT19_CVE-2017-1099
- Ensure only dig or host is used when either dig or host is enabled
- Enable remove_disabled_databases by default
- Fix disabled databases removed when "$remove_disabled_databases" is set to "no"
- Incremented the config to version 95
- Database rating downgrades are now supported, eg, changing from HIGH to LOW will remove the HIGH and MEDIUM rated databases.
- Disabled databases are automatically removed
- Disable databases by setting the rating to "DISABLED" eg. securiteinfo_dbs_rating="DISABLED" will disable all securiteinfo databases
- Added Malware Expert databases (non-free)
- Added interServer databases (free)
- Reworked securiteinfo premium databases (non-free)
- Added malwarepatrol_db to specify the exact database name (default: malwarepatrol.db)
- Added detection of tar executable (use gtar on mac and bsd)
- Config os.macosx.conf renamed to os.macos.conf
- Fix: set ownership of last-version-check.txt
- More automated linting and testing (markdown and macOS / osx) via travis-ci
- Updated macOS installation guide for Big Sur (OSX 11)
- Incremented the config to version 94
- Thank you @dandanio @jkellerer @msapiro @shawniverson
- Enforce HTTPS validation by default
- Updated sanesecurity publickey.gpg url to use SSL
- Ignore yara files that include modules
- Enabled yararulesproject rules by default
- os.gentoo.conf: disable updates and upgrade checks
- Fix: URLhaus log message
- Fix wrong download URL for MalwarePatrol
- Fix: fallback to host if dig is not used
- Disable cron MAILTO
- BSD read config fix
- Incremented the config to version 92
- Thank you @dandanio @jkellerer @m0urs @Mrothyr @msapiro @orlitzky @RobbieTheK @SlothOfAnarchy
- Disable yara project rules duplicated in rxfn.yara (Thanks @dominicraf)
- Incremented the config to version 91
- eXtremeSHOK.com Maintenance
- Added urlhaus database
- Added extra yararulesproject databases
- Added new linuxmalwaredetect yara file
- Automatic upgrades ( --upgrade )
- Added --upgrade command line option
- Option to disable automatic upgrades ( allow_upgrades )
- Option to disable update checks (allow_update_checks)
- Increase download time to 1800 seconds from 600 seconds
- os.conf takes preference over os.***.conf
- Warn if there are multiple os.***.conf files
- More sanity checks to help users and prevent errors
- Better output of --info
- Fix all known bugs
- Implement all suggestions
- Fixed yararulesproject database names
- Correctly silence curl and wget
- New linuxmalwaredetect logic
- New malwarepatrol logic
- Suppress --- and === from the logs
- Update the documentation / guides
- Increase minimum clamav version for yara rules to 0.100 or above
- Fix systemd.timer and systemd.service files
- More travis-ci tests
- Added os.alpine.conf
- Added debug options/mode to config
- Set minimum config required to 90
- Lots of refactoring and optimizing
- Only check for and notify about script updates every 12hours
- Incremented the config to version 90
- eXtremeSHOK.com Maintenance
- Update os.archlinux.conf, thanks @amishmm
- master.conf set default dbs rating to medium
- user.conf better suggested values
- Default to using curl, less logic required (lower cpu)
- force_curl replaced with force_wget
- Fix: suppress all non-error output under cron/non interactive terminal
- Fix: check log file is not a link before setting permissions, only set if owned by root.
