diff options
Diffstat (limited to 'network/clamav-unofficial-sigs')
10 files changed, 252 insertions, 52 deletions
diff --git a/network/clamav-unofficial-sigs/README b/network/clamav-unofficial-sigs/README index 5b1f013ecd..936738ebb7 100644 --- a/network/clamav-unofficial-sigs/README +++ b/network/clamav-unofficial-sigs/README @@ -6,25 +6,14 @@ capabilities and make an excellent enhancement to native clamav signatures. It is especially useful when running a mailserver with clamav. The best way to update signatures is to set up a cron job. -Following four sources of signatures are used by default in the config file: - -1) SaneSecurity -2) MSRBL (Realtime Blacklists) -3) SecuriteInfo -4) MalwarePatrol - These sources are fully tweakable via the config file. Also refer to the documentation included with the package which provides configuration and setup infomation. -Following are the URLs for each signature source. -SaneSecurity: http://www.sanesecurity.com/index.htm -SecuriteInfo: http://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml -MSRBL: http://www.msrbl.com/ -MalwarePatrol: http://www.malware.com.br/ +The original script was from Bill Landry but it has not been updated for a +while now and so this new script from ExtremeSHOK is now the recommended +way to update third-party signature. More information is here: -A sample cron entry is included in the package docs, please make appropriate -changes to it and add it to root's crontab. +http://sanesecurity.com/usage/linux-scripts/ -If you are using a firewall on your server, you may have to allow rsync -traffic as MSRBL sigs are downloaded using rsync. +A sample cron job script is included in the package docs. diff --git a/network/clamav-unofficial-sigs/UPGRADE_NOTICE b/network/clamav-unofficial-sigs/UPGRADE_NOTICE new file mode 100644 index 0000000000..de5a413ef7 --- /dev/null +++ b/network/clamav-unofficial-sigs/UPGRADE_NOTICE @@ -0,0 +1,9 @@ +If you are upgrading from verion 3.7.2 or earlier to this version: + +Please make sure you backup your existing config file. New maintainers +have done major rework with the script and config files. + +All config files are now located in /etc/clamav-unofficial-sigs directory. + +Be prepared to move all your configs to the new location by hand and +to make necessary changes inside the new config. diff --git a/network/clamav-unofficial-sigs/clamav-unofficial-sigs.8 b/network/clamav-unofficial-sigs/clamav-unofficial-sigs.8 new file mode 100644 index 0000000000..24bd576e5b --- /dev/null +++ b/network/clamav-unofficial-sigs/clamav-unofficial-sigs.8 @@ -0,0 +1,75 @@ + +.\" Manual page for eXtremeSHOK.com ClamAV Unofficial Signature Updater +.TH clamav-unofficial-sigs 8 "18 April 2016" "Version: 5.2.2" "SCRIPT COMMANDS" +.SH NAME +clamav-unofficial-sigs \- Download, test, and install third-party ClamAV signature databases. +.SH SYNOPSIS +.B clamav-unofficial-sigs +.RI [ options ] +.SH DESCRIPTION +\fBclamav-unofficial-sigs\fP provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, etc. It will also generate and install cron, logrotate, and man files. +.SH UPDATES +Script updates can be found at: \fBhttps://github.com/extremeshok/clamav-unofficial-sigs\fP +.SH OPTIONS +This script follows the standard GNU command line syntax. +.LP +\fB Usage: clamav\-unofficial\-sigs.sh \fR [OPTION] [PATH|FILE] +.TP +\fB \-c, \-\-config \fR Use a specific configuration file or directory eg: '\-c /your/dir' or ' \-c /your/file.name' Note: If a directory is specified the directory must contain atleast: master.conf, os.conf or user.conf Default Directory: /etc/clamav\-unofficial\-sigs +.TP +\fB \-F, \-\-force \fR Force all databases to be downloaded, could cause ip to be blocked +.TP +\fB \-h, \-\-help \fR Display this script's help and usage information +.TP +\fB \-V, \-\-version \fR Output script version and date information +.TP +\fB \-v, \-\-verbose \fR Be verbose, enabled when not run under cron +.TP +\fB \-s, \-\-silence \fR Only output error messages, enabled when run under cron +.TP +\fB \-d, \-\-decode\-sig \fR Decode a third\-party signature either by signature name (eg: Sanesecurity.Junk.15248) or hexadecimal string. This flag will 'NOT' decode image signatures +.TP +\fB \-e, \-\-encode\-string \fR Hexadecimal encode an entire input string that can be used in any '*.ndb' signature database file +.TP +\fB \-f, \-\-encode\-formatted \fR Hexadecimal encode a formatted input string containing signature spacing fields '{}, (), *', without encoding the spacing fields, so that the encoded signature can be used in any '*.ndb' signature database file +.TP +\fB \-g, \-\-gpg\-verify \fR GPG verify a specific Sanesecurity database file eg: '\-g filename.ext' (do not include file path) +.TP +\fB \-i, \-\-information \fR Output system and configuration information for viewing or possible debugging purposes +.TP +\fB \-m, \-\-make\-database \fR Make a signature database from an ascii file containing data strings, with one data string per line. Additional information is provided when using this flag +.TP +\fB \-t, \-\-test\-database \fR Clamscan integrity test a specific database file eg: '\-s filename.ext' (do not include file path) +.TP +\fB \-o, \-\-output\-triggered \fR If HAM directory scanning is enabled in the script's configuration file, then output names of any third\-party signatures that triggered during the HAM directory scan +.TP +\fB \-w, \-\-whitelist \fR Adds a signature whitelist entry in the newer ClamAV IGN2 format to 'my\-whitelist.ign2' in order to temporarily resolve a false\-positive issue with a specific third\-party signature. Script added whitelist entries will automatically be removed if the original signature is either modified or removed from the third\-party signature database +.TP +\fB \-\-check\-clamav \fR If ClamD status check is enabled and the socket path is correctly specifiedthen test to see if clamd is running or not +.TP +\fB \-\-install\-all \fR Install and generate the cron, logroate and man files, autodetects the values based on your config files +.TP +\fB \-\-install\-cron \fR Install and generate the cron file, autodetects the values based on your config files +.TP +\fB \-\-install\-logrotate \fR Install and generate the logrotate file, autodetects the values based on your config files +.TP +\fB \-\-install\-man \fR Install and generate the man file, autodetects the values based on your config files +.TP +\fB \-\-remove\-script \fR Remove the clamav\-unofficial\-sigs script and all of its associated files and databases from the system +.TP +.SH SEE ALSO +.BR clamd (8), +.BR clamscan (1) +.SH COPYRIGHT +Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +.TP +You are free to use, modify and distribute, however you may not remove this notice. +.SH LICENSE +BSD (Berkeley Software Distribution) +.SH BUGS +Report bugs to \fBhttps://github.com/extremeshok/clamav-unofficial-sigs\fP +.SH AUTHOR +Adrian Jon Kriel :: admin@extremeshok.com +Originially based on Script provide by Bill Landry + + diff --git a/network/clamav-unofficial-sigs/clamav-unofficial-sigs.SlackBuild b/network/clamav-unofficial-sigs/clamav-unofficial-sigs.SlackBuild index 2c1f1a706d..906fe1b175 100644 --- a/network/clamav-unofficial-sigs/clamav-unofficial-sigs.SlackBuild +++ b/network/clamav-unofficial-sigs/clamav-unofficial-sigs.SlackBuild @@ -1,12 +1,9 @@ #!