Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:chkpnt:mailserver
clamav-unofficial-sigs
_service:obs_scm:clamav-unofficial-sigs-7.2.5.o...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:clamav-unofficial-sigs-7.2.5.obscpio of Package clamav-unofficial-sigs
07070100000000000081A4000000000000000000000001605562B100000167000000000000000000000000000000000000002E00000000clamav-unofficial-sigs-7.2.5/.codeclimate.yml--- engines: shellcheck: enabled: true checks: SC2001: enabled: false SC2076: enabled: false SC2086: enabled: false SC2119: enabled: false SC2128: enabled: false SC2154: enabled: false fixme: enabled: true ratings: paths: [] exclude_paths: - .t/ - dev/ 07070100000001000081A4000000000000000000000001605562B10000002A000000000000000000000000000000000000002C00000000clamav-unofficial-sigs-7.2.5/.gitattributes*.cvd filter=lfs diff=lfs merge=lfs -text 07070100000002000041ED000000000000000000000002605562B100000000000000000000000000000000000000000000002500000000clamav-unofficial-sigs-7.2.5/.github07070100000003000081A4000000000000000000000001605562B10000008C000000000000000000000000000000000000003100000000clamav-unofficial-sigs-7.2.5/.github/FUNDING.yml# These are supported funding model platforms github: extremeshok custom: ['https://paypal.me/AdrianKriel', 'https://www.extremeshok.com'] 07070100000004000081A4000000000000000000000001605562B100000017000000000000000000000000000000000000003000000000clamav-unofficial-sigs-7.2.5/.markdownlint.json{ "MD013": false } 07070100000005000041ED000000000000000000000004605562B100000000000000000000000000000000000000000000002000000000clamav-unofficial-sigs-7.2.5/.t07070100000006000081A4000000000000000000000001605562B1000002FF000000000000000000000000000000000000003300000000clamav-unofficial-sigs-7.2.5/.t/ci-clamav-clean.sh#!/bin/sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/musl/bin:$HOME/bin pwd echo "Cleaning CI enviroment" rm -f /etc/cron.d/clamav-unofficial-sigs rm -f /etc/logrotate.d/clamav-unofficial-sigs rm -f /usr/share/man/man8/clamav-unofficial-sigs.8 rm -rf /var/lib/clamav-unofficial-sigs service clamav-daemon stop apt-get purge libclamav6 clamav-base clamav-freshclam clamav clamav-daemon -qq rm -rf /var/lib/clamav echo .. OK #force the exit to 0 exit 0 07070100000007000081A4000000000000000000000001605562B100000650000000000000000000000000000000000000004C00000000clamav-unofficial-sigs-7.2.5/.t/ci-clamav-download-default-databases-git.sh#!/bin/sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/musl/bin:$HOME/bin pwd echo "Downloading latest clamav databases" wget -nv -t 9 https://github.com/extremeshok/clamav-sample-db/raw/master/bytecode.cvd.7z 7za e bytecode.cvd.7z if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi wget -nv -t 9 https://github.com/extremeshok/clamav-sample-db/raw/master/daily.cvd.7z.003 wget -nv -t 9 https://github.com/extremeshok/clamav-sample-db/raw/master/daily.cvd.7z.002 wget -nv -t 9 https://github.com/extremeshok/clamav-sample-db/raw/master/daily.cvd.7z.001 7za e daily.cvd.7z.001 if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi wget -nv -t 9 https://github.com/extremeshok/clamav-sample-db/raw/master/main.cvd.7z.006 wget -nv -t 9 https://github.com/extremeshok/clamav-sample-db/raw/master/main.cvd.7z.005 wget -nv -t 9 https://github.com/extremeshok/clamav-sample-db/raw/master/main.cvd.7z.004 wget -nv -t 9 https://github.com/extremeshok/clamav-sample-db/raw/master/main.cvd.7z.003 wget -nv -t 9 https://github.com/extremeshok/clamav-sample-db/raw/master/main.cvd.7z.002 wget -nv -t 9 https://github.com/extremeshok/clamav-sample-db/raw/master/main.cvd.7z.001 7za e main.cvd.7z.001 if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi 07070100000008000081A4000000000000000000000001605562B100000326000000000000000000000000000000000000004800000000clamav-unofficial-sigs-7.2.5/.t/ci-clamav-download-default-databases.sh#!/bin/sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/musl/bin:$HOME/bin pwd echo "Downloading latest clamav databases" wget -nv -t 9 http://database.clamav.net/bytecode.cvd if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi wget -nv -t 9 http://database.clamav.net/daily.cvd if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi wget -nv -t 9 http://database.clamav.net/main.cvd if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi 07070100000009000081A4000000000000000000000001605562B100000A7F000000000000000000000000000000000000004200000000clamav-unofficial-sigs-7.2.5/.t/ci-clamav-install-macos-clamav.sh#!/bin/sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/musl/bin:$HOME/bin pwd echo "Installing default Clamav" # Create clamav user and group dscl . create /Groups/clamav dscl . create /Groups/clamav RealName "Clam Antivirus Group" dscl . create /Groups/clamav gid 799 dscl . create /Users/clamav dscl . create /Users/clamav RealName "Clam Antivirus User" dscl . create /Users/clamav UserShell /bin/false dscl . create /Users/clamav UniqueID 599 dscl . create /Users/clamav PrimaryGroupID 799 # Create the dirs mkdir -p /usr/local/var/clamav/run mkdir -p /usr/local/var/clamav/log mkdir -p /usr/local/var/clamav/db mkdir -p /Library/LaunchDaemons ls -laFh /usr/local/etc/clamav/ # Generate the configs if [ ! -f "/usr/local/etc/clamav/clamd.conf.sample" ] ; then echo "Missing: /usr/local/etc/clamav/clamd.conf" exit 1 fi cp "/usr/local/etc/clamav/clamd.conf.sample" "/usr/local/etc/clamav/clamd.conf" sed -e "s|# Example config file|# Config file|" \ -e "s|^Example$|# Example|" \ -e "s|^#MaxDirectoryRecursion 20$|MaxDirectoryRecursion 25|" \ -e "s|^#LogFile .*|LogFile /usr/local/var/clamav/log/clamd.log|" \ -e "s|^#PidFile .*|PidFile /usr/local/var/clamav/run/clamd.pid|" \ -e "s|^#DatabaseDirectory .*|DatabaseDirectory /usr/local/var/clamav/db|" \ -e "s|^#LocalSocket .*|LocalSocket /usr/local/var/clamav/run/clamd.socket|" \ -e "s|^#FixStaleSocket|FixStaleSocket|" \" -i -n "/usr/local/etc/clamav/clamd.conf" # Fix permissions chown -R clamav:clamav /usr/local/var/clamav # Clamd socket touch /usr/local/var/clamav/run/clamd.socket chown clamav:clamav /usr/local/var/clamav/run/clamd.socket tee "/Library/LaunchDaemons/clamav.clamd.plist" << EOF > /dev/null <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>clamav.clamd</string> <key>ProgramArguments</key> <array> <string>/usr/local/sbin/clamd</string> <string>--foreground</string> </array> <key>KeepAlive</key> <true/> <key>StandardErrorPath</key> <string>/usr/local/var/clamav/log/clamd.error.log</string> </dict> </plist> EOF chown root:wheel "/Library/LaunchDaemons/clamav.clamd.plist" chmod 0644 "/Library/LaunchDaemons/clamav.clamd.plist" 0707010000000A000081A4000000000000000000000001605562B100000346000000000000000000000000000000000000004500000000clamav-unofficial-sigs-7.2.5/.t/ci-clamav-install-macos-databases.sh#!/bin/sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/musl/bin:$HOME/bin pwd echo "Installing latest clamav databases" mkdir -p /var/lib/clamav cp -f bytecode.cvd /usr/local/var/clamav/db/bytecode.cvd cp -f daily.cvd /usr/local/var/clamav/db/daily.cvd cp -f main.cvd /usr/local/var/clamav/db/main.cvd chown -R clamav:clamav /usr/local/var/clamav/db/ #launchctl kickstart -k system/clamav.clamd launchctl load "/Library/LaunchDaemons/clamav.clamd.plist" if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi 0707010000000B000081A4000000000000000000000001605562B1000002D5000000000000000000000000000000000000004600000000clamav-unofficial-sigs-7.2.5/.t/ci-clamav-install-ubuntu-databases.sh#!/bin/sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/musl/bin:$HOME/bin pwd echo "Installing latest clamav databases" mkdir -p /var/lib/clamav cp -f bytecode.cvd /var/lib/clamav/bytecode.cvd cp -f daily.cvd /var/lib/clamav/daily.cvd cp -f main.cvd /var/lib/clamav/main.cvd chown -R clamav:clamav /var/lib/clamav service clamav-daemon start if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi 0707010000000C000081A4000000000000000000000001605562B100000129000000000000000000000000000000000000002C00000000clamav-unofficial-sigs-7.2.5/.t/ci-force.sh#!/bin/sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## echo .. forced OK 0707010000000D000081A4000000000000000000000001605562B100000248000000000000000000000000000000000000003100000000clamav-unofficial-sigs-7.2.5/.t/ci-shellcheck.sh#!/bin/sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/musl/bin:$HOME/bin pwd echo "Shellcheck-ing script" shellcheck --exclude=SC2128,SC2154,SC2001,SC2119,SC2120 --shell=bash clamav-unofficial-sigs.sh if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi 0707010000000E000081A4000000000000000000000001605562B1000007F2000000000000000000000000000000000000003100000000clamav-unofficial-sigs-7.2.5/.t/ci-test-macos.sh#!/bin/sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/musl/bin:$HOME/bin pwd echo "running script verbose default curl" bash /usr/local/bin/clamav-unofficial-sigs.sh --verbose if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "check signature placed correctly" if [ -e "/usr/local/var/clamav/db/sanesecurity.ftm" ] ; then echo .. OK else echo .. ERROR exit 1 fi # # echo "check database integrity test" # bash clamav-unofficial-sigs.sh --test-database sanesecurity.ftm # if [ "$?" -eq "0" ] ; then # echo .. OK # else # echo .. ERROR # exit 1 # fi # # echo "check gpg verify test" # bash clamav-unofficial-sigs.sh --gpg-verify scam.ndb # if [ "$?" -eq "0" ] ; then # echo .. OK # else # echo .. ERROR # exit 1 # fi # echo "check clamav-daemon service will start" # service clamav-daemon stop # service clamav-daemon start # if [ "$?" -eq "0" ] ; then # echo .. OK # else # echo .. ERROR # exit 1 # f echo "===== HIGH /var/lib/clamav/ =====" ls -laFh /var/lib/clamav/ echo "================" echo "running script verbose with LOW ratings" cp -f .t/tests/user_low.conf /usr/local/etc/clamav-unofficial-sigs/user.conf bash /usr/local/bin/clamav-unofficial-sigs.sh --verbose if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "===== LOW /var/lib/clamav/ =====" ls -laFh /var/lib/clamav/ echo "================" echo "Was /var/lib/clamav-unofficial-sigs/dbs-ss/jurlbl.ndb removed ?" if [ ! -e "/var/lib/clamav-unofficial-sigs/dbs-ss/jurlbl.ndb" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "Was /var/lib/clamav/phish.ndb removed ?" if [ ! -e "/var/lib/clamav/phish.ndb" ] ; then echo .. OK else echo .. ERROR exit 1 fi 0707010000000F000081A4000000000000000000000001605562B1000011E7000000000000000000000000000000000000003200000000clamav-unofficial-sigs-7.2.5/.t/ci-test-ubuntu.sh#!/bin/sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/musl/bin:$HOME/bin pwd echo "Remove test signature if it exists. " if [ -e "/var/lib/clamav/sanesecurity.ftm" ] ; then rm -f /var/lib/clamav/sanesecurity.ftm fi echo "running script verbose and force_wget" cp -f .t/tests/user_wget.conf /etc/clamav-unofficial-sigs/user.conf bash /usr/sbin/clamav-unofficial-sigs --verbose if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "running script verbose default curl" cp -f .t/tests/user.conf /etc/clamav-unofficial-sigs/user.conf bash /usr/sbin/clamav-unofficial-sigs --verbose if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "running script as clamav and silence" sudo -u clamav [ -x /usr/sbin/clamav-unofficial-sigs ] && bash /usr/sbin/clamav-unofficial-sigs --force --silence if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "check signature placed correctly" if [ -e "/var/lib/clamav/sanesecurity.ftm" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "check cron file generation" bash clamav-unofficial-sigs.sh --install-cron if [ "$?" -eq "0" ] ; then if [ -e "/etc/cron.d/clamav-unofficial-sigs" ] ; then echo .. OK else echo .. ERROR exit 1 fi else echo .. ERROR exit 1 fi echo "check logrotate file generation" bash clamav-unofficial-sigs.sh --install-logrotate if [ "$?" -eq "0" ] ; then if [ -e "/etc/logrotate.d/clamav-unofficial-sigs" ] ; then echo .. OK else echo .. ERROR exit 1 fi else echo .. ERROR exit 1 fi echo "check man file generation" bash clamav-unofficial-sigs.sh --install-man if [ "$?" -eq "0" ] ; then if [ -e "/usr/share/man/man8/clamav-unofficial-sigs.8" ] ; then echo .. OK else echo .. ERROR exit 1 fi else echo .. ERROR exit 1 fi echo "check database integrity test" bash clamav-unofficial-sigs.sh --test-database sanesecurity.ftm if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "check gpg verify test" bash clamav-unofficial-sigs.sh --gpg-verify scam.ndb if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "check clamav-daemon service will start" service clamav-daemon stop service clamav-daemon start if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "===== HIGH /var/lib/clamav/ =====" ls -laFh /var/lib/clamav/ echo "================" echo "running script verbose with LOW ratings" cp -f .t/tests/user_low.conf /etc/clamav-unofficial-sigs/user.conf bash /usr/sbin/clamav-unofficial-sigs --verbose if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "===== LOW /var/lib/clamav/ =====" ls -laFh /var/lib/clamav/ echo "================" echo "Was /var/lib/clamav-unofficial-sigs/dbs-ss/jurlbl.ndb removed ?" if [ ! -e "/var/lib/clamav-unofficial-sigs/dbs-ss/jurlbl.ndb" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "Was /var/lib/clamav/phish.ndb removed ?" if [ ! -e "/var/lib/clamav/phish.ndb" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "running script verbose with malware expert databases" cp -f .t/tests/user_malwareexpert.conf /etc/clamav-unofficial-sigs/user.conf bash /usr/sbin/clamav-unofficial-sigs --verbose if [ "$?" -eq "0" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "===== MALWAREEXPERT /var/lib/clamav/ =====" ls -laFh /var/lib/clamav/ echo "================" echo "Was /var/lib/clamav-unofficial-sigs/dbs-ss/jurlbl.ndb removed ?" if [ ! -e "/var/lib/clamav-unofficial-sigs/dbs-ss/jurlbl.ndb" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "Was /var/lib/clamav/malware.expert.hdb added ?" if [ -e "/var/lib/clamav/malware.expert.hdb" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "Was /var/lib/clamav/malware.expert.fp added ?" if [ -e "/var/lib/clamav/malware.expert.fp" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "Was /var/lib/clamav/malware.expert.ldb added ?" if [ -e "/var/lib/clamav/malware.expert.ldb" ] ; then echo .. OK else echo .. ERROR exit 1 fi echo "Was /var/lib/clamav/malware.expert.ndb added ?" if [ -e "/var/lib/clamav/malware.expert.ndb" ] ; then echo .. OK else echo .. ERROR exit 1 fi 07070100000010000041ED000000000000000000000002605562B100000000000000000000000000000000000000000000002700000000clamav-unofficial-sigs-7.2.5/.t/clamdb07070100000011000081A4000000000000000000000001605562B100000083000000000000000000000000000000000000003B00000000clamav-unofficial-sigs-7.2.5/.t/clamdb/sample-bytecode.cvdversion https://git-lfs.github.com/spec/v1 oid sha256:c3a0b17b907571bc9b4237b5065962152790b0f054144282a5243c8f373fce8b size 103980 07070100000012000041ED000000000000000000000002605562B100000000000000000000000000000000000000000000002600000000clamav-unofficial-sigs-7.2.5/.t/tests07070100000013000081A4000000000000000000000001605562B100000697000000000000000000000000000000000000003000000000clamav-unofficial-sigs-7.2.5/.t/tests/user.conf################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## malwarepatrol_enabled="yes" malwarepatrol_receipt_code=$ci_malwarepatrol_receipt_code malwarepatrol_product_code=$ci_malwarepatrol_receipt_code malwarepatrol_list=$ci_malwarepatrol_receipt_code malwarepatrol_free=$ci_malwarepatrol_free securiteinfo_enabled="yes" securiteinfo_authorisation_signature=$ci_securiteinfo_authorisation_signature sanesecurity_enabled="yes" linuxmalwaredetect_enabled="yes" # THIS NEEDS TO BE TESTED yararules_enabled="no" enable_yararules="no" # Default dbs rating # valid rating: LOW, MEDIUM, HIGH default_dbs_rating="HIGH" # Per Database # These ratings will override the global rating for the specific database # valid rating: LOW, MEDIUM, HIGH, DISABLE sanesecurity_dbs_rating="LOW" securiteinfo_dbs_rating="DISABLE" linuxmalwaredetect_dbs_rating="DISABLE" yararulesproject_dbs_rating="DISABLE" enable_gpg="no" user_configuration_complete="yes" declare -a additional_dbs=( https://raw.githubusercontent.com/wmetcalf/clam-punch/master/miscreantpunch099.ldb https://raw.githubusercontent.com/wmetcalf/clam-punch/master/MiscreantPunch099-Low.ldb ) #END ADDITIONAL DATABASES declare -a securiteinfo_dbs=( securiteinfo.ign2|REQUIRED securiteinfo.hdb|LOW javascript.ndb|LOW securiteinfohtml.hdb|MEDIUM securiteinfoascii.hdb|MEDIUM securiteinfopdf.hdb|HIGH securiteinfoandroid.hdb|HIGH # spam_marketing.ndb|HIGH ) #END SECURITEINFO DATABASES # Enable all debug options debug="yes" 07070100000014000081A4000000000000000000000001605562B1000005B1000000000000000000000000000000000000003400000000clamav-unofficial-sigs-7.2.5/.t/tests/user_low.conf################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## malwarepatrol_enabled="no" securiteinfo_enabled="no" sanesecurity_enabled="no" linuxmalwaredetect_enabled="no" # THIS NEEDS TO BE TESTED yararules_enabled="no" enable_yararules="no" # Default dbs rating # valid rating: LOW, MEDIUM, HIGH default_dbs_rating="LOW" # Per Database # These ratings will override the global rating for the specific database # valid rating: LOW, MEDIUM, HIGH, DISABLE sanesecurity_dbs_rating="LOW" linuxmalwaredetect_dbs_rating="DISABLE" malwareexpert_dbs_rating="DISABLE" securiteinfo_dbs_rating="DISABLE" urlhaus_dbs_rating="DISABLE" yararulesproject_dbs_rating="DISABLE" enable_gpg="no" user_configuration_complete="yes" declare -a additional_dbs=( https://raw.githubusercontent.com/wmetcalf/clam-punch/master/miscreantpunch099.ldb https://raw.githubusercontent.com/wmetcalf/clam-punch/master/MiscreantPunch099-Low.ldb ) #END ADDITIONAL DATABASES declare -a securiteinfo_dbs=( securiteinfo.ign2|REQUIRED securiteinfo.hdb|LOW javascript.ndb|LOW securiteinfohtml.hdb|MEDIUM securiteinfoascii.hdb|MEDIUM securiteinfopdf.hdb|HIGH securiteinfoandroid.hdb|HIGH # spam_marketing.ndb|HIGH ) #END SECURITEINFO DATABASES # Enable all debug options debug="yes" 07070100000015000081A4000000000000000000000001605562B1000003B8000000000000000000000000000000000000003E00000000clamav-unofficial-sigs-7.2.5/.t/tests/user_malwareexpert.conf################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # Malware Expert 2020 (non-free) clamav signatures # set to no to enable the commercial subscription databases malwareexpert_serial_key=$ci_malwareexpert_serial_key # Default dbs rating # valid rating: LOW, MEDIUM, HIGH default_dbs_rating="DISABLE" # Per Database # These ratings will override the global rating for the specific database # valid rating: LOW, MEDIUM, HIGH, DISABLE malwareexpert_dbs_rating="HIGH" linuxmalwaredetect_dbs_rating="DISABLE" sanesecurity_dbs_rating="DISABLE" securiteinfo_dbs_rating="DISABLE" urlhaus_dbs_rating="DISABLE" yararulesproject_dbs_rating="DISABLE" enable_gpg="no" user_configuration_complete="yes" # Enable all debug options debug="yes" 07070100000016000081A4000000000000000000000001605562B1000006B1000000000000000000000000000000000000003500000000clamav-unofficial-sigs-7.2.5/.t/tests/user_wget.conf################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## malwarepatrol_enabled="yes" malwarepatrol_receipt_code=$ci_malwarepatrol_receipt_code malwarepatrol_product_code=$ci_malwarepatrol_receipt_code malwarepatrol_list=$ci_malwarepatrol_receipt_code malwarepatrol_free=$ci_malwarepatrol_free securiteinfo_enabled="yes" securiteinfo_authorisation_signature=$ci_securiteinfo_authorisation_signature sanesecurity_enabled="yes" linuxmalwaredetect_enabled="yes" # THIS NEEDS TO BE TESTED yararules_enabled="no" enable_yararules="no" # Default dbs rating # valid rating: LOW, MEDIUM, HIGH default_dbs_rating="MEDIUM" # Per Database # These ratings will override the global rating for the specific database # valid rating: LOW, MEDIUM, HIGH, DISABLE sanesecurity_dbs_rating="HIGH" #securiteinfo_dbs_rating="" #linuxmalwaredetect_dbs_rating="" #yararulesproject_dbs_rating="" enable_gpg="no" user_configuration_complete="yes" declare -a additional_dbs=( https://raw.githubusercontent.com/wmetcalf/clam-punch/master/miscreantpunch099.ldb https://raw.githubusercontent.com/wmetcalf/clam-punch/master/MiscreantPunch099-Low.ldb ) #END ADDITIONAL DATABASES declare -a securiteinfo_dbs=( securiteinfo.ign2|REQUIRED securiteinfo.hdb|LOW javascript.ndb|LOW securiteinfohtml.hdb|MEDIUM securiteinfoascii.hdb|MEDIUM securiteinfopdf.hdb|HIGH securiteinfoandroid.hdb|HIGH # spam_marketing.ndb|HIGH ) #END SECURITEINFO DATABASES #foce wget force_wget="yes" # Causes wget errors to be vebose wget_debug="yes" 07070100000017000081A4000000000000000000000001605562B100000D6C000000000000000000000000000000000000002900000000clamav-unofficial-sigs-7.2.5/.travis.yml################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## matrix: include: #### MARKDOWN-LINT - language: node_js os: linux dist: focal before_install: - nvm install 14.6.0 - nvm use 14.6.0 install: - npm install --global markdownlint-cli script: - markdownlint *.md #### SHELLCHECK - language: shell os: linux dist: focal install: - sudo apt-get install -y shellcheck -qq script: - sudo sh -e .t/ci-shellcheck.sh #### LOGIC AND CLAMAV TESTING : UBUNTU LINUX - language: shell os: linux dist: focal # Required travis ci environment variables #ci_malwareexpert_serial_key=[secure] #ci_securiteinfo_authorisation_signature=[secure] #ci_malwarepatrol_receipt_code=[secure] #ci_malwarepatrol_product_code=[secure] #ci_malwarepatrol_list=[secure] #ci_malwarepatrol_free=[secure] #ci_codeclimate_repo_token=[secure] before_install: - sudo apt-get update -qq - sudo apt-get install -y ca-certificates curl wget rsync p7zip-full -qq - sudo apt-get install -y clamav-base clamav-freshclam clamav clamav-daemon -qq install: - sudo mkdir -p /etc/clamav-unofficial-sigs - sudo cp -f config/master.conf /etc/clamav-unofficial-sigs/master.conf - sudo cp -f config/os/os.ubuntu.conf /etc/clamav-unofficial-sigs/os.conf - sudo cp -f clamav-unofficial-sigs.sh /usr/sbin/clamav-unofficial-sigs script: - sudo sh -e .t/ci-clamav-download-default-databases.sh #- sudo sh -e .t/ci-clamav-download-default-databases-git.sh - sudo sh -e .t/ci-clamav-install-ubuntu-databases.sh - sudo cp -f .t/tests/user.conf /etc/clamav-unofficial-sigs/user.conf - sudo sh -e .t/ci-test-ubuntu.sh addons: code_climate: repo_token: $ci_codeclimate_repo_token #### LOGIC AND CLAMAV TESTING : macOS / OSX - os: osx osx_image: xcode12 before_cache: - brew cleanup cache: directories: - $HOME/Library/Caches/Homebrew # addons: # homebrew: # packages: # - gnu-tar # - gnu-sed # - clamav before_install: - homebrew update - homebrew install gnu-tar gnu-sed clamav install: - sudo mkdir -p /usr/local/bin - sudo mkdir -p /usr/local/etc/clamav-unofficial-sigs - sudo cp -f clamav-unofficial-sigs.sh /usr/local/bin/clamav-unofficial-sigs.sh - sudo chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh - sudo cp -f config/master.conf /usr/local/etc/clamav-unofficial-sigs/master.conf - sudo cp -f config/os/os.macos.conf /usr/local/etc/clamav-unofficial-sigs/os.conf script: - sudo sh -e .t/ci-clamav-download-default-databases.sh #- sudo sh -e .t/ci-clamav-download-default-databases-git.sh - sudo sh -e .t/ci-clamav-install-macos-clamav.sh - sudo sh -e .t/ci-clamav-install-macos-databases.sh - sudo cp -f .t/tests/user.conf /usr/local/etc/clamav-unofficial-sigs/user.conf - sudo sh -e .t/ci-test-macos.sh 07070100000018000081A4000000000000000000000001605562B100000F13000000000000000000000000000000000000002800000000clamav-unofficial-sigs-7.2.5/INSTALL.md# clamav-unofficial-sigs.sh install ## GENERAL INFORMATION This is property of eXtremeSHOK.com You are free to use, modify and distribute, however you may not remove this notice. Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com License: BSD (Berkeley Software Distribution) Script updates can be found at: <https://github.com/extremeshok/clamav-unofficial-sigs> ## Operating System Specific Install Guides * CentOS : <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/centos7.md> * Ubuntu : <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/ubuntu-debian.md> * Debian : <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/ubuntu-debian.md> * Mac OSX : <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/macosx.md> * pFsense : <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/pfsense.md> ## GENERIC UPGRADE INSTRUCTIONS (version 7.0 +) ```bash clamav-unofficial-sigs.sh --upgrade clamav-unofficial-sigs.sh --force ``` ## GENERIC UPGRADE INSTRUCTIONS (version 6.1 and below) ```bash wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O /usr/local/sbin/clamav-unofficial-sigs.sh && chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O /etc/clamav-unofficial-sigs/master.conf clamav-unofficial-sigs.sh --force ``` ## GENERIC INSTALLATION INSTRUCTIONS ### Install Run the following commands in shell (console/terminal) ```bash mkdir -p /usr/local/sbin/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O /usr/local/sbin/clamav-unofficial-sigs.sh && chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh mkdir -p /etc/clamav-unofficial-sigs/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O /etc/clamav-unofficial-sigs/master.conf wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/user.conf -O /etc/clamav-unofficial-sigs/user.conf ``` Select your operating system config from <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/config/> **replace os.ubuntu.conf with your required config, centos7/8 = os.centos.conf , debian9/10 = os.debian.conf** ```bash os_conf="os.ubuntu.conf" wget "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/os/${os_conf}" -O /etc/clamav-unofficial-sigs/os.conf ``` #### Optional: configure your user config /etc/clamav-unofficial-sigs/user.conf ### RUN THE SCRIPT ONCE AS ROOT ensure there are no errors, fix any missing dependencies script must run once as your superuser to set all the permissions and create the relevant directories ```bash /usr/local/sbin/clamav-unofficial-sigs.sh --force ``` #### Install logrotate and man files ```bash /usr/local/sbin/clamav-unofficial-sigs.sh --install-logrotate /usr/local/sbin/clamav-unofficial-sigs.sh --install-man ``` #### Install Systemd configs or use cron ##### cron ```bash /usr/local/sbin/clamav-unofficial-sigs.sh --install-cron ``` ##### OR ##### Systemd ```bash mkdir -p /etc/systemd/system/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.service -O /etc/systemd/system/clamav-unofficial-sigs.service wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.timer -O /etc/systemd/system/clamav-unofficial-sigs.timer systemctl enable clamav-unofficial-sigs.service systemctl enable clamav-unofficial-sigs.timer systemctl start clamav-unofficial-sigs.timer ``` ## Script updates can be found at: <https://github.com/extremeshok/clamav-unofficial-sigs> 07070100000019000081A4000000000000000000000001605562B1000006EC000000000000000000000000000000000000002500000000clamav-unofficial-sigs-7.2.5/LICENSEThis is property of eXtremeSHOK.com You are free to use, modify and distribute, however you may not remove this notice. Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com License: BSD (Berkeley Software Distribution) Originially based on: Copyright (c) 2007 - 2013, Bill Landry (unofficialsigs@gmail.com) All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the author/copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY AUTHOR/COPYRIGHT HOLDER "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR/COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 0707010000001A000081A4000000000000000000000001605562B100008CA3000000000000000000000000000000000000002700000000clamav-unofficial-sigs-7.2.5/README.md# clamav-unofficial-sigs [](https://github.com/extremeshok/clamav-unofficial-sigs/releases/latest) [](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs) ClamAV Unofficial Signatures Updater ## Maintained and provided by <https://eXtremeSHOK.com> ## Description The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, urlhaus, MalwareExpert, interServer etc. The script will also generate and install cron, logrotate, and man files. ### Automated Testing and Linting * Travis-CI * Linting with markdownlint-cli and shellcheck * Testing with Ubuntu Focal and macOS / OSX ### Checkout some of our other solutions: <https://github.com/extremeshok?tab=repositories> ### Support / Suggestions / Comments Please post them on the issue tracker: <https://github.com/extremeshok/clamav-unofficial-sigs/issues> ### Submit Patches / Pull requests to the "dev" Branch ### Required Ports / Firewall Exceptions * rsync: TCP port 873 * wget/curl: TCP port 443 ### Supported Operating Systems Debian, Ubuntu, Raspbian, CentOS (RHEL and clones), OpenBSD, FreeBSD, OpenSUSE, Archlinux, Mac OS X, Slackware, Solaris (Sun OS), pfSense, Zimbra and derivative systems ### Quick Install and Upgrade Guide <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/INSTALL.md> ### Operating System Specific Install and Upgrade Guides * CentOS: <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/centos7.md> * Ubuntu: <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/ubuntu-debian.md> * Debian: <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/ubuntu-debian.md> * macOS: <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/macos.md> * pFsense: <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/pfsense.md> ### UPGRADE INSTRUCTIONS (version 7.0 +) ```bash clamav-unofficial-sigs.sh --upgrade clamav-unofficial-sigs.sh ``` ### FOR PACKAGE MAINTAINERS / PACKAGERS Please use the included os.*.conf sample config file as a base for your os.conf, this will disable automatic updates, update notifications and the uninstallation feature. <https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/config/packaging> ### Always Run the script once as your superuser to set all the permissions and create the relevant directories ### Advanced Config Overrides * Default configs are loaded in the following order if they exist: * master.conf -> os.conf -> os.*.conf -> user.conf or your-specified.config * user.conf will always override os.conf and master.conf, os.conf will override master.conf * please do not alter the master.conf, rather create a user.conf * A minimum of 1 config is required. * Specifying a config on the command line (-c | --config) will override the loading of the default configs #### Check if signature are being loaded **Run the following command to display which signatures are being loaded by clamav ```clamscan --debug 2>&1 /dev/null | grep "loaded"``` #### SELinux cron permission fix > WARNING - Clamscan reports ________ database integrity tested BAD - SKIPPING **Run the following command to allow clamav selinux support** ```setsebool -P antivirus_can_scan_system true``` ### Yara Rule Support automatically enabled (as of April 2016) Since usage yara rules requires clamav 0.100 or above, they will be automatically deactivated if your clamav is older than the required version ### URLhaus Support (as of January 2020) Usage of free URLhaus Database: <https://urlhaus.abuse.ch> * Enabled by default ### Yara-Rules Project Support (as of June 2015, updated January 2020) Usage of free Yara-Rules Project: <http://yararules.com> * Enabled by default Current limitations of clamav support: <http://blog.clamav.net/search/label/yara> ### interServer free database support (as of December 2020) Usage of interServer: <http://rbluri.interserver.net> ### malware.expert non-free database support (as of December 2020) Usage of Malware Expert: <https://www.malware.expert> 1. Sign up for an account: <https://www.malware.expert> 1. You will receive an email containing your serial key 1. Enter the serial key into the config malwareexpert_serial_key: replacing YOUR-SERIAL-KEY with your serial key from the email ### MalwarePatrol free/delayed list support (as of May 2015) Usage of MalwarePatrol 2015 free clamav signatures: <https://www.malwarepatrol.net> 1. Sign up for a free account: <https://www.malwarepatrol.net/free-guard-upgrade-option/> 1. You will receive an email containing your password/receipt number 1. Enter the receipt number into the config malwarepatrol_receipt_code: replacing YOUR-RECEIPT-NUMBER with your receipt number from the email ### SecuriteInfo Free/Delayed list support (as of June 2015) Usage of SecuriteInfo 2015 free clamav signatures: <https://www.securiteinfo.com> 1. Sign up for a free account: <https://www.securiteinfo.com/clients/customers/signup> 1. You will receive an email to activate your account and then a followup email with your login name 1. Login and navigate to your customer account: <https://www.securiteinfo.com/clients/customers/account> 1. Click on the Setup tab 1. You will need to get your unique identifier from one of the download links, they are individual for every user 1. The 128 character string is after the <http://www.securiteinfo.com/get/signatures/> 1. Example <https://www.securiteinfo.com/get/signatures/your_unique_and_very_long_random_string_of_characters/securiteinfo.hdb> Your 128 character authorisation signature would be: your_unique_and_very_long_random_string_of_characters 1. Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link ### Linux Malware Detect support (as of May 2015, updated January 2020) Usage of free Linux Malware Detect clamav signatures: <https://www.rfxn.com/projects/linux-malware-detect/> * Enabled by default, no configuration required ### If you want to add, report a missing one or have a problem with a database Please post on the issue tracker: <https://github.com/extremeshok/clamav-unofficial-sigs/issues> ## USAGE ```bash Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE] -c, --config Use a specific configuration file or directory eg: '-c /your/dir' or ' -c /your/file.name' Note: If a directory is specified the directory must contain at least: master.conf, os.conf or user.conf Default Directory: /etc/clamav-unofficial-sigs -F, --force Force all databases to be downloaded, could cause ip to be blocked -h, --help Display this script's help and usage information -V, --version Output script version and date information -v, --verbose Be verbose, enabled when not run under cron -s, --silence Only output error messages, enabled when run under cron -d, --decode-sig Decode a third-party signature either by signature name (eg: Sanesecurity.Junk.15248) or hexadecimal string. This flag will 'NOT' decode image signatures -e, --encode-string Hexadecimal encode an entire input string that can be used in any '*.ndb' signature database file -f, --encode-formatted Hexadecimal encode a formatted input string containing signature spacing fields '{}, (), *', without encoding the spacing fields, so that the encoded signature can be used in any '*.ndb' signature database file -g, --gpg-verify GPG verify a specific Sanesecurity database file eg: '-g filename.ext' (do not include file path) -i, --information Output system and configuration information for viewing or possible debugging purposes -m, --make-database Make a signature database from an ascii file containing data strings, with one data string per line. Additional information is provided when using this flag -t, --test-database Clamscan integrity test a specific database file eg: '-t filename.ext' (do not include file path) -o, --output-triggered If HAM directory scanning is enabled in the script's configuration file, then output names of any third-party signatures that triggered during the HAM directory scan -w, --whitelist <signature-name> Adds a signature whitelist entry in the newer ClamAV IGN2 format to 'my-whitelist.ign2' in order to temporarily resolve a false-positive issue with a specific third-party signature. Script added whitelist entries will automatically be removed if the original signature is either modified or removed from the third-party signature database --check-clamav If ClamD status check is enabled and the socket path is correctly specified then test to see if clamd is running or not --upgrade Upgrades this script and master.conf to the latest available version --install-all Install and generate the cron, logrotate and man files, autodetects the values based on your config files --install-cron Install and generate the cron file, autodetects the values based on your config files --install-logrotate Install and generate the logrotate file, autodetects the values based on your config files --install-man Install and generate the man file, autodetects the values based on your config files --remove-script Remove the clamav-unofficial-sigs script and all of its associated files and databases from the system ``` ## Change Log ### Version 7.2.5 (20 March 2021) * eXtremeSHOK.com Maintenance * Added : os.centos7-cpanel.conf * Refactor : bsd support for tar, remove gnu-tar requirement * Refactor : remove gnu-sed requirement * Refactor : bsd support for stat command ### Version 7.2.4 (17 March 2021) * eXtremeSHOK.com Maintenance * Disabled winnow_malware.yara , duplicated in EMAIL_Cryptowall.yar and no longer maintained * Removed gtar requirement (--wildcards is the default) * Incremented the config to version 97 ### Version 7.2.3 (17 March 2021) * eXtremeSHOK.com Maintenance * Whitelist support for yararules (whitelist signature tracking is disabled for yararules) * Disable JJencode.yar , due to excessive CPU usage * Disable scamnailer , discontinued * Fix working directory variable "urlhausy" to "urlhaus" * Update pfsense guide for 2.5 * Fix missing tracker-tmp.txt * Thank you @perplexityjeff ### Version 7.2.2 (20 December 2020) * eXtremeSHOK.com Maintenance * Use POSIX character classes instead of literals * Prevent linuxmalwaredetect yara files being extracted when yara is not supported * Replace echo with xshok_pretty_echo_and_log to silence database cleanup cron messages ### Version 7.2.1 (13 December 2020) * eXtremeSHOK.com Maintenance * Change yararule email/Email_generic_phishing.yar to HIGH * New config option: force_host, by default dig is used when dig and host is present. * Refactor and correct the assigning of binaries/commands * Fix broken yara rule database names: Maldoc_hancitor_dropper and Maldoc_APT19_CVE-2017-1099 * Ensure only dig or host is used when either dig or host is enabled * Enable remove_disabled_databases by default * Fix disabled databases removed when "$remove_disabled_databases" is set to "no" * Incremented the config to version 95 ### Version 7.2 (07 December 2020) * Database rating downgrades are now supported, eg, changing from HIGH to LOW will remove the HIGH and MEDIUM rated databases. * Disabled databases are automatically removed * Disable databases by setting the rating to "DISABLED" eg. securiteinfo_dbs_rating="DISABLED" will disable all securiteinfo databases * Added Malware Expert databases (non-free) * Added interServer databases (free) * Reworked securiteinfo premium databases (non-free) * Added malwarepatrol_db to specify the exact database name (default: malwarepatrol.db) * Added detection of tar executable (use gtar on mac and bsd) * Config os.macosx.conf renamed to os.macos.conf * Fix: set ownership of last-version-check.txt * More automated linting and testing (markdown and macOS / osx) via travis-ci * Updated macOS installation guide for Big Sur (OSX 11) * Incremented the config to version 94 * Thank you @dandanio @jkellerer @msapiro @shawniverson ### Version 7.1 (Not Released) * Enforce HTTPS validation by default * Updated sanesecurity publickey.gpg url to use SSL * Ignore yara files that include modules * Enabled yararulesproject rules by default * os.gentoo.conf: disable updates and upgrade checks * Fix: URLhaus log message * Fix wrong download URL for MalwarePatrol * Fix: fallback to host if dig is not used * Disable cron MAILTO * BSD read config fix * Incremented the config to version 92 * Thank you @dandanio @jkellerer @m0urs @Mrothyr @msapiro @orlitzky @RobbieTheK @SlothOfAnarchy ### Version 7.0.1 * Disable yara project rules duplicated in rxfn.yara (Thanks @dominicraf) * Incremented the config to version 91 ### Version 7.0.0 * eXtremeSHOK.com Maintenance * Added urlhaus database * Added extra yararulesproject databases * Added new linuxmalwaredetect yara file * Automatic upgrades ( --upgrade ) * Added --upgrade command line option * Option to disable automatic upgrades ( allow_upgrades ) * Option to disable update checks (allow_update_checks) * Increase download time to 1800 seconds from 600 seconds * os.conf takes preference over os.***.conf * Warn if there are multiple os.***.conf files * More sanity checks to help users and prevent errors * Better output of --info * Fix all known bugs * Implement all suggestions * Fixed yararulesproject database names * Correctly silence curl and wget * New linuxmalwaredetect logic * New malwarepatrol logic * Suppress --- and === from the logs * Update the documentation / guides * Increase minimum clamav version for yara rules to 0.100 or above * Fix systemd.timer and systemd.service files * More travis-ci tests * Added os.alpine.conf * Added debug options/mode to config * Set minimum config required to 90 * Lots of refactoring and optimizing * Only check for and notify about script updates every 12hours * Incremented the config to version 90 ### Version 6.1.1 * eXtremeSHOK.com Maintenance * Update os.archlinux.conf, thanks @amishmm * master.conf set default dbs rating to medium * user.conf better suggested values * Default to using curl, less logic required (lower cpu) * force_curl replaced with force_wget * Fix: suppress all non-error output under cron/non interactive terminal * Fix: check log file is not a link before setting permissions, only set if owned by root. * Fix: failed to create symbolic link * Fix: curl --compress ->> curl --compressed * Minor enhancement to travis-ci checks * Incremented the config to version 77 ### Version 6.1.0 * eXtremeSHOK.com Maintenance * Thanks Reio Remma & Oliver Nissen * fail added to all curl commands * Fix: Missing logic for LOWMEDIUMONLY | MEDIUMHIGHONLY | HIGHONLY databases * Support for either os.osname.conf or os.conf files (no more needing to rename the os.osname.conf to os.conf) * Where possible replaced echo with xshok_pretty_echo_and_log * Refactor xshok_pretty_echo_and_log and make all notices styles consistent * Silence output when run under cron * add MAILTO=root to the generated cron file * Add full proxy support for wget, curl, rsync, dig, host * Better support for proxy config variables * New config variable: git_branch (defaults to master for the update checks) * allow -w signature for quicker whitelisting * Sanitize whitelist input string (Remove quotes and .UNOFFICIAL) * Added Full support for Hash-based Signature Databases * User.conf is pre-configured with default options to allow for quicker setup * Default sanesecurity and LinuxMalwareDetect to enabled * Increase default retries from 3 to 5 * Ensure log file permissions are correct * Better update comparison check, only notify if newer * Incremented the config to version 76 ### Version 6.0.1 * eXtremeSHOK.com Maintenance * Fix logging @dominicraf ### Version 6.0 * eXtremeSHOK.com Maintenance & Refactoring * Add timestamp support (do not re-download not modified files, saves bandwidth) * wget and curl uses compression for the transfer (detected when supported, saves bandwidth) * Posix compliance 'which' replaced with 'command -v' * More escaped characters, shellcheck compliance * Option added: force_curl , to force the usage of curl instead of wget * Workaround for wget, which cannot do --timestamping and --output-document together * Added SECURITEINFO securiteinfoold.hdb * set malwarepatrol_free = no , when malwarepatrol_product_code != 8 * Fix: remove hardcoded malwarepatrol_product_code * Fix: os.macosx.conf service: command not found * Fix: whitelist a MalwarePatrol signature * More reliable version checking * Fix: Clamscan database integrity test * Fix: version comparison of minimum Yara @bytesplit * Use custom config directory @Amish * unzip option -j was removed @wotomg * ZCS 8.7 updates @tonster * Logic fixes @Claus-Justus Heine * Specify correct path for systemd units @SlothOfAnarchy * Avoid hardcoded path to BASH @rseichter ### Version 5.6.2 * eXtremeSHOK.com Maintenance * Bug Fix GPG always being disabled, thanks @orlitzky ### Version 5.6.1 * eXtremeSHOK.com Maintenance * Packers/Javascript_exploit_and_obfuscation.yar false positive rating increased to HIGH * Codeclimate fixes * Incremented the config to version 73 ### Version 5.6 * eXtremeSHOK.com Maintenance * PGP is now optional and no longer a requirement and pgp support is auto-detected * Full support for macOS / OS X and added clamav install guide * Full support for pfSense and added clamav install guide * Added os configs for Zimbra and Debian 8 with systemd * Much better error messages with possible solutions given * Better checking of possible issues * Update all SANESECURITY signature databases * Support for clamav-devel (clamav compiled from source) * Added full proxy support to wget and curl * Replace allot of "echo | cut | sed" with bash substitutions * Added fallbacks/substitutions for various commands * xshok_file_download and xshok_draw_time_remaining functions added to replace redundant code blocks * Removed SANESECURITY mbl.ndb as this file is not showing up on the rsync mirrors * Allow exit code 23 for rsync * Major refactoring: Normalize comments, quotes, functions, conditions * Protect various arguments and "POSIX-ize" script integrity * Enhanced testing with travis-ci, including clamav 0.99 * Incremented the config to version 72 ### Version 5.4.1 * eXtremeSHOK.com Maintenance * Disable installation when either pkg_mgr or pkg_rm is defined. * Minor refactoring * Update master.conf with the new Yara-rules project file names * Incremented the config to version 69 ### Version 5.4 * eXtremeSHOK.com Maintenance * Added Solaris 10 and 11 configs * When under Solaris we define our own which function * Define grep_bin variable, use gnu grep on sun os * Fallback to gpg2 if gpg not found, * Added support for csw gnupg on solaris * Trap the keyboard interrupt (ctrl+c) and gracefully exit * Added CentOS 7 Atomic config @deajan * Minor refactoring and removing of unused variables * Removed CRDF signatures as per Sanesecurity #124 * Added more Yara rule project Rules * Incremented the config to version 68 ### Version 5.3.2 * eXtremeSHOK.com Maintenance * Bug Fix: Additional Databases not downloading * Added sanesecurity_update_hours option to limit updating to once every 2 hours * Added additional_update_hours option to limit updating to once every 4 hours * Refactor Additional Database File Update code * Updated osx config with correct group for homebrew ### Version 5.3.1 * eXtremeSHOK.com Maintenance * Bug Fix: for GPG Signature test FAILED by @DamianoBianchi * Remove unused $GETOPT * Refactor clamscan_integrity_test_specific_database_file (--test-database) * Refactor gpg_verify_specific_sanesecurity_database_file (--gpg-verify) * Big fix: missing $pid_dir ### Version 5.3.0 * eXtremeSHOK.com Maintenance * Major change: Updated to use new database structure, now allows all low/medium/high databases to be enabled or disabled. * Major change: curl replaced with wget (will fallback to curl is wget is not installed) * Major change: script now functions correctly as the clamav user when started under cron * Added fallback to curl if wget is not available * Added locking (Enable pid file to prevent issues with multiple instances) * Added retries to fetching downloads * Code refactor: if wget repaced with if $? -ne 0 * Enhancement: Verify the clam_user and clam_group actually exists on the system * Added function: xshok_user_group_exists, to check if a specific user and group exists * Bug Fix: setmode only if is root * Bug Fix: eval not working on certain systems * Bug fix: rsync output not correctly silenced * Code refactor: remove legacy `..` with $(...) * Code refactor: replace [ ... -a ... ] with [ ... ] && [ ... ] * Code refactor: replace [ ... -o ... ] with [ ... ] || [ ... ] * Code refactor: replace cat "..." with done < ... from loops * Code refactor: convert for loops using files to while loops * Code refactor: read replaced with read -r * Code refactor: added cd ... || exit , to handle a failed cd * Code refactor: double quoted all varibles * Code refactor: refactor all "ls" iterations to use globs * Defined missing uname_bin variable * Added function xshok_database * Set minimum config required to 65 * Bump config to 65 ### Version 5.2.2 * eXtremeSHOK.com Maintenance * Added --install-all Install and generate the cron, logroate and man files, autodetects the values $oft based on your config files * Added functions: xshok_prompt_confirm, xshok_is_file, xshok_is_subdir * Replaced Y/N prompts with xshok_prompt_confirm * Bug Fix for disabled databases being removed when the remove_disabled_databases is set to NO (default) * Added more warnings to remove_script and made it double confirmed * Remove_script will only remove work_dir if its a sub directory * Remove_script will only remove files if they are files * Removed -r switch, --remove-script needs to be used instead of both -r and --remove-script * Fixed: remove_script not removing logrotate file, cron file, man file ### Version 5.2.1 * eXtremeSHOK.com Maintenance * Minor bugfix for Sanesecurity_sigtest.yara Sanesecurity_spam.yara files being removed incorrectly * Minor fix: yararulesproject_enabled not yararulesproject_enable ### Version 5.2.0 * eXtremeSHOK.com Maintenance * Refactor some functions * Added --install-man this will automatically generate and install the man (help) file * Yararules and yararulesproject enabled by default * Added clamav version detection to automatically disable yararules and yararulesproject if the current clamav version does not support them * Database files ending with .yar/.yara/.yararules will automatically be disabled from the database if yara rules are not supported * Script options are added to the man file * Fixed hardcoded logrotate and cron in remove_script * Fixed incorrectly assigned logrotate varibles in install-logrotate * Config added info for port/package maintainers regarding: pkg_mgr and pkg_rm * Removed pkg_mgr and pkg_rm from freebsd and openbsd os configs * Allow overriding of all the individual workdirs, this is mainly to aid package maintainers * Rename sanesecurity_dir to work_dir_sanesecurity, securiteinfo_dir to work_dir_securiteinfo, malwarepatrol_dir to work_dir_malwarepatrol, yararules_dir to work_dir_yararules, add_dir to work_dir_add, gpg_dir to work_dir_gpg, work_dir_configs to work_dir_work_configs * Rename yararules_enabled to yararulesproject_enabled * Rename all yararules to yararulesproject * Fix to prevent disabled databases processing certian things which will not be used as they are disabled * Set minimum config required to 62 * Bump config to 62 ### Version 5.1.1 * eXtremeSHOK.com Maintenance * Added OS X and openbsd configs * Fixed host fallback sed issues by @MichaelKuch * Suppress most error messages of chmod and chown * check permissions before chmod * Added the config option remove_disabled_databases # Default is "no", if enabled when a database is disabled we will remove the associated database files. * Added function xshok_mkdir_ownership * Do not set permissions of the log, cron and logrotate dirs * Fix: fallback for missing gpg -r option on OS X * Update sanesecurity signatures * Bump config to 61 ### Version 5.1.0 * eXtremeSHOK.com Maintenance * Added --install-cron this will automatically generate and install the cron file * Added --install-logrotate this will automatically generate and install the logrotate file * Change official URL of SecuriteInfo signatures * Added a new database (securiteinfoandroid.hdb) for SecuriteInfo * Remove database files after disabling a database group by @reneschuster * Updated Gentoo OS config by @orlitzky * Regroup functiuons * Increase travis-ci code testing * Set minimum config required to 60 * Bump config to 60 ### Version 5.0.6 * eXtremeSHOK.com Maintenance * Updated winnow databases as per information from Tom @ OITC * Bump config to 58 ### Version 5.0.5 * eXtremeSHOK.com Maintenance * Add support for specifying a custom config dir or file with (--config) -c option * Removed default_config * Added travis-ci build testing * Updates to the help and usage display * Added sanity testing of sanesecurity_dbs, securiteinfo_dbs, linuxmalwaredetect_dbs, yararules_dbs, add_dbs * Added function xshok_array_count * Prevent some issues with an incomplete or only a user.conf being loaded * Added fallback to host if dig returns no records * Check there are Sanesecurity mirror ips before we attempt to rsync * Important binaries have been aliased (clamscan, rsync, curl, gpg) and allow their paths to be overridden * Added sanity checks to make sure the binaries and workdir is defined * Custom Binary Paths added to the config (clamscan_bin, rsync_bin, curl_bin, gpg_bin) * Bump config to 57 * Added initial centos6 + cpanel os config * Bugfix Only start logging once all the configs have been loaded * Rename $version to script_version * Default malwarePatrol to the free version * Added script version checks ### Version 5.0.4 * eXtremeSHOK.com Maintenance * Added/Updated OS configs: CentOS 7, FreeBSD, Slackware * Added clamd_reload_opt to fix issues with centos7 conf * Fix --remove-script should call remove_script() function by @IdahoPL * Add OS specific settings to logrotate * Increased default timeout values * Attempt to Silence more output * Create the log_file_path directory before we touch the file. * Updated config file to remove the $work_dir varible from dir names * Remove trailing / from directory names * Initial support for Travis-Ci testing * Fixed config option enable_logging -> logging_enabled * Config updated to 56 due to changes ### Version 5.0.3 * eXtremeSHOK.com Maintenance * Added OS configs: OpenSUSE, Archlinux, Gentoo, Raspbian, FreeBSD * Fixed config option enable_logging -> logging_enabled ### Version 5.0.2 * eXtremeSHOK.com Maintenance * Detect if the entire script is available/complete * Fix for Missing space between "] ### Version 5.0.1 * eXtremeSHOK.com Maintenance * Disable logging if the log file is not writable. * Do not attempt to log before a config is loaded ### Version 5.0.0 * eXtremeSHOK.com Maintenance * Added porcupine.hsb: Sha256 Hashes of VBS and JSE malware Database from sanesecurity * Fix for missing $ for clamd_pid an incorrect variable definition * Fixes for not removing dirs by @msapiro * Updates to account for changed names and addition of sub-directories for Yara-Rules by @msapiro * Use MD5 with MalwarePatrol by @olivier2557 * Suppress the header and config loading message if running via cron * Added systemd files by @falon * Added config option remove_bad_database, a database with a BAD integrity check will be removed * Fixed broken whitelisting of malwarepatrol signatures * Replaced Version command option -v with -V * Added command option -v (--verbose) to force verbose output * Removed config options: silence_ssl, curl_silence, rsync_silence, gpg_silence, comment_silence * Added ignore_ssl option to supress ssl errors and warnings, ie operate in insecure mode. * Replaced test-database command option -s with -t * Replaced output-triggered command option -t with -o * Added command option -s (--silence) to force silenced output * Default verbose for terminal and silence for cron * Added RHEL/Centos 7 config settings * Added short option (-F) to Force all databases to be downloaded, could cause ip to be blocked" * Fixed removal of failed databases, disbale with option "remove_bad_database" * Removed config options: clamd_start, clamd_stop * Full rewrite of the config handling, master.conf -> os.conf -> user.conf or your-specified.config * Configs loaded from the /etc/clamav-unofficial-sigs dir * Added various os.conf files to ease setup * Added selinux_fixes config option, this will run restorecon on the database files * minor code refactoring and reindenting ### Version 4.9.3 * eXtremeSHOK.com Maintenance * Various Bug Fixes * Last release of 4.x.x base * minor code refactoring ### Version 4.9.2 * eXtremeSHOK.com Maintenance * Added function xshok_check_s2 to prevent possible errors with -c and no configfile path * minor code refactoring ### Version 4.9.1 * eXtremeSHOK.com Maintenance * OS X compatibility fix by stewardle * missing $ in $yararules_enabled ### Version 4.9 * eXtremeSHOK.com Maintenance * Code Refactoring * New function clamscan_reload_dbs, will first try and reload the clam database, if reload fails will restart clamd * Added Function xshok_pretty_echo_and_log, far easier and cleaner way to output and log information * Removed functions comment, log * Removed config option reload_opt * Added config option clamd_restart_opt * Added support for # characters in config values, ie malwarepatrol subscription key contains a # * Minor formatting and code consitency changes * 10% Smaller script size * Config updated to 53 due to changes ### Version 4.8 * eXtremeSHOK.com Maintenance * Added long option (--force) to Force all databases to be downloaded, could cause ip to be blocked" * added config option: malwarepatrol_free="yes", set to "no" to enable commercial subscription url * added support for commercial malwarepatrol subscription * Grammar fix in config * SELINUX cronjob fix added to readme * Corrects tput warning when used without TERM (like in cron) * Config updated to 52 due to changes ### Version 4.7 * eXtremeSHOK.com Maintenance * Code Refactoring * Complete rewrite of the main case selector (program options) * Added long options (--decode-sig, --encode-string, --encode-formatted, --gpg-verify, --information, --make-database, --remove-script, --test-database, --output-triggered) * Replaced clamd-status.sh with --check-clamav * Removed CHANGELOG, changelog has been replaced by this part of the readme and the git commit log. * Config updated to 51 due to changes ### Version 4.6.1 * eXtremeSHOK.com Maintenance * Code Refactoring * Added generic options (--help --version --config) * Correctly handle generic options before the main case selector * Sanitize the config before the main case selector (option) * Rewrite and formatting of the usage options * Removed the version information code as this is always printed ### Version 4.6 * eXtremeSHOK.com Maintenance * Code Refactoring * Removed custom config forced to use the same filename as the default config * Change file checks from exists to exists and is readable * Removed legacy config checks * Full support for custom config files for all tasks * Removed function: no_default_config ### Version 4.5.3 * eXtremeSHOK.com Maintenance * badmacro.ndb rule support for sanesecurity * Sanesecurity_sigtest.yara rule support for sanesecurity * Sanesecurity_spam.yara rule support for sanesecurity * Changed required_config_version to minimum_required_config_version * Script now supports a minimum config version to allow for out of sync config and script versions ### Version 4.5.2 * eXtremeSHOK.com Maintenance * hackingteam.hsb rule support for sanesecurity ### Version 4.5.1 * eXtremeSHOK.com Maintenance * Beta YARA rule support for sanesecurity * Config updated to 4.8 due to changes * Bugfix "securiteinfo_enabled" should be "$securiteinfo_enabled" ### Version 4.5.0 * eXtremeSHOK.com Maintenance * Initial YARA rule support for sanesecurity * Added Yara-Rules project Database * Added config option to quickly enable/disable an entire database * Config updated to 4.7 due to changes * Note: Yara rules require clamav 0.99+ * Bugfix removed unused linuxmalwaredetect_authorisation_signature varible from script ### Version 4.4.5 * eXtremeSHOK.com Maintenance * Updated SecuriteInfo setup instructions ### Version 4.4.4 * eXtremeSHOK.com Maintenance * Committed patch-1 by SecuriteInfo (clean up of SecuriteInfo databases) * Fixed double $surl_insecure ### Version 4.4.3 * eXtremeSHOK.com Maintenance * Bugfix for SecuriteInfo not downloading by Colin Waring * Default will now silence ssl errors caused by ssl certificate errors * Config updated to 4.6 due to new varible: silence_ssl ### Version 4.4.2 * eXtremeSHOK.com Maintenance * Improved config error checking * Config updated to 4.5, due to invalid default dbs-si value * Fix debug varible being present * Bug fix for ubuntu 14.04 with sed being aliased * Explicitly set bash as the shell ### Version 4.4.1 * eXtremeSHOK.com Maintenance * Added error checking to detect if the config could be broken. ### Version 4.4.0 * eXtremeSHOK.com Maintenance * Code refactoring: * Added full support for Linux Malware Detect clamav databases * Config updated to 4.4 ### Version 4.3.0 * eXtremeSHOK.com Maintenance * Code refactoring: group and move functions to top of script * Complete rewrite of securiteinfo support, full support for Free/Delayed clamav by securiteinfo.com ;-P Note: securite info requires you to create a free account and add your authorisation code to the config. * Config updated to 4.3 * Restructured Config ### Version 4.2.0 * eXtremeSHOK.com Maintenance * Replace annoying si_, mbl_, ss_, with actual names ie. securiteinfo_, malwarepatrol_, sanesecurity_ * Complete rewrite of malwarepatrol support, full support for Free/Delayed clamav ;-P Note: malware patrol requires you to create a free account and add your "purchase" code to the config. * More fixes to config prasing and stripping of comments and whitespace * Code refactoring: remove empty commands: echo "" and comment "" * Config version detection and enforcing ### Version 4.1.0 * eXtremeSHOK.com Maintenance * Fix on default enable of foxhole medium and High false positive sources * grammatical corrections to some comments and log output * sig-boundary patch by Alan Stern * create intermediate monitor-ign-old.txt to prevent reading and writing of local.ign by Alan Stern ### Version 4.0.0 (Released 9 May 2015) * eXtremeSHOK.com Maintenance * Enabled all low false positive sources by default * Added all Sanesecurity database files * Disabled all med/high false positive sources by default * Set default configs to work out of the box on a centos system * Silence cron job * Set correct paths throughout the script * Updated Installation Instructions * Updated Paths for removal * Updated Default locations to reflect installation instructions * Fix: correctly remove comments and blanklines from config before eval * Remove: invalid config values (eg. EXPORT path) * Fix: correctly check if rsync was successful ## Script updates can be found at ### <https://github.com/extremeshok/clamav-unofficial-sigs> 0707010000001B000081ED000000000000000000000001605562B100033FB7000000000000000000000000000000000000003700000000clamav-unofficial-sigs-7.2.5/clamav-unofficial-sigs.sh#!/usr/bin/env bash # shellcheck disable=SC2119 # shellcheck disable=SC2120 # shellcheck disable=SC2128 # shellcheck disable=SC2154 ################################################################################ # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################################################################################ # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # # Originially based on Script provided by Bill Landry (unofficialsigs@gmail.com). # ################################################################################ # # THERE ARE NO USER CONFIGURABLE OPTIONS IN THIS SCRIPT # ALL CONFIGURATION OPTIONS ARE LOCATED IN THE INCLUDED CONFIGURATION FILE # ################################################################################ ###### ####### # # ####### ####### ####### ###### ### ####### # # # # ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ##### # # # # # # # # # # # # # # # # # # # # # # # # ## # # # # # # # # ###### ####### # # ####### # ####### ###### ### # ################################################################################ # Detect to make sure the entire script is avilable, fail if the script is missing contents if [ "$(tail -n 1 "${0}" | head -n 1 | cut -c 1-7)" != "exit \$?" ] ; then echo "FATAL ERROR: Script is incomplete, please redownload" exit 1 fi # Trap the keyboard interrupt (Ctrl + C) trap xshok_control_c SIGINT ################################################################################ # HELPER FUNCTIONS ################################################################################ # Support user config settings for applying file and directory access permissions. function perms() { if [ -n "${clam_user}" ] && [ -n "${clam_group}" ] ; then "${@:-}" fi } # Prompt a user if they should complete an action with Y or N # Usage: xshok_prompt_confirm # if xshok_prompt_confirm ; then # xshok_prompt_confirm && echo "accepted" # xshok_prompt_confirm && echo "yes" || echo "no" # shellcheck disable=SC2120 function xshok_prompt_confirm() { # optional_message message="${1:-Are you sure?