- Fix: failed to create symbolic link
- Fix: curl --compress ->> curl --compressed
- Minor enhancement to travis-ci checks
- Incremented the config to version 77
- eXtremeSHOK.com Maintenance
- Thanks Reio Remma & Oliver Nissen
- fail added to all curl commands
- Fix: Missing logic for LOWMEDIUMONLY | MEDIUMHIGHONLY | HIGHONLY databases
- Support for either os.osname.conf or os.conf files (no more needing to rename the os.osname.conf to os.conf)
- Where possible replaced echo with xshok_pretty_echo_and_log
- Refactor xshok_pretty_echo_and_log and make all notices styles consistent
- Silence output when run under cron
- add MAILTO=root to the generated cron file
- Add full proxy support for wget, curl, rsync, dig, host
- Better support for proxy config variables
- New config variable: git_branch (defaults to master for the update checks)
- allow -w signature for quicker whitelisting
- Sanitize whitelist input string (Remove quotes and .UNOFFICIAL)
- Added Full support for Hash-based Signature Databases
- User.conf is pre-configured with default options to allow for quicker setup
- Default sanesecurity and LinuxMalwareDetect to enabled
- Increase default retries from 3 to 5
- Ensure log file permissions are correct
- Better update comparison check, only notify if newer
- Incremented the config to version 76
- eXtremeSHOK.com Maintenance
- Fix logging @dominicraf
- eXtremeSHOK.com Maintenance & Refactoring
- Add timestamp support (do not re-download not modified files, saves bandwidth)
- wget and curl uses compression for the transfer (detected when supported, saves bandwidth)
- Posix compliance 'which' replaced with 'command -v'
- More escaped characters, shellcheck compliance
- Option added: force_curl , to force the usage of curl instead of wget
- Workaround for wget, which cannot do --timestamping and --output-document together
- Added SECURITEINFO securiteinfoold.hdb
- set malwarepatrol_free = no , when malwarepatrol_product_code != 8
- Fix: remove hardcoded malwarepatrol_product_code
- Fix: os.macosx.conf service: command not found
- Fix: whitelist a MalwarePatrol signature
- More reliable version checking
- Fix: Clamscan database integrity test
- Fix: version comparison of minimum Yara @bytesplit
- Use custom config directory @Amish
- unzip option -j was removed @wotomg
- ZCS 8.7 updates @tonster
- Logic fixes @Claus-Justus Heine
- Specify correct path for systemd units @SlothOfAnarchy
- Avoid hardcoded path to BASH @rseichter
- eXtremeSHOK.com Maintenance
- Bug Fix GPG always being disabled, thanks @orlitzky
- eXtremeSHOK.com Maintenance
- Packers/Javascript_exploit_and_obfuscation.yar false positive rating increased to HIGH
- Codeclimate fixes
- Incremented the config to version 73
- eXtremeSHOK.com Maintenance
- PGP is now optional and no longer a requirement and pgp support is auto-detected
- Full support for macOS / OS X and added clamav install guide
- Full support for pfSense and added clamav install guide
- Added os configs for Zimbra and Debian 8 with systemd
- Much better error messages with possible solutions given
- Better checking of possible issues
- Update all SANESECURITY signature databases
- Support for clamav-devel (clamav compiled from source)
- Added full proxy support to wget and curl
- Replace allot of "echo | cut | sed" with bash substitutions
- Added fallbacks/substitutions for various commands
- xshok_file_download and xshok_draw_time_remaining functions added to replace redundant code blocks
- Removed SANESECURITY mbl.ndb as this file is not showing up on the rsync mirrors
- Allow exit code 23 for rsync
- Major refactoring: Normalize comments, quotes, functions, conditions
- Protect various arguments and "POSIX-ize" script integrity
- Enhanced testing with travis-ci, including clamav 0.99
- Incremented the config to version 72
- eXtremeSHOK.com Maintenance
- Disable installation when either pkg_mgr or pkg_rm is defined.
- Minor refactoring
- Update master.conf with the new Yara-rules project file names
- Incremented the config to version 69
- eXtremeSHOK.com Maintenance
- Added Solaris 10 and 11 configs
- When under Solaris we define our own which function
- Define grep_bin variable, use gnu grep on sun os
- Fallback to gpg2 if gpg not found,
- Added support for csw gnupg on solaris
- Trap the keyboard interrupt (ctrl+c) and gracefully exit
- Added CentOS 7 Atomic config @deajan
- Minor refactoring and removing of unused variables
- Removed CRDF signatures as per Sanesecurity #124
- Added more Yara rule project Rules
- Incremented the config to version 68
- eXtremeSHOK.com Maintenance
- Bug Fix: Additional Databases not downloading
- Added sanesecurity_update_hours option to limit updating to once every 2 hours
- Added additional_update_hours option to limit updating to once every 4 hours
- Refactor Additional Database File Update code
- Updated osx config with correct group for homebrew
- eXtremeSHOK.com Maintenance
- Bug Fix: for GPG Signature test FAILED by @DamianoBianchi
- Remove unused $GETOPT
- Refactor clamscan_integrity_test_specific_database_file (--test-database)
- Refactor gpg_verify_specific_sanesecurity_database_file (--gpg-verify)
- Big fix: missing $pid_dir
- eXtremeSHOK.com Maintenance
- Major change: Updated to use new database structure, now allows all low/medium/high databases to be enabled or disabled.