/bin/sh # Slackware Package Build Script for clamav-unofficial-sigs -# package provides easy download and integration of unofficial third-party -# clamav signatures. +# Home Page: https://github.com/extremeshok/clamav-unofficial-sigs -# Home Page: http://www.inetmsg.com/pub/ - -# Copyright (c) 2009-2013, Nishant Limbachia, Hoffman Estates, IL, USA +# Copyright (c) 2009-2016, Nishant Limbachia, Hoffman Estates, IL, USA # (nishant _AT_ mnspace _DOT_ net) # All rights reserved. # @@ -29,7 +26,7 @@ # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM="clamav-unofficial-sigs" -VERSION=${VERSION:-3.7.2} +VERSION=${VERSION:-5.4.1} ARCH="noarch" # hardcode ARCH BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -39,7 +36,7 @@ TMP=${TMP:-/tmp/SBo} PKG=$TMP/package-$PRGNAM OUTPUT=${OUTPUT:-/tmp} -set -e +set -e ### user and group for config file CONFIG_USER="root" @@ -48,43 +45,36 @@ CONFIG_GROUP="clamav" rm -fr $TMP/$PRGNAM-$VERSION $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP -tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz || tar xvf $CWD/v$VERSION.tar.gz cd $PRGNAM-$VERSION chown -R root:root . -mkdir -p $PKG/usr/{bin,doc/$PRGNAM-$VERSION,man/man8} + +# Apply patches, copy configs +mkdir -p $PKG/etc/{$PRGNAM,logrotate.d} + +patch -p0 < $CWD/patches/os.slackware.conf.patch +patch -p0 < $CWD/patches/master.conf.patch +install -m 0644 -D config/user.conf $PKG/etc/$PRGNAM/user.conf.new +install -m 0644 -D config/os.slackware.conf $PKG/etc/$PRGNAM/os.conf.new +install -m 0644 -D config/master.conf $PKG/etc/$PRGNAM/master.conf.new ### install bash script -install -m 0755 $PRGNAM.sh $PKG/usr/bin +install -m 0755 -D $PRGNAM.sh $PKG/usr/bin/$PRGNAM.sh ### install docs -install -m 0644 CHANGELOG INSTALL README \ -LICENSE clamd-status.sh \ -$PRGNAM-cron $PKG/usr/doc/$PRGNAM-$VERSION +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +install -m 0644 INSTALL README.md LICENSE $CWD/UPGRADE_NOTICE \ + $CWD/$PRGNAM.cron $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild ### install logrotate script -install -D -m 0644 $PRGNAM-logrotate $PKG/etc/logrotate.d/$PRGNAM.new +install -m 0644 $CWD/$PRGNAM.logrotate $PKG/etc/logrotate.d/$PRGNAM.new ### install manpage and compress manpage -install -m 0644 $PRGNAM.8 $PKG/usr/man/man8 +install -m 0644 -D $CWD/$PRGNAM.8 $PKG/usr/man/man8/$PRGNAM.8 gzip -9 $PKG/usr/man/man8/$PRGNAM.8 -# Patch and provide config file in /etc -# The patch actually introduces two variables: pkg_mgr & pkg_rm. -# These variables are original developer's recommended way to stop -# the script from removing itself (and its files) via the "-r" flag -patch -p0 < $CWD/package_manager.patch -mkdir -p $PKG/etc -install -m 0640 $PRGNAM.conf $PKG/etc/$PRGNAM.conf.new -chown $CONFIG_USER:$CONFIG_GROUP $PKG/etc/$PRGNAM.conf.new - -mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a \ - CHANGELOG INSTALL README LICENSE clamd-status.sh $PRGNAM-cron \ - $PKG/usr/doc/$PRGNAM-$VERSION -cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild - mkdir -p $PKG/install cat $CWD/doinst.sh > $PKG/install/doinst.sh cat $CWD/slack-desc > $PKG/install/slack-desc diff --git a/network/clamav-unofficial-sigs/clamav-unofficial-sigs.cron b/network/clamav-unofficial-sigs/clamav-unofficial-sigs.cron new file mode 100644 index 0000000000..f59068b3e9 --- /dev/null +++ b/network/clamav-unofficial-sigs/clamav-unofficial-sigs.cron @@ -0,0 +1,32 @@ +# https://eXtremeSHOK.com ###################################################### +# This file contains the cron settings for clamav-unofficial-sigs.sh +################### +# This is property of eXtremeSHOK.com +# You are free to use, modify and distribute, however you may not remove this notice. +# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +################## +# +# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs +# +# Originially