}" while true; do read -r -p "${message} [y/N]" response < /dev/tty case "${response}" in [yY]) return 0 ;; [nN]) return 1 ;; *) printf " \\033[31m %s \\n\\033[0m" "invalid input" esac done } # Create a pid file function xshok_create_pid_file() { # pid.file if [ "${1}" ] ; then pidfile="${1}" if ! echo $$ > "${pidfile}" ; then xshok_pretty_echo_and_log "ERROR: Could not create PID file: ${pidfile}" exit 1 fi else xshok_pretty_echo_and_log "ERROR: Missing value for option" exit 1 fi } # Intercept ctrl+c and calls the cleanup function function xshok_control_c() { echo xshok_pretty_echo_and_log "---------------| Exiting ... Please wait |---------------" "-" xshok_cleanup exit $? } # Cleanup function function xshok_cleanup() { # Wait for all processes to end wait xshok_pretty_echo_and_log " Powered By https://eXtremeSHOK.com " "#" return $? } # Check if the current running user is the root user, otherwise return false function xshok_is_root() { if [ "$(uname -s)" == "SunOS" ] ; then id_bin="/usr/xpg4/bin/id" else id_bin="$(command -v id 2> /dev/null)" fi if [ "$($id_bin -u)" == 0 ] ; then return 0 else return 1 # Not root fi } # Check if its a file, otherwise return false function xshok_is_file() { # filepath filepath="${1}" if [ -f "${filepath}" ] ; then return 0 ; else return 1 ; # Not a file fi } # Check if filepath is a subdir, otherwise return false # Usage: xshok_is_subdir "filepath" # xshok_is_subdir "/root/" - false # xshok_is_subdir "/usr/local/etc" && echo "yes" - yes function xshok_is_subdir() { # filepath shopt -s extglob; filepath="${filepath%%+(/)}" if [ -d "$filepath" ] ; then res="${filepath//[^\/]}" if [ "${#res}" -gt 1 ] ; then return 0 ; else return 1 ; # Not a subdir fi else return 1 ; # Not a dir fi } # Create a dir and set the ownership function xshok_mkdir_ownership() { # path if [ "${1}" ] ; then if ! mkdir -p "${1}" 2>/dev/null ; then xshok_pretty_echo_and_log "ERROR: Could not create directory: ${1}" exit 1 fi perms chown -f "${clam_user}:${clam_group}" "${1}" > /dev/null 2>&1 else xshok_pretty_echo_and_log "ERROR: Missing value for option" exit 1 fi } # Check if a user and group exists on the system otherwise return false # Usage: # xshok_is_subdir "username" && echo "user found" || echo "no" # xshok_is_subdir "username" "groupname" && echo "user and group found" || echo "no" function xshok_user_group_exists() { # username groupname if [ "$(uname -s)" == "SunOS" ] ; then id_bin="/usr/xpg4/bin/id" else id_bin="$(command -v id 2> /dev/null)" fi if [ "${2}" ] ; then if [ "$(uname -s)" == "Darwin" ] ; then #use ruby, as this is the best way. Ruby is always avilable as brew uses ruby ruby -e 'require "etc"; puts Etc::getgrnam("_clamav").gid' > /dev/null 2>&1 ret="$?" else getent_bin="$(command -v getent 2> /dev/null)" $getent_bin group "${2}" >/dev/null 2>&1 ret="$?" fi fi if [ "${1}" ] ; then if $id_bin -u "${1}" > /dev/null 2>&1 ; then if [ "${2}" ] ; then if [ "$ret" -eq 0 ] ; then return 0 ; # User and group exists else return 1 ; # Group does NOT exist fi else return 0 ; # User exists fi else return 1 ; # User does NOT exist fi else xshok_pretty_echo_and_log "ERROR: Missing value for option" exit 1 fi } # Handle comments with/out borders and logging. # Usage: # pretty_echo_and_log "one" # one # pretty_echo_and_log "two" "-" # --- # two # --- # pretty_echo_and_log "three" "=" "8" # ======== # three # ======== # pretty_echo_and_log "" "/\" "7" # /\/\/\/\/\/\ # type: e = error, w= warning, a = alert, n = notice # will auto detect using the first word "error,warning,alert,notice" # type e will make a == border # type w will make a -- border # type a will make a ** border # type n will make a ++ border function xshok_pretty_echo_and_log() { # "string" "repeating" "count" "type" #detect if running under cron and silence mystring="$1" myrepeating="$2" mycount="$3" mytype="$4" if [ "$comment_silence" != "yes" ] && [ "$force_verbose" != "yes" ]; then if [ ! -t 1 ] ; then comment_silence="yes" fi fi # always show errors and alerts if [ -z "$mytype" ] ; then shopt -s nocasematch if [[ "$mystring" =~ "ERROR:" ]] || [[ "$mystring" =~ "ERROR " ]] ; then mytype="e" elif [[ "$mystring" =~ "WARNING:" ]] || [[ "$mystring" =~ "WARNING " ]] ; then mytype="w" elif [[ "$mystring" =~ "ALERT:" ]] || [[ "$mystring" =~ "ALERT " ]] ; then mytype="a" elif [[ "$mystring" =~ "NOTICE:" ]] || [[ "$mystring" =~ "NOTICE " ]] ; then mytype="n" fi fi if [ "$mytype" == "e" ] || [ "$mytype" == "a" ] ; then comment_silence="no" fi # Handle comments is not silenced or type if [ "$comment_silence" != "yes" ] ; then if [ -z "$myrepeating" ] ; then if [ "$mytype" == "e" ] ; then myrepeating="=" elif [ "$mytype" == "w" ] ; then myrepeating="-" elif [ "$mytype" == "a" ] ; then myrepeating="*" elif [ "$mytype" == "n" ] ; then myrepeating="+" fi fi if [ -z "$myrepeating" ] ; then echo "${mystring}" else myvar="" if [ -z "$mycount" ] ; then mycount="${#mystring}" fi for (( n = 0; n < mycount; n++ )) ; do myvar="${myvar}${myrepeating}" done if [ -n "${mystring}" ] ; then echo -e "${myvar}\\n${1}\\n${myvar}" else echo -e "${myvar}" fi fi fi # Handle logging if [ "$enable_log" == "yes" ] ; then #filter ===, --- mystring=${1//===} mystring=${mystring//---} if [ -n "$mystring" ] ; then if [ -n "$log_pipe_cmd" ] ; then echo "${mystring}" | $log_pipe_cmd else if [ ! -e "${log_file_path}/${log_file_name}" ] ; then # xshok_mkdir_ownership "$log_file_path" mkdir -p "$log_file_path" touch "${log_file_path}/${log_file_name}" 2>/dev/null perms chown -f "${clam_user}:${clam_group}" "${log_file_path}/${log_file_name}" fi if [ ! -w "${log_file_path}/${log_file_name}" ] ; then echo "WARNING: Logging Disabled, as file not writable: ${log_file_path}/${log_file_name}" enable_log="no" else echo "$(date "+%b %d %T")" "${mystring}" >> "${log_file_path}/${log_file_name}" fi fi fi fi } # Check if the $2 value is not null and does not start with - function xshok_check_s2() { # value1 value2 if [ "${1}" ] ; then if [[ "${1}" =~ ^-.* ]] ; then xshok_pretty_echo_and_log "ERROR: Missing value for option or value begins with -" exit 1 fi else xshok_pretty_echo_and_log "ERROR: Missing value for option" exit 1 fi } # Time remaining information function function xshok_draw_time_remaining() { #time_remaining #update_hours #name if [ "${1}" ] && [ "${2}" ] ; then time_remaining="${1}" hours_left="$((time_remaining / 3600))" minutes_left="$((time_remaining % 3600 / 60))" xshok_pretty_echo_and_log "${2} hours have not yet elapsed since the last ${3} update check" xshok_pretty_echo_and_log "No update check was performed at this time" "-" xshok_pretty_echo_and_log "Next check will be performed in approximately ${hours_left} hour(s), ${minutes_left} minute(s)" fi } # Download function function xshok_file_download() { #outputfile #url #notimestamp if [ "$downloader_debug" == "yes" ] ; then xshok_pretty_echo_and_log "url: ${2} >> outputfile: ${1} | ${3}" fi if [ "${1}" ] && [ "${2}" ] ; then if [ -n "$curl_bin" ] ; then if [ -f "${1}" ] ; then # shellcheck disable=SC2086 $curl_bin --fail --compressed $curl_proxy $curl_insecure $curl_output_level --connect-timeout "${downloader_connect_timeout}" --remote-time --location --retry "${downloader_tries}" --max-time "${downloader_max_time}" --time-cond "${1}" --output "${1}" "${2}" 2>&11 result=$? else # shellcheck disable=SC2086 $curl_bin --fail --compressed $curl_proxy $curl_insecure $curl_output_level --connect-timeout "${downloader_connect_timeout}" --remote-time --location --retry "${downloader_tries}" --max-time "${downloader_max_time}" --output "${1}" "${2}" 2>&11 result=$? fi else if [ ! "${3}" ] ; then # the following is required because wget, cannot do --timestamping and --output-document together this_dir="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" output_file="$1" url="$2" output_dir="${output_file%/*}" output_file="${output_file##*/}" url_file="${url##*/}" wget_output_link="" cd "${output_dir}" || exit if [ "$output_file" != "$url_file" ] ; then if [ ! -f "$url_file" ] ; then if [ ! -f "$output_file" ] ; then touch "$output_file" fi ln -s "$output_file" "$url_file" wget_output_link="$url_file" fi fi # shellcheck disable=SC2086 $wget_bin $wget_compression $wget_proxy $wget_insecure $wget_output_level --connect-timeout="${downloader_connect_timeout}" --random-wait --tries="${downloader_tries}" --timeout="${downloader_max_time}" --timestamping "${2}" 2>&12 result=$? if [ -z "$wget_output_link" ] ; then if [ -L "$wget_output_link" ] ; then rm -f "$wget_output_link" fi fi cd "$this_dir" || exit else # shellcheck disable=SC2086 $wget_bin $wget_compression $wget_proxy $wget_insecure $wget_output_level --connect-timeout="${downloader_connect_timeout}" --random-wait --tries="${downloader_tries}" --timeout="${downloader_max_time}" --output-document="${1}" "${2}" 2>&12 result=$? fi fi return $result fi } # Handle list of database files function clamav_files() { echo "${clam_dbs}/${db}" >> "${current_tmp}" if [ "$keep_db_backup" == "yes" ] ; then echo "${clam_dbs}/${db}-bak" >> "${current_tmp}" fi } # Manage the databases and allow multi-dimensions as well as global overrides # Since the datbases are basically a multi-dimentional associative arrays in bash # ratings: LOW | MEDIUM | HIGH | REQUIRED | LOWONLY | MEDIUMONLY | LOWMEDIUMONLY | DISABLED function xshok_database() { # rating database_array # Assign current_rating="${1}" declare -a current_dbs=( "${@:2}" ) # Zero declare -a new_dbs=( ) if [ -n "${current_dbs[0]}" ] ; then if [ ${#current_dbs} -ge 1 ] ; then for db_name in "${current_dbs[@]}" ; do # Checks if [ "$enable_yararules" == "no" ] ; then # YARA rules are disabled if [[ "$db_name" == *".yar"* ]] ; then # If it's the value you want to delete continue # Skip to the next value fi fi if [ -z "$current_rating" ] ; then new_dbs+=( "$db_name" ) else if [[ ! "$db_name" = *"|"* ]] ; then # This old format new_dbs+=( "$db_name" ) else db_name_rating="${db_name#*|}" db_name="${db_name%|*}" if [ "$db_name_rating" != "DISABLED" ] ; then if [ "$db_name_rating" == "$current_rating" ] ; then new_dbs+=( "$db_name" ) elif [ "$db_name_rating" == "REQUIRED" ] ; then new_dbs+=( "$db_name" ) elif [ "$current_rating" == "LOW" ] ; then if [ "$db_name_rating" == "LOWONLY" ] || [ "$db_name_rating" == "LOW" ] || [ "$db_name_rating" == "LOWMEDIUMONLY" ] ; then new_dbs+=( "$db_name" ) fi elif [ "$current_rating" == "MEDIUM" ] ; then if [ "$db_name_rating" == "MEDIUMONLY" ] || [ "$db_name_rating" == "MEDIUM" ] || [ "$db_name_rating" == "LOW" ] || [ "$db_name_rating" == "LOWMEDIUMONLY" ] ; then new_dbs+=( "$db_name" ) fi elif [ "$current_rating" == "HIGH" ] ; then if [ "$db_name_rating" == "HIGH" ] || [ "$db_name_rating" == "MEDIUM" ] || [ "$db_name_rating" == "LOW" ]; then new_dbs+=( "$db_name" ) fi fi fi fi fi done fi fi echo "${new_dbs[@]}" | xargs # Remove extra whitespace } # Manage the databases to be removed and allow multi-dimensions as well as global overrides # Since the datbases are basically a multi-dimentional associative arrays in bash # ratings: LOW | MEDIUM | HIGH | REQUIRED | LOWONLY | MEDIUMONLY | LOWMEDIUMONLY | DISABLED function xshok_remove_database() { # rating database_array # Assign current_rating="${1}" declare -a current_dbs=( "${@:2}" ) # Zero declare -a new_dbs=( ) if [ ${#current_dbs} -ge 1 ] ; then for db_name in "${current_dbs[@]}" ; do db_name_rating="${db_name#*|}" db_name="${db_name%|*}" removed="no" # Checks if [ "$current_rating" == "DISABLED" ] ; then new_dbs+=( "$db_name" ) removed="yes" elif [ "$current_rating" == "HIGH" ] ; then if [ "$db_name_rating" == "LOWONLY" ] || [ "$db_name_rating" == "LOWMEDIUMONLY" ] ||[ "$db_name_rating" == "MEDIUMONLY" ] ; then new_dbs+=( "$db_name" ) removed="yes" fi elif [ "$current_rating" == "MEDIUM" ] ; then if [ "$db_name_rating" == "HIGH" ] || [ "$db_name_rating" == "LOWONLY" ] ; then new_dbs+=( "$db_name" ) removed="yes" fi elif [ "$current_rating" == "LOW" ] ; then if [ "$db_name_rating" == "MEDIUMONLY" ] || [ "$db_name_rating" == "MEDIUM" ] || [ "$db_name_rating" == "HIGH" ]; then new_dbs+=( "$db_name" ) removed="yes" fi fi if [ "$removed" == "no" ] ; then # not already removed, process futher if [ "$enable_yararules" == "no" ] && [[ "$db_name" == *".yar"* ]] ; then # YARA rules are disabled AND it's the value you want to delete new_dbs+=( "$db_name" ) fi fi done fi echo "${new_dbs[@]}" | xargs # Remove extra whitespace } ################################################################################ # ADDITIONAL PROGRAM FUNCTIONS ################################################################################ # Generates a man config and installs it function install_man() { if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then xshok_pretty_echo_and_log "This script (clamav-unofficial-sigs) was installed on the system via ${pkg_mgr}" exit 1 fi xshok_pretty_echo_and_log "" xshok_pretty_echo_and_log "Generating man file for install...." # Use defined varibles or attempt to use default varibles if [ ! -e "${man_dir}/${man_filename}" ] ; then mkdir -p "$man_dir" touch "${man_dir}/${man_filename}" 2>/dev/null fi if [ ! -w "${man_dir}/${man_filename}" ] ; then xshok_pretty_echo_and_log "ERROR: man install aborted, as file not writable: ${man_dir}/${man_filename}" else BOLD="\\fB" #REV="" NORM="\\fR" manresult="$(help_and_usage "man")" # Our template.. cat << EOF > "${man_dir}/${man_filename}" .\\" Manual page for eXtremeSHOK.com ClamAV Unofficial Signature Updater .TH clamav-unofficial-sigs 8 "${script_version_date}" "Version: ${script_version}" "SCRIPT COMMANDS" .SH NAME clamav-unofficial-sigs \\- Download, test, and install third-party ClamAV signature databases. .SH SYNOPSIS .B clamav-unofficial-sigs .RI [ options ] .SH DESCRIPTION \\fBclamav-unofficial-sigs\\fP provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, etc. It will also generate and install cron, logrotate, and man files. .SH UPDATES Script updates can be found at: \\fBhttps://github.com/extremeshok/clamav-unofficial-sigs\\fP .SH OPTIONS This script follows the standard GNU command line syntax. .LP $manresult .SH SEE ALSO .BR clamd (8), .BR clamscan (1) .SH COPYRIGHT Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com .TP You are free to use, modify and distribute, however you may not remove this notice. .SH LICENSE BSD (Berkeley Software Distribution) .SH BUGS Report bugs to \\fBhttps://github.com/extremeshok/clamav-unofficial-sigs\\fP .SH AUTHOR Adrian Jon Kriel :: admin@extremeshok.com Originially based on Script provide by Bill Landry EOF fi xshok_pretty_echo_and_log "Completed: man installed, as file: ${man_dir}/${man_filename}" } # Generate a logrotate config and install it function install_logrotate() { if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then xshok_pretty_echo_and_log "This script (clamav-unofficial-sigs) was installed on the system via ${pkg_mgr}" exit 1 fi xshok_pretty_echo_and_log "" xshok_pretty_echo_and_log "Generating logrotate file for install...." # Use defined varibles or attempt to use default varibles if [ -z "$logrotate_user" ] ; then logrotate_user="${clam_user}"; fi if [ -z "$logrotate_group" ] ; then logrotate_group="${clam_group}"; fi if [ -z "$logrotate_log_file_full_path" ] ; then logrotate_log_file_full_path="${log_file_path}/${log_file_name}" fi if [ ! -e "${logrotate_dir}/${logrotate_filename}" ] ; then mkdir -p "$logrotate_dir" touch "${logrotate_dir}/${logrotate_filename}" 2>/dev/null fi if [ ! -w "${logrotate_dir}/${logrotate_filename}" ] ; then xshok_pretty_echo_and_log "ERROR: logrotate install aborted, as file not writable: ${logrotate_dir}/${logrotate_filename}" else # Our template.. cat << EOF > "${logrotate_dir}/${logrotate_filename}" # https://eXtremeSHOK.com ###################################################### # This file contains the logrotate settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # # Originially based on: # Script provide by Bill Landry (unofficialsigs@gmail.com). # # License: BSD (Berkeley Software Distribution) # ################## # Automatically Generated: $(date) ################## # # This logrotate file will rotate the logs generated by the clamav-unofficial-sigs.sh # # To Adjust the logrotate values, edit your configs and run # bash clamav-unofficial-sigs.sh --install-logrotate to generate a new file. $logrotate_log_file_full_path { weekly rotate 4 missingok notifempty compress create 0640 ${logrotate_user} ${logrotate_group} } EOF fi xshok_pretty_echo_and_log "Completed: logrotate installed, as file: ${logrotate_dir}/${logrotate_filename}" } # Generate a cron config and install it function install_cron() { if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then xshok_pretty_echo_and_log "This script (clamav-unofficial-sigs) was installed on the system via {$pkg_mgr}" exit 1 fi xshok_pretty_echo_and_log "" xshok_pretty_echo_and_log "Generating cron file for install...." # Use defined varibles or attempt to use default varibles if [ -z "$cron_minute" ] ; then cron_minute="$(( ( RANDOM % 59 ) + 1 ))" fi if [ -z "$cron_user" ] ; then cron_user="${clam_user}"; fi if [ -z "$cron_bash" ] ; then cron_bash="$(command -v bash 2> /dev/null)" fi if [ -z "$cron_script_full_path" ] ; then cron_script_full_path="$this_script_full_path" fi if [ "$cron_sudo" == "yes" ] ; then cron_sudo="sudo -u" fi if [ ! -e "${cron_dir}/${cron_filename}" ] ; then mkdir -p "$cron_dir" touch "${cron_dir}/${cron_filename}" 2>/dev/null fi if [ ! -w "${cron_dir}/${cron_filename}" ] ; then xshok_pretty_echo_and_log "ERROR: cron install aborted, as file not writable: ${cron_dir}/${cron_filename}" else # Our template.. cat << EOF > "${cron_dir}/${cron_filename}" # https://eXtremeSHOK.com ###################################################### # This file contains the cron settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # # Originially based on: # Script provide by Bill Landry (unofficialsigs@gmail.com). # # License: BSD (Berkeley Software Distribution) # ################## # Automatically Generated: $(date) ################## # # This cron file will execute the clamav-unofficial-sigs.sh script that # currently supports updating third-party signature databases provided # by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, etc. # # The script is set to run hourly, at a random minute past the hour, and the # script itself is set to randomize the actual execution time between # 60 - 600 seconds. To Adjust the cron values, edit your configs and run # bash clamav-unofficial-sigs.sh --install-cron to generate a new file. # Uncomment to enable emails to the root user #MAILTO=root $cron_minute * * * * ${cron_sudo} ${cron_user} [ -x ${cron_script_full_path} ] && ${cron_bash} ${cron_script_full_path} # https://eXtremeSHOK.com ###################################################### EOF fi xshok_pretty_echo_and_log "Completed: cron installed, as file: ${cron_dir}/${cron_filename}" } # Auto upgrade the master.conf and the function xshok_upgrade() { if [ "$allow_upgrades" == "no" ] ; then xshok_pretty_echo_and_log "ERROR: --upgrade has been disabled, allow_upgrades=no" exit 1 fi if ! xshok_is_root ; then xshok_pretty_echo_and_log "ERROR: Only root can run the upgrade" exit 1 fi xshok_pretty_echo_and_log "Checking for updates ..." found_upgrade="no" if [ -n "$curl_bin" ] ; then # shellcheck disable=SC2086 latest_version="$($curl_bin --compressed $curl_proxy $curl_insecure $curl_output_level --connect-timeout "${downloader_connect_timeout}" --remote-time --location --retry "${downloader_tries}" --max-time "${downloader_max_time}" "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/clamav-unofficial-sigs.sh" 2>&11 | $grep_bin "^script_version=" | head -n1 | cut -d '"' -f 2)" # shellcheck disable=SC2086 latest_config_version="$($curl_bin --compressed $curl_proxy $curl_insecure $curl_output_level --connect-timeout "${downloader_connect_timeout}" --remote-time --location --retry "${downloader_tries}" --max-time "${downloader_max_time}" "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/config/master.conf" 2>&11 | $grep_bin "^config_version=" | head -n1 | cut -d '"' -f 2)" else # shellcheck disable=SC2086 latest_version="$($wget_bin $wget_compression $wget_proxy $wget_insecure $wget_output_level --connect-timeout="${downloader_connect_timeout}" --random-wait --tries="${downloader_tries}" --timeout="${downloader_max_time}" "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/clamav-unofficial-sigs.sh" -O - 2>&12 | $grep_bin "^script_version=" | head -n1 | cut -d '"' -f 2)" # shellcheck disable=SC2086 latest_config_version="$($wget_bin $wget_compression $wget_proxy $wget_insecure $wget_output_level --connect-timeout="${downloader_connect_timeout}" --random-wait --tries="${downloader_tries}" --timeout="${downloader_max_time}" "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/config/master.conf" -O - 2>&12 | $grep_bin "^config_version=" | head -n1 | cut -d '"' -f 2)" fi # config_dir/master.conf if [ "$latest_config_version" ] ; then # shellcheck disable=SC2183,SC2086 if [ "$(printf "%02d%02d%02d%02d" ${latest_config_version//./ })" -gt "$(printf "%02d%02d%02d%02d" ${config_version//./ })" ] ; then found_upgrade="yes" xshok_pretty_echo_and_log "ALERT: Upgrading config from v${config_version} to v${latest_config_version}" if [ -w "${config_dir}/master.conf" ] && [ -f "${config_dir}/master.conf" ] ; then echo "Downloading https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/config/master.conf" xshok_file_download "${work_dir}/master.conf.tmp" "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/config/master.conf" "notimestamp" ret="$?" if [ "$ret" -ne 0 ] ; then xshok_pretty_echo_and_log "ERROR: Could not download https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/config/master.conf" exit 1 fi if ! $grep_bin -m 1 "config_version" "${work_dir}/master.conf.tmp" > /dev/null 2>&1 ; then echo "ERROR: Downloaded master.conf is incomplete, please re-run" exit 1 fi # Copy over permissions from old version OCTAL_MODE="$(stat -c "%a" "${config_dir}/master.conf" 2> /dev/null)" if [ -z "$OCTAL_MODE" ]; then OCTAL_MODE="$(stat -f '%p' "${config_dir}/master.conf")" fi xshok_pretty_echo_and_log "Running update process" if ! mv -f "${work_dir}/master.conf.tmp" "${config_dir}/master.conf" ; then xshok_pretty_echo_and_log "ERROR: failed moving ${work_dir}/master.conf.tmp to ${config_dir}/master.conf" exit 1 fi if ! chmod "$OCTAL_MODE" "${config_dir}/master.conf" ; then xshok_pretty_echo_and_log "ERROR: unable to set permissions on ${config_dir}/master.conf" exit 1 fi xshok_pretty_echo_and_log "Completed" else xshok_pretty_echo_and_log "ERROR: ${config_dir}/master.conf is not a file or is not writable" exit 1 fi fi fi if [ "$latest_version" ] ; then # shellcheck disable=SC2183,SC2086 if [ "$(printf "%02d%02d%02d%02d" ${latest_version//./ })" -gt "$(printf "%02d%02d%02d%02d" ${script_version//./ })" ] ; then found_upgrade="yes" xshok_pretty_echo_and_log "ALERT: Upgrading script from v${script_version} to v${latest_version}" if [ -w "${config_dir}/master.conf" ] && [ -f "${config_dir}/master.conf" ] ; then echo "Downloading https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/clamav-unofficial-sigs.sh" xshok_file_download "${work_dir}/clamav-unofficial-sigs.sh.tmp" "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/clamav-unofficial-sigs.sh" "notimestamp" ret=$? if [ "$ret" -ne 0 ] ; then xshok_pretty_echo_and_log "ERROR: Could not download https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/clamav-unofficial-sigs.sh" exit 1 fi # Detect to make sure the entire script is avilable, fail if the script is missing contents if [ "$(tail -n 1 "${work_dir}/clamav-unofficial-sigs.sh.tmp" | head -n 1 | cut -c 1-7)" != "exit \$?" ] ; then echo "ERROR: Downloaded clamav-unofficial-sigs.sh is incomplete, please re-run" exit 1 fi # Copy over permissions from old version OCTAL_MODE="$(stat -c "%a" "${this_script_full_path}" 2> /dev/null)" if [ -z "$OCTAL_MODE" ]; then OCTAL_MODE="$(stat -f '%p' "${this_script_full_path}")" fi xshok_pretty_echo_and_log "Inserting update process..." # Generate the update script cat > "${work_dir}/xshok_update_script.sh" << EOF #!/usr/bin/env bash echo "Running update process" # Overwrite old file with new if ! mv -f "${work_dir}/clamav-unofficial-sigs.sh.tmp" "${this_script_full_path}" ; then echo "ERROR: failed moving ${work_dir}/clamav-unofficial-sigs.sh.tmp to ${this_script_full_path}" rm -f \$0 exit 1 fi if ! chmod "$OCTAL_MODE" "${this_script_full_path}" ; then echo "ERROR: unable to set permissions on ${this_script_full_path}" rm -f \$0 exit 1 fi echo "Completed" # echo "---------------------" # echo "Optional, run as root: " # echo "clamav-unofficial-sigs.sh --install-all" echo "---------------------" echo "Run once as root: " echo "clamav-unofficial-sigs.sh --force" #remove the tmp script before exit rm -f \$0 EOF # Replaced with $0, so code will update and then call itself with the same parameters it had #exec "${0}" "$@" bash_bin="$(command -v bash 2> /dev/null)" exec "$bash_bin" "${work_dir}/xshok_update_script.sh" echo "Running once as root" else xshok_pretty_echo_and_log "ERROR: ${config_dir}/master.conf is not a file or is not writable" exit 1 fi fi fi if [ "$found_upgrade" == "no" ] ; then xshok_pretty_echo_and_log "No updates available" fi } # Decode a third-party signature either by signature name function decode_third_party_signature_by_signature_name() { xshok_pretty_echo_and_log "" xshok_pretty_echo_and_log "Input a third-party signature name to decode (e.g: Sanesecurity.Junk.15248) or" xshok_pretty_echo_and_log "a hexadecimal encoded data string and press enter:" read -r input # Remove quotes and .UNOFFICIAL from the whitelist input string input="$(echo "${input}" | tr -d "'" | tr -d '"' | tr -d '`')" input=${input/\.UNOFFICIAL/} if echo "${input}" | $grep_bin "\\." > /dev/null ; then cd "$clam_dbs" || exit sig="$($grep_bin "${input}:" ./*.ndb)" if [ -n "$sig" ] ; then db_file="${sig%:*}" xshok_pretty_echo_and_log "${input} found in: ${db_file}" xshok_pretty_echo_and_log "${input} signature decodes to:" xshok_pretty_echo_and_log "$sig" | cut -d ":" -f 5 | perl -pe 's/([a-fA-F0-9]{2})|(\{[^}]*\}|\([^)]*\))/defined $2 ? $2 : chr(hex $1)/eg' else xshok_pretty_echo_and_log "Signature ${input} could not be found." xshok_pretty_echo_and_log "This script will only decode ClamAV 'UNOFFICIAL' third-Party," xshok_pretty_echo_and_log "non-image based, signatures as found in the *.ndb databases." fi else xshok_pretty_echo_and_log "Here is the decoded hexadecimal input string:" echo "${input}" | perl -pe 's/([a-fA-F0-9]{2})|(\{[^}]*\}|\([^)]*\))/defined $2 ? $2 : chr(hex $1)/eg' fi } # Hexadecimal encode an entire input string function hexadecimal_encode_entire_input_string() { xshok_pretty_echo_and_log "" xshok_pretty_echo_and_log "Input the data string that you want to hexadecimal encode and then press enter. Do not include" xshok_pretty_echo_and_log "any quotes around the string unless you want them included in the hexadecimal encoded output:" read -r input xshok_pretty_echo_and_log "Here is the hexadecimal encoded input string:" echo "${input}" | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' } # Hexadecimal encode a formatted input string function hexadecimal_encode_formatted_input_string() { xshok_pretty_echo_and_log "" xshok_pretty_echo_and_log "Input a formated data string containing spacing fields '{}, (), *' that you want to hexadecimal" xshok_pretty_echo_and_log "encode, without encoding the spacing fields, and then press enter. Do not include any quotes" xshok_pretty_echo_and_log "around the string unless you want them included in the hexadecimal encoded output:" read -r input xshok_pretty_echo_and_log "Here is the hexadecimal encoded input string:" echo "${input}" | perl -pe 's/(\{[^}]*\}|\([^)]*\)|\*)|(.)/defined $1 ? $1 : sprintf("%02lx", ord $2)/eg' } # GPG verify a specific Sanesecurity database file function gpg_verify_specific_sanesecurity_database_file() { # databasefile xshok_pretty_echo_and_log "" if [ "$enable_gpg" == "no" ] ; then xshok_pretty_echo_and_log "GnuPG / signature verification disabled" "-" else if [ "${1}" ] ; then db_file="$(echo "${1}" | awk -F "/" '{print $NF}')" if [ -r "${work_dir_sanesecurity}/${db_file}" ] ; then xshok_pretty_echo_and_log "GPG signature testing database file: ${work_dir_sanesecurity}/${db_file}" if [ -r "${work_dir_sanesecurity}/${db_file}.sig" ] ; then if ! "$gpg_bin" -q --trust-model always --no-default-keyring --homedir "${work_dir_gpg}" --keyring "${work_dir_gpg}/ss-keyring.gpg" --verify "${work_dir_sanesecurity}/${db_file}.sig" "${work_dir_sanesecurity}/${db_file}" ; then if "$gpg_bin" -q --always-trust --no-default-keyring --homedir "${work_dir_gpg}" --keyring "${work_dir_gpg}/ss-keyring.gpg" --verify "${work_dir_sanesecurity}/${db_file}.sig" "${work_dir_sanesecurity}/${db_file}" ; then exit 0 else exit 1 fi else exit 0 fi else xshok_pretty_echo_and_log "Signature ${db_file}.sig cannot be found." fi else xshok_pretty_echo_and_log "File ${db_file} cannot be found or is not a Sanesecurity database file." xshok_pretty_echo_and_log "Only the following Sanesecurity and OITC databases can be GPG signature tested:" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" --ignore "*.fp" "${work_dir_sanesecurity}" fi else xshok_pretty_echo_and_log "ERROR: Missing value for option" exit 1 fi exit 1 fi } # Output system and configuration information function output_system_configuration_information() { xshok_pretty_echo_and_log "" xshok_pretty_echo_and_log "*** SCRIPT INFORMATION ***" xshok_pretty_echo_and_log "${this_script_name} ${script_version} (${script_version_date})" xshok_pretty_echo_and_log "Master.conf Version: ${config_version}" xshok_pretty_echo_and_log "Minimum required config: ${minimum_required_config_version}" xshok_pretty_echo_and_log "*** SYSTEM INFORMATION ***" $uname_bin -a xshok_pretty_echo_and_log "*** CLAMSCAN LOCATION & VERSION ***" xshok_pretty_echo_and_log "${clamscan_bin}" $clamscan_bin --version | head -1 xshok_pretty_echo_and_log "*** RSYNC LOCATION & VERSION ***" xshok_pretty_echo_and_log "${rsync_bin}" $rsync_bin --version | head -1 if [ -n "$curl_bin" ] ; then xshok_pretty_echo_and_log "*** CURL LOCATION & VERSION ***" xshok_pretty_echo_and_log "${curl_bin}" $curl_bin --version | head -1 else xshok_pretty_echo_and_log "*** WGET LOCATION & VERSION ***" xshok_pretty_echo_and_log "${wget_bin}" $wget_bin --version | head -1 fi if [ "$enable_gpg" == "yes" ] ; then xshok_pretty_echo_and_log "*** GPG LOCATION & VERSION ***" xshok_pretty_echo_and_log "${gpg_bin}" $gpg_bin --version | head -1 fi xshok_pretty_echo_and_log "*** DIRECTORY INFORMATION ***" xshok_pretty_echo_and_log "Working Directory: ${work_dir}" xshok_pretty_echo_and_log "Clam Database Directory: ${clam_dbs}" if [ "$custom_config" != "no" ] ; then if [ -d "$custom_config" ] ; then # Assign the custom config dir and remove trailing / (removes / and //) xshok_pretty_echo_and_log "Custom Configuration Directory: ${custom_config}" else xshok_pretty_echo_and_log "Custom Configuration File: ${custom_config}" fi else xshok_pretty_echo_and_log "Configuration Directory: ${config_dir}" fi xshok_pretty_echo_and_log "" } # Make a signature database from an ascii file function make_signature_database_from_ascii_file() { xshok_pretty_echo_and_log "" echo " The '-m' script flag provides a way to create a ClamAV hexadecimal signature database (*.ndb) file from a list of data strings stored in a clear-text ascii file, with one data string entry per line. - Hexadecimal encoding can be either 'full' or 'formatted' on a per line basis: Full line encoding should be used if there are no formatted spacing entries [{}, (), *] included on the line. Prefix unformatted lines with: '-:' (no quote marks). Example: -:This signature contains no formatted spacing fields Encodes to: 54686973207369676e617475726520636f6e7461696e73206e6f20666f726d61747465642073706163696e67206669656c6473 Formatted line encoding should be used if there are user added spacing entries [{}, (), *] included on the line. Prefix formatted lines with '=:' (no quote marks). Example: =:This signature{-10}contains several(25|26|27)formatted spacing*fields Encodes to: 54686973207369676e6174757265{-10}636f6e7461696e73207365766572616c(25|26|27)666f726d61747465642073706163696e67*6669656c6473 Use 'full' encoding if you want to encode everything on the line [including {}, (), *] and 'formatted' encoding if you want to encode everything on the line except the formatted character spacing fields. The prefixes ('-:' and '=:') will be stripped from the line before hexadecimal encoding is done. If no prefix is found at the beginning of the line, full line encoding will be done (default). - It is assumed that the signatures will be created for email scanning purposes, thus the '4' target type is used and full file scanning is enabled (see ClamAV signatures.pdf for details). - Line numbering will be done automatically by the script. " | command "$sed_bin" 's/^ //g' echo -n "Do you wish to continue? " if xshok_prompt_confirm ; then echo -n "Enter the source file as /path/filename: " read -r source if [ -r "$source" ] ; then source_file="$(basename "$source")" xshok_pretty_echo_and_log "What signature prefix would you like to use? For example: 'Phish.Domains'" xshok_pretty_echo_and_log "will create signatures that looks like: 'Phish.Domains.1:4:*:HexSigHere'" echo -n "Enter signature prefix: " read -r prefix path_file="$(echo "$source" | cut -d "." -f -1 | command "$sed_bin" 's/$/.ndb/')" db_file="$(basename "$path_file")" rm -f "$path_file" total="$(wc -l "$source" | cut -d " " -f 1)" line_num="1" while read -r line ; do line_prefix="$(echo "$line" | awk -F ":" '{print $1}')" if [ "$line_prefix" == "-" ] ; then echo "$line" | cut -d ":" -f 2- | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' | command "$sed_bin" "s/^/$prefix\\.$line_num:4:\\*:/" >> "$path_file" elif [ "$line_prefix" == "=" ] ; then echo "$line" | cut -d ":" -f 2- | perl -pe 's/(\{[^}]*\}|\([^)]*\)|\*)|(.)/defined $1 ? $1 : sprintf("%02lx", ord $2)/eg' | command "$sed_bin" "s/^/$prefix\\.$line_num:4:\\*:/" >> "$path_file" else echo "$line" | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' | command "$sed_bin" "s/^/$prefix\\.$line_num:4:\\*:/" >> "$path_file" fi xshok_pretty_echo_and_log "Hexadecimal encoding ${source_file} line: ${line_num} of ${total}" line_num="$((line_num + 1))" done < "$source" else xshok_pretty_echo_and_log "Source file not found, exiting..." exit fi xshok_pretty_echo_and_log "Signature database file created at: ${path_file}" if $clamscan_bin --quiet -d "$path_file" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports database integrity tested good." echo -n "Would you like to move '${db_file}' into '${clam_dbs}' and reload databases?" if xshok_prompt_confirm ; then if ! cmp -s "$path_file" "${clam_dbs}/${db_file}" ; then if $rsync_bin -pcqt "$path_file" "$clam_dbs" ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" perms chmod -f 0644 "$clam_dbs"/"$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi $clamd_restart_opt xshok_pretty_echo_and_log "Signature database '${db_file}' was successfully implemented and ClamD databases reloading." else xshok_pretty_echo_and_log "Failed to add/update '${db_file}', ClamD database not reloading." fi else xshok_pretty_echo_and_log "Database '${db_file}' has not changed - skipping" fi else xshok_pretty_echo_and_log "No action taken." fi else xshok_pretty_echo_and_log "Clamscan reports that '${db_file}' signature database integrity tested bad." fi fi } # Remove the clamav-unofficial-sigs script function remove_script() { xshok_pretty_echo_and_log "" if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then xshok_pretty_echo_and_log "This script (clamav-unofficial-sigs) was installed on the system via '${pkg_mgr}'" xshok_pretty_echo_and_log "use '${pkg_rm}' to remove the script and all of its associated files and databases from the system." else cron_file_full_path="${cron_dir}/${cron_filename}" logrotate_file_full_path="${logrotate_dir}/${logrotate_filename}" man_file_full_path="${man_dir}/${man_filename}" xshok_pretty_echo_and_log "This will remove the workdir (${work_dir}), logrotate file (${logrotate_file_full_path}), cron file (${cron_file_full_path}), man file (${man_file_full_path})" xshok_pretty_echo_and_log "Are you sure you want to remove the clamav-unofficial-sigs script and all of its associated files, third-party databases, and work directory from the system?" if xshok_prompt_confirm ; then xshok_pretty_echo_and_log "This can not be undone are you sure ?" if xshok_prompt_confirm ; then if [ -r "${work_dir_work_configs}/purge.txt" ] ; then while read -r file ; do xshok_is_file "$file" && rm -f -- "$file" xshok_pretty_echo_and_log " Removed file: ${file}" done < "${work_dir_work_configs}/purge.txt" if [ -r "$cron_file_full_path" ] ; then xshok_is_file "$cron_file_full_path" && rm -f "$cron_file_full_path" xshok_pretty_echo_and_log " Removed file: ${cron_file_full_path}" fi if [ -r "$logrotate_file_full_path" ] ; then xshok_is_file "$logrotate_file_full_path" && rm -f "$logrotate_file_full_path" xshok_pretty_echo_and_log " Removed file: ${logrotate_file_full_path}" fi if [ -r "$man_file_full_path" ] ; then xshok_is_file "$man_file_full_path" && rm -f "$man_file_full_path" xshok_pretty_echo_and_log " Removed file: ${man_file_full_path}" fi # Rather keep the configs #rm -f -- "$default_config" && echo " Removed file: $default_config" #rm -f -- "${0}" && echo " Removed file: $0" xshok_is_subdir "$work_dir" && rm -rf -- "${work_dir:?