- Major change: curl replaced with wget (will fallback to curl is wget is not installed)
- Major change: script now functions correctly as the clamav user when started under cron
- Added fallback to curl if wget is not available
- Added locking (Enable pid file to prevent issues with multiple instances)
- Added retries to fetching downloads
- Code refactor: if wget repaced with if $? -ne 0
- Enhancement: Verify the clam_user and clam_group actually exists on the system
- Added function: xshok_user_group_exists, to check if a specific user and group exists
- Bug Fix: setmode only if is root
- Bug Fix: eval not working on certain systems
- Bug fix: rsync output not correctly silenced
- Code refactor: remove legacy
..
with $(...) - Code refactor: replace [ ... -a ... ] with [ ... ] && [ ... ]
- Code refactor: replace [ ... -o ... ] with [ ... ] || [ ... ]
- Code refactor: replace cat "..." with done < ... from loops
- Code refactor: convert for loops using files to while loops
- Code refactor: read replaced with read -r
- Code refactor: added cd ... || exit , to handle a failed cd
- Code refactor: double quoted all varibles
- Code refactor: refactor all "ls" iterations to use globs
- Defined missing uname_bin variable
- Added function xshok_database
- Set minimum config required to 65
- Bump config to 65
- eXtremeSHOK.com Maintenance
- Added --install-all Install and generate the cron, logroate and man files, autodetects the values $oft based on your config files
- Added functions: xshok_prompt_confirm, xshok_is_file, xshok_is_subdir
- Replaced Y/N prompts with xshok_prompt_confirm
- Bug Fix for disabled databases being removed when the remove_disabled_databases is set to NO (default)
- Added more warnings to remove_script and made it double confirmed
- Remove_script will only remove work_dir if its a sub directory
- Remove_script will only remove files if they are files
- Removed -r switch, --remove-script needs to be used instead of both -r and --remove-script
- Fixed: remove_script not removing logrotate file, cron file, man file
- eXtremeSHOK.com Maintenance
- Minor bugfix for Sanesecurity_sigtest.yara Sanesecurity_spam.yara files being removed incorrectly
- Minor fix: yararulesproject_enabled not yararulesproject_enable
- eXtremeSHOK.com Maintenance
- Refactor some functions
- Added --install-man this will automatically generate and install the man (help) file
- Yararules and yararulesproject enabled by default
- Added clamav version detection to automatically disable yararules and yararulesproject if the current clamav version does not support them
- Database files ending with .yar/.yara/.yararules will automatically be disabled from the database if yara rules are not supported
- Script options are added to the man file
- Fixed hardcoded logrotate and cron in remove_script
- Fixed incorrectly assigned logrotate varibles in install-logrotate
- Config added info for port/package maintainers regarding: pkg_mgr and pkg_rm
- Removed pkg_mgr and pkg_rm from freebsd and openbsd os configs
- Allow overriding of all the individual workdirs, this is mainly to aid package maintainers
- Rename sanesecurity_dir to work_dir_sanesecurity, securiteinfo_dir to work_dir_securiteinfo, malwarepatrol_dir to work_dir_malwarepatrol, yararules_dir to work_dir_yararules, add_dir to work_dir_add, gpg_dir to work_dir_gpg, work_dir_configs to work_dir_work_configs
- Rename yararules_enabled to yararulesproject_enabled
- Rename all yararules to yararulesproject
- Fix to prevent disabled databases processing certian things which will not be used as they are disabled
- Set minimum config required to 62
- Bump config to 62
- eXtremeSHOK.com Maintenance
- Added OS X and openbsd configs
- Fixed host fallback sed issues by @MichaelKuch
- Suppress most error messages of chmod and chown
- check permissions before chmod
- Added the config option remove_disabled_databases # Default is "no", if enabled when a database is disabled we will remove the associated database files.
- Added function xshok_mkdir_ownership
- Do not set permissions of the log, cron and logrotate dirs
- Fix: fallback for missing gpg -r option on OS X
- Update sanesecurity signatures
- Bump config to 61
- eXtremeSHOK.com Maintenance
- Added --install-cron this will automatically generate and install the cron file
- Added --install-logrotate this will automatically generate and install the logrotate file
- Change official URL of SecuriteInfo signatures
- Added a new database (securiteinfoandroid.hdb) for SecuriteInfo
- Remove database files after disabling a database group by @reneschuster
- Updated Gentoo OS config by @orlitzky
- Regroup functiuons
- Increase travis-ci code testing
- Set minimum config required to 60
- Bump config to 60
- eXtremeSHOK.com Maintenance
- Updated winnow databases as per information from Tom @ OITC
- Bump config to 58
- eXtremeSHOK.com Maintenance
- Add support for specifying a custom config dir or file with (--config) -c option
- Removed default_config
- Added travis-ci build testing
- Updates to the help and usage display
- Added sanity testing of sanesecurity_dbs, securiteinfo_dbs, linuxmalwaredetect_dbs, yararules_dbs, add_dbs
- Added function xshok_array_count
- Prevent some issues with an incomplete or only a user.conf being loaded
- Added fallback to host if dig returns no records
- Check there are Sanesecurity mirror ips before we attempt to rsync
- Important binaries have been aliased (clamscan, rsync, curl, gpg) and allow their paths to be overridden
- Added sanity checks to make sure the binaries and workdir is defined
- Custom Binary Paths added to the config (clamscan_bin, rsync_bin, curl_bin, gpg_bin)
- Bump config to 57
- Added initial centos6 + cpanel os config
- Bugfix Only start logging once all the configs have been loaded
- Rename $version to script_version
- Default malwarePatrol to the free version
- Added script version checks
- eXtremeSHOK.com Maintenance
- Added/Updated OS configs: CentOS 7, FreeBSD, Slackware
- Added clamd_reload_opt to fix issues with centos7 conf
- Fix --remove-script should call remove_script() function by @IdahoPL
- Add OS specific settings to logrotate
- Increased default timeout values
- Attempt to Silence more output
- Create the log_file_path directory before we touch the file.