based on: +# Script provide by Bill Landry (unofficialsigs@gmail.com). +# +# License: BSD (Berkeley Software Distribution) +# +################## +# Automatically Generated: Sun May 8 10:25:59 CDT 2016 +################## +# +# This cron file will execute the clamav-unofficial-sigs.sh script that +# currently supports updating third-party signature databases provided +# by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, etc. +# +# The script is set to run hourly, at a random minute past the hour, and the +# script itself is set to randomize the actual execution time between +# 60 - 600 seconds. To Adjust the cron values, edit your configs and run +# bash clamav-unofficial-sigs.sh --install-cron to generate a new file. + +6 * * * * clamav /usr/bin/bash /usr/bin/clamav-unofficial-sigs.sh > /dev/null + +# https://eXtremeSHOK.com ###################################################### + diff --git a/network/clamav-unofficial-sigs/clamav-unofficial-sigs.info b/network/clamav-unofficial-sigs/clamav-unofficial-sigs.info index 80257da7fe..4f948be2fd 100644 --- a/network/clamav-unofficial-sigs/clamav-unofficial-sigs.info +++ b/network/clamav-unofficial-sigs/clamav-unofficial-sigs.info @@ -1,8 +1,8 @@ PRGNAM="clamav-unofficial-sigs" -VERSION="3.7.2" -HOMEPAGE="http://sourceforge.net/projects/unofficial-sigs/" -DOWNLOAD="http://sourceforge.net/projects/unofficial-sigs/files/clamav-unofficial-sigs-3.7.2.tar.gz" -MD5SUM="3fc7934f5b3ae139e852fd6d0e1996a0" +VERSION="5.4.1" +HOMEPAGE="https://github.com/extremeshok/clamav-unofficial-sigs" +DOWNLOAD="https://github.com/extremeshok/clamav-unofficial-sigs/archive/5.4.1.tar.gz" +MD5SUM="751ad669a07a40db0e6b477648fe494e" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="clamav" diff --git a/network/clamav-unofficial-sigs/clamav-unofficial-sigs.logrotate b/network/clamav-unofficial-sigs/clamav-unofficial-sigs.logrotate new file mode 100644 index 0000000000..0b4cebc9e6 --- /dev/null +++ b/network/clamav-unofficial-sigs/clamav-unofficial-sigs.logrotate @@ -0,0 +1,32 @@ +# https://eXtremeSHOK.com ###################################################### +# This file contains the logrotate settings for clamav-unofficial-sigs.sh +################### +# This is property of eXtremeSHOK.com +# You are free to use, modify and distribute, however you may not remove this notice. +# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +################## +# +# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs +# +# Originially based on: +# Script provide by Bill Landry (unofficialsigs@gmail.com). +# +# License: BSD (Berkeley Software Distribution) +# +################## +# Automatically Generated: $(date) +################## +# +# This logrotate file will rotate the logs generated by the clamav-unofficial-sigs.sh +# +# To Adjust the logrotate values, edit your configs and run +# bash clamav-unofficial-sigs.sh --install-logrotate to generate a new file. + +/var/log/clamav/clamav-unofficial-sigs.log { + weekly + rotate 4 + missingok + notifempty + compress + create 0644 clamav clamav +}
\ No newline at end of file diff --git a/network/clamav-unofficial-sigs/doinst.sh b/network/clamav-unofficial-sigs/doinst.sh index a7c044824b..233baaaeda 100644 --- a/network/clamav-unofficial-sigs/doinst.sh +++ b/network/clamav-unofficial-sigs/doinst.sh @@ -11,6 +11,8 @@ config() { # Otherwise, we leave the .new copy for the admin to consider... } -config etc/clamav-unofficial-sigs.conf.new +config etc/clamav-unofficial-sigs/master.conf.new +config etc/clamav-unofficial-sigs/user.conf.new +config etc/clamav-unofficial-sigs/os.conf.new config etc/logrotate.d/clamav-unofficial-sigs.new - +printf "Please review UPGRADE_NOTICE in the docs\n" diff --git