}" && echo " Removed script working directories: ${work_dir}" xshok_pretty_echo_and_log " The clamav-unofficial-sigs script and all of its associated files, third-party" xshok_pretty_echo_and_log " databases, and work directories have been successfully removed from the system." else xshok_pretty_echo_and_log " Cannot locate 'purge.txt' file in ${work_dir_work_configs}." xshok_pretty_echo_and_log " Files and signature database will need to be removed manually." fi else xshok_pretty_echo_and_log "Aborted" fi else xshok_pretty_echo_and_log "Aborted" fi fi } # Clamscan integrity test a specific database file function clamscan_integrity_test_specific_database_file() { # databasefile xshok_pretty_echo_and_log "" if [ "${1}" ] ; then input="$(echo "${1}" | awk -F "/" '{print $NF}')" db_file="$(find "$work_dir" -name "$input")" if [ -r "$db_file" ] ; then xshok_pretty_echo_and_log "Clamscan integrity testing: ${db_file}" if $clamscan_bin --quiet -d "$db_file" "${work_dir_work_configs}/scan-test.txt" ; then xshok_pretty_echo_and_log "Clamscan reports that '${input}' database integrity tested GOOD" exit 0 else xshok_pretty_echo_and_log "Clamscan reports that '${input}' database integrity tested BAD" exit 1 fi else xshok_pretty_echo_and_log "File '${input}' cannot be found." xshok_pretty_echo_and_log "Here is a list of third-party databases that can be clamscan integrity tested:" xshok_pretty_echo_and_log "=== Sanesecurity ===" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" --ignore "*.fp" "$work_dir_sanesecurity" xshok_pretty_echo_and_log "=== SecuriteInfo ===" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" --ignore "*.fp" "$work_dir_securiteinfo" xshok_pretty_echo_and_log "=== MalwarePatrol ===" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" --ignore "*.fp" "$work_dir_malwarepatrol" xshok_pretty_echo_and_log "=== Linux Malware Detect ===" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" --ignore "*.fp" "$work_dir_linuxmalwaredetect" xshok_pretty_echo_and_log "=== interServer Detect ===" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" --ignore "*.fp" "$work_dir_interserver" xshok_pretty_echo_and_log "=== Malware Expert Detect ===" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" --ignore "*.fp" "$work_dir_malwareexpert" xshok_pretty_echo_and_log "=== Linux Malware Detect ===" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" --ignore "*.fp" "$work_dir_yararulesproject" xshok_pretty_echo_and_log "=== User Defined Databases ===" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" --ignore "*.fp" "$work_dir_add" xshok_pretty_echo_and_log "Check the file name and try again..." fi else xshok_pretty_echo_and_log "ERROR: Missing value for option" exit 1 fi } # Output names of any third-party signatures that triggered during the HAM directory scan function output_signatures_triggered_during_ham_directory_scan() { xshok_pretty_echo_and_log "" if [ -n "$ham_dir" ] ; then if [ -r "${work_dir_work_configs}/whitelist.hex" ] ; then xshok_pretty_echo_and_log "The following third-party signatures triggered hits during the HAM Directory scan:" $grep_bin -h -f "${work_dir_work_configs}/whitelist.hex" "$work_dir"/*/*.ndb | cut -d ":" -f 1 $grep_bin -h -f "${work_dir_work_configs}/whitelist.hex" "$work_dir"/*/*.db | cut -d "=" -f 1 else xshok_pretty_echo_and_log "No third-party signatures have triggered hits during the HAM Directory scan." fi else xshok_pretty_echo_and_log "Ham directory scanning is not currently enabled in the script's configuration file." fi } # Adds a signature whitelist entry in the newer ClamAV IGN2 format function add_signature_whitelist_entry() { #signature xshok_pretty_echo_and_log "Signature Whitelist" "=" if [ -n "$1" ] ; then input="$1" else xshok_pretty_echo_and_log "Input a third-party signature name that you wish to whitelist and press enter" read -r input fi if [ -n "$input" ] ; then xshok_pretty_echo_and_log "Processing: ${input}" cd "$clam_dbs" || exit # Remove quotes and .UNOFFICIAL from the string input="$(echo "${input}" | tr -d "'" | tr -d '"' | tr -d '`"')" input=${input/\.UNOFFICIAL/} yaratest="$(echo "$input" | cut -d "." -f 1)" shopt -s nocasematch if [ "$yaratest" == "YARA" ] ; then echo "YARA signature detected" sig_full="$input" sig_extension="" sig_name="$input" else sig_full="$($grep_bin -H -m 1 "$input" ./*.*db)" sig_extension=${sig_full%%\:*} sig_extension=${sig_extension##*\.} shopt -s nocasematch if [ "$sig_extension" == "hdb" ] || [ "$sig_extension" == "hsb" ] || [ "$sig_extension" == "hdu " ] || [ "$sig_extension" == "hsu" ] || [ "$sig_extension" == "mdb" ] || [ "$sig_extension" == "msb" ] || [ "$sig_extension" == "mdu" ] || [ "$sig_extension" == "msu" ] ; then # Hash-based Signature Database position="4" else position="2" fi sig_name="$(echo "$sig_full" | cut -d ":" -f $position | cut -d "=" -f 1)" fi if [ -n "$sig_name" ] ; then if ! $grep_bin -m 1 "$sig_name" my-whitelist.ign2 > /dev/null 2>&1 ; then cp -f -p my-whitelist.ign2 "$work_dir_work_configs" 2>/dev/null echo "$sig_name" >> "${work_dir_work_configs}/my-whitelist.ign2" shopt -s nocasematch if [ "$yaratest" != "YARA" ] ; then echo "$sig_full" >> "${work_dir_work_configs}/tracker.txt" fi if $clamscan_bin --quiet -d "${work_dir_work_configs}/my-whitelist.ign2" "${work_dir_work_configs}/scan-test.txt" ; then if $rsync_bin -pcqt "${work_dir_work_configs}/my-whitelist.ign2" "$clam_dbs" ; then perms chown -f "${clam_user}:${clam_group}" my-whitelist.ign2 if [ ! -s "${work_dir_work_configs}/monitor-ign.txt" ] ; then # Create "monitor-ign.txt" file for clamscan database integrity testing. echo "This is the monitor ignore file..." > "${work_dir_work_configs}/monitor-ign.txt" fi perms chmod -f 0644 my-whitelist.ign2 "${work_dir_work_configs}/monitor-ign.txt" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/local.ign" fi do_clamd_reload="4" clamscan_reload_dbs xshok_pretty_echo_and_log "Signature '${input}' has been added to my-whitelist.ign2 and all databases have been reloaded." if [ "$yaratest" != "YARA" ] ; then xshok_pretty_echo_and_log "The script will track any changes to the offending signature and will automatically remove it, " xshok_pretty_echo_and_log "if the signature is modified or removed from the third-party database." fi else xshok_pretty_echo_and_log "Failed to successfully update my-whitelist.ign2 file - SKIPPING." fi else xshok_pretty_echo_and_log "Clamscan reports my-whitelist.ign2 database integrity is bad - SKIPPING." fi else xshok_pretty_echo_and_log "Signature '${input}' already exists in my-whitelist.ign2 - no action taken." fi else xshok_pretty_echo_and_log "Signature '${input}' could not be found." xshok_pretty_echo_and_log "This script will only create a whitelise entry in my-whitelist.ign2 for ClamAV" xshok_pretty_echo_and_log "'UNOFFICIAL' third-Party signatures as found in the *.ndb *.hdb *.db databases." fi else xshok_pretty_echo_and_log "No input detected - no action taken." fi } # Clamscan reload database function clamscan_reload_dbs() { # Reload all clamd databases if updates detected and $reload_dbs" is set to "yes" if [ "$reload_dbs" == "yes" ] ; then if [ "$do_clamd_reload" != "0" ] ; then if [ "$do_clamd_reload" == "1" ] ; then xshok_pretty_echo_and_log "Update(s) detected, reloading ClamAV databases" "=" elif [ "$do_clamd_reload" == "2" ] ; then xshok_pretty_echo_and_log "Database removal(s) detected, reloading ClamAV databases" "=" elif [ "$do_clamd_reload" == "3" ] ; then xshok_pretty_echo_and_log "File 'local.ign' has changed, reloading ClamAV databases" "=" elif [ "$do_clamd_reload" == "4" ] ; then xshok_pretty_echo_and_log "File 'my-whitelist.ign2' has changed, reloading ClamAV databases" "=" else xshok_pretty_echo_and_log "Update(s) detected, reloading ClamAV databases" "=" fi if [[ "$($clamd_reload_opt 2>&1)" = *"ERROR"* ]] ; then xshok_pretty_echo_and_log "ERROR: Failed to reload, trying again" if [ -r "$clamd_pid" ] ; then mypid="$(cat "$clamd_pid")" if kill -USR2 "$mypid" ; then xshok_pretty_echo_and_log "ClamAV databases reloading" "=" else xshok_pretty_echo_and_log "ERROR: Failed to reload, forcing clamd to restart" if [ -z "$clamd_restart_opt" ] ; then xshok_pretty_echo_and_log "WARNING: Check the script's configuration file, 'reload_dbs' enabled but no 'clamd_restart_opt'" else if $clamd_restart_opt > /dev/null ; then xshok_pretty_echo_and_log "ClamAV Restarted" "=" else xshok_pretty_echo_and_log "ClamAV NOT Restarted" "-" fi fi fi else xshok_pretty_echo_and_log "ERROR: Failed to reload, forcing clamd to restart" if [ -z "$clamd_restart_opt" ] ; then xshok_pretty_echo_and_log "WARNING: Check the script's configuration file, 'reload_dbs' enabled but no 'clamd_restart_opt'" else if $clamd_restart_opt > /dev/null ; then xshok_pretty_echo_and_log "ClamAV Restarted" "=" else xshok_pretty_echo_and_log "ClamAV NOT Restarted" "-" fi fi fi else xshok_pretty_echo_and_log "ClamAV databases reloading" "=" fi else xshok_pretty_echo_and_log "No updates detected, ClamAV databases were not reloaded" "=" fi else xshok_pretty_echo_and_log "Database reload has been disabled in the configuration file" "=" fi } # If ClamD status check is enabled ("clamd_socket" variable is uncommented # and the socket path is correctly specified in "User Edit" section above), # then test to see if clamd is running or not. function check_clamav() { if [ -n "$clamd_socket" ] ; then if [ -S "$clamd_socket" ] ; then if [ "$(perl -e 'use IO::Socket::UNIX; print $IO::Socket::UNIX::VERSION,"\n"' 2>/dev/null)" ] ; then io_socket1="1" if [ "$(perl -MIO::Socket::UNIX -we '$s = IO::Socket::UNIX->new(shift); $s->print("PING"); print $s->getline; $s->close' "$clamd_socket" 2>/dev/null)" == "PONG" ] ; then io_socket2="1" xshok_pretty_echo_and_log "ClamD is running" "=" fi else socat="$(command -v socat 2>/dev/null)" if [ -n "$socat" ] && [ -x "$socat" ] ; then socket_cat1="1" if [ "$( (echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null)" == "PONG" ] ; then socket_cat2="1" xshok_pretty_echo_and_log "ClamD is running" "=" fi fi fi if [ -z "$io_socket1" ] && [ -z "$socket_cat1" ] ; then xshok_pretty_echo_and_log "WARNING: socat or perl module 'IO::Socket::UNIX' not found, cannot test if ClamD is running" else if [ -z "$io_socket2" ] && [ -z "$socket_cat2" ] ; then xshok_pretty_echo_and_log "ALERT: CLAMD IS NOT RUNNING!" if [ -n "$clamd_restart_opt" ] ; then xshok_pretty_echo_and_log "Attempting to start ClamD..." "-" if [ -n "$io_socket1" ] ; then $clamd_restart_opt > /dev/null && sleep 5 if [ "$(perl -MIO::Socket::UNIX -we '$s = IO::Socket::UNIX->new(shift); $s->print("PING"); print $s->getline; $s->close' "$clamd_socket" 2>/dev/null)" = "PONG" ] ; then xshok_pretty_echo_and_log "ClamD was successfully started" "=" else xshok_pretty_echo_and_log "ERROR: CLAMD FAILED TO START" exit 1 fi else if [ -n "$socket_cat1" ] ; then $clamd_restart_opt > /dev/null && sleep 5 if [ "$( (echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null)" == "PONG" ] ; then xshok_pretty_echo_and_log "ClamD was successfully started" "=" else xshok_pretty_echo_and_log "ERROR: CLAMD FAILED TO START" exit 1 fi fi fi fi fi fi else xshok_pretty_echo_and_log "WARNING: ${clamd_socket} is not a usable socket" fi else xshok_pretty_echo_and_log "WARNING: clamd_socket is not defined in the configuration file" fi } # Check for a new version function check_new_version() { found_upgrade="no" if [ -n "$curl_bin" ] ; then # shellcheck disable=SC2086 latest_version="$($curl_bin --compressed $curl_proxy $curl_insecure $curl_output_level --connect-timeout "${downloader_connect_timeout}" --remote-time --location --retry "${downloader_tries}" --max-time "${downloader_max_time}" "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/clamav-unofficial-sigs.sh" 2>&11 | $grep_bin "^script_version=" | head -n1 | cut -d '"' -f 2)" # shellcheck disable=SC2086 latest_config_version="$($curl_bin --compressed $curl_proxy $curl_insecure $curl_output_level --connect-timeout "${downloader_connect_timeout}" --remote-time --location --retry "${downloader_tries}" --max-time "${downloader_max_time}" "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/config/master.conf" 2>&11 | $grep_bin "^config_version=" | head -n1 | cut -d '"' -f 2)" else # shellcheck disable=SC2086 latest_version="$($wget_bin $wget_compression $wget_proxy $wget_insecure $wget_output_level --connect-timeout="${downloader_connect_timeout}" --random-wait --tries="${downloader_tries}" --timeout="${downloader_max_time}" "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/clamav-unofficial-sigs.sh" -O - 2>&12 | $grep_bin "^script_version=" | head -n1 | cut -d '"' -f 2)" # shellcheck disable=SC2086 latest_config_version="$($wget_bin $wget_compression $wget_proxy $wget_insecure $wget_output_level --connect-timeout="${downloader_connect_timeout}" --random-wait --tries="${downloader_tries}" --timeout="${downloader_max_time}" "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/${git_branch}/config/master.conf" -O - 2>&12 | $grep_bin "^config_version=" | head -n1 | cut -d '"' -f 2)" fi if [ "$latest_version" ] ; then # shellcheck disable=SC2183,SC2086 if [ "$(printf "%02d%02d%02d%02d" ${latest_version//./ })" -gt "$(printf "%02d%02d%02d%02d" ${script_version//./ })" ] ; then xshok_pretty_echo_and_log "ALERT: New version : v${latest_version} @ https://github.com/extremeshok/clamav-unofficial-sigs" found_upgrade="yes" fi fi if [ "$latest_config_version" ] ; then # shellcheck disable=SC2183,SC2086 if [ "$(printf "%02d%02d%02d%02d" ${latest_config_version//./ })" -gt "$(printf "%02d%02d%02d%02d" ${config_version//./ })" ] ; then xshok_pretty_echo_and_log "ALERT: New config version : v${latest_config_version} @ https://github.com/extremeshok/clamav-unofficial-sigs" found_upgrade="yes" fi fi if [ "$found_upgrade" == "yes" ] && [ "$allow_upgrades" == "yes" ] ; then xshok_pretty_echo_and_log "Quickly upgrade, run the following command as root:" xshok_pretty_echo_and_log "${this_script_name} --upgrade" fi } # Display help and usage # Usage: # help_and_usage "1" - enables the man output formatting # help_and_usage - normal help output formatting function help_and_usage() { if [ "${1}" ] ; then # option_format_start ofs="\\fB" # option_format_end ofe="\\fR" # option_format_blankline ofb=".TP" # option_format_tab_line oft=" " else # option_format_start ofs="${BOLD}" # option_format_end ofe="${NORM}\\t" # option_format_blankline ofb="\\n" # option_format_tab_line oft="\\n\\t" fi helpcontents="$(cat << EOF ${ofs} Usage: $(basename "$0") ${ofe} [OPTION] [PATH|FILE] ${ofb} ${ofs} -c, --config ${ofe} Use a specific configuration file or directory ${oft} eg: '-c /your/dir' or ' -c /your/file.name' ${oft} Note: If a directory is specified the directory must contain atleast: ${oft} master.conf, os.conf or user.conf ${oft} Default Directory: ${config_dir} ${ofb} ${ofs} -F, --force ${ofe} Force all databases to be downloaded, could cause ip to be blocked ${ofb} ${ofs} -h, --help ${ofe} Display this script's help and usage information ${ofb} ${ofs} -V, --version ${ofe} Output script version and date information ${ofb} ${ofs} -v, --verbose ${ofe} Be verbose, enabled when not run under cron ${ofb} ${ofs} -s, --silence ${ofe} Only output error messages, enabled when run under cron ${ofb} ${ofs} -d, --decode-sig ${ofe} Decode a third-party signature either by signature name ${oft} (eg: Sanesecurity.Junk.15248) or hexadecimal string. ${oft} This flag will 'NOT' decode image signatures ${ofb} ${ofs} -e, --encode-string ${ofe} Hexadecimal encode an entire input string that can ${oft} be used in any '*.ndb' signature database file ${ofb} ${ofs} -f, --encode-formatted ${ofe} Hexadecimal encode a formatted input string containing ${oft} signature spacing fields '{}, (), *', without encoding ${oft} the spacing fields, so that the encoded signature ${oft} can be used in any '*.ndb' signature database file ${ofb} ${ofs} -g, --gpg-verify ${ofe} GPG verify a specific Sanesecurity database file ${oft} eg: '-g filename.ext' (do not include file path) ${ofb} ${ofs} -i, --information ${ofe} Output system and configuration information for ${oft} viewing or possible debugging purposes ${ofb} ${ofs} -m, --make-database ${ofe} Make a signature database from an ascii file containing ${oft} data strings, with one data string per line. Additional ${oft} information is provided when using this flag ${ofb} ${ofs} -t, --test-database ${ofe} Clamscan integrity test a specific database file ${oft} eg: '-t filename.ext' (do not include file path) ${ofb} ${ofs} -o, --output-triggered ${ofe} If HAM directory scanning is enabled in the script's ${oft} configuration file, then output names of any third-party ${oft} signatures that triggered during the HAM directory scan ${ofb} ${ofs} -w, --whitelist <signature-name> ${ofe} Adds a signature whitelist entry in the newer ClamAV IGN2 ${oft} format to 'my-whitelist.ign2' in order to temporarily resolve ${oft} a false-positive issue with a specific third-party signature. ${oft} Script added whitelist entries will automatically be removed ${oft} if the original signature is either modified or removed from ${oft} the third-party signature database ${ofb} ${ofs} --check-clamav ${ofe} If ClamD status check is enabled and the socket path is correctly ${oft} specifiedthen test to see if clamd is running or not ${ofb} ${ofs} --upgrade ${ofe} Upgrades this script and master.conf to the latest available version ${ofb} ${ofs} --install-all ${ofe} Install and generate the cron, logroate and man files, autodetects the values ${oft} based on your config files ${ofb} ${ofs} --install-cron ${ofe} Install and generate the cron file, autodetects the values ${oft} based on your config files ${ofb} ${ofs} --install-logrotate ${ofe} Install and generate the logrotate file, autodetects the ${oft} values based on your config files ${ofb} ${ofs} --install-man ${ofe} Install and generate the man file, autodetects the ${oft} values based on your config files ${ofb} ${ofs} --remove-script ${ofe} Remove the clamav-unofficial-sigs script and all of ${oft} its associated files and databases from the system ${ofb} EOF )" # This is very important if [ "${1}" ] ; then echo "${helpcontents//-/\\-}" else echo -e "$helpcontents" fi } ################################################################################ # MAIN PROGRAM ################################################################################ # Script Info script_version="7.2.5" script_version_date="2021-03-20" minimum_required_config_version="96" minimum_yara_clamav_version="0.100" # Discover script: name, full_path and path this_script_full_path="${BASH_SOURCE[0]}" # follow the symlinks while [ -h "$this_script_full_path" ]; do this_script_path="$( cd -P "$( dirname "$this_script_full_path" )" >/dev/null 2>&1 && pwd )" this_script_full_path="$(readlink "$this_script_full_path")" # if relative symlink, then resolve the path if [[ $this_script_full_path != /* ]] ; then this_script_full_path="$this_script_path/$this_script_full_path" fi done this_script_path="$( cd -P "$( dirname "$this_script_full_path" )" >/dev/null 2>&1 && pwd )" this_script_name="$(basename "$this_script_full_path")" if [ -z "$this_script_full_path" ] || [ -z "$this_script_path" ] || [ -z "$this_script_name" ] ; then echo "ERROR: could not determin script name and fullpath" exit 1 fi #allow for other negatives besides no. #disabled_values_array=("0 no No NO false False FALSE off Off OFF disable Disable DISABLE disabled Disabled DISABLED") # if [[ " ${disabled_values_array[@]} " =~ " ${value} " ]]; then # # whatever you want to do when arr contains value # fi # # if [[ ! " ${disabled_values_array[@]} " =~ " ${value} " ]]; then # # whatever you want to do when arr doesn't contain value # fi # Initialise config_version="0" do_clamd_reload="0" comment_silence="no" force_verbose="no" logging_enabled="no" force_updates="no" force_wget="no" enable_log="no" custom_config="no" we_have_a_config="0" # Attempt to scan for a valid config dir if [ -f "/etc/clamav-unofficial-sigs/master.conf" ] ; then config_dir="/etc/clamav-unofficial-sigs" elif [ -f "/usr/local/etc/clamav-unofficial-sigs/master.conf" ] ; then config_dir="/usr/local/etc/clamav-unofficial-sigs/" elif [ -f "/opt/zimbra/conf/clamav-unofficial-sigs/master.conf" ] ; then config_dir="/opt/zimbra/conf/clamav-unofficial-sigs/" else xshok_pretty_echo_and_log "ERROR: config_dir (/etc/clamav-unofficial-sigs/master.conf) could not be found" exit 1 fi # Default config files if [ -r "${config_dir}/master.conf" ] ; then config_files+=( "${config_dir}/master.conf" ) else xshok_pretty_echo_and_log "ERROR: ${config_dir}/master.conf is not readable" exit 1 fi if [ -r "${config_dir}/os.conf" ] ; then config_files+=( "${config_dir}/os.conf" ) else #find the a suitable os.*.conf file os_config_number=$(find "$config_dir" -type f -iname "os.*.conf" | wc -l) if [ "$os_config_number" == "0" ] ; then xshok_pretty_echo_and_log "WARNING: no os.conf or os.*.conf found" elif [ "$os_config_number" == "1" ] ; then config_file="$(find "$config_dir" -type f -iname "os.*.conf" | head -n1)" if [ -r "${config_file}" ]; then config_files+=( "${config_file}" ) else xshok_pretty_echo_and_log "WARNING: ${config_file} is not readable" fi else xshok_pretty_echo_and_log "WARNING: Too many os.*.conf configs found" fi fi if [ -r "${config_dir}/user.conf" ] ; then config_files+=( "${config_dir}/user.conf" ) else xshok_pretty_echo_and_log "WARNING: ${config_dir}/user.conf is not readable" fi # Solaris command -v function returns garbage when the program is not found k # only define the new command -v function if running under Solaris if [ "$(uname -s)" == "SunOS" ] ; then function which() { # Use the switch -p to ignore ksh internal commands ksh whence -p "$@" } fi # sed_bin, this is required to be known upfront, due to how the configs are read. if [ -z "$sed_bin" ] ; then # Detect support for sed or gsed if [ "$(uname -s)" == "Darwin" ] || [ "$(uname -s)" == "OpenBSD" ] || [ "$(uname -s)" == "NetBSD" ] || [ "$(uname -s)" == "FreeBSD" ] ; then sed_bin="$(command -v gsed 2> /dev/null)" if [ -z "$sed_bin" ]; then xshok_pretty_echo_and_log "ERROR: gsed (gnu sed) is missing" exit 1 fi else sed_bin="$(command -v sed 2> /dev/null)" if [ -z "$sed_bin" ]; then xshok_pretty_echo_and_log "ERROR: sed is missing" exit 1 fi fi elif [[ "$sed_bin" =~ "/" ]] ; then if [ ! -x "$sed_bin" ] ; then xshok_pretty_echo_and_log "ERROR: sed (${sed_bin}) is not executable" exit 1 fi fi # grep_bin, this is required to be known upfront, due to how the configs are read. if [ -z "$grep_bin" ] ; then # Detect support for grep or gnugrep if [ -x /usr/gnu/bin/grep ] ; then grep_bin="/usr/gnu/bin/grep" else grep_bin="$(command -v grep 2> /dev/null)" if [ -z "$grep_bin" ] ; then xshok_pretty_echo_and_log "ERROR: grep binary (grep_bin) not found" exit 1 fi fi elif [[ "$grep_bin" =~ "/" ]] ; then if [ ! -x "$grep_bin" ] ; then xshok_pretty_echo_and_log "ERROR: grep (${grep_bin}) is not executable" exit 1 fi fi # Detect if terminal if [ -t 1 ] ; then # Set fonts # Usage: echo "${BOLD}-a${NORM}" BOLD="$(tput bold)" #REV=$(tput smso) NORM="$(tput sgr0)" # Verbose force_verbose="yes" else # Null fonts BOLD="" #REV="" NORM="" # Silence force_verbose="no" fi # Generic command line options while true ; do case "${1}" in -c|--config) xshok_check_s2 "${2}"; custom_config="${2}"; shift 2; break ;; -F|--force) force_updates="yes"; shift 1; break ;; -v|--verbose) force_verbose="yes"; shift 1; break ;; -s|--silence) force_verbose="no"; shift 1; break ;; *) break ;; esac done # Set the verbosity if [ "$force_verbose" == "yes" ] ; then # Verbose downloader_silence="no" rsync_silence="no" gpg_silence="no" comment_silence="no" else # Silence downloader_silence="yes" rsync_silence="yes" gpg_silence="yes" comment_silence="yes" fi xshok_pretty_echo_and_log "" "#" "80" xshok_pretty_echo_and_log " eXtremeSHOK.com ClamAV Unofficial Signature Updater" xshok_pretty_echo_and_log " Version: v${script_version} (${script_version_date})" xshok_pretty_echo_and_log " Required Configuration Version: v${minimum_required_config_version}" xshok_pretty_echo_and_log " Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com" xshok_pretty_echo_and_log "" "#" "80" # Generic command line options while true ; do case "${1}" in -h|--help) help_and_usage; exit ;; -V|--version) exit ;; *) break ;; esac done # CONFIG LOADING AND ERROR CHECKING ############################################## if [ "$custom_config" != "no" ] ; then if [ -d "$custom_config" ] ; then # Assign the custom config dir and remove trailing / (removes / and //) shopt -s extglob; config_dir="${custom_config%%+(/)}" config_files=() if [ -r "${config_dir}/master.conf" ] ; then config_files+=( "${config_dir}/master.conf" ) else xshok_pretty_echo_and_log "WARNING: ${config_dir}/master.conf not found" fi #find the a suitable os.conf or os.*.conf file config_file="$(find "$config_dir" -type f -iname "os.conf" -o -iname "os.*.conf" | tail -n1)" if [ -r "${config_file}" ] ; then config_files+=( "${config_file}" ) else xshok_pretty_echo_and_log "WARNING: ${config_dir}/os.conf not found" fi if [ -r "${config_dir}/user.conf" ] ; then config_files+=( "${config_dir}/user.conf" ) else xshok_pretty_echo_and_log "WARNING: ${config_dir}/user.conf not found" fi else config_files=( "$custom_config" ) fi fi for config_file in "${config_files[@]}" ; do if [ -r "$config_file" ] ; then # Exists and readable we_have_a_config="1" # Config stripping xshok_pretty_echo_and_log "Loading config: ${config_file}" if [ "$(uname -s)" == "SunOS" ] ; then # Solaris FIXES only, i had issues with running with a single command.. clean_config="$(command "$sed_bin" -e '/^#.*/d' "$config_file")" # Comment line #clean_config="$(echo "$clean_config" | $sed_bin -e 's/#[[:space:]].*//')" # Comment line (duplicated) clean_config=${clean_config//\#*/} # Comment line (duplicated) # shellcheck disable=SC2001 clean_config="$(echo "$clean_config" | $sed_bin -e '/^[[:blank:]]*#/d;s/#.*//')" # Comments at end of line #clean_config="$(echo "$clean_config" | $sed_bin -e 's/^[[:blank:]]*//;s/[[:blank:]]*$//')" # trailing and leading whitespace clean_config="$(echo "$clean_config" | xargs)" # shellcheck disable=SC2001 clean_config="$(echo "$clean_config" | $sed_bin -e '/^\s*$/d')" # Blank lines elif [ "$(uname -s)" == "Darwin" ] || [ "$(uname -s)" == "OpenBSD" ] || [ "$(uname -s)" == "NetBSD" ] || [ "$(uname -s)" == "FreeBSD" ] ; then # macOS / OSX / BSD fixes, had issues with running with a single command and with SunOS work around.. # shellcheck disable=SC2001 clean_config="$(command "$sed_bin" -e '/^#.*/d' "$config_file")" # Comment line # shellcheck disable=SC2001 clean_config="$(echo "$clean_config" | $sed_bin -e 's/#[[:space:]].*//')" # Comment line (duplicated) # shellcheck disable=SC2001 clean_config="$(echo "$clean_config" | $sed_bin -e '/^[[:blank:]]*#/d;s/#.*//')" # Comments at end of line #clean_config="$(echo "$clean_config" | $sed_bin -e 's/^[[:blank:]]*//;s/[[:blank:]]*$//')" # trailing and leading whitespace #clean_config="$(echo "$clean_config" | xargs)" # shellcheck disable=SC2001 clean_config="$(echo "$clean_config" | $sed_bin -e '/^\s*$/d')" # Blank lines else # Delete lines beginning with # # Delete from " #" to end of the line # Delete from "# " to end of the line # Delete both trailing and leading whitespace # Delete all trailing whitespace # Delete all empty lines clean_config="$(command "$sed_bin" -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[[:blank:]]*//;s/[[:blank:]]*$//' -e '/^[[:space:]]*$/d' "$config_file")" fi #fix eval of | clean_config="${clean_config//|/\\|}" # Config error checking # Check "" are an even number config_check="${clean_config//[^\"]}" if [ "$(( ${#config_check} % 2 ))" -eq 1 ] ; then xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every \" requires a closing \"" exit 1 fi # Check there is an = for every set of "" optional whitespace \s* between = and " config_check_vars="$(echo "$clean_config" | $grep_bin -c '=[[:space:]]*\"' )" if [ $(( ${#config_check} / 2 )) -ne "$config_check_vars" ] ; then xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every = requires a pair of \"\"" exit 1 fi # backslash pipe #clean_config="${clean_config//|/\|}" # Config loading for i in "${clean_config[@]}" ; do eval "$(echo "${i}" | command "$sed_bin" -e 's/[[:space:]]*$//' 2> /dev/null)" done fi done # Assign the log_file_path earlier and remove trailing / (removes / and //) shopt -s extglob; log_file_path="${log_file_path%%+(/)}" # Only start logging once all the configs have been loaded if [ "$logging_enabled" == "yes" ] ; then enable_log="yes" fi # Make sure we have a readable config file if [ "$we_have_a_config" == "0" ] ; then xshok_pretty_echo_and_log "ERROR: Config file/s could NOT be read/loaded" xshok_pretty_echo_and_log "Note: Possible fix would be to checkl the config dir ${config_dir} exists and contains config files" exit 1 fi # Prevent some issues with an incomplete or only a user.conf being loaded if [ "$config_version" == "0" ] ; then xshok_pretty_echo_and_log "ERROR: Config file/s are missing important contents" xshok_pretty_echo_and_log "Note: Possible fix would be to point the script to the dir with the configs" exit 1 fi # Config version validation if [ "$config_version" -lt "$minimum_required_config_version" ] ; then xshok_pretty_echo_and_log "ERROR: Your config version ${config_version} is not compatible with the min required version ${minimum_required_config_version}" exit 1 fi # Check to see if the script's "USER CONFIGURATION FILE" has been completed. if [ "$user_configuration_complete" != "yes" ] ; then xshok_pretty_echo_and_log "WARNING: SCRIPT CONFIGURATION HAS NOT BEEN COMPLETED" xshok_pretty_echo_and_log "Please review the script configuration files" xshok_pretty_echo_and_log "and uncomment the following line in user.conf" xshok_pretty_echo_and_log "#user_configuration_complete=\"yes\"" exit 1 fi # Assign the directories and remove trailing / (removes / and //) shopt -s extglob; work_dir="${work_dir%%+(/)}" # Allow overriding of all the individual workdirs, this is mainly to aid package maintainers if [ -z "$work_dir_sanesecurity" ] ; then work_dir_sanesecurity="$(echo "${work_dir}/${sanesecurity_dir}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_sanesecurity="${work_dir_sanesecurity%%+(/)}" fi if [ -z "$work_dir_securiteinfo" ] ; then work_dir_securiteinfo="$(echo "${work_dir}/${securiteinfo_dir}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_securiteinfo="${work_dir_securiteinfo%%+(/)}" fi if [ -z "$work_dir_linuxmalwaredetect" ] ; then work_dir_linuxmalwaredetect="$(echo "${work_dir}/${linuxmalwaredetect_dir}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_malwarepatrol="${work_dir_malwarepatrol%%+(/)}" fi if [ -z "$work_dir_interserver" ] ; then work_dir_interserver="$(echo "${work_dir}/${interserver_dir}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_interserver="${work_dir_interserver%%+(/)}" fi if [ -z "$work_dir_malwareexpert" ] ; then work_dir_malwareexpert="$(echo "${work_dir}/${malwareexpert_dir}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_malwareexpert="${work_dir_malwareexpert%%+(/)}" fi if [ -z "$work_dir_malwarepatrol" ] ; then work_dir_malwarepatrol="$(echo "${work_dir}/${malwarepatrol_dir}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_malwarepatrol="${work_dir_malwarepatrol%%+(/)}" fi if [ -z "$work_dir_urlhaust" ] ; then work_dir_urlhaus="$(echo "${work_dir}/${urlhaus_dir}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_urlhaus="${work_dir_urlhaus%%+(/)}" fi if [ -z "$work_dir_yararulesproject" ] ; then work_dir_yararulesproject="$(echo "${work_dir}/${yararulesproject_dir}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_yararulesproject="${work_dir_yararulesproject%%+(/)}" fi if [ -z "$work_dir_add" ] ; then work_dir_add="$(echo "${work_dir}/${add_dir}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_add="${work_dir_add%%+(/)}" fi if [ -z "$work_dir_work_configs" ] ; then work_dir_work_configs="$(echo "${work_dir}/${work_dir_configs}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_work_configs="${work_dir_work_configs%%+(/)}" fi if [ -z "${work_dir_gpg}" ] ; then work_dir_gpg="$(echo "${work_dir}/${gpg_dir}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_gpg="${work_dir_gpg%%+(/)}" fi if [ -z "$work_dir_pid" ] ; then work_dir_pid="$(echo "${work_dir}/${pid_dir}" | $sed_bin 's:/*$::')" else shopt -s extglob; work_dir_pid="${work_dir_pid%%+(/)}" fi # Assign defaults if not defined if [ -z "$cron_dir" ] ; then cron_dir="/etc/cron.d" fi shopt -s extglob; cron_dir="${cron_dir%%+(/)}" if [ -z "$cron_filename" ] ; then cron_filename="clamav-unofficial-sigs" fi if [ -z "$logrotate_dir" ] ; then logrotate_dir="/etc/logrotate.d" fi shopt -s extglob; logrotate_dir="${logrotate_dir%%+(/)}" if [ -z "$logrotate_filename" ] ; then logrotate_filename="clamav-unofficial-sigs" fi if [ -z "$man_dir" ] ; then man_dir="/usr/share/man/man8" fi shopt -s extglob; man_dir="${man_dir%%+(/)}" if [ -z "$man_filename" ] ; then man_filename="clamav-unofficial-sigs.8" fi if [ -z "$man_log_file_full_path" ] ; then man_log_file_full_path="${log_file_path}/${log_file_name}" fi # dont assign , but remove trailing / shopt -s extglob; clam_dbs="${clam_dbs%%+(/)}" ##################################################################################################### # Assign and Check Binaries/Commands # clamscan_bin if [ -z "$clamscan_bin" ] && [ "${1}" != "--remove-script" ] ; then clamscan_bin="$(command -v clamscan 2> /dev/null)" if [ -z "$clamscan_bin" ] ; then xshok_pretty_echo_and_log "ERROR: clamscan binary (clamscan_bin) not found" exit 1 fi elif [[ "$clamscan_bin" =~ "/" ]] && [ "${1}" != "--remove-script" ] ; then if [ ! -x "$clamscan_bin" ] ; then xshok_pretty_echo_and_log "ERROR: clamscan_bin (${clamscan_bin})is not executable" exit 1 fi fi # uname_bin if [ -z "$uname_bin" ] ; then uname_bin="$(command -v uname 2> /dev/null)" if [ -z "$uname_bin" ] ; then xshok_pretty_echo_and_log "ERROR: uname binary (uname_bin) not found" exit 1 fi elif [[ "$uname_bin" =~ "/" ]] ; then if [ ! -x "$uname_bin" ] ; then xshok_pretty_echo_and_log "ERROR: uname_bin (${uname_bin}) is not executable" exit 1 fi fi # rsync_bin if [ -z "$rsync_bin" ] ; then rsync_bin="$(command -v rsync 2> /dev/null)" if [ -z "$rsync_bin" ] ; then xshok_pretty_echo_and_log "ERROR: rsync binary (rsync_bin) not found" exit 1 fi elif [[ "$rsync_bin" =~ "/" ]] ; then if [ ! -x "$rsync_bin" ] ; then xshok_pretty_echo_and_log "ERROR: rsync_bin (${rsync_bin}) is not executable" exit 1 fi fi # tar_bin if [ -z "$tar_bin" ] ; then tar_bin="$(command -v tar 2> /dev/null)" if [ -z "$tar_bin" ] ; then xshok_pretty_echo_and_log "ERROR: tar binary (tar_bin) not found" exit 1 fi elif [[ "$tar_bin" =~ "/" ]] ; then if [ ! -x "$tar_bin" ] ; then xshok_pretty_echo_and_log "ERROR: tar_bin (${tar_bin}) is not executable" exit 1 fi fi # gpg_bin if [ "$enable_gpg" == "yes" ] ; then if [ -z "$gpg_bin" ] ; then if [ -x "/opt/csw/bin/gpg" ] ; then gpg_bin="/opt/csw/bin/gpg" else gpg_bin="$(command -v gpg 2> /dev/null)" if [ -z "$gpg_bin" ] ; then enable_gpg="no" fi fi elif [[ "$gpg_bin" =~ "/" ]] ; then if [ ! -x "$gpg_bin" ] ; then enable_gpg="no" fi fi fi # curl_bin if [ -z "$curl_bin" ] ; then curl_bin="$(command -v curl 2> /dev/null)" elif [[ "$curl_bin" =~ "/" ]] ; then if [ ! -x "$curl_bin" ] ; then curl_bin="" fi fi # wget_bin if [ -z "$curl_bin" ] || [ "$force_wget" == "yes" ] ; then if [ -z "$wget_bin" ] ; then if [ -x /usr/sfw/bin/wget ] ; then wget_bin="/usr/sfw/bin/wget" else wget_bin="$(command -v wget 2> /dev/null)" if [ -z "$wget_bin" ] ; then xshok_pretty_echo_and_log "ERROR: both wget (wget_bin) and curl (curl_bin) commands are missing, One of them is required" exit 1 fi fi elif [[ "$wget_bin" =~ "/" ]] ; then if [ ! -x "$wget_bin" ] ; then xshok_pretty_echo_and_log "ERROR: wget_bin (${wget_bin}) is not executable" exit 1 fi fi if [ -n "$wget_bin" ] ; then # wget compression support if $wget_bin --help 2> /dev/null | $grep_bin -q "compression=TYPE" 2> /dev/null ; then wget_compression="--compression=auto" else wget_compression="" fi fi else wget_bin="" wget_compression="" force_wget="no" fi # dig_bin if [ -z "$dig_bin" ] ; then dig_bin="$(command -v dig 2> /dev/null)" elif [[ "$dig_bin" =~ "/" ]] ; then if [ ! -x "$dig_bin" ] ; then dig_bin="" fi fi # host_bin if [ -z "$dig_bin" ] || [ "$force_host" == "yes" ] ; then if [ -z "$host_bin" ] ; then host_bin="$(command -v host 2> /dev/null)" if [ -z "$host_bin" ] ; then xshok_pretty_echo_and_log "ERROR: both host (host_bin) and dig (dig_bin) commands are missing, One of them is required" exit 1 fi elif [[ "$host_bin" =~ "/" ]] ; then if [ ! -x "$host_bin" ] ; then xshok_pretty_echo_and_log "ERROR: host_bin (${host_bin}) is not executable" exit 1 fi fi else host_bin="" force_host="no" fi ##################################################################################################### # SANITY checks # Check default Binaries & Commands are defined if [ "$reload_dbs" == "yes" ] ; then if [ -z "$clamd_reload_opt" ] ; then xshok_pretty_echo_and_log "ERROR: Missing clamd_reload_opt" exit 1 fi fi if [ "$enable_gpg" != "yes" ] ; then xshok_pretty_echo_and_log "NOTICE: GnuPG / signature verification disabled" fi # Check default directories are defined if [ -z "$work_dir" ] ; then xshok_pretty_echo_and_log "ERROR: working directory (work_dir) not defined" exit 1 fi if [ -z "$clam_dbs" ] ; then xshok_pretty_echo_and_log "ERROR: clam database directory (clam_dbs) not defined" exit 1 fi # Check default directories are writable if [ -e "$work_dir" ] ; then if [ ! -w "$work_dir" ] ; then xshok_pretty_echo_and_log "ERROR: working directory (work_dir) not writable ${work_dir}" exit 1 fi fi if [ ! -w "$clam_dbs" ] ; then xshok_pretty_echo_and_log "ERROR: clam database directory (clam_dbs) not writable ${clam_dbs}" exit 1 fi # Reset the update timers to force a full update. if [ "$force_updates" == "yes" ] ; then xshok_pretty_echo_and_log "NOTICE: forcing updates" sanesecurity_update_hours="0" securiteinfo_update_hours="0" securiteinfo_premium_update_hours="0" linuxmalwaredetect_update_hours="0" interserver_update_hours="0" malwareexpert_update_hours="0" malwarepatrol_update_hours="0" yararulesproject_update_hours="0" additional_update_hours="0" fi # Enable pid file to prevent issues with multiple instances # opted not to use flock as it appears to have issues with some systems if [ "$enable_locking" == "yes" ] ; then xshok_mkdir_ownership "$work_dir_pid" pid_file_fullpath="$work_dir_pid/clamav-unofficial-sigs.pid" if [ -f "$pid_file_fullpath" ] ; then pid_file_pid="$(cat "$pid_file_fullpath")" if ps -p "$pid_file_pid" > /dev/null 2>&1 ; then xshok_pretty_echo_and_log "ERROR: Only one instance can run at the same time." exit 1 else xshok_create_pid_file "$pid_file_fullpath" fi else xshok_create_pid_file "$pid_file_fullpath" fi # Run this wehen the script exits trap -- "rm -f $pid_file_fullpath" EXIT fi # Verify the clam_user and clam_group actually exists on the system if ! xshok_user_group_exists "${clam_user}" "${clam_group}" ; then xshok_pretty_echo_and_log "ERROR: Either the user: ${clam_user} and/or group: ${clam_group} does not exist on the system." exit 1 fi # If the local rsync client supports the "--no-motd" flag, then enable it. if $rsync_bin --help | $grep_bin -q "no-motd" > /dev/null ; then no_motd="--no-motd" fi # If the local rsync client supports the "--contimeout" flag, then enable it. if $rsync_bin --help | $grep_bin -q "contimeout" > /dev/null ; then connect_timeout="--contimeout=${rsync_connect_timeout}" fi if [ "$debug" == "yes" ] ; then downloader_debug="yes" clamscan_debug="yes" curl_debug="yes" wget_debug="yes" rsync_debug="yes" fi # Show clamscan errors if [ "$clamscan_debug" == "yes" ] ; then exec 10>&2 else exec 10>/dev/null fi # Show curl errors if [ "$curl_debug" == "yes" ] ; then exec 11>&2 else exec 11>/dev/null fi # Show wget errors if [ "$wget_debug" == "yes" ] ; then exec 12>&2 else exec 12>/dev/null fi # Show rsync errors if [ "$rsync_debug" == "yes" ] ; then exec 13>&2 else exec 13>/dev/null fi # Silence wget output and only report errors - useful if script is run via cron. if [ "$downloader_silence" == "yes" ] && [ "$downloader_debug" != "yes" ] ; then wget_output_level="--quiet" curl_output_level="--silent --show-error" else wget_output_level="--no-verbose" curl_output_level="" fi # Silence rsync output and only report errors - useful if script is run via cron. if [ "$rsync_silence" == "yes" ] && [ "$rsync_debug" != "yes" ] ; then rsync_output_level="--quiet" else rsync_output_level="--progress" fi # Suppress ssl warnings if [ "$downloader_ignore_ssl_errors" == "yes" ] ; then wget_insecure="--no-check-certificate" curl_insecure="--insecure" else wget_insecure="" curl_insecure="" fi # Set the script to 755 permissions if xshok_is_root ; then if [ "$setmode" == "yes" ] ; then if [ ! -x "${this_script_path}/${this_script_name}" ] ; then chmod 755 "${this_script_path}/${this_script_name}" xshok_pretty_echo_and_log "Fixing permission on ${this_script_path}/${this_script_name}" "=" fi fi else # Disable setmode setmode="no" fi ################################################################################ # MAIN LOGIC ################################################################################ while true; do case "${1}" in -d|--decode-sig) decode_third_party_signature_by_signature_name; exit ;; -e|--encode-string) hexadecimal_encode_entire_input_string; exit ;; -f|--encode-formatted) hexadecimal_encode_formatted_input_string; exit ;; -g|--gpg-verify) xshok_check_s2 "${2}"; gpg_verify_specific_sanesecurity_database_file "${2}"; exit ;; -i|--information) output_system_configuration_information; exit ;; -m|--make-database) make_signature_database_from_ascii_file; exit ;; -t|--test-database) xshok_check_s2 "${2}"; clamscan_integrity_test_specific_database_file "${2}"; exit ;; -o|--output-triggered) output_signatures_triggered_during_ham_directory_scan; exit ;; -w|--whitelist) add_signature_whitelist_entry "${2}"; exit ;; --check-clamav) check_clamav; exit ;; --upgrade) xshok_upgrade; exit ;; --install-all) install_cron; install_logrotate; install_man; exit ;; --install-cron) install_cron; exit ;; --install-logrotate) install_logrotate; exit ;; --install-man) install_man; exit ;; --remove-script) remove_script; exit ;; *) break ;; esac done xshok_pretty_echo_and_log "Preparing Databases" "=" if [ "$default_dbs_rating" == "DISABLE" ] ; then if [ "$sanesecurity_dbs_rating" != "LOW" ] && [ "$sanesecurity_dbs_rating" != "MEDIUM" ] && [ "$sanesecurity_dbs_rating" != "HIGH" ]; then sanesecurity_enabled="no" fi if [ "$linuxmalwaredetect_dbs_rating" != "LOW" ] && [ "$linuxmalwaredetect_dbs_rating" != "MEDIUM" ] && [ "$linuxmalwaredetect_dbs_rating" != "HIGH" ]; then linuxmalwaredetect_enabled="no" fi if [ "$interserver_dbs_rating" != "LOW" ] && [ "$interserver_dbs_rating" != "MEDIUM" ] && [ "$interserver_dbs_rating" != "HIGH" ]; then interserver_enabled="no" fi if [ "$malwareexpert_dbs_rating" != "LOW" ] && [ "$malwareexpert_dbs_rating" != "MEDIUM" ] && [ "$malwareexpert_dbs_rating" != "HIGH" ]; then malwareexpert_enabled="no" fi if [ "$securiteinfo_dbs_rating" != "LOW" ] && [ "$securiteinfo_dbs_rating" != "MEDIUM" ] && [ "$securiteinfo_dbs_rating" != "HIGH" ]; then securiteinfo_enabled="no" fi if [ "$urlhaus_dbs_rating" != "LOW" ] && [ "$urlhaus_dbs_rating" != "MEDIUM" ] && [ "$urlhaus_dbs_rating" != "HIGH" ]; then urlhaus_enabled="no" fi if [ "$yararulesproject_dbs_rating" != "LOW" ] && [ "$yararulesproject_dbs_rating" != "MEDIUM" ] && [ "$yararulesproject_dbs_rating" != "HIGH" ]; then yararulesproject_enabled="no" fi else if [ "$sanesecurity_dbs_rating" == "DISABLE" ] ; then sanesecurity_enabled="no" fi if [ "$linuxmalwaredetect_dbs_rating" == "DISABLE" ] ; then linuxmalwaredetect_enabled="no" fi if [ "$interserver_dbs_rating" == "DISABLE" ] ; then interserver_enabled="no" fi if [ "$malwareexpert_dbs_rating" == "DISABLE" ] ; then malwareexpert_enabled="no" fi if [ "$securiteinfo_dbs_rating" == "DISABLE" ] ; then securiteinfo_enabled="no" fi if [ "$urlhaus_dbs_rating" == "DISABLE" ] ; then urlhaus_enabled="no" fi if [ "$yararulesproject_dbs_rating" == "DISABLE" ] ; then yararulesproject_enabled="no" fi fi # Check yararule support is available if [ "$enable_yararules" == "yes" ] ; then current_clamav_version="$($clamscan_bin -V | cut -d " " -f 2 | cut -d "/" -f 1 | awk -F "." '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }')" minimum_yara_clamav_version="$(echo "$minimum_yara_clamav_version" | awk -F "." '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }')" # Check current clamav version against the minimum required version for yara support if [ "$current_clamav_version" -lt "$minimum_yara_clamav_version" ] ; then # Older yararulesproject_enabled="no" enable_yararules="no" xshok_pretty_echo_and_log "Yararules Disabled due to clamav being older than the minimum required version" fi else yararulesproject_enabled="no" enable_yararules="no" fi ############################################################################################ # Generate the signature databases ############################################################################################ if [ "$sanesecurity_enabled" == "yes" ] ; then if [ -n "$sanesecurity_dbs" ] ; then if [ -n "$sanesecurity_dbs_rating" ] ; then temp_db="$(xshok_database "$sanesecurity_dbs_rating" "${sanesecurity_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$sanesecurity_dbs_rating" "${sanesecurity_dbs[@]}")" fi else temp_db="$(xshok_database "$default_dbs_rating" "${sanesecurity_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$default_dbs_rating" "${sanesecurity_dbs[@]}")" fi fi sanesecurity_dbs=( ) if [ -n "$temp_db" ] ; then read -r -a sanesecurity_dbs <<< "$temp_db" fi fi elif [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "DISABLED" "${sanesecurity_dbs[@]}")" fi sanesecurity_remove_dbs=( ) if [ -n "$temp_remove_db" ] && [ "$remove_disabled_databases" == "yes" ] ; then read -r -a sanesecurity_remove_dbs <<< "$temp_remove_db" fi ############################################################################################ if [ "$securiteinfo_enabled" == "yes" ] ; then if [ -n "$securiteinfo_dbs" ] ; then if [ -n "$securiteinfo_dbs_rating" ] ; then temp_db="$(xshok_database "$securiteinfo_dbs_rating" "${securiteinfo_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$securiteinfo_dbs_rating" "${securiteinfo_dbs[@]}")" fi else temp_db="$(xshok_database "$default_dbs_rating" "${securiteinfo_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$default_dbs_rating" "${securiteinfo_dbs[@]}")" fi fi securiteinfo_dbs=( ) if [ -n "$temp_db" ] ; then read -r -a securiteinfo_dbs <<< "$temp_db" fi fi elif [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "DISABLED" "${securiteinfo_dbs[@]}")" fi securiteinfo_remove_dbs=( ) if [ -n "$temp_remove_db" ] && [ "$remove_disabled_databases" == "yes" ] ; then read -r -a securiteinfo_remove_dbs <<< "$temp_remove_db" fi if [ "$securiteinfo_enabled" == "yes" ] ; then if [ -n "$securiteinfo_premium_dbs" ] && [ "$securiteinfo_premium" == "yes" ] ; then if [ -n "$securiteinfo_dbs_rating" ] ; then temp_db="$(xshok_database "$securiteinfo_dbs_rating" "${securiteinfo_premium_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$securiteinfo_dbs_rating" "${securiteinfo_premium_dbs[@]}")" fi else temp_db="$(xshok_database "$default_dbs_rating" "${securiteinfo_premium_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$default_dbs_rating" "${securiteinfo_premium_dbs[@]}")" fi fi if [ -n "$temp_db" ] ; then read -r -a securiteinfo_dbs <<< "$temp_db" fi fi elif [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "DISABLED" "${securiteinfo_premium_dbs[@]}")" fi if [ -n "$temp_remove_db" ] && [ "$remove_disabled_databases" == "yes" ] ; then read -r -a securiteinfo_remove_dbs <<< "$temp_remove_db" fi ############################################################################################ if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then if [ -n "$linuxmalwaredetect_dbs" ] ; then if [ -n "$linuxmalwaredetect_dbs_rating" ] ; then temp_db="$(xshok_database "$linuxmalwaredetect_dbs_rating" "${linuxmalwaredetect_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$linuxmalwaredetect_dbs_rating" "${linuxmalwaredetect_dbs[@]}")" fi else temp_db="$(xshok_database "$default_dbs_rating" "${linuxmalwaredetect_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$default_dbs_rating" "${linuxmalwaredetect_dbs[@]}")" fi fi linuxmalwaredetect_dbs=( ) if [ -n "$temp_db" ] ; then read -r -a linuxmalwaredetect_dbs <<< "$temp_db" fi fi elif [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "DISABLED" "${linuxmalwaredetect_dbs[@]}")" fi linuxmalwaredetect_remove_dbs=( ) if [ -n "$temp_remove_db" ] && [ "$remove_disabled_databases" == "yes" ] ; then read -r -a linuxmalwaredetect_remove_dbs <<< "$temp_remove_db" fi ############################################################################################ if [ "$interserver_enabled" == "yes" ] ; then if [ -n "$interserver_dbs" ] ; then if [ -n "$interserver_dbs_rating" ] ; then temp_db="$(xshok_database "$interserver_dbs_rating" "${interserver_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$interserver_dbs_rating" "${interserver_dbs[@]}")" fi else temp_db="$(xshok_database "$default_dbs_rating" "${interserver_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$default_dbs_rating" "${interserver_dbs[@]}")" fi fi interserver_dbs=( ) if [ -n "$temp_db" ] ; then read -r -a interserver_dbs <<< "$temp_db" fi fi elif [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "DISABLED" "${interserver_dbs[@]}")" fi interserver_remove_dbs=( ) if [ -n "$temp_remove_db" ] && [ "$remove_disabled_databases" == "yes" ] ; then read -r -a interserver_remove_dbs <<< "$temp_remove_db" fi ############################################################################################ if [ "$malwareexpert_enabled" == "yes" ] ; then if [ -n "$malwareexpert_dbs" ] ; then if [ -n "$malwareexpert_dbs_rating" ] ; then temp_db="$(xshok_database "$malwareexpert_dbs_rating" "${malwareexpert_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$malwareexpert_dbs_rating" "${malwareexpert_dbs[@]}")" fi else temp_db="$(xshok_database "$default_dbs_rating" "${malwareexpert_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$default_dbs_rating" "${malwareexpert_dbs[@]}")" fi fi malwareexpert_dbs=( ) if [ -n "$temp_db" ] ; then read -r -a malwareexpert_dbs <<< "$temp_db" fi fi elif [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "DISABLED" "${malwareexpert_dbs[@]}")" fi malwareexpert_remove_dbs=( ) if [ -n "$temp_remove_db" ] && [ "$remove_disabled_databases" == "yes" ] ; then read -r -a malwareexpert_remove_dbs <<< "$temp_remove_db" fi ############################################################################################ if [ "$yararulesproject_enabled" == "yes" ] ; then if [ -n "$yararulesproject_dbs" ] ; then if [ -n "$yararulesproject_dbs_rating" ] ; then temp_db="$(xshok_database "$yararulesproject_dbs_rating" "${yararulesproject_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$yararulesproject_dbs_rating" "${yararulesproject_dbs[@]}")" fi else temp_db="$(xshok_database "$default_dbs_rating" "${yararulesproject_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$default_dbs_rating" "${yararulesproject_dbs[@]}")" fi fi yararulesproject_dbs=( ) if [ -n "$temp_db" ] ; then read -r -a yararulesproject_dbs <<< "$temp_db" fi fi elif [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "DISABLED" "${yararulesproject_dbs[@]}")" fi yararulesproject_remove_dbs=( ) if [ -n "$temp_remove_db" ] && [ "$remove_disabled_databases" == "yes" ] ; then read -r -a yararulesproject_remove_dbs <<< "$temp_remove_db" fi ############################################################################################ if [ "$urlhaus_enabled" == "yes" ] ; then if [ -n "$urlhaus_dbs" ] ; then if [ -n "$urlhaus_dbs_rating" ] ; then temp_db="$(xshok_database "$urlhaus_dbs_rating" "${urlhaus_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$urlhaus_dbs_rating" "${urlhaus_dbs[@]}")" fi else temp_db="$(xshok_database "$default_dbs_rating" "${urlhaus_dbs[@]}")" if [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "$default_dbs_rating" "${urlhaus_dbs[@]}")" fi fi urlhaus_dbs=( ) if [ -n "$temp_db" ] ; then #urlhaus_dbs=( $temp_db ) read -r -a urlhaus_dbs <<< "$temp_db" fi fi elif [ "$remove_disabled_databases" == "yes" ] ; then temp_remove_db="$(xshok_remove_database "DISABLED" "${urlhaus_dbs[@]}")" fi urlhaus_remove_dbs=( ) if [ -n "$temp_remove_db" ] && [ "$remove_disabled_databases" == "yes" ] ; then read -r -a urlhaus_remove_dbs <<< "$temp_remove_db" fi ############################################################################################ if [ "$malwarepatrol_enabled" == "yes" ] ; then # Set the variables for MalwarePatrol if [ "$malwarepatrol_product_code" != "8" ] ; then # assumption, free product code is always 8 (non-free product code is never 8) malwarepatrol_free="no" fi if [ "$malwarepatrol_free" == "yes" ] ; then malwarepatrol_product_code="8" malwarepatrol_list="clamav_basic" else if [ -z $malwarepatrol_list ] ; then malwarepatrol_list="clamav_basic" fi if [ -z $malwarepatrol_product_code ] ; then # Not sure, it may be better to return an error. malwarepatrol_product_code=8 fi fi if [ -z "$malwarepatrol_db" ] ; then malwarepatrol_db="malwarepatrol.db" fi malwarepatrol_url="${malwarepatrol_url}?receipt=${malwarepatrol_receipt_code}&product=${malwarepatrol_product_code}&list=${malwarepatrol_list}" elif [ "$remove_disabled_databases" == "yes" ] ; then malwarepatrol_remove_dbs=( "malwarepatrol.db" ) fi ############################################################################################ # CLEANUP UNUSED DATABASES, eg when downgrading a database rating or disabling a database if [ "$remove_disabled_databases" == "yes" ] ; then if [ -n "${sanesecurity_remove_dbs[0]}" ] ; then for db_file in "${sanesecurity_remove_dbs[@]}" ; do if [ -f "${work_dir_sanesecurity}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${work_dir_sanesecurity}/${db_file}" rm -f "${work_dir_sanesecurity}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done fi if [ -n "${securiteinfo_remove_dbs[0]}" ] ; then for db_file in "${securiteinfo_remove_dbs[@]}" ; do if [ -f "${work_dir_securiteinfo}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${work_dir_securiteinfo}/${db_file}" rm -f "${work_dir_securiteinfo}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done fi if [ -n "${linuxmalwaredetect_remove_dbs[0]}" ] ; then for db_file in "${linuxmalwaredetect_remove_dbs[@]}" ; do if [ -f "${work_dir_linuxmalwaredetect}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${work_dir_linuxmalwaredetect}/${db_file}" rm -f "${work_dir_linuxmalwaredetect}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done fi if [ -n "${interserver_remove_dbs[0]}" ] ; then for db_file in "${interserver_remove_dbs[@]}" ; do if [ -f "${work_dir_interserver}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${work_dir_interserver}/${db_file}" rm -f "${work_dir_interserver}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done fi if [ -n "${malwareexpert_remove_dbs[0]}" ] ; then for db_file in "${malwareexpert_remove_dbs[@]}" ; do if [ -f "${work_dir_malwareexpert}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${work_dir_malwareexpert}/${db_file}" rm -f "${work_dir_malwareexpert}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done fi if [ -n "${yararulesproject_remove_dbs[0]}" ] ; then for db_file in "${yararulesproject_remove_dbs[@]}" ; do if echo "$db_file" | $grep_bin -q "/" ; then yr_dir="/$(echo "$db_file" | cut -d "/" -f 1)" db_file="$(echo "$db_file" | cut -d "/" -f 2)" else yr_dir="" fi if [ -f "${work_dir_yararulesproject}/${yr_dir}${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${work_dir_yararulesproject}/${db_file}" rm -f "${work_dir_yararulesproject}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done fi if [ -n "${urlhaus_remove_dbs[0]}" ] ; then for db_file in "${urlhaus_remove_dbs[@]}" ; do if [ -f "${work_dir_urlhaus}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${work_dir_urlhaus}/${db_file}" rm -f "${work_dir_urlhaus}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done fi if [ -n "${malwarepatrol_remove_dbs[0]}" ] ; then for db_file in "${malwarepatrol_remove_dbs[@]}" ; do if [ -f "${work_dir_malwarepatrol}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${work_dir_malwarepatrol}/${db_file}" rm -f "${work_dir_malwarepatrol}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done fi fi ############################################################################################ # If "ham_dir" variable is set, then create initial whitelist files (skipped if first-time script run). test_dir="$work_dir/test" if [ -n "$ham_dir" ] && [ -d "$work_dir" ] && [ ! -d "$test_dir" ] ; then if [ -d "$ham_dir" ] ; then xshok_mkdir_ownership "$test_dir" cp -f -p "$work_dir"/*/*.ndb "$test_dir" cp -f -p "$work_dir"/*/*.db "$test_dir" $clamscan_bin --infected --no-summary -d "$test_dir" "$ham_dir"/* | command "$sed_bin" 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' >> "${work_dir_work_configs}/whitelist.txt" $grep_bin -h -f "${work_dir_work_configs}/whitelist.txt" "${test_dir}/*.ndb" | cut -d "*" -f 2 | sort | uniq > "${work_dir_work_configs}/whitelist.hex" $grep_bin -h -f "${work_dir_work_configs}/whitelist.txt" "${test_dir}/*.db" | cut -d "=" -f 2 | awk '{ printf("=%s\n", $1);}' | sort | uniq >> "${work_dir_work_configs}/whitelist.hex" cd "$test_dir" || exit for db_file in * ; do [[ -e ${db_file} ]] || break # Handle the case of no files $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "$db_file" > "$db_file-tmp" mv -f "$db_file-tmp" "$db_file" if $clamscan_bin --quiet -d "$db_file" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then if $rsync_bin -pcqt "$db_file" "$clam_dbs" ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi do_clamd_reload=1 fi fi done if [ -r "${work_dir_work_configs}/whitelist.hex" ] ; then xshok_pretty_echo_and_log "Initial HAM directory scan whitelist file created in ${work_dir_work_configs}" else xshok_pretty_echo_and_log "No false-positives detected in initial HAM directory scan" fi else xshok_pretty_echo_and_log "WARNING: Cannot locate HAM directory: ${ham_dir}" xshok_pretty_echo_and_log "Skipping initial whitelist file creation. Fix 'ham_dir' path in config file" fi fi # Check to see if the working directories have been created. If not, create them. Otherwise, ignore and proceed with script. xshok_mkdir_ownership "$work_dir" xshok_mkdir_ownership "$work_dir_gpg" xshok_mkdir_ownership "$work_dir_add" xshok_mkdir_ownership "$work_dir_pid" xshok_mkdir_ownership "$work_dir_interserver" xshok_mkdir_ownership "$work_dir_linuxmalwaredetect" xshok_mkdir_ownership "$work_dir_malwareexpert" xshok_mkdir_ownership "$work_dir_malwarepatrol" xshok_mkdir_ownership "$work_dir_sanesecurity" xshok_mkdir_ownership "$work_dir_securiteinfo" xshok_mkdir_ownership "$work_dir_work_configs" xshok_mkdir_ownership "$work_dir_yararulesproject" # Set secured access permissions to the GPG directory perms chmod -f 0700 "${work_dir_gpg}" if [ "$enable_gpg" == "yes" ] ; then # If we haven't done so yet, download Sanesecurity public GPG key and import to custom keyring. if [ ! -s "${work_dir_gpg}/publickey.gpg" ] ; then xshok_file_download "${work_dir_gpg}/publickey.gpg" "$sanesecurity_gpg_url" ret="$?" if [ "$ret" -ne 0 ] ; then xshok_pretty_echo_and_log "ALERT: Could not download Sanesecurity public GPG key" exit 1 else xshok_pretty_echo_and_log "Sanesecurity public GPG key successfully downloaded" rm -f -- "${work_dir_gpg}/ss-keyring.gp*" if ! $gpg_bin -q --no-options --no-default-keyring --homedir "${work_dir_gpg}" --keyring "${work_dir_gpg}/ss-keyring.gpg" --import "${work_dir_gpg}/publickey.gpg" 2>/dev/null ; then xshok_pretty_echo_and_log "ALERT: could not import Sanesecurity public GPG key to custom keyring" exit 1 else chmod -f 0644 "${work_dir_gpg}/*.*" xshok_pretty_echo_and_log "Sanesecurity public GPG key successfully imported to custom keyring" fi fi fi # If custom keyring is missing, try to re-import Sanesecurity public GPG key. if [ ! -s "${work_dir_gpg}/ss-keyring.gpg" ] ; then rm -f -- "${work_dir_gpg}/ss-keyring.gp*" if ! $gpg_bin -q --no-options --no-default-keyring --homedir "${work_dir_gpg}" --keyring "${work_dir_gpg}/ss-keyring.gpg" --import "${work_dir_gpg}/publickey.gpg" 2>/dev/null ; then xshok_pretty_echo_and_log "ALERT: Custom keyring MISSING or CORRUPT! Could not import Sanesecurity public GPG key to custom keyring" exit 1 else chmod -f 0644 "${work_dir_gpg}/*.*" xshok_pretty_echo_and_log "Sanesecurity custom keyring MISSING! GPG key successfully re-imported to custom keyring" fi fi fi # Database update check, time randomization section. This script now # provides support for both bash and non-bash enabled system shells. if [ "$enable_random" == "yes" ] ; then if [ -n "$RANDOM" ] ; then sleep_time="$((RANDOM * $((max_sleep_time - min_sleep_time)) / 32767 + min_sleep_time))" else sleep_time="0" while [ "$sleep_time" -lt "$min_sleep_time" ] || [ "$sleep_time" -gt "$max_sleep_time" ] ; do sleep_time="$(head -n 1 /dev/urandom | cksum | awk '{print $2}')" done fi if [ ! -t 0 ] ; then xshok_pretty_echo_and_log "$(date) - Pausing database file updates for $sleep_time seconds..." sleep "$sleep_time" xshok_pretty_echo_and_log "$(date) - Pause complete, checking for new database files..." fi fi # Create "scan-test.txt" file for clamscan database integrity testing. if [ ! -s "${work_dir_work_configs}/scan-test.txt" ] ; then echo "This is the clamscan test file..." > "${work_dir_work_configs}/scan-test.txt" fi if [ -z "$git_branch" ] ; then git_branch="master" fi # If rsync proxy is defined in the config file, then export it for use. if [ -n "$rsync_proxy" ] ; then RSYNC_PROXY="$rsync_proxy" export RSYNC_PROXY fi # If rsync connect program is defined in the config file, then export it for use. (to use netcat for socks tunnel) if [ -n "$rsync_connect_prog" ] ; then RSYNC_CONNECT_PROG="$rsync_connect_prog" export RSYNC_CONNECT_PROG fi # Create $current_dbsfiles containing lists of current and previously active 3rd-party databases # so that databases and/or backup files that are no longer being used can be removed. current_tmp="${work_dir_work_configs}/current-dbs.tmp" current_dbs_file="${work_dir_work_configs}/current-dbs.txt" if [ "$sanesecurity_enabled" == "yes" ] ; then # Create the Sanesecurity rsync "include" file (defines command -v files to download). sanesecurity_include_dbs="${work_dir_work_configs}/ss-include-dbs.txt" if [ -n "${sanesecurity_dbs[0]}" ] ; then rm -f -- "${sanesecurity_include_dbs}" "${work_dir_sanesecurity}/*.sha256" for db_file in "${sanesecurity_dbs[@]}" ; do echo "$db_file" >> "${sanesecurity_include_dbs}" echo "${db_file}.sig" >> "${sanesecurity_include_dbs}" echo "${work_dir_sanesecurity}/${db_file}" >> "${current_tmp}" echo "${work_dir_sanesecurity}/${db_file}.sig" >> "${current_tmp}" clamav_files done fi fi if [ "$securiteinfo_enabled" == "yes" ] ; then if [ -n "${securiteinfo_dbs[0]}" ] ; then for db in "${securiteinfo_dbs[@]}" ; do echo "${work_dir_securiteinfo}/${db}" >> "${current_tmp}" clamav_files done fi fi if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then if [ -n "${linuxmalwaredetect_dbs[0]}" ] ; then for db in "${linuxmalwaredetect_dbs[@]}" ; do echo "${work_dir_linuxmalwaredetect}/${db}" >> "${current_tmp}" clamav_files done fi fi if [ "$interserver_enabled" == "yes" ] ; then if [ -n "${interserver_dbs[0]}" ] ; then for db in "${interserver_dbs[@]}" ; do echo "${work_dir_interserver}/${db}" >> "${current_tmp}" clamav_files done fi fi if [ "$malwareexpert_enabled" == "yes" ] ; then if [ -n "${malwareexpert_dbs[0]}" ] ; then for db in "${malwareexpert_dbs[@]}" ; do echo "${work_dir_malwareexpert}/${db}" >> "${current_tmp}" clamav_files done fi fi if [ "$malwarepatrol_enabled" == "yes" ] ; then if [ -n "$malwarepatrol_db" ] ; then echo "${work_dir_malwarepatrol}/${malwarepatrol_db}" >> "${current_tmp}" clamav_files fi fi if [ "$yararulesproject_enabled" == "yes" ] ; then if [ -n "${yararulesproject_dbs[0]}" ] ; then for db in "${yararulesproject_dbs[@]}" ; do if echo "$db" | $grep_bin -q "/" ; then db="$(echo "$db" | cut -d "/" -f 2)" fi echo "${work_dir_yararulesproject}/${db}" >> "${current_tmp}" clamav_files done fi fi if [ "$additional_enabled" == "yes" ] ; then if [ -n "$additional_dbs" ] ; then for db in "${additional_dbs[@]}" ; do echo "${work_dir_add}/${db}" >> "${current_tmp}" clamav_files done fi fi sort "${current_tmp}" > "$current_dbs_file" 2>/dev/null rm -f "${current_tmp}" # Remove 3rd-party databases and/or backup files that are no longer being used. if [ "$remove_disabled_databases" == "yes" ] ; then previous_dbs="${work_dir_work_configs}/previous-dbs.txt" sort "$current_dbs_file" > "$previous_dbs" 2>/dev/null # Do not remove the current_dbs_file #rm -f "$current_dbs_file" db_changes="${work_dir_work_configs}/db-changes.txt" if [ ! -s "$previous_dbs" ] ; then cp -f -p "$current_dbs_file" "$previous_dbs" 2>/dev/null fi diff "$current_dbs_file" "$previous_dbs" 2>/dev/null | $grep_bin ">" | awk '{print $2}' > "$db_changes" if [ -r "$db_changes" ] ; then if $grep_bin -vq "bak" "$db_changes" 2>/dev/null ; then do_clamd_reload="2" fi while read -r file ; do rm -f -- "$file" xshok_pretty_echo_and_log "Unused/Disabled file removed: ${file}" done < "$db_changes" fi fi # Create "purge.txt" file for package maintainers to support package uninstall. purge="${work_dir_work_configs}/purge.txt" cp -f -p "$current_dbs_file" "$purge" { echo "${work_dir_work_configs}/current-dbs.txt" echo "${work_dir_work_configs}/db-changes.txt" echo "${work_dir_work_configs}/last-mbl-update.txt" echo "${work_dir_work_configs}/last-si-update.txt" echo "${work_dir_work_configs}/local.ign" echo "${work_dir_work_configs}/monitor-ign.txt" echo "${work_dir_work_configs}/my-whitelist.ign2" echo "${work_dir_work_configs}/tracker.txt" echo "${work_dir_work_configs}/previous-dbs.txt" echo "${work_dir_work_configs}/scan-test.txt" echo "${work_dir_work_configs}/ss-include-dbs.txt" echo "${work_dir_work_configs}/whitelist.hex" echo "${work_dir_gpg}/publickey.gpg" echo "$work_dir_gpg/secring.gpg" echo "${work_dir_gpg}/ss-keyring.gpg*" echo "$work_dir_gpg/trustdb.gpg" echo "${log_file_path}/${log_file_name}*" echo "${work_dir_work_configs}/purge.txt" } >> "$purge" # Check and save current system time since epoch for time related database downloads. # However, if unsuccessful, issue a warning that we cannot calculate times since epoch. if [ -n "${securiteinfo_dbs[0]}" ] || [ -n "$malwarepatrol_db" ] ; then current_time="$(date "+%s" 2> /dev/null)" current_time="${current_time//[^0-9]/}" current_time="$((current_time + 0))" if [ "$current_time" -le 0 ] ; then current_time="$(perl -le print+time 2> /dev/null)" fi if [ "$current_time" -le 0 ] ; then xshok_pretty_echo_and_log "WARNING: No support for 'date +%s' or 'perl' was not found , SecuriteInfo and MalwarePatrol updates bypassed" securiteinfo_dbs=() malwarepatrol_db=() fi fi ################################################################ # Check for Sanesecurity database & GPG signature file updates # ################################################################ if [ "$sanesecurity_enabled" == "yes" ] ; then if [ -n "${sanesecurity_dbs[0]}" ] ; then if [ ${#sanesecurity_dbs} -lt 1 ] ; then xshok_pretty_echo_and_log "Failed sanesecurity_dbs config is invalid or not defined - SKIPPING" else if [ -r "${work_dir_work_configs}/last-ss-update.txt" ] ; then last_sanesecurity_update="$(cat "${work_dir_work_configs}/last-ss-update.txt")" else last_sanesecurity_update="0" fi db_file="" update_interval="$((sanesecurity_update_hours * 3600))" time_interval="$((current_time - last_sanesecurity_update))" if [ "$time_interval" -ge $((update_interval - 600)) ] ; then echo "$current_time" > "${work_dir_work_configs}/last-ss-update.txt" xshok_pretty_echo_and_log "Sanesecurity Database & GPG Signature File Updates" "=" xshok_pretty_echo_and_log "Checking for Sanesecurity updates..." if [ -n "$dig_bin" ] ; then # shellcheck disable=SC2086 sanesecurity_mirror_ips="$($dig_bin $dig_proxy +ignore +short "$sanesecurity_url")" else # shellcheck disable=SC2086 sanesecurity_mirror_ips="$($host_bin $host_proxy -t A "$sanesecurity_url" | $sed_bin -n '/has address/{s/.