- Updated config file to remove the $work_dir varible from dir names
- Remove trailing / from directory names
- Initial support for Travis-Ci testing
- Fixed config option enable_logging -> logging_enabled
- Config updated to 56 due to changes
- eXtremeSHOK.com Maintenance
- Added OS configs: OpenSUSE, Archlinux, Gentoo, Raspbian, FreeBSD
- Fixed config option enable_logging -> logging_enabled
- eXtremeSHOK.com Maintenance
- Detect if the entire script is available/complete
- Fix for Missing space between "]
- eXtremeSHOK.com Maintenance
- Disable logging if the log file is not writable.
- Do not attempt to log before a config is loaded
- eXtremeSHOK.com Maintenance
- Added porcupine.hsb: Sha256 Hashes of VBS and JSE malware Database from sanesecurity
- Fix for missing $ for clamd_pid an incorrect variable definition
- Fixes for not removing dirs by @msapiro
- Updates to account for changed names and addition of sub-directories for Yara-Rules by @msapiro
- Use MD5 with MalwarePatrol by @olivier2557
- Suppress the header and config loading message if running via cron
- Added systemd files by @falon
- Added config option remove_bad_database, a database with a BAD integrity check will be removed
- Fixed broken whitelisting of malwarepatrol signatures
- Replaced Version command option -v with -V
- Added command option -v (--verbose) to force verbose output
- Removed config options: silence_ssl, curl_silence, rsync_silence, gpg_silence, comment_silence
- Added ignore_ssl option to supress ssl errors and warnings, ie operate in insecure mode.
- Replaced test-database command option -s with -t
- Replaced output-triggered command option -t with -o
- Added command option -s (--silence) to force silenced output
- Default verbose for terminal and silence for cron
- Added RHEL/Centos 7 config settings
- Added short option (-F) to Force all databases to be downloaded, could cause ip to be blocked"
- Fixed removal of failed databases, disbale with option "remove_bad_database"
- Removed config options: clamd_start, clamd_stop
- Full rewrite of the config handling, master.conf -> os.conf -> user.conf or your-specified.config
- Configs loaded from the /etc/clamav-unofficial-sigs dir
- Added various os.conf files to ease setup
- Added selinux_fixes config option, this will run restorecon on the database files
- minor code refactoring and reindenting
- eXtremeSHOK.com Maintenance
- Various Bug Fixes
- Last release of 4.x.x base
- minor code refactoring
- eXtremeSHOK.com Maintenance
- Added function xshok_check_s2 to prevent possible errors with -c and no configfile path
- minor code refactoring
- eXtremeSHOK.com Maintenance
- OS X compatibility fix by stewardle
- missing $ in $yararules_enabled
- eXtremeSHOK.com Maintenance
- Code Refactoring
- New function clamscan_reload_dbs, will first try and reload the clam database, if reload fails will restart clamd
- Added Function xshok_pretty_echo_and_log, far easier and cleaner way to output and log information
- Removed functions comment, log
- Removed config option reload_opt
- Added config option clamd_restart_opt
- Added support for # characters in config values, ie malwarepatrol subscription key contains a #
- Minor formatting and code consitency changes
- 10% Smaller script size
- Config updated to 53 due to changes
- eXtremeSHOK.com Maintenance
- Added long option (--force) to Force all databases to be downloaded, could cause ip to be blocked"
- added config option: malwarepatrol_free="yes", set to "no" to enable commercial subscription url
- added support for commercial malwarepatrol subscription
- Grammar fix in config
- SELINUX cronjob fix added to readme
- Corrects tput warning when used without TERM (like in cron)
- Config updated to 52 due to changes
- eXtremeSHOK.com Maintenance
- Code Refactoring
- Complete rewrite of the main case selector (program options)
- Added long options (--decode-sig, --encode-string, --encode-formatted, --gpg-verify, --information, --make-database, --remove-script, --test-database, --output-triggered)
- Replaced clamd-status.sh with --check-clamav
- Removed CHANGELOG, changelog has been replaced by this part of the readme and the git commit log.