a/network/clamav-unofficial-sigs/patches/master.conf.patch b/network/clamav-unofficial-sigs/patches/master.conf.patch new file mode 100644 index 0000000000..6491f8da17 --- /dev/null +++ b/network/clamav-unofficial-sigs/patches/master.conf.patch @@ -0,0 +1,51 @@ +--- config/master.conf.orig 2016-05-08 14:29:36.954240236 -0500 ++++ config/master.conf 2016-05-08 14:33:04.116828055 -0500 +@@ -24,8 +24,8 @@ + # Set the appropriate ClamD user and group accounts for your system. + # If you do not want the script to set user and group permissions on + # files and directories, comment the next two variables. +-#clam_user="clamav" +-#clam_group="clamav" ++clam_user="clamav" ++clam_group="clamav" + + # If you do not want the script to change the file mode of all signature + # database files in the ClamAV working directory to 0644 (-rw-r--r--): +@@ -55,7 +55,7 @@ + reload_dbs="yes" + + # Top level working directory, script will attempt to create them. +-work_dir="/var/lib/clamav-unofficial-sigs" #Top level working directory ++work_dir="/var/lib/clamav/clamav-unofficial-sigs" #Top level working directory + + # Log update information to '$log_file_path/$log_file_name'. + logging_enabled="yes" +@@ -357,7 +357,7 @@ + max_sleep_time="600" # Default maximum is 600 seconds (10 minutes). + + # Command to do a full clamd service stop/start +-#clamd_restart_opt="service clamd restart" ++clamd_restart_opt="/etc/rc.d/rc.clamav restart" + + # Custom Command to fo a full clamd reload, this defaults to "clamdscan --reload" when not set + #clamd_reload_opt="clamdscan --reload" +@@ -459,15 +459,15 @@ + + # Custom man install settings, these are detected and only used if you want to override + # the automatic detection and generation of the values when not set, this is mainly to aid package maintainers +-#man_dir="" #default: /usr/share/man/man8 +-#man_filename="" #default: clamav-unofficial-sigs.8 ++man_dir="/usr/man/man8" #default: /usr/share/man/man8 ++man_filename="clamav-unofficial-sigs.8" #default: clamav-unofficial-sigs.8 + + # Provided two variables that package and port maintainers can use in order to + # prevent the script from removing itself with the '-r' flag + # If the script was installed via a package manager like yum, apt, pkg, etc. + # The script will instead provide feedback to the user about how to uninstall the package. +-#pkg_mgr="" #the package manager name +-#pkg_rm="" #the package manager command to remove the script ++pkg_mgr="pkgtool" #the package manager name ++pkg_rm="removepkg clamav-unofficial-sigs" #the package manager command to remove the script + + # Custom full working directory paths, these are detected and only used if you want to override + # the automatic detection and generation of the values when not set, this is mainly to aid package maintainers diff --git a/network/clamav-unofficial-sigs/patches/os.slackware.conf.patch b/network/clamav-unofficial-sigs/patches/os.slackware.conf.patch new file mode 100644 index 0000000000..94e58b6ace --- /dev/null +++ b/network/clamav-unofficial-sigs/patches/os.slackware.conf.patch @@ -0,0 +1,20 @@ +--- config/os.slackware.conf.orig 2016-05-03 21:29:02.518557766 -0500 ++++ config/os.slackware.conf 2016-05-03 21:31:20.083647753 -0500 +@@ -27,13 +27,13 @@ + clam_user="clamav" + clam_group="clamav" + +-#clam_dbs="/var/lib/clamav" +-clam_dbs="/usr/local/share/clamav" ++clam_dbs="/var/lib/clamav" ++#clam_dbs="/usr/local/share/clamav" + + clamd_pid="/var/run/clamav/clamd.pid" + +-clamd_restart_opt="service clamd restart" ++clamd_restart_opt="/etc/rc.d/rc.clamav restart" + +-#clamd_socket="/var/run/clamav/clamd.socket" ++clamd_socket="/var/run/clamav/clamd.socket" + + # https://eXtremeSHOK.com ###################################################### |