*address \([^ ]*\).*/\1/;p;}')" fi # Add fallback if no records are returned if [ ${#sanesecurity_mirror_ips} -lt 1 ] ; then if [ -n "$dig_bin" ] ; then # shellcheck disable=SC2086 sanesecurity_mirror_ips="$($dig_bin $dig_proxy +ignore +short "$sanesecurity_url")" else # shellcheck disable=SC2086 sanesecurity_mirror_ips="$($host_bin $host_proxy -t A "$sanesecurity_url" | $sed_bin -n '/has address/{s/.*address \([^ ]*\).*/\1/;p;}')" fi fi if [ ${#sanesecurity_mirror_ips} -ge 1 ] ; then for sanesecurity_mirror_ip in $sanesecurity_mirror_ips ; do if [ -n "$dig_bin" ] ; then # shellcheck disable=SC2086 sanesecurity_mirror_name="$($dig_bin $dig_proxy +short -x "$sanesecurity_mirror_ip" | command "$sed_bin" 's/\.$//')" else # shellcheck disable=SC2086 sanesecurity_mirror_name="$($host_bin $host_proxy -t A "$sanesecurity_mirror_ip" | $sed_bin -n '/name pointer/{s/.*pointer \([^ ]*\).*\.$/\1/;p;}')" fi # Add fallback if no records are returned if [ -z "$sanesecurity_mirror_name" ] ; then if [ -n "$dig_bin" ] ; then # shellcheck disable=SC2086 sanesecurity_mirror_name="$($dig_bin $dig_proxy +short -x "$sanesecurity_mirror_ip" | command "$sed_bin" 's/\.$//')" else # shellcheck disable=SC2086 sanesecurity_mirror_name="$($host_bin $host_proxy -t A "$sanesecurity_mirror_ip" | $sed_bin -n '/name pointer/{s/.*pointer \([^ ]*\).*\.$/\1/;p;}')" fi fi sanesecurity_mirror_site_info="$sanesecurity_mirror_name $sanesecurity_mirror_ip" xshok_pretty_echo_and_log "Sanesecurity mirror site used: ${sanesecurity_mirror_site_info}" # shellcheck disable=SC2086 $rsync_bin $rsync_output_level $no_motd --files-from="${sanesecurity_include_dbs}" -ctuz $connect_timeout --timeout="$rsync_max_time" "rsync://${sanesecurity_mirror_ip}/sanesecurity" "$work_dir_sanesecurity" 2>&13 ret="$?" if [ "$ret" -eq 0 ] || [ "$ret" -eq 23 ] ; then # The correct way, 23 is some files were not transfered, can be ignored and we can assume a success sanesecurity_rsync_success="1" for db_file in "${sanesecurity_dbs[@]}" ; do if ! cmp -s "${work_dir_sanesecurity}/${db_file}" "${clam_dbs}/${db_file}" ; then xshok_pretty_echo_and_log "Testing updated Sanesecurity database file: ${db_file}" if [ "$enable_gpg" == "yes" ] ; then if ! $gpg_bin --trust-model always -q --no-default-keyring --homedir "${work_dir_gpg}" --keyring "${work_dir_gpg}/ss-keyring.gpg" --verify "${work_dir_sanesecurity}/${db_file}.sig" "${work_dir_sanesecurity}/${db_file}" 2>/dev/null ; then $gpg_bin --always-trust -q --no-default-keyring --homedir "${work_dir_gpg}" --keyring "${work_dir_gpg}/ss-keyring.gpg" --verify "${work_dir_sanesecurity}/${db_file}.sig" "${work_dir_sanesecurity}/${db_file}" 2>/dev/null ret="$?" else ret="0" fi if [ "$ret" -eq 0 ] ; then test "$gpg_silence" = "no" && xshok_pretty_echo_and_log "Sanesecurity GPG Signature tested good on ${db_file} database" else xshok_pretty_echo_and_log "Sanesecurity GPG Signature test FAILED on ${db_file} database - SKIPPING" fi fi if [ "$ret" -eq 0 ] ; then db_ext="${db_file#*.}" if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then if $clamscan_bin --quiet -d "${work_dir_sanesecurity}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports Sanesecurity ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports Sanesecurity ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_sanesecurity}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_sanesecurity}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${work_dir_sanesecurity}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated Sanesecurity production database file: ${db_file}" sanesecurity_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update Sanesecurity production database file: ${db_file} - SKIPPING" false fi else $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${work_dir_sanesecurity}/${db_file}" > "${test_dir}/${db_file}" $clamscan_bin --infected --no-summary -d "${test_dir}/${db_file}" "$ham_dir"/* | command "$sed_bin" 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "${work_dir_work_configs}/whitelist.txt" $grep_bin -h -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${db_file}" | cut -d "*" -f 2 | sort | uniq >> "${work_dir_work_configs}/whitelist.hex-tmp" mv -f "${work_dir_work_configs}/whitelist.hex-tmp" "${work_dir_work_configs}/whitelist.hex" $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${db_file}" > "${test_dir}/${db_file}-tmp" mv -f "${test_dir}/${db_file}-tmp" "${test_dir}/${db_file}" if $clamscan_bin --quiet -d "${test_dir}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports Sanesecurity ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports Sanesecurity ${db_file} database integrity tested BAD" # DO NOT KILL THIS DB false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${test_dir}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated Sanesecurity production database file: ${db_file}" sanesecurity_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update Sanesecurity production database file: ${db_file} - SKIPPING" fi fi fi fi done if [ ! "$sanesecurity_update" == "1" ] ; then xshok_pretty_echo_and_log "No Sanesecurity database file updates" "-" break else break fi else xshok_pretty_echo_and_log "Connection to ${sanesecurity_mirror_site_info} failed - Trying next mirror site..." fi done if [ ! "$sanesecurity_rsync_success" == "1" ] ; then xshok_pretty_echo_and_log "Access to all Sanesecurity mirror sites failed - Check for connectivity issues" xshok_pretty_echo_and_log "or signature database name(s) misspelled in the script's configuration file." fi else xshok_pretty_echo_and_log "No Sanesecurity mirror sites found - Check for dns/connectivity issues" fi else xshok_pretty_echo_and_log "Sanesecurity Database File Updates" "=" xshok_draw_time_remaining "$((update_interval - time_interval))" "$sanesecurity_update_hours" "Sanesecurity" fi fi fi else if [ -n "${sanesecurity_dbs[0]}" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled Sanesecurity Database files" for db_file in "${sanesecurity_dbs[@]}" ; do if echo "$db_file" | $grep_bin -q "|" ; then db_file="${db_file%|*}" fi if [ -r "${work_dir_sanesecurity}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing ${work_dir_sanesecurity}/${db_file}" rm -f "${work_dir_sanesecurity}/${db_file}" do_clamd_reload=1 fi if [ -r "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" do_clamd_reload=1 fi done fi fi fi ############################################################################################################################################## # Check for updated SecuriteInfo database files every set number of hours as defined in the "USER CONFIGURATION" section of this script # ############################################################################################################################################## if [ "$securiteinfo_enabled" == "yes" ] ; then if [ "$securiteinfo_authorisation_signature" != "YOUR-SIGNATURE-NUMBER" ] ; then if [ -n "${securiteinfo_dbs[0]}" ] ; then if [ ${#securiteinfo_dbs} -lt 1 ] ; then xshok_pretty_echo_and_log "Failed securiteinfo_dbs config is invalid or not defined - SKIPPING" else rm -f "${work_dir_securiteinfo}/*.gz" if [ -r "${work_dir_work_configs}/last-si-update.txt" ] ; then last_securiteinfo_update="$(cat "${work_dir_work_configs}/last-si-update.txt")" else last_securiteinfo_update="0" fi db_file="" loop="" if [ "$securiteinfo_premium" == "yes" ] ; then update_interval="$((securiteinfo_premium_update_hours * 3600))" else update_interval="$((securiteinfo_update_hours * 3600))" fi time_interval="$((current_time - last_securiteinfo_update))" if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then echo "$current_time" > "${work_dir_work_configs}/last-si-update.txt" xshok_pretty_echo_and_log "SecuriteInfo Database File Updates" "=" xshok_pretty_echo_and_log "Checking for SecuriteInfo updates..." securiteinfo_updates="0" for db_file in "${securiteinfo_dbs[@]}" ; do if [ "$loop" == "1" ] ; then xshok_pretty_echo_and_log "---" fi xshok_pretty_echo_and_log "Checking for updated SecuriteInfo database file: ${db_file}" securiteinfo_db_update="0" xshok_file_download "${work_dir_securiteinfo}/${db_file}" "${securiteinfo_url}/${securiteinfo_authorisation_signature}/${db_file}" ret="$?" if [ "$ret" -eq 0 ] ; then loop="1" if ! cmp -s "${work_dir_securiteinfo}/${db_file}" "${clam_dbs}/${db_file}" ; then db_ext="${db_file#*.}" xshok_pretty_echo_and_log "Testing updated SecuriteInfo database file: ${db_file}" if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then if $clamscan_bin --quiet -d "${work_dir_securiteinfo}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_securiteinfo}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_securiteinfo}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${work_dir_securiteinfo}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated SecuriteInfo production database file: ${db_file}" securiteinfo_updates=1 securiteinfo_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update SecuriteInfo production database file: ${db_file} - SKIPPING" fi else $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${work_dir_securiteinfo}/${db_file}" > "${test_dir}/${db_file}" $clamscan_bin --infected --no-summary -d "${test_dir}/${db_file}" "$ham_dir"/* | command "$sed_bin" 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "${work_dir_work_configs}/whitelist.txt" $grep_bin -h -f "${work_dir_work_configs}/whitelist.txt" "${test_dir}/${db_file}" | cut -d "*" -f 2 | sort | uniq >> "${work_dir_work_configs}/whitelist.hex" $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${db_file}" > "${test_dir}/${db_file}-tmp" mv -f "${test_dir}/${db_file}-tmp" "${test_dir}/${db_file}" if $clamscan_bin --quiet -d "${test_dir}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo ${db_file} database integrity tested BAD" rm -f "${work_dir_securiteinfo}/${db_file}" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_securiteinfo}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_securiteinfo}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${test_dir}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated SecuriteInfo production database file: ${db_file}" securiteinfo_updates=1 securiteinfo_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update SecuriteInfo production database file: ${db_file} - SKIPPING" fi fi fi else xshok_pretty_echo_and_log "Failed connection to ${securiteinfo_url} - SKIPPED SecuriteInfo ${db_file} update" fi if [ "$securiteinfo_db_update" != "1" ] ; then xshok_pretty_echo_and_log "No updated SecuriteInfo ${db_file} database file" "-" fi done if [ "$securiteinfo_updates" != "1" ] ; then xshok_pretty_echo_and_log "No SecuriteInfo database file updates" "-" fi else xshok_pretty_echo_and_log "SecuriteInfo Database File Updates" "=" if [ "$securiteinfo_premium" == "yes" ] ; then xshok_draw_time_remaining "$((update_interval - time_interval))" "$securiteinfo_premium_update_hours" "SecuriteInfo" else xshok_draw_time_remaining "$((update_interval - time_interval))" "$securiteinfo_update_hours" "SecuriteInfo" fi fi fi fi fi else if [ -n "$securiteinfo_dbs" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled SecuriteInfo Database files" for db_file in "${securiteinfo_dbs[@]}" ; do if echo "$db_file" | $grep_bin -q "|" ; then db_file="${db_file%|*}" fi if [ -r "${work_dir_securiteinfo}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing ${work_dir_securiteinfo}/${db_file}" rm -f "${work_dir_securiteinfo}/${db_file}" do_clamd_reload=1 fi if [ -r "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" do_clamd_reload=1 fi done fi fi fi ############################################################################################################################################## # Check for updated LinuxMalwareDetect database files every set number of hours as defined in the "USER CONFIGURATION" section of this script ############################################################################################################################################## if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then if [ -n "${linuxmalwaredetect_dbs[0]}" ] ; then if [ ${#linuxmalwaredetect_dbs} -lt 1 ] ; then xshok_pretty_echo_and_log "Failed linuxmalwaredetect_dbs config is invalid or not defined - SKIPPING" else rm -f "${work_dir_linuxmalwaredetect}/*.gz" if [ -r "${work_dir_work_configs}/last-linuxmalwaredetect-update.txt" ] ; then last_linuxmalwaredetect_update="$(cat "${work_dir_work_configs}/last-linuxmalwaredetect-update.txt")" else last_linuxmalwaredetect_update="0" fi db_file="" loop="" update_interval="$((linuxmalwaredetect_update_hours * 3600))" time_interval="$((current_time - last_linuxmalwaredetect_update))" if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then echo "$current_time" > "${work_dir_work_configs}/last-linuxmalwaredetect-update.txt" xshok_pretty_echo_and_log "LinuxMalwareDetect Database File Updates" "=" xshok_pretty_echo_and_log "Checking for LinuxMalwareDetect updates..." # Check for a new version found_upgrade="no" if [ -n "$curl_bin" ] ; then # shellcheck disable=SC2086 latest_linuxmalwaredetect_version="$($curl_bin --compressed $curl_proxy $curl_insecure $curl_output_level --connect-timeout "${downloader_connect_timeout}" --remote-time --location --retry "${downloader_tries}" --max-time "${downloader_max_time}" "$linuxmalwaredetect_version_url" 2>&11 | head -n1 | xargs)" else # shellcheck disable=SC2086 latest_linuxmalwaredetect_version="$($wget_bin $wget_compression $wget_proxy $wget_insecure $wget_output_level --connect-timeout="${downloader_connect_timeout}" --random-wait --tries="${downloader_tries}" --timeout="${downloader_max_time}" "$linuxmalwaredetect_version_url" -O - 2>&12 | $grep_bin "^script_version=" | head -n1 | xargs)" fi if [ "$latest_linuxmalwaredetect_version" ] ; then # shellcheck disable=SC2183,SC2086 if [ -f "${work_dir_linuxmalwaredetect}/current_linuxmalwaredetect_version" ] ; then current_linuxmalwaredetect_version="$(head -n1 "${work_dir_linuxmalwaredetect}/current_linuxmalwaredetect_version" | xargs)" else current_linuxmalwaredetect_version="-1" fi if [ "$latest_linuxmalwaredetect_version" != "$current_linuxmalwaredetect_version" ] ; then xshok_pretty_echo_and_log "LinuxMalwareDetect Database File Updates" "=" found_upgrade="yes" fi fi if [ "$found_upgrade" == "yes" ] ; then mkdir -p "${work_dir_linuxmalwaredetect}/tmp/" xshok_file_download "${work_dir_linuxmalwaredetect}/tmp/sigpack.tgz" "${linuxmalwaredetect_sigpack_url}" ret="$?" if [ "$ret" -eq 0 ] ; then mkdir -p "${work_dir_linuxmalwaredetect}/tmp/" $tar_bin --strip-components=1 -xzf "${work_dir_linuxmalwaredetect}/tmp/sigpack.tgz" --directory "${work_dir_linuxmalwaredetect}/tmp/" #ls -l "${work_dir_linuxmalwaredetect}/tmp/" if [ "$enable_yararules" == "yes" ] ; then find "${work_dir_linuxmalwaredetect}/tmp/" -type f -iname "rfxn.*" -exec mv -f '{}' "${work_dir_linuxmalwaredetect}/" \; else find "${work_dir_linuxmalwaredetect}/tmp/" -type f -iname "rfxn.*" ! \( -iname "*.yara" -o -iname "*.yar" \) -exec mv -f '{}' "${work_dir_linuxmalwaredetect}/" \; fi # cleanup rm -rf -- "${work_dir_linuxmalwaredetect:?}/tmp" #ls -l "${work_dir_linuxmalwaredetect}/" for db_file in "${linuxmalwaredetect_dbs[@]}" ; do if [ "$loop" == "1" ] ; then xshok_pretty_echo_and_log "---" fi loop="1" if ! cmp -s "${work_dir_linuxmalwaredetect}/${db_file}" "${clam_dbs}/${db_file}" ; then db_ext="${db_file#*.}" xshok_pretty_echo_and_log "Testing updated LinuxMalwareDetect database file: ${db_file}" if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then if $clamscan_bin --quiet -d "${work_dir_linuxmalwaredetect}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports LinuxMalwareDetect ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports LinuxMalwareDetect ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_linuxmalwaredetect}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_linuxmalwaredetect}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${work_dir_linuxmalwaredetect}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/local.ign" fi xshok_pretty_echo_and_log "Successfully updated LinuxMalwareDetect production database file: ${db_file}" do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update LinuxMalwareDetect production database file: ${db_file} - SKIPPING" fi else $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${work_dir_linuxmalwaredetect}/${db_file}" > "${test_dir}/${db_file}" $clamscan_bin --infected --no-summary -d "${test_dir}/${db_file}" "$ham_dir"/* | command "$sed_bin" 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "${work_dir_work_configs}/whitelist.txt" $grep_bin -h -f "${work_dir_work_configs}/whitelist.txt" "${test_dir}/${db_file}" | cut -d "*" -f 2 | sort | uniq >> "${work_dir_work_configs}/whitelist.hex" $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${db_file}" > "${test_dir}/${db_file}-tmp" mv -f "${test_dir}/${db_file}-tmp" "${test_dir}/${db_file}" if $clamscan_bin --quiet -d "${test_dir}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports LinuxMalwareDetect ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports LinuxMalwareDetect ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_linuxmalwaredetect}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_linuxmalwaredetect}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${test_dir}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated LinuxMalwareDetect production database file: ${db_file}" do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update LinuxMalwareDetect production database file: ${db_file} - SKIPPING" fi fi fi done #save the current version echo "$latest_linuxmalwaredetect_version" > "${work_dir_linuxmalwaredetect}/current_linuxmalwaredetect_version" else xshok_pretty_echo_and_log "WARNING: Failed connection to ${linuxmalwaredetect_sigpack_url} - SKIPPED LinuxMalwareDetect update" fi else xshok_pretty_echo_and_log "No LinuxMalwareDetect database file updates" "-" fi else xshok_pretty_echo_and_log "LinuxMalwareDetect Database File Updates" "=" xshok_draw_time_remaining "$((update_interval - time_interval))" "$linuxmalwaredetect_update_hours" "linuxmalwaredetect" fi fi fi else if [ -n "${linuxmalwaredetect_dbs[0]}" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled LinuxMalwareDetect Database files" if [ -f "${work_dir_linuxmalwaredetect}/current_linuxmalwaredetect_version" ] ; then rm -f "${work_dir_linuxmalwaredetect}/current_linuxmalwaredetect_version" fi for db_file in "${linuxmalwaredetect_dbs[@]}" ; do if echo "$db_file" | $grep_bin -q "|" ; then db_file="${db_file%|*}" fi if [ -r "${work_dir_linuxmalwaredetect}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing ${work_dir_linuxmalwaredetect}/${db_file}" rm -f "${work_dir_linuxmalwaredetect}/${db_file}" do_clamd_reload=1 fi if [ -r "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" do_clamd_reload=1 fi done fi fi fi ############################################################################################################################################## # Check for updated interServer database files every set number of hours as defined in the "USER CONFIGURATION" section of this script # ############################################################################################################################################## if [ "$interserver_enabled" == "yes" ] ; then if [ -n "${interserver_dbs[0]}" ] ; then if [ ${#interserver_dbs} -lt 1 ] ; then xshok_pretty_echo_and_log "Failed interserver_dbs config is invalid or not defined - SKIPPING" else rm -f "${work_dir_interserver}/*.gz" if [ -r "${work_dir_work_configs}/last-is-update.txt" ] ; then last_interserver_update="$(cat "${work_dir_work_configs}/last-is-update.txt")" else last_interserver_update="0" fi db_file="" loop="" if [ "$interserver_premium" == "yes" ] ; then update_interval="$((interserver_premium_update_hours * 3600))" else update_interval="$((interserver_update_hours * 3600))" fi time_interval="$((current_time - last_interserver_update))" if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then echo "$current_time" > "${work_dir_work_configs}/last-is-update.txt" xshok_pretty_echo_and_log "interserver Database File Updates" "=" xshok_pretty_echo_and_log "Checking for interserver updates..." interserver_updates="0" for db_file in "${interserver_dbs[@]}" ; do if [ "$loop" == "1" ] ; then xshok_pretty_echo_and_log "---" fi xshok_pretty_echo_and_log "Checking for updated interServer database file: ${db_file}" interserver_db_update="0" xshok_file_download "${work_dir_interserver}/${db_file}" "${interserver_url}/${db_file}" ret="$?" if [ "$ret" -eq 0 ] ; then loop="1" if ! cmp -s "${work_dir_interserver}/${db_file}" "${clam_dbs}/${db_file}" ; then db_ext="${db_file#*.}" xshok_pretty_echo_and_log "Testing updated interServer database file: ${db_file}" if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then if $clamscan_bin --quiet -d "${work_dir_interserver}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports interServer ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports interServer ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_interserver}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_interserver}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${work_dir_interserver}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated interServer production database file: ${db_file}" interserver_updates=1 interserver_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update interServer production database file: ${db_file} - SKIPPING" fi else $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${work_dir_interserver}/${db_file}" > "${test_dir}/${db_file}" $clamscan_bin --infected --no-summary -d "${test_dir}/${db_file}" "$ham_dir"/* | command "$sed_bin" 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "${work_dir_work_configs}/whitelist.txt" $grep_bin -h -f "${work_dir_work_configs}/whitelist.txt" "${test_dir}/${db_file}" | cut -d "*" -f 2 | sort | uniq >> "${work_dir_work_configs}/whitelist.hex" $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${db_file}" > "${test_dir}/${db_file}-tmp" mv -f "${test_dir}/${db_file}-tmp" "${test_dir}/${db_file}" if $clamscan_bin --quiet -d "${test_dir}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports interServer ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports interServer ${db_file} database integrity tested BAD" rm -f "${work_dir_interserver}/${db_file}" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_interserver}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_interserver}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${test_dir}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated interServer production database file: ${db_file}" interserver_updates=1 interserver_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update interServer production database file: ${db_file} - SKIPPING" fi fi fi else xshok_pretty_echo_and_log "Failed connection to ${interserver_url} - SKIPPED interServer ${db_file} update" fi if [ "$interserver_db_update" != "1" ] ; then xshok_pretty_echo_and_log "No updated interServer ${db_file} database file" "-" fi done if [ "$interserver_updates" != "1" ] ; then xshok_pretty_echo_and_log "No interServer database file updates" "-" fi else xshok_pretty_echo_and_log "interServer Database File Updates" "=" if [ "$interserver_premium" == "yes" ] ; then xshok_draw_time_remaining "$((update_interval - time_interval))" "$interserver_premium_update_hours" "interserver" else xshok_draw_time_remaining "$((update_interval - time_interval))" "$interserver_update_hours" "interserver" fi fi fi fi else if [ -n "$interserver_dbs" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled interServer Database files" for db_file in "${interserver_dbs[@]}" ; do if echo "$db_file" | $grep_bin -q "|" ; then db_file="${db_file%|*}" fi if [ -r "${work_dir_interserver}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing ${work_dir_interserver}/${db_file}" rm -f "${work_dir_interserver}/${db_file}" do_clamd_reload=1 fi if [ -r "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" do_clamd_reload=1 fi done fi fi fi ############################################################################################################################################## # Check for updated Malware Expert database files every set number of hours as defined in the "USER CONFIGURATION" section of this script # ############################################################################################################################################## if [ "$malwareexpert_enabled" == "yes" ] ; then if [ "$malwareexpert_serial_key" != "YOUR-SERIAL-KEY" ] && [ -n "$malwareexpert_serial_key" ]; then if [ -n "${malwareexpert_dbs[0]}" ] ; then if [ ${#malwareexpert_dbs} -lt 1 ] ; then xshok_pretty_echo_and_log "Failed malwareexpert_dbs config is invalid or not defined - SKIPPING" else rm -f "${work_dir_malwareexpert}/*.gz" if [ -r "${work_dir_work_configs}/last-me-update.txt" ] ; then last_malwareexpert_update="$(cat "${work_dir_work_configs}/last-me-update.txt")" else last_malwareexpert_update="0" fi db_file="" loop="" if [ "$malwareexpert_premium" == "yes" ] ; then update_interval="$((malwareexpert_premium_update_hours * 3600))" else update_interval="$((malwareexpert_update_hours * 3600))" fi time_interval="$((current_time - last_malwareexpert_update))" if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then echo "$current_time" > "${work_dir_work_configs}/last-me-update.txt" xshok_pretty_echo_and_log "malwareexpert Database File Updates" "=" xshok_pretty_echo_and_log "Checking for malwareexpert updates..." malwareexpert_updates="0" for db_file in "${malwareexpert_dbs[@]}" ; do if [ "$loop" == "1" ] ; then xshok_pretty_echo_and_log "---" fi xshok_pretty_echo_and_log "Checking for updated Malware Expert database file: ${db_file}" malwareexpert_db_update="0" xshok_file_download "${work_dir_malwareexpert}/${db_file}" "${malwareexpert_url}/${malwareexpert_serial_key}/${db_file}" ret="$?" if [ "$ret" -eq 0 ] ; then loop="1" if ! cmp -s "${work_dir_malwareexpert}/${db_file}" "${clam_dbs}/${db_file}" ; then db_ext="${db_file#*.}" xshok_pretty_echo_and_log "Testing updated Malware Expert database file: ${db_file}" if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then if $clamscan_bin --quiet -d "${work_dir_malwareexpert}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports Malware Expert ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports Malware Expert ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_malwareexpert}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_malwareexpert}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${work_dir_malwareexpert}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated Malware Expert production database file: ${db_file}" malwareexpert_updates=1 malwareexpert_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update Malware Expert production database file: ${db_file} - SKIPPING" fi else $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${work_dir_malwareexpert}/${db_file}" > "${test_dir}/${db_file}" $clamscan_bin --infected --no-summary -d "${test_dir}/${db_file}" "$ham_dir"/* | command "$sed_bin" 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "${work_dir_work_configs}/whitelist.txt" $grep_bin -h -f "${work_dir_work_configs}/whitelist.txt" "${test_dir}/${db_file}" | cut -d "*" -f 2 | sort | uniq >> "${work_dir_work_configs}/whitelist.hex" $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${db_file}" > "${test_dir}/${db_file}-tmp" mv -f "${test_dir}/${db_file}-tmp" "${test_dir}/${db_file}" if $clamscan_bin --quiet -d "${test_dir}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports Malware Expert ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports Malware Expert ${db_file} database integrity tested BAD" rm -f "${work_dir_malwareexpert}/${db_file}" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_malwareexpert}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_malwareexpert}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${test_dir}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated Malware Expert production database file: ${db_file}" malwareexpert_updates=1 malwareexpert_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update Malware Expert production database file: ${db_file} - SKIPPING" fi fi fi else xshok_pretty_echo_and_log "Failed connection to ${malwareexpert_url} - SKIPPED Malware Expert ${db_file} update" fi if [ "$malwareexpert_db_update" != "1" ] ; then xshok_pretty_echo_and_log "No updated Malware Expert ${db_file} database file" "-" fi done if [ "$malwareexpert_updates" != "1" ] ; then xshok_pretty_echo_and_log "No Malware Expert database file updates" "-" fi else xshok_pretty_echo_and_log "Malware Expert Database File Updates" "=" if [ "$malwareexpert_premium" == "yes" ] ; then xshok_draw_time_remaining "$((update_interval - time_interval))" "$malwareexpert_premium_update_hours" "malwareexpert" else xshok_draw_time_remaining "$((update_interval - time_interval))" "$malwareexpert_update_hours" "malwareexpert" fi fi fi fi fi else if [ -n "$malwareexpert_dbs" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled Malware Expert Database files" for db_file in "${malwareexpert_dbs[@]}" ; do if echo "$db_file" | $grep_bin -q "|" ; then db_file="${db_file%|*}" fi if [ -r "${work_dir_malwareexpert}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing ${work_dir_malwareexpert}/${db_file}" rm -f "${work_dir_malwareexpert}/${db_file}" do_clamd_reload=1 fi if [ -r "${clam_dbs}/${db_file}" ] ; then xshok_pretty_echo_and_log "Removing ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" do_clamd_reload=1 fi done fi fi fi ######################################################################################################################################### # Download MalwarePatrol database file every set number of hours as defined in the "USER CONFIGURATION" section of this script. # ########################################################################################################################################## if [ "$malwarepatrol_enabled" == "yes" ] ; then if [ "$malwarepatrol_receipt_code" != "YOUR-RECEIPT-NUMBER" ] ; then if [ -n "${malwarepatrol_db}" ] ; then rm -f "${work_dir_malwarepatrol}/*.gz" if [ -r "${work_dir_work_configs}/last-mbl-update.txt" ] ; then last_malwarepatrol_update="$(cat "${work_dir_work_configs}/last-mbl-update.txt")" else last_malwarepatrol_update="0" fi loop="" update_interval="$((malwarepatrol_update_hours * 3600))" time_interval="$((current_time - last_malwarepatrol_update))" if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then echo "$current_time" > "${work_dir_work_configs}/last-mbl-update.txt" xshok_pretty_echo_and_log "MalwarePatrol Database File Updates" "=" xshok_pretty_echo_and_log "Checking for MalwarePatrol updates..." malwarepatrol_updates="0" # Cleanup any not required database files if [ "$malwarepatrol_db" != "malwarepatrol.db" ] && [ -f "${clam_dbs}/malwarepatrol.db" ] ; then rm -f "${clam_dbs}/malwarepatrol.db"; fi if [ "$malwarepatrol_db" != "malwarepatrol.ndb" ] && [ -f "${clam_dbs}/malwarepatrol.ndb" ] ; then rm -f "${clam_dbs}/malwarepatrol.ndb"; fi if [ "$loop" == "1" ] ; then xshok_pretty_echo_and_log "---" fi xshok_pretty_echo_and_log "Checking for updated MalwarePatrol database file: ${malwarepatrol_db}" malwarepatrol_db_update="0" xshok_file_download "${work_dir_malwarepatrol}/${malwarepatrol_db}" "${malwarepatrol_url}" ret="$?" if [ "$ret" -eq 0 ] ; then loop="1" if ! cmp -s "${work_dir_malwarepatrol}/${malwarepatrol_db}" "${clam_dbs}/${malwarepatrol_db}" ; then db_ext="${malwarepatrol_db#*.