- Config updated to 51 due to changes
- eXtremeSHOK.com Maintenance
- Code Refactoring
- Added generic options (--help --version --config)
- Correctly handle generic options before the main case selector
- Sanitize the config before the main case selector (option)
- Rewrite and formatting of the usage options
- Removed the version information code as this is always printed
- eXtremeSHOK.com Maintenance
- Code Refactoring
- Removed custom config forced to use the same filename as the default config
- Change file checks from exists to exists and is readable
- Removed legacy config checks
- Full support for custom config files for all tasks
- Removed function: no_default_config
- eXtremeSHOK.com Maintenance
- badmacro.ndb rule support for sanesecurity
- Sanesecurity_sigtest.yara rule support for sanesecurity
- Sanesecurity_spam.yara rule support for sanesecurity
- Changed required_config_version to minimum_required_config_version
- Script now supports a minimum config version to allow for out of sync config and script versions
- eXtremeSHOK.com Maintenance
- hackingteam.hsb rule support for sanesecurity
- eXtremeSHOK.com Maintenance
- Beta YARA rule support for sanesecurity
- Config updated to 4.8 due to changes
- Bugfix "securiteinfo_enabled" should be "$securiteinfo_enabled"
- eXtremeSHOK.com Maintenance
- Initial YARA rule support for sanesecurity
- Added Yara-Rules project Database
- Added config option to quickly enable/disable an entire database
- Config updated to 4.7 due to changes
- Note: Yara rules require clamav 0.99+
- Bugfix removed unused linuxmalwaredetect_authorisation_signature varible from script
- eXtremeSHOK.com Maintenance
- Updated SecuriteInfo setup instructions
- eXtremeSHOK.com Maintenance
- Committed patch-1 by SecuriteInfo (clean up of SecuriteInfo databases)
- Fixed double $surl_insecure
- eXtremeSHOK.com Maintenance
- Bugfix for SecuriteInfo not downloading by Colin Waring
- Default will now silence ssl errors caused by ssl certificate errors
- Config updated to 4.6 due to new varible: silence_ssl
- eXtremeSHOK.com Maintenance
- Improved config error checking
- Config updated to 4.5, due to invalid default dbs-si value
- Fix debug varible being present
- Bug fix for ubuntu 14.04 with sed being aliased
- Explicitly set bash as the shell
- eXtremeSHOK.com Maintenance
- Added error checking to detect if the config could be broken.
- eXtremeSHOK.com Maintenance
- Code refactoring:
- Added full support for Linux Malware Detect clamav databases
- Config updated to 4.4
- eXtremeSHOK.com Maintenance
- Code refactoring: group and move functions to top of script
- Complete rewrite of securiteinfo support, full support for Free/Delayed clamav by securiteinfo.com ;-P Note: securite info requires you to create a free account and add your authorisation code to the config.
- Config updated to 4.3
- Restructured Config
- eXtremeSHOK.com Maintenance
- Replace annoying si_, mbl_, ss_, with actual names ie. securiteinfo_, malwarepatrol_, sanesecurity_
- Complete rewrite of malwarepatrol support, full support for Free/Delayed clamav ;-P Note: malware patrol requires you to create a free account and add your "purchase" code to the config.
- More fixes to config prasing and stripping of comments and whitespace
- Code refactoring: remove empty commands: echo "" and comment ""
- Config version detection and enforcing
- eXtremeSHOK.com Maintenance
- Fix on default enable of foxhole medium and High false positive sources
- grammatical corrections to some comments and log output
- sig-boundary patch by Alan Stern
- create intermediate monitor-ign-old.txt to prevent reading and writing of local.ign by Alan Stern
- eXtremeSHOK.com Maintenance
- Enabled all low false positive sources by default
- Added all Sanesecurity database files
- Disabled all med/high false positive sources by default
- Set default configs to work out of the box on a centos system
- Silence cron job
- Set correct paths throughout the script
- Updated Installation Instructions
- Updated Paths for removal
- Updated Default locations to reflect installation instructions
- Fix: correctly remove comments and blanklines from config before eval
- Remove: invalid config values (eg. EXPORT path)
- Fix: correctly check if rsync was successful