}" xshok_pretty_echo_and_log "Testing updated MalwarePatrol database file: ${malwarepatrol_db}" if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then if $clamscan_bin --quiet -d "${work_dir_malwarepatrol}/${malwarepatrol_db}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol ${malwarepatrol_db} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol ${malwarepatrol_db} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_malwarepatrol}/${malwarepatrol_db}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_malwarepatrol}/${malwarepatrol_db}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${malwarepatrol_db}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${work_dir_malwarepatrol}/${malwarepatrol_db}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${malwarepatrol_db}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${malwarepatrol_db}" fi xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: ${malwarepatrol_db}" malwarepatrol_updates=1 malwarepatrol_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: ${malwarepatrol_db} - SKIPPING" fi else $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${work_dir_malwarepatrol}/${malwarepatrol_db}" > "${test_dir}/${malwarepatrol_db}" $clamscan_bin --infected --no-summary -d "${test_dir}/${malwarepatrol_db}" "$ham_dir"/* | command "$sed_bin" 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "${work_dir_work_configs}/whitelist.txt" $grep_bin -h -f "${work_dir_work_configs}/whitelist.txt" "${test_dir}/${malwarepatrol_db}" | cut -d "*" -f 2 | sort | uniq >> "${work_dir_work_configs}/whitelist.hex" $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${malwarepatrol_db}" > "${test_dir}/${malwarepatrol_db}-tmp" mv -f "${test_dir}/${malwarepatrol_db}-tmp" "${test_dir}/${malwarepatrol_db}" if $clamscan_bin --quiet -d "${test_dir}/${malwarepatrol_db}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol ${malwarepatrol_db} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol ${malwarepatrol_db} database integrity tested BAD" rm -f "${work_dir_malwarepatrol}/${malwarepatrol_db}" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_malwarepatrol}/${malwarepatrol_db}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_malwarepatrol}/${malwarepatrol_db}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${malwarepatrol_db}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${test_dir}/${malwarepatrol_db}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${malwarepatrol_db}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${malwarepatrol_db}" fi xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: ${malwarepatrol_db}" malwarepatrol_updates=1 malwarepatrol_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: ${malwarepatrol_db} - SKIPPING" fi fi fi else xshok_pretty_echo_and_log "Failed connection to ${malwarepatrol_url} - SKIPPED MalwarePatrol ${malwarepatrol_db} update" fi if [ "$malwarepatrol_db_update" != "1" ] ; then xshok_pretty_echo_and_log "No updated MalwarePatrol ${malwarepatrol_db} database file" "-" fi if [ "$malwarepatrol_updates" != "1" ] ; then xshok_pretty_echo_and_log "No MalwarePatrol database file updates" "-" fi else xshok_pretty_echo_and_log "MalwarePatrol Database File Updates" "=" xshok_draw_time_remaining "$((update_interval - time_interval))" "$malwarepatrol_update_hours" "malwarepatrol" fi fi fi else if [ -n "$malwarepatrol_dbs" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled MalwarePatrol Database files" if [ -r "${work_dir_malwarepatrol}/${malwarepatrol_db}" ] ; then xshok_pretty_echo_and_log "Removing ${work_dir_malwarepatrol}/${malwarepatrol_db}" rm -f "${work_dir_malwarepatrol}/${malwarepatrol_db}" do_clamd_reload=1 fi if [ -r "${clam_dbs}/${malwarepatrol_db}" ] ; then xshok_pretty_echo_and_log "Removing ${clam_dbs}/${malwarepatrol_db}" rm -f "${clam_dbs}/${malwarepatrol_db}" do_clamd_reload=1 fi fi fi fi ############################################################################################################################################## # Check for updated urlhaus database files every set number of hours as defined in the "USER CONFIGURATION" section of this script ############################################################################################################################################## if [ "$urlhaus_enabled" == "yes" ] ; then if [ -n "${urlhaus_dbs[0]}" ] ; then if [ ${#urlhaus_dbs} -lt 1 ] ; then xshok_pretty_echo_and_log "Failed urlhaus_dbs config is invalid or not defined - SKIPPING" else rm -f "${work_dir_urlhaus}/*.gz" if [ -r "${work_dir_work_configs}/last-urlhaus-update.txt" ] ; then last_urlhaus_update="$(cat "${work_dir_work_configs}/last-urlhaus-update.txt")" else last_urlhaus_update="0" fi db_file="" loop="" update_interval="$((urlhaus_update_hours * 3600))" time_interval="$((current_time - last_urlhaus_update))" if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then echo "$current_time" > "${work_dir_work_configs}/last-urlhaus-update.txt" xshok_pretty_echo_and_log "URLhaus Database File Updates" "=" xshok_pretty_echo_and_log "Checking for urlhaus updates..." urlhaus_updates="0" for db_file in "${urlhaus_dbs[@]}" ; do if echo "$db_file" | $grep_bin -q "/" ; then yr_dir="/$(echo "$db_file" | cut -d "/" -f 1)" db_file="$(echo "$db_file" | cut -d "/" -f 2)" else yr_dir="" fi if [ "$loop" == "1" ] ; then xshok_pretty_echo_and_log "---" fi xshok_pretty_echo_and_log "Checking for updated urlhaus database file: ${db_file}" urlhaus_db_update="0" if xshok_file_download "${work_dir_urlhaus}/${db_file}" "${urlhaus_url}/${db_file}" ; then loop="1" if ! cmp -s "${work_dir_urlhaus}/${db_file}" "${clam_dbs}/${db_file}" ; then db_ext="${db_file#*.}" xshok_pretty_echo_and_log "Testing updated urlhaus database file: ${db_file}" if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then if $clamscan_bin --quiet -d "${work_dir_urlhaus}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports urlhaus ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports urlhaus ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_urlhaus}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_urlhaus}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${work_dir_urlhaus}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated urlhaus production database file: ${db_file}" urlhaus_updates=1 urlhaus_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update urlhaus production database file: ${db_file} - SKIPPING" fi else $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${work_dir_urlhaus}/${db_file}" > "${test_dir}/${db_file}" $clamscan_bin --infected --no-summary -d "${test_dir}/${db_file}" "$ham_dir"/* | command "$sed_bin" 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "${work_dir_work_configs}/whitelist.txt" $grep_bin -h -f "${work_dir_work_configs}/whitelist.txt" "${test_dir}/${db_file}" | cut -d "*" -f 2 | sort | uniq >> "${work_dir_work_configs}/whitelist.hex" $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${db_file}" > "${test_dir}/${db_file}-tmp" mv -f "${test_dir}/${db_file}-tmp" "${test_dir}/${db_file}" if $clamscan_bin --quiet -d "${test_dir}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports urlhaus ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports urlhaus ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_urlhaus}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_urlhaus}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${test_dir}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated urlhaus production database file: ${db_file}" urlhaus_updates=1 urlhaus_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update urlhaus production database file: ${db_file} - SKIPPING" fi fi fi else xshok_pretty_echo_and_log "WARNING: Failed connection to $urlhaus_url - SKIPPED urlhaus ${db_file} update" fi if [ "$urlhaus_db_update" != "1" ] ; then xshok_pretty_echo_and_log "No updated urlhaus ${db_file} database file" fi done if [ "$urlhaus_updates" != "1" ] ; then xshok_pretty_echo_and_log "No urlhaus database file updates" "-" fi else xshok_pretty_echo_and_log "URLhaus Database File Updates" "=" xshok_draw_time_remaining "$((update_interval - time_interval))" "$urlhaus_update_hours" "urlhaus" fi fi fi else if [ -n "${urlhaus_dbs[0]}" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled urlhaus Database files" for db_file in "${urlhaus_dbs[@]}" ; do if echo "$db_file" | $grep_bin -q "/" ; then db_file="$(echo "$db_file" | cut -d "/" -f 2)" fi if echo "$db_file" | $grep_bin -q "|" ; then db_file="${db_file%|*}" fi if [ -r "${work_dir_urlhaus}/${db_file}" ] ; then rm -f "${work_dir_urlhaus}/${db_file}" do_clamd_reload="1" fi if [ -r "${clam_dbs}/${db_file}" ] ; then rm -f "${clam_dbs}/${db_file}" do_clamd_reload=1 fi done fi fi fi ############################################################################################################################################## # Check for updated yararulesproject database files every set number of hours as defined in the "USER CONFIGURATION" section of this script ############################################################################################################################################## if [ "$yararulesproject_enabled" == "yes" ] ; then if [ -n "${yararulesproject_dbs[0]}" ] ; then if [ ${#yararulesproject_dbs} -lt 1 ] ; then xshok_pretty_echo_and_log "Failed yararulesproject_dbs config is invalid or not defined - SKIPPING" else rm -f "${work_dir_yararulesproject}/*.gz" if [ -r "${work_dir_work_configs}/last-yararulesproject-update.txt" ] ; then last_yararulesproject_update="$(cat "${work_dir_work_configs}/last-yararulesproject-update.txt")" else last_yararulesproject_update="0" fi db_file="" loop="" update_interval="$((yararulesproject_update_hours * 3600))" time_interval="$((current_time - last_yararulesproject_update))" if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then echo "$current_time" > "${work_dir_work_configs}/last-yararulesproject-update.txt" xshok_pretty_echo_and_log "Yara-Rules Database File Updates" "=" xshok_pretty_echo_and_log "Checking for yararulesproject updates..." yararulesproject_updates="0" for db_file in "${yararulesproject_dbs[@]}" ; do if echo "$db_file" | $grep_bin -q "/" ; then yr_dir="/$(echo "$db_file" | cut -d "/" -f 1)" db_file="$(echo "$db_file" | cut -d "/" -f 2)" else yr_dir="" fi if [ "$loop" == "1" ] ; then xshok_pretty_echo_and_log "---" fi xshok_pretty_echo_and_log "Checking for updated yararulesproject database file: ${db_file}" yararulesproject_db_update="0" if xshok_file_download "${work_dir_yararulesproject}/${db_file}" "$yararulesproject_url/$yr_dir/${db_file}" ; then loop="1" if ! cmp -s "${work_dir_yararulesproject}/${db_file}" "${clam_dbs}/${db_file}" ; then db_ext="${db_file#*.}" xshok_pretty_echo_and_log "Testing updated yararulesproject database file: ${db_file}" if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then if $clamscan_bin --quiet -d "${work_dir_yararulesproject}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports yararulesproject ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports yararulesproject ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_yararulesproject}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_yararulesproject}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${work_dir_yararulesproject}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated yararulesproject production database file: ${db_file}" yararulesproject_updates=1 yararulesproject_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update yararulesproject production database file: ${db_file} - SKIPPING" fi else $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${work_dir_yararulesproject}/${db_file}" > "${test_dir}/${db_file}" $clamscan_bin --infected --no-summary -d "${test_dir}/${db_file}" "$ham_dir"/* | command "$sed_bin" 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "${work_dir_work_configs}/whitelist.txt" $grep_bin -h -f "${work_dir_work_configs}/whitelist.txt" "${test_dir}/${db_file}" | cut -d "*" -f 2 | sort | uniq >> "${work_dir_work_configs}/whitelist.hex" $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${db_file}" > "${test_dir}/${db_file}-tmp" mv -f "${test_dir}/${db_file}-tmp" "${test_dir}/${db_file}" if $clamscan_bin --quiet -d "${test_dir}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports yararulesproject ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports yararulesproject ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_yararulesproject}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_yararulesproject}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${test_dir}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated yararulesproject production database file: ${db_file}" yararulesproject_updates=1 yararulesproject_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update yararulesproject production database file: ${db_file} - SKIPPING" fi fi fi else xshok_pretty_echo_and_log "WARNING: Failed connection to $yararulesproject_url - SKIPPED yararulesproject ${db_file} update" fi if [ "$yararulesproject_db_update" != "1" ] ; then xshok_pretty_echo_and_log "No updated yararulesproject ${db_file} database file" fi done if [ "$yararulesproject_updates" != "1" ] ; then xshok_pretty_echo_and_log "No yararulesproject database file updates" "-" fi else xshok_pretty_echo_and_log "Yara-Rules Database File Updates" "=" xshok_draw_time_remaining "$((update_interval - time_interval))" "$yararulesproject_update_hours" "yararulesproject" fi fi fi else if [ -n "${yararulesproject_dbs[0]}" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled yararulesproject Database files" for db_file in "${yararulesproject_dbs[@]}" ; do if echo "$db_file" | $grep_bin -q "/" ; then db_file="$(echo "$db_file" | cut -d "/" -f 2)" fi if echo "$db_file" | $grep_bin -q "|" ; then db_file="${db_file%|*}" fi if [ -r "${work_dir_yararulesproject}/${db_file}" ] ; then rm -f "${work_dir_yararulesproject}/${db_file}" do_clamd_reload="1" fi if [ -r "${clam_dbs}/${db_file}" ] ; then rm -f "${clam_dbs}/${db_file}" do_clamd_reload=1 fi done fi fi fi ############################################################################################################################################## # Check for updated additional database files every set number of hours as defined in the "USER CONFIGURATION" section of this script ############################################################################################################################################## if [ "$additional_enabled" == "yes" ] ; then if [ -n "$additional_dbs" ] ; then if [ ${#additional_dbs} -lt 1 ] ; then xshok_pretty_echo_and_log "Failed additional_dbs config is invalid or not defined - SKIPPING" else rm -f "${work_dir_add}/*.gz" if [ -r "${work_dir_work_configs}/last-additional-update.txt" ] ; then last_additional_update="$(cat "${work_dir_work_configs}/last-additional-update.txt")" else last_additional_update="0" fi db_file="" loop="" update_interval="$((additional_update_hours * 3600))" time_interval="$((current_time - last_additional_update))" if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then echo "$current_time" > "${work_dir_work_configs}/last-additional-update.txt" xshok_pretty_echo_and_log "Additional Database File Updates" "=" xshok_pretty_echo_and_log "Checking for additional updates..." additional_updates="0" for db_url in "${additional_dbs[@]}" ; do # Left for future dir manipulation # if echo "$db_file" | $grep_bin -q "/" ; then # add_dir="/$(echo "$db_file" | cut -d "/" -f 1)" # db_file="$(echo "$db_file" | cut -d "/" -f 2)" # else # add_dir="" # fi #cleanup any leading and trailing whitespace. db_url="$(echo -e "$db_url" | $sed_bin -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" db_file="$(basename "$db_url")" if [ "$loop" == "1" ] ; then xshok_pretty_echo_and_log "---" fi xshok_pretty_echo_and_log "Checking for updated additional database file: ${db_file}" additional_db_update="0" if [ "${db_url%:*}" == "rsync" ] ; then # shellcheck disable=SC2086 $rsync_bin $rsync_output_level $no_motd -ctuz $connect_timeout --timeout="$rsync_max_time" --exclude=*.txt --exclude=*.sha256 --exclude=*.sig --exclude=*.gz "$db_url" "$work_dir_add" 2>&13 ret="$?" else xshok_file_download "${work_dir_add}/${db_file}" "$db_url" ret="$?" fi # This needs enhancement for rsync, as it will only work with single files... # Maybe better to process each file inside work_dir_add in its own for loop. if [ "$ret" -eq 0 ] ; then loop="1" if ! cmp -s "${work_dir_add}/${db_file}" "${clam_dbs}/${db_file}" ; then db_ext="${db_file#*.}" xshok_pretty_echo_and_log "Testing updated additional database file: ${db_file}" if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then if $clamscan_bin --quiet -d "${work_dir_add}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports additional ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports additional ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_add}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_add}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${work_dir_add}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated additional production database file: ${db_file}" additional_updates=1 additional_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update additional production database file: ${db_file} - SKIPPING" fi else $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${work_dir_add}/${db_file}" > "${test_dir}/${db_file}" $clamscan_bin --infected --no-summary -d "${test_dir}/${db_file}" "$ham_dir"/* | command "$sed_bin" 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "${work_dir_work_configs}/whitelist.txt" if [[ "${work_dir_add}/${db_file}" == *.db ]] ; then $grep_bin -h -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${db_file}" | cut -d "=" -f 2 | awk '{ printf("=%s\n", $1);}' |sort | uniq >> "${work_dir_work_configs}/whitelist.hex-tmp" mv -f "${work_dir_work_configs}/whitelist.hex-tmp" "${work_dir_work_configs}/whitelist.hex" else $grep_bin -h -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${db_file}" | cut -d "=" -f 2 | sort | uniq >> "${work_dir_work_configs}/whitelist.hex-tmp" mv -f "${work_dir_work_configs}/whitelist.hex-tmp" "${work_dir_work_configs}/whitelist.hex" fi $grep_bin -h -v -f "${work_dir_work_configs}/whitelist.hex" "${test_dir}/${db_file}" > "${test_dir}/${db_file}-tmp" mv -f "${test_dir}/${db_file}-tmp" "${test_dir}/${db_file}" if $clamscan_bin --quiet -d "${test_dir}/${db_file}" "${work_dir_work_configs}/scan-test.txt" 2>&10 ; then xshok_pretty_echo_and_log "Clamscan reports additional ${db_file} database integrity tested good" true else xshok_pretty_echo_and_log "Clamscan reports additional ${db_file} database integrity tested BAD" if [ "$remove_bad_database" == "yes" ] ; then if rm -f "${work_dir_add}/${db_file}" ; then xshok_pretty_echo_and_log "Removed invalid database: ${work_dir_add}/${db_file}" fi fi false fi && (test "$keep_db_backup" = "yes" && cp -f -p "${clam_dbs}/${db_file}" "${clam_dbs}/${db}_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "${test_dir}/${db_file}" "$clam_dbs" 2>&13 ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/${db_file}" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/${db_file}" fi xshok_pretty_echo_and_log "Successfully updated additional production database file: ${db_file}" additional_updates=1 additional_db_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update additional production database file: ${db_file} - SKIPPING" fi fi fi else xshok_pretty_echo_and_log "WARNING: Failed connection to ${db_url} - SKIPPED additional ${db_file} update" fi if [ "$additional_db_update" != "1" ] ; then xshok_pretty_echo_and_log "No updated additional ${db_file} database file" fi done if [ "$additional_updates" != "1" ] ; then xshok_pretty_echo_and_log "No additional database file updates" "-" fi else xshok_pretty_echo_and_log "Additional Database File Updates" "=" xshok_draw_time_remaining "$((update_interval - time_interval))" "$additional_update_hours" "additionaldatabaseupdate" fi fi fi else if [ -n "$additional_dbs" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled additional Database files" for db_file in "${additional_dbs[@]}" ; do if echo "$db_file" | $grep_bin -q "/" ; then db_file="$(echo "$db_file" | cut -d "/" -f 2)" fi if [ -r "${work_dir_add}/${db_file}" ] ; then rm -f "${work_dir_add}/${db_file}" do_clamd_reload=1 fi if [ -r "${clam_dbs}/${db_file}" ] ; then rm -f "${clam_dbs}/${db_file}" do_clamd_reload=1 fi done fi fi fi ################################################### # Generate whitelists ################################################### # Check to see if the local.ign file exists, and if it does, check to see if any of the script # added bypass entries can be removed due to offending signature modifications or removals. if [ -r "${clam_dbs}/local.ign" ] && [ -s "${work_dir_work_configs}/monitor-ign.txt" ] ; then ign_updated=0 cd "$clam_dbs" || exit cp -f -p local.ign "${work_dir_work_configs}/local.ign" cp -f -p "${work_dir_work_configs}/monitor-ign.txt" "${work_dir_work_configs}/monitor-ign-old.txt" xshok_pretty_echo_and_log "" "=" "80" while read -r entry ; do sig_file="$(echo "$entry" | tr -d "\\r" | awk -F ":" '{print $1}')" sig_hex="$(echo "$entry" | tr -d "\\r" | awk -F ":" '{print $NF}')" sig_name_old="$(echo "$entry" | tr -d "\\r" | awk -F ":" '{print $3}')" sig_ign_old="$($grep_bin ":$sig_name_old" "${work_dir_work_configs}/local.ign")" sig_old="$(echo "$entry" | tr -d "\\r" | cut -d ":" -f 3-)" sig_new="$($grep_bin -hwF ":$sig_hex" "$sig_file" | tr -d "\\r" 2>/dev/null)" sig_mon_new="$($grep_bin -HwF -n ":$sig_hex" "$sig_file" | tr -d "\\r")" if [ -n "$sig_new" ] ; then if [ "$sig_old" != "$sig_new" ] || [ "$entry" != "$sig_mon_new" ] ; then sig_name_new="$(echo "$sig_new" | tr -d "\\r" | awk -F ":" '{print $1}')" sig_ign_new="$(echo "$sig_mon_new" | cut -d ":" -f 1-3)" perl -i -ne "print unless /$sig_ign_old/" "${work_dir_work_configs}/monitor-ign.txt" echo "$sig_mon_new" >> "${work_dir_work_configs}/monitor-ign.txt" perl -p -i -e "s/$sig_ign_old/$sig_ign_new/" "${work_dir_work_configs}/local.ign" xshok_pretty_echo_and_log "${sig_name_old} hexadecimal signature is unchanged, however signature name and/or line placement" xshok_pretty_echo_and_log "in ${sig_file} has changed to ${sig_name_new} - updated local.ign to reflect this change." ign_updated=1 fi else perl -i -ne "print unless /$sig_ign_old/" "${work_dir_work_configs}/monitor-ign.txt" "${work_dir_work_configs}/local.ign" xshok_pretty_echo_and_log "${sig_name_old} signature has been removed from ${sig_file}, entry removed from local.ign." ign_updated=1 fi done < "${work_dir_work_configs}/monitor-ign-old.txt" if [ "$ign_updated" == "1" ] ; then if $clamscan_bin --quiet -d "${work_dir_work_configs}/local.ign" "${work_dir_work_configs}/scan-test.txt" ; then if $rsync_bin -pcqt "${work_dir_work_configs}/local.ign" "$clam_dbs" ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/local.ign" perms chmod -f 0644 "${clam_dbs}/local.ign" "${work_dir_work_configs}/monitor-ign.txt" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/local.ign" fi do_clamd_reload=3 else xshok_pretty_echo_and_log "Failed to successfully update local.ign file - SKIPPING" fi else xshok_pretty_echo_and_log "Clamscan reports local.ign database integrity is bad - SKIPPING" fi else xshok_pretty_echo_and_log "No whitelist signature changes found in local.ign" "=" fi fi # Check to see if my-whitelist.ign2 file exists, and if it does, check to see if any of the script # added whitelist entries can be removed due to offending signature modifications or removals. if [ -r "${clam_dbs}/my-whitelist.ign2" ] && [ -s "${work_dir_work_configs}/tracker.txt" ] ; then ign2_updated=0 cd "$clam_dbs" || exit cp -f -p my-whitelist.ign2 "${work_dir_work_configs}/my-whitelist.ign2" xshok_pretty_echo_and_log "" "=" "80" touch "${work_dir_work_configs}/tracker-tmp.txt" while read -r entry ; do yaratest="$(echo "$entry" | cut -d "." -f 1)" shopt -s nocasematch if [ "$yaratest" != "YARA" ] ; then sig_file="$(echo "$entry" | cut -d ":" -f 1)" sig_full="$(echo "$entry" | cut -d ":" -f 2-)" sig_name="$(echo "$entry" | cut -d ":" -f 2)" if ! $grep_bin -F "$sig_full" "$sig_file" > /dev/null 2>&1 ; then perl -i -ne "print unless /$sig_name$/" "${work_dir_work_configs}/my-whitelist.ign2" perl -i -ne "print unless /:$sig_name:/" "${work_dir_work_configs}/tracker-tmp.txt" xshok_pretty_echo_and_log "${sig_name} signature no longer exists in ${sig_file}, whitelist entry removed from my-whitelist.ign2" ign2_updated="1" fi fi done < "${work_dir_work_configs}/tracker.txt" if [ -f "${work_dir_work_configs}/tracker-tmp.txt" ] ; then mv -f "${work_dir_work_configs}/tracker-tmp.txt" "${work_dir_work_configs}/tracker.txt" fi xshok_pretty_echo_and_log "" "=" "80" if [ "$ign2_updated" == "1" ] ; then if $clamscan_bin --quiet -d "${work_dir_work_configs}/my-whitelist.ign2" "${work_dir_work_configs}/scan-test.txt" ; then if $rsync_bin -pcqt "${work_dir_work_configs}/my-whitelist.ign2" "$clam_dbs" ; then perms chown -f "${clam_user}:${clam_group}" "${clam_dbs}/my-whitelist.ign2" perms chmod -f 0644 "${clam_dbs}/my-whitelist.ign2" "${work_dir_work_configs}/tracker.txt" if [ "$selinux_fixes" == "yes" ] ; then restorecon "${clam_dbs}/my-whitelist.ign2" restorecon "${work_dir_work_configs}/tracker.txt" fi do_clamd_reload=4 else xshok_pretty_echo_and_log "Failed to successfully update my-whitelist.ign2 file - SKIPPING" fi else xshok_pretty_echo_and_log "Clamscan reports my-whitelist.ign2 database integrity is bad - SKIPPING" fi else xshok_pretty_echo_and_log "No whitelist signature changes found in my-whitelist.ign2" fi fi # Check for non-matching whitelist.hex signatures and remove them from the whitelist file (signature modified or removed). if [ -n "$ham_dir" ] ; then if [ -r "${work_dir_work_configs}/whitelist.hex" ] ; then $grep_bin -h -f "${work_dir_work_configs}/whitelist.hex" "$work_dir"/*/*.ndb | cut -d "*" -f 2 | tr -d "\\r" | sort | uniq > "${work_dir_work_configs}/whitelist.tmp" $grep_bin -h -f "${work_dir_work_configs}/whitelist.hex" "$work_dir"/*/*.db | cut -d "=" -f 2 | awk '{ printf("=%s\n", $1);}' | sort | uniq >> "${work_dir_work_configs}/whitelist.tmp" mv -f "${work_dir_work_configs}/whitelist.tmp" "${work_dir_work_configs}/whitelist.hex" rm -f "${work_dir_work_configs}/whitelist.txt" rm -f "${test_dir}/*.*" xshok_pretty_echo_and_log "WARNING: Signature(s) triggered on HAM directory scan - signature(s) removed" else xshok_pretty_echo_and_log "No signatures triggered on HAM directory scan" "=" fi fi # Set appropriate directory and file permissions to all production signature files # and set file access mode to 0644 on all working directory files. if [ "$setmode" == "yes" ] ; then xshok_pretty_echo_and_log "Setting permissions and ownership" "=" perms chown -f -R "${clam_user}:${clam_group}" "$work_dir" if ! find "$work_dir" -type f -exec chmod -f 0644 "{}" "+" 2>/dev/null ; then if ! find "$work_dir" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then find "$work_dir" -type f -exec chmod -f 0644 "{}" ";" fi fi # If enabled, set file access mode for all production signature database files to 0644. perms chown -f -R "${clam_user}:${clam_group}" "$clam_dbs" if ! find "$clam_dbs" -type f -exec chmod -f 0644 "{}" "+" 2>/dev/null ; then if ! find "$clam_dbs" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then find "$clam_dbs" -type f -exec chmod -f 0644 "{}" ";" fi fi fi # Reload all clamd databases clamscan_reload_dbs xshok_pretty_echo_and_log "Issue tracker : https://github.com/extremeshok/clamav-unofficial-sigs/issues" "-" if [ "$allow_update_checks" != "no" ] ; then if [ -r "${work_dir_work_configs}/last-version-check.txt" ] ; then last_version_check="$(cat "${work_dir_work_configs}/last-version-check.txt")" else last_version_check="0" fi db_file="" update_check_interval="$((update_check_hours * 3600))" time_interval="$((current_time - last_version_check))" if [ "$time_interval" -ge $((update_check_interval - 600)) ] ; then echo "$current_time" > "${work_dir_work_configs}/last-version-check.txt" if xshok_is_root ; then perms chown -f "${clam_user}:${clam_group}" "${work_dir_work_configs}/last-version-check.txt" fi check_new_version fi fi xshok_cleanup # Set the permission of the log file, to fix any permission errors, this is done to fix cron errors after running the script as root. if xshok_is_root ; then if [ "$enable_log" == "yes" ] ; then # check if the file is owned by root (the current user) if [ -O "${log_file_path}/${log_file_name}" ] ; then # checks the file is writable and a file (not a symlink/link) if [ -w "${log_file_path}/${log_file_name}" ] && [ -f "${log_file_path}/${log_file_name}" ] ; then perms chown -f "${clam_user}:${clam_group}" "${log_file_path}/${log_file_name}" fi fi fi fi # And lastly we exit, Note: the exit is always on the 2nd last line exit $? 0707010000001C000041ED000000000000000000000004605562B100000000000000000000000000000000000000000000002400000000clamav-unofficial-sigs-7.2.5/config0707010000001D000081A4000000000000000000000001605562B100008440000000000000000000000000000000000000003000000000clamav-unofficial-sigs-7.2.5/config/master.conf# This file contains master configuration settings for clamav-unofficial-sigs.sh ################################################################################ # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################################################################################ # # DO NOT EDIT THIS FILE !! DO NOT EDIT THIS FILE !! DO NOT EDIT THIS FILE !! # ################################################################################ # # SET YOUR CUSTOM OPTIONS AND SETTINGS IN THE user.conf # # os.conf (os.***.conf) AND user.conf OVERRIDES THE OPTIONS IN THIS FILE # ################################################################################ # Edit the quoted variables below to meet your own particular needs # and requirements, but do not remove the "quote" marks. # Set the appropriate ClamD user and group accounts for your system. # If you do not want the script to set user and group permissions on # files and directories, comment the next two variables. #clam_user="clamav" #clam_group="clamav" # If you do not want the script to change the file mode of all signature # database files in the ClamAV working directory to 0644 (-rw-r--r--): # # owner: read, write # group: read # world: read # # as defined in the "clam_dbs" path variable below, then set the following # "setmode" variable to "no". setmode="yes" # Set path to ClamAV database files location. If unsure, check # your clamd.conf file for the "DatabaseDirectory" path setting. clam_dbs="/var/lib/clamav" # Set path to clamd.pid file (see clamd.conf for path location). clamd_pid="/var/run/clamav/clamd.pid" # To enable "ham" (non-spam) directory scanning and removal of # signatures that trigger on ham messages, uncomment the following # variable and set it to the appropriate ham message directory. #ham_dir="/var/lib/clamav-unofficial-sigs/ham-test" # If you would like to reload the clamd databases after an update, # change the following variable to "yes". reload_dbs="yes" # Custom Command to do a full clamd reload, this is only used when reload_dbs is enabled clamd_reload_opt="clamdscan --reload" # Top level working directory, script will attempt to create them. work_dir="/var/lib/clamav-unofficial-sigs" #Top level working directory # Log update information to '$log_file_path/$log_file_name'. logging_enabled="yes" log_file_path="/var/log/clamav-unofficial-sigs" log_file_name="clamav-unofficial-sigs.log" ## Use a program to log messages #log_pipe_cmd="/usr/bin/logger -it 'clamav-unofficial-sigs'" # ========================= # MalwarePatrol : https://www.malwarepatrol.net # MalwarePatrol 2016 (free) clamav signatures # # 1. Sign up for an account : https://www.malwarepatrol.net/free-guard-upgrade-option/ # 2. You will recieve an email containing your password/receipt number # 3. Login to your account at malwarePatrol # 4. In My Accountpage, choose the ClamAV list you will download. Free subscribers only get ClamAV Basic, commercial subscribers have access to ClamAV Extended. Do not use the agressive lists. # 5. In the download URL, you will see 3 parameters: receipt, product and list, enter them in the variables below. malwarepatrol_receipt_code="YOUR-RECEIPT-NUMBER" malwarepatrol_product_code="8" malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext # if the malwarepatrol_product_code is not 8, # the malwarepatrol_free is set to no (non-free) # set to no to enable the commercial subscription url, malwarepatrol_free="yes" malwarepatrol_db="malwarepatrol.db" # ========================= # Malware Expert : https://www.Malware Expert # Malware Expert 2020 (non-free) clamav signatures malwareexpert_serial_key="YOUR-SERIAL-KEY" # ========================= # SecuriteInfo : https://www.SecuriteInfo.com # SecuriteInfo 2015 free clamav signatures # # Usage of SecuriteInfo 2015 free clamav signatures : https://www.securiteinfo.com # - 1. Sign up for a free account : https://www.securiteinfo.com/clients/customers/signup # - 2. You will recieve an email to activate your account and then a followup email with your login name # - 3. Login and navigate to your customer account : https://www.securiteinfo.com/clients/customers/account # - 4. Click on the Setup tab # - 5. You will need to get your unique identifier from one of the download links, they are individual for every user # - 5.1. The 128 character string is after the http://www.securiteinfo.com/get/signatures/ # - 5.2. Example https://www.securiteinfo.com/get/signatures/your_unique_and_very_long_random_string_of_characters/securiteinfo.hdb # Your 128 character authorisation signature would be : your_unique_and_very_long_random_string_of_characters # - 6. Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER" # Enable if you have a commercial/premium/non-free subscription securiteinfo_premium="no" # ======================== # Database provider update time # ======================== # Since the database files are dynamically created, non default values can cause banning, change with caution additional_update_hours="4" # Default is 4 hours (6 downloads daily). interserver_update_hours="1" # Default is 2 hours (12 downloads daily). linuxmalwaredetect_update_hours="6" # Default is 6 hours (4 downloads daily). malwareexpert_update_hours="2" # Default is 2 hours (12 downloads daily). malwarepatrol_update_hours="24" # Default is 24 hours (1 downloads daily). sanesecurity_update_hours="2" # Default is 2 hours (12 downloads daily). securiteinfo_premium_update_hours="1" # Default is 1 hours (24 downloads daily). securiteinfo_update_hours="4" # Default is 4 hours (6 downloads daily). urlhaus_update_hours="1" # Default is 1 hours (24 downloads daily). yararulesproject_update_hours="24" # Default is 24 hours (1 downloads daily). # ======================== # Enabled Databases # ======================== # Set to no to disable an entire database, if the database is empty it will also be disabled. additional_enabled="yes" # Additional Databases interserver_enabled="yes" # interServer linuxmalwaredetect_enabled="yes" # Linux Malware Detect malwareexpert_enabled="yes" # Malware Expert malwarepatrol_enabled="yes" # Malware Patrol sanesecurity_enabled="yes" # Sanesecurity securiteinfo_enabled="yes" # SecuriteInfo urlhaus_enabled="yes" # urlhaus yararulesproject_enabled="yes" # Yara-Rule Project, automatically disabled if clamav is older than 0.100 and enable_yararules is disabled # Disabled by default ## Enabling this will also cause the yararulesproject to be enabled if they are det to enabled. enable_yararules="yes" #Enables yararules in the various databases, automatically disabled if clamav is older than 0.100 # ======================== # eXtremeSHOK Database format # ======================== # The new and old database formats are supported for backwards compatibility # # New Format Usage: # declare -a new_example_dbs=( # file.name|RATING #description # ) # # Rating (False Positive Rating) # valid ratings: # REQUIRED : always used # LOW : used when the rating is low, medium and high # MEDIUM : used when the rating is medium and high # HIGH : used when the rating is high # LOWONLY : used only when the rating is low # MEDIUMONLY : used only when the rating is medium # LOWMEDIUMONLY : used only when the rating is medium or low # DISABLED : never used, will automatically remove the present file # # Old Format is still supported, requiring you to comment out files to disable them # old_example_dbs=" # file.name #LOW description # " # Default dbs rating # valid rating: LOW, MEDIUM, HIGH, DISABLE default_dbs_rating="MEDIUM" # Per Database # These ratings will override the global rating for the specific database # valid ratings: LOW | MEDIUM | HIGH | DISABLE #linuxmalwaredetect_dbs_rating="" #sanesecurity_dbs_rating="" #securiteinfo_dbs_rating="" #urlhaus_dbs_rating="" #yararulesproject_dbs_rating="" # ======================== # Sanesecurity Database(s) # ======================== # Add or remove database file names between quote marks as needed. To # disable usage of any of the Sanesecurity distributed database files # shown, remove the database file name from the quoted section below. # Only databases defined as "low" risk have been enabled by default # for additional information about the database ratings, see: # http://www.sanesecurity.com/clamav/databases.htm # Only add signature databases here that are "distributed" by Sanesecuirty # as defined at the URL shown above. Database distributed by others sources # (e.g., SecuriteInfo & MalewarePatrol, can be added to other sections of # this config file below). Finally, make sure that the database names are # spelled correctly or you will experience issues when the script runs # (hint: all rsync servers will fail to download signature updates). declare -a sanesecurity_dbs=( # BEGIN SANESECURITY DATABASE ### SANESECURITY http://sanesecurity.com/usage/signatures/ ## REQUIRED, Do NOT disable sanesecurity.ftm|REQUIRED # Message file types, for best performance sigwhitelist.ign2|REQUIRED # Fast update file to whitelist any problem signatures # LOW blurl.ndb|LOW # Blacklisted full urls over the last 7 days, covering malware/spam/phishing. URLs added only when main signatures have failed to detect but are known to be "bad" junk.ndb|LOW # General high hitting junk, containing spam/phishing/lottery/jobs/419s etc jurlbl.ndb|LOW # Junk Url based malwarehash.hsb|LOW # Malware hashes without known Size phish.ndb|LOW # Phishing and Malware rogue.hdb|LOW # Malware, Rogue anti-virus software and Fake codecs etc. Updated hourly to cover the latest malware threats scam.ndb|LOW # Spam/scams spamattach.hdb|LOW # Spam Spammed attachments such as pdf/doc/rtf/zips spamimg.hdb|LOW # Spam images # MEDIUM badmacro.ndb|MEDIUM # Blocks dangerous macros embedded in Word/Excel/Xml/RTF/JS documents jurlbla.ndb|MEDIUM # Junk Url based autogenerated from various feeds lott.ndb|MEDIUM # Lottery shelter.ldb|MEDIUM # Phishing and Malware spam.ldb|MEDIUM # Spam detected using the new Logical Signature type spear.ndb|MEDIUM # Spear phishing email addresses (autogenerated from data here) spearl.ndb|MEDIUM # Spear phishing urls (autogenerated from data here) ### FOXHOLE http://sanesecurity.com/foxhole-databases/ # LOW foxhole_filename.cdb|LOW # See Foxhole page for more details foxhole_generic.cdb|LOW # See Foxhole page for more details # MEDIUM foxhole_js.cdb|MEDIUM # See Foxhole page for more details foxhole_js.ndb|MEDIUM # See Foxhole page for more details # HIGH foxhole_all.cdb|HIGH # See Foxhole page for more details foxhole_all.ndb|HIGH # See Foxhole page for more details foxhole_mail.cdb|HIGH # block any mail that contains a possible dangerous attachments such as: js, jse, exe, bat, com, scr, uue, ace, pif, jar, gz, lnk, lzh. ### OITC http://www.oitc.com/winnow/clamsigs/index.html ### Note: the two databases winnow_phish_complete.ndb and winnow_phish_complete_url.ndb should NOT be used together. # LOW winnow_bad_cw.hdb|LOW # md5 hashes of malware attachments acquired directly from a group of botnets winnow_extended_malware.hdb|LOW # contain hand generated signatures for malware winnow_malware_links.ndb|LOW # Links to malware winnow_malware.hdb|LOW # Current virus, trojan and other malware not yet detected by ClamAV. winnow_phish_complete_url.ndb|LOWMEDIUMONLY # Similar to winnow_phish_complete.ndb except that entire urls are used winnow.attachments.hdb|LOW # Spammed attachments such as pdf/doc/rtf/zip as well as malware crypted configs # MEDIUM winnow_extended_malware_links.ndb|MEDIUM # contain hand generated signatures for malware links winnow_spam_complete.ndb|MEDIUM # Signatures to detect fraud and other malicious spam winnow.complex.patterns.ldb|MEDIUM # contain hand generated signatures for malware and some egregious fraud # HIGH winnow_phish_complete.ndb|HIGH # Phishing and other malicious urls and compromised hosts **DO NOT USE WITH winnow_phish_complete_url** ### OITC YARA Format rules ### Note: Yara signatures require ClamAV 0.100 or newer to work winnow_malware.yara|DISABLED # Duplicated in EMAIL_Cryptowall.yar and no longer maintaned ### MiscreantPunch http://malwarefor.me/about/ ## MEDIUM MiscreantPunch099-Low.ldb|MEDIUM # ruleset contains comprehensive rules for detecting malicious or abnormal Macros, JS, HTA, HTML, XAP, JAR, SWF, and more. ## HIGH MiscreantPunch099-INFO-Low.ldb|HIGH # ruleset provides context to various files. Info and Suspicious level signatures may inform analysts of potentially interesting conditions that exist within a document. ### SCAMNAILER http://www.scamnailer.info/ # MEDIUM scamnailer.ndb|DISABLED # Spear phishing and other phishing emails, service has been discontinued https://github.com/extremeshok/clamav-unofficial-sigs/issues/365 ### BOFHLAND http://clamav.bofhland.org/ # LOW bofhland_cracked_URL.ndb|LOW # Spam URLs bofhland_malware_attach.hdb|LOW # Malware Hashes bofhland_malware_URL.ndb|LOW # Malware URLs bofhland_phishing_URL.ndb|LOW # Phishing URLs ### RockSecurity http://rooksecurity.com/ # LOW hackingteam.hsb|LOW # Hacking Team hashes based on work by rooksecurity.com ### Porcupine # LOW phishtank.ndb|LOW # Online and valid phishing urls from phishtank.com data feed porcupine.hsb|LOW # Sha256 Hashes of VBS and JSE malware, kept for 7 days porcupine.ndb|LOW # Brazilian e-mail phishing and malware signatures ### Sanesecurity YARA Format rules ### Note: Yara signatures require ClamAV 0.100 or newer to work Sanesecurity_sigtest.yara|LOW # Sanesecurity test signatures Sanesecurity_spam.yara|LOW # Detects Spam emails ) # END SANESECURITY DATABASES # ======================== # SecuriteInfo Database(s) # ======================== # Only active when you set your securiteinfo_authorisation_signature # Add or remove database file names between quote marks as needed. To # disable any SecuriteInfo database downloads, remove the appropriate # lines below. declare -a securiteinfo_dbs=( #START SECURITEINFO DATABASES ### Securiteinfo https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml ## REQUIRED, Do NOT disable securiteinfo.ign2|REQUIRED # Signature Whitelist # LOW javascript.ndb|LOW # Malwares Javascript securiteinfo.hdb|LOW # Malwares younger than 3 years. securiteinfoandroid.hdb|LOW # Malwares Java/Android Dalvik securiteinfoascii.hdb|LOW # Text file malwares (Perl or shell scripts, bat files, exploits, ...) securiteinfohtml.hdb|LOW # Malwares HTML securiteinfoold.hdb|LOW # Malwares older than 3 years. securiteinfopdf.hdb|LOW # Malwares PDF # HIGH spam_marketing.ndb|HIGH # Spam Marketing / spammer blacklist ) #END SECURITEINFO DATABASES # SECURITEINFO PREMIUM (NON-FREE) DATABASES declare -a securiteinfo_premium_dbs=( #START SECURITEINFO DATABASES securiteinfo.mdb|LOW # 0-day Malwares securiteinfo0hour.hdb|LOW # 0-Hour Malwares ) #END NON-FREE SECURITEINFO DATABASES # ======================== # LinuxMalwareDetect Database(s) # ======================== # Add or remove database file names between quote marks as needed. To # disable any LinuxMalwareDetect database downloads, remove the appropriate # lines below. declare -a linuxmalwaredetect_dbs=( ### Linux Malware Detect https://www.rfxn.com/projects/linux-malware-detect/ # LOW rfxn.ndb|LOW # HEX Malware detection signatures rfxn.hdb|LOW # MD5 Malware detection signatures rfxn.yara|LOW # Yara Malware detection signatures ) #END LINUXMALWAREDETECT DATABASES # ======================== # interServer Database(s) # ======================== # Add or remove database file names between quote marks as needed. To # disable any Malware Expert database downloads, remove the appropriate # lines below. declare -a interserver_dbs=( ## REQUIRED, Do NOT disable whitelist.fp|REQUIRED # found to be false positive malware # LOW interserver256.hdb|LOW # 100% known malware sha256 format # MEDIUM interservertopline.db|MEDIUM # inserts into files, manual cleaning HEX # HIGH shell.ldb|HIGH # 99.9% known malware using logical signatures ) #END Malware Expert DATABASES # ======================== # Malware Expert Database(s) # ======================== # Add or remove database file names between quote marks as needed. To # disable any Malware Expert database downloads, remove the appropriate # lines below. declare -a malwareexpert_dbs=( ## REQUIRED, Do NOT disable malware.expert.fp|REQUIRED # found to be false positive malware # LOW malware.expert.hdb|LOW # statics MD5 pattern for files # MEDIUM malware.expert.ldb|MEDIUM # which use multi-words search for malware in files malware.expert.ndb|MEDIUM # Generic Hex pattern PHP malware, which can cause false positive alarms ) #END Malware Expert DATABASES # ======================== # urlhaus Database(s) # ======================== # Add or remove database file names between quote marks as needed. To # disable any urlhaus database downloads, remove the appropriate # lines below. declare -a urlhaus_dbs=( ### urlhaus https://urlhaus.abuse.ch/browse/ # LOW urlhaus.ndb|LOW # malicious URLs that are being used for malware distribution ) #END URLHAUS DATABASES # ======================== # Yara Rules Project Database(s) # ======================== # Add or remove database file names between quote marks as needed. To # disable any Yara Rule database downloads, remove the appropriate # lines below. declare -a yararulesproject_dbs=( ### Yara Rules https://github.com/Yara-Rules/rules # # Some rules are now in sub-directories. To reference a file in a sub-directory # use subdir/file # LOW # Anti debug and anti virtualization techniques used by malware antidebug_antivm/antidebug_antivm.yar|DISABLED # (core dumped) # Aimed toward the detection and existence of Exploit Kits. exploit_kits/EK_Angler.yar|DISABLED # duplicated in rxfn.yara exploit_kits/EK_Blackhole.yar|DISABLED # duplicated in rxfn.yara exploit_kits/EK_BleedingLife.yar|LOW # duplicated in rxfn.yara exploit_kits/EK_Crimepack.yar|DISABLED # duplicated in rxfn.yara exploit_kits/EK_Eleonore.yar|DISABLED # duplicated in rxfn.yara exploit_kits/EK_Fragus.yar|DISABLED # duplicated in rxfn.yara exploit_kits/EK_Phoenix.yar|DISABLED # duplicated in rxfn.yara exploit_kits/EK_Sakura.yar|DISABLED # duplicated in rxfn.yara exploit_kits/EK_ZeroAcces.yar|DISABLED # duplicated in rxfn.yara exploit_kits/EK_Zerox88.yar|DISABLED # duplicated in rxfn.yara exploit_kits/EK_Zeus.yar|DISABLED # duplicated in rxfn.yara #Identification of well-known webshells webshells/WShell_APT_Laudanum.yar|DISABLED # duplicated in rxfn.yara webshells/WShell_ASPXSpy.yar|LOW webshells/WShell_Drupalgeddon2_icos.yar|LOW webshells/WShell_PHP_Anuna.yar|DISABLED # duplicated in rxfn.yara webshells/WShell_PHP_in_images.yar|DISABLED # duplicated in rxfn.yara webshells/WShell_THOR_Webshells.yar|DISABLED # duplicated in rxfn.yara webshells/Wshell_ChineseSpam.yar|DISABLED # duplicated in rxfn.yara webshells/Wshell_fire2013.yar|DISABLED # duplicated in rxfn.yara # MEDIUM # Identification of specific Common Vulnerabilities and Exposures (CVEs) cve_rules/CVE-2010-0805.yar|MEDIUM cve_rules/CVE-2010-0887.yar|MEDIUM cve_rules/CVE-2010-1297.yar|MEDIUM cve_rules/CVE-2012-0158.yar|MEDIUM cve_rules/CVE-2013-0074.yar|MEDIUM cve_rules/CVE-2013-0422.yar|MEDIUM cve_rules/CVE-2015-1701.yar|MEDIUM cve_rules/CVE-2015-2426.yar|MEDIUM cve_rules/CVE-2015-2545.yar|MEDIUM cve_rules/CVE-2015-5119.yar|MEDIUM cve_rules/CVE-2016-5195.yar|MEDIUM cve_rules/CVE-2017-11882.yar|MEDIUM cve_rules/CVE-2018-20250.yar|MEDIUM cve_rules/CVE-2018-4878.yar|MEDIUM # Identification of malicious e-mails. email/bank_rule.yar|MEDIUM email/EMAIL_Cryptowall.yar|MEDIUM email/Email_fake_it_maintenance_bulletin.yar|MEDIUM email/Email_quota_limit_warning.yar|MEDIUM email/email_Ukraine_BE_powerattack.yar|MEDIUM email/scam.yar|MEDIUM # Detect well-known software packers, that can be used by malware to hide itself. packers/JJencode.yar|DISABLED # Causes high CPU load with email attachments (images) https://github.com/extremeshok/clamav-unofficial-sigs/issues/362 # HIGH # Used with documents to find if they have been crafted to leverage malicious code. email/Email_generic_phishing.yar|HIGH maldocs/Maldoc_APT_OLE_JSRat.yar|HIGH maldocs/Maldoc_APT10_MenuPass.yar|HIGH maldocs/Maldoc_APT19_CVE-2017-0199.yar|HIGH maldocs/Maldoc_Contains_VBE_File.yar|HIGH maldocs/Maldoc_CVE_2017_11882.yar|HIGH maldocs/Maldoc_CVE_2017_8759.yar|HIGH maldocs/Maldoc_CVE-2017-0199.yar|HIGH maldocs/Maldoc_DDE.yar|HIGH maldocs/Maldoc_Dridex.yar|HIGH maldocs/Maldoc_hancitor_dropper.yar|HIGH maldocs/Maldoc_Hidden_PE_file.yar|HIGH maldocs/Maldoc_malrtf_ole2link.yar|HIGH maldocs/Maldoc_MIME_ActiveMime_b64.yar|HIGH maldocs/Maldoc_PDF.yar|HIGH maldocs/Maldoc_PowerPointMouse.yar|HIGH maldocs/maldoc_somerules.yar|HIGH maldocs/Maldoc_Suspicious_OLE_target.yar|HIGH maldocs/Maldoc_UserForm.yar|HIGH maldocs/Maldoc_VBA_macro_code.yar|HIGH maldocs/Maldoc_Word_2007_XML_Flat_OPC.yar|HIGH # Yara Rules aimed to detect well-known software packers, that can be used by malware to hide itself. packers/Javascript_exploit_and_obfuscation.yar|HIGH # DISABLED # NOT SUPPORTED OR CRASHING CLAMAV email/attachment.yar|DISABLED # detects all emails with attachments email/image.yar|DISABLED # detects all emails with images email/urls.yar|DISABLED # detects all emails with urls crypto/crypto_signatures.yar|DISABLED # detects all files which are encrypted # These files use module includes not supported by ClamAV packers/packer_compiler_signatures.yar|DISABLED packers/packer.yar|DISABLED packers/peid.yar|DISABLED antidebug_antivm|DISABLED ) #END yararulesproject DATABASES declare -a yararulesproject_dbs_catagories=( #LOW cve_rules|LOW exploit_kits|LOW malware|LOW webshells|LOW #MEDIUM email|MEDIUM maldocs|MEDIUM # HIGH capabilities|HIGH crypto|HIGH packers|HIGH ) # ========================= # Additional signature databases # ========================= # Additional signature databases can be specified here in the following # format: PROTOCOL://URL-or-IP/PATH/TO/FILE-NAME (use a trailing "/" in # place of the "FILE-NAME" to download all files from specified location, # but this *ONLY* works for files downloaded via rsync). For non-rsync # downloads, wget and curl is used. For download protocols supported by # wget and curl, see "man wget" and "man curl". # This also works well for locations that have many ClamAV # servers that use 3rd party signature databases, as only one server need # download the remote databases, and all others can update from the local # mirrors copy. See format examples below. To use, remove the comments # and examples shown and add your own sites between the quote marks. #declare -a additional_dbs=( # rsync://192.168.1.50/new-db/sigs.hdb # rsync://rsync.example.com/all-dbs/ # ftp://ftp.example.net/pub/sigs.ndb # http://www.example.org/sigs.ldb #) #END ADDITIONAL DATABASES # ================================================== # ================================================== # D E B U G O P T I O N S # ================================================== # ================================================== # Enable debugging, will cause all options below to enable debug="no" # Causes the xshok_file_download function to be verbose, used for debugging downloader_debug="no" # Causes clamscan signature test errors to be vebose clamscan_debug="no" # Causes curl errors to be vebose curl_debug="no" # Causes wget errors to be vebose wget_debug="no" # Causes rsync errors to be vebose rsync_debug="no" # ================================================== # ================================================== # A D V A N C E D O P T I O N S # ================================================== # ================================================== # Branch for update checking, default: master git_branch="master" # Enable support for script and master.conf upgrades # enbles the --upgrade command line option # packagers, if required please disable or set this option to no in the os.conf allow_upgrades="yes" # Enable support for script and master.conf update checks # packagers, if required please disable or set this option to no in the os.conf allow_update_checks="yes" # How often the script should check for updates update_check_hours="12"# Default is 12 hours (2 checks daily). # Enable or disable download time randomization. This allows the script to # be executed via cron, but the actual database file checking will pause # for a random number of seconds between the "min" and "max" time settings # specified below. This helps to more evenly distribute load on the host # download sites. To disable, set the following variable to "no". enable_random="yes" # Enable to prevent issues with multiple instances running # To disable, set the following variable to "no". enable_locking="yes" # If download time randomization is enabled above (enable_random="yes"), # then set the min and max radomization time intervals (in seconds). max_sleep_time="600" # Default maximum is 600 seconds (10 minutes). min_sleep_time="60" # Default minimum is 60 seconds (1 minute). # Command to do a full clamd service stop/start #clamd_restart_opt="service clamd restart" # Custom Command Paths, these are detected with the which command when not set #clamscan_bin="/usr/bin/clamscan" #curl_bin="/usr/bin/curl" #gpg_bin="/usr/bin/gpg" #rsync_bin="/usr/bin/rsync" #tar_bin="/usr/bin/tar" #uname_bin="/usr/bin/uname" #wget_bin="/usr/bin/wget" #dig_bin="usr/bin/dig" #host_bin="/usr/bin/host" # force wget, by default curl is used when curl and wget is present. force_wget="no" # force host, by default dig is used when dig and host is present. force_host="no" # GnuPG / Signature verification # To disable usage of gpg, set the following variable to "no". # If gpg_bin cannot be found, enable_gpg will automatically disable enable_gpg="yes" # If running clamd in "LocalSocket" mode (*NOT* in TCP/IP mode), and # either "SOcket Cat" (socat) or the "IO::Socket::UNIX" perl module # are installed on the system, and you want to report whether clamd # is running or not, uncomment the "clamd_socket" variable below (you # will be warned if neither socat nor IO::Socket::UNIX are found, but # the script will still run). You will also need to set the correct # path to your clamd socket file (if unsure of the path, check the # "LocalSocket" setting in your clamd.conf file for socket location). #clamd_socket="/tmp/clamd.socket" # Set rsync connection and data transfer timeout limits in seconds. # The defaults settings here are reasonable, only change if you are # experiencing timeout issues. rsync_connect_timeout="60" rsync_max_time="180" # HTTPS validation # Uncomment to allow and ignore SSL errors leading to insecure transfers # downloader_ignore_ssl_errors="yes" # Default is "no" # Set downloader connection, data transfer timeout limits in seconds. # The defaults settings here are reasonable, only change if you are # experiencing timeout issues. downloader_connect_timeout="60" downloader_max_time="1800" # Set downloader retry count for failed transfers downloader_tries="5" # Set working directory paths (edit to meet your own needs). If these # directories do not exist, the script will attempt to create them. # Always located inside the work_dir, do not add / # Sub-directory names: add_dir="dbs-add" # User defined databases sub-directory gpg_dir="gpg-key" # Sanesecurity GPG Key sub-directory interserver_dir="dbs-is" # interServer sub-directory linuxmalwaredetect_dir="dbs-lmd" # Linux Malware Detect sub-directory malwareexpert_dir="dbs-me" # Malware Expert sub-directory malwarepatrol_dir="dbs-mbl" # MalwarePatrol sub-directory pid_dir="pid" # User defined pid sub-directory sanesecurity_dir="dbs-ss" # Sanesecurity sub-directory securiteinfo_dir="dbs-si" # SecuriteInfo sub-directory urlhaus_dir="dbs-uh" # urlhaus sub-directory work_dir_configs="configs" # Script configs sub-directory yararulesproject_dir="dbs-yara" # Yara-Rules sub-directory # If you would like to make a backup copy of the current running database # file before updating, leave the following variable set to "yes" and a # backup copy of the file will be created in the production directory # with -bak appended to the file name. keep_db_backup="no" # When a database integrity has tested BAD, the failed database will be removed. remove_bad_database="yes" # When a database is disabled we will remove the associated database files. remove_disabled_databases="yes" # Default is "yes" # Enable SELinux fixes, ie. running restorecon on the database files. # **Run the following command as root to enable clamav selinux support** # setsebool -P antivirus_can_scan_system true # selinux_fixes="no" # Default is "no" ignore ssl errors and warnings # Proxy Support # If necessary to proxy database downloads, define the rsync, curl, wget, dig, hosr proxy settings here. #rsync_proxy="username:password@proxy_host:proxy_port" # Define rsync to use netcat for socks tunnel #rsync_connect_prog="nc -X 5 -x socksproxy_host:socksproxy_port %H 873" #curl_proxy="--proxy http://username:password@proxy_host:proxy_port" #wget_proxy="-e http_proxy=http://username:password@proxy_host:proxy_port -e https_proxy=https://username:password@proxy_host:proxy_port" #dig_proxy="@proxy_host -p proxy_host:proxy_port" #host_proxy="@proxy_host" #does not support port # Custom Cron install settings, these are detected and only used if you want to override # the automatic detection and generation of the values when not set, this is mainly to aid package maintainers #cron_bash="" #default: detected with the which command #cron_dir="" #default: /etc/cron.d #cron_filename="" #default: clamav-unofficial-sigs #cron_minute="" #default: random value between 0-59 #cron_script_full_path="" #default: detected to the fullpath of the script #cron_sudo="no" #default no, yes will append sudo -u before the username #cron_user="" #default: uses the clam_user # Custom logrotate install settings, these are detected and only used if you want to override # the automatic detection and generation of the values when not set, this is mainly to aid package maintainers #logrotate_dir="" #default: /etc/logrotate.d #logrotate_filename="" #default: clamav-unofficial-sigs #logrotate_group="" #default: uses the clam_group #logrotate_log_file_full_path="" #default: detected to the $log_file_path/$log_file_name #logrotate_user="" #default: uses the clam_user # Custom man install settings, these are detected and only used if you want to override # the automatic detection and generation of the values when not set, this is mainly to aid package maintainers #man_dir="" #default: /usr/share/man/man8 #man_filename="" #default: clamav-unofficial-sigs.8 # Provided two variables that package and port maintainers can use in order to # prevent the script from removing itself with the '-r' flag # If the script was installed via a package manager like yum, apt, pkg, etc. # The script will instead provide feedback to the user about how to uninstall the package. #pkg_mgr="" #the package manager name #pkg_rm="" #the package manager command to remove the script # Custom full working directory paths, these are detected and only used if you want to override # the automatic detection and generation of the values when not set, this is mainly to aid package maintainers #work_dir_add="" #default: uses work_dir/add_dir #work_dir_gpg="" #default: uses work_dir/gpg_dir #work_dir_interserver="" #default: uses work_dir/interserver_dir #work_dir_linuxmalwaredetect="" #default: uses work_dir/linuxmalwaredetect_dir #work_dir_malwareexpert="" #default: uses work_dir/malwareexpert_dir #work_dir_malwarepatrol="" #default: uses work_dir/malwarepatrol_dir #work_dir_pid="" #default: uses work_dir/pid_dir #work_dir_sanesecurity="" #default: uses work_dir/sanesecurity_dir #work_dir_securiteinfo="" #default: uses work_dir/securiteinfo_dir #work_dir_urlhaus="" #default: uses work_dir/urlhaus_dir #work_dir_work_configs="" #default: uses work_dir/work_dir_configs #work_dir_yararulesproject="" #default: uses work_dir/yararulesproject_dir # ======================== # After you have completed the configuration of this file, set the value to "yes" user_configuration_complete="no" # ======================== # DO NOT EDIT ! # Database provider URLs interserver_url="https://sigs.interserver.net" linuxmalwaredetect_sigpack_url="https://cdn.rfxn.com/downloads/maldet-sigpack.tgz" linuxmalwaredetect_version_url="https://cdn.rfxn.com/downloads/maldet.sigs.ver" malwareexpert_url="https://signatures.malware.expert" malwarepatrol_url="https://lists.malwarepatrol.net/cgi/getfile" sanesecurity_gpg_url="https://www.sanesecurity.com/publickey.gpg" sanesecurity_url="rsync.sanesecurity.net" securiteinfo_url="https://www.securiteinfo.com/get/signatures" urlhaus_url="https://urlhaus.abuse.ch/downloads" yararulesproject_url="https://raw.githubusercontent.com/Yara-Rules/rules/master" # ======================== # DO NOT EDIT ! config_version="97" ################################################################################ # # DO NOT EDIT THIS FILE !! DO NOT EDIT THIS FILE !! DO NOT EDIT THIS FILE !! # ################################################################################ # https://eXtremeSHOK.com ###################################################### 0707010000001E000041ED000000000000000000000002605562B100000000000000000000000000000000000000000000002700000000clamav-unofficial-sigs-7.2.5/config/os0707010000001F000081A4000000000000000000000001605562B100000491000000000000000000000000000000000000003600000000clamav-unofficial-sigs-7.2.5/config/os/os.alpine.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Alpine clam_user="clamav" clam_group="clamav" logrotate_group="adm" clam_dbs="/var/lib/clamav" clamd_pid="/run/clamav/clamd.pid" clamd_restart_opt="/usr/bin/clamdscan --reload" /usr/bin/clamdscan --reload clamd_socket="/run/clamav/clamd.ctl" # https://eXtremeSHOK.com ###################################################### 07070100000020000081A4000000000000000000000001605562B100000597000000000000000000000000000000000000003900000000clamav-unofficial-sigs-7.2.5/config/os/os.archlinux.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file # DO NOT MAKE ANY CHANGES to this file. # Use user.conf to OVERRIDE THE OPTIONS IN THIS FILE ################################################################################ # Archlinux specific settings clam_user="clamav" clam_group="clamav" clamd_pid="/run/clamav/clamd.pid" clamd_reload_opt="/usr/bin/systemctl reload clamav-daemon.service" clamd_restart_opt="/usr/bin/systemctl restart clamav-daemon.service" clamd_socket="/run/clamav/clamd.ctl" clam_dbs="/var/lib/clamav" pkg_mgr="pacman" pkg_rm="pacman" # defaults are now good enough to run out-of-box user_configuration_complete="yes" # https://eXtremeSHOK.com ###################################################### 07070100000021000081A4000000000000000000000001605562B100000541000000000000000000000000000000000000003600000000clamav-unofficial-sigs-7.2.5/config/os/os.centos.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # RHEL/CentOS 7+, using ClamAV packages from EPEL clam_user="clamupdate" clam_group="clamupdate" clam_dbs="/var/lib/clamav" clamd_pid="/var/run/clamd.scan/clamd.pid" clamd_restart_opt="systemctl restart clamd@scan" #clamd_socket="/var/run/clamd.scan/clamd.sock" clamd_reload_opt="clamdscan --config-file=/etc/clamd.d/scan.conf --reload" # By default clamupdate has no permissions to run service restarts reload_dbs="no" # https://eXtremeSHOK.com ###################################################### 07070100000022000081A4000000000000000000000001605562B1000004C0000000000000000000000000000000000000003E00000000clamav-unofficial-sigs-7.2.5/config/os/os.centos6-cpanel.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # RHEL/CentOS 6 with cPanel clam_user="clam" clam_group="clam" clam_dbs="/usr/local/cpanel/3rdparty/share/clamav" clamd_pid="/var/run/clamav/clamd.pid" clamd_restart_opt="/sbin/service clamd reload" #clamd_socket="/var/run/clamd.socket" clamscan_bin="/usr/local/cpanel/3rdparty/bin/clamscan" # https://eXtremeSHOK.com ###################################################### 07070100000023000081A4000000000000000000000001605562B100000464000000000000000000000000000000000000003700000000clamav-unofficial-sigs-7.2.5/config/os/os.centos6.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # RHEL/CentOS 6 clam_user="clam" clam_group="clam" clam_dbs="/var/lib/clamav" clamd_pid="/var/run/clamav/clamd.pid" clamd_restart_opt="/sbin/service clamd reload" #clamd_socket="/var/run/clamd.socket" # https://eXtremeSHOK.com ###################################################### 07070100000024000081A4000000000000000000000001605562B1000004CC000000000000000000000000000000000000003E00000000clamav-unofficial-sigs-7.2.5/config/os/os.centos7-atomic.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # RHEL/CentOS 7, using ClamAV packages from EPEL clam_user="clamav" clam_group="clamav" clam_dbs="/var/clamav" #clamd_pid="/var/run/clamd.scan/clamd.pid" clamd_restart_opt="systemctl restart clamd" clamd_socket="/tmp/clamd.sock" clamd_reload_opt="clamdscan --config-file=/etc/clamd.d/scan.conf --reload" # https://eXtremeSHOK.com ###################################################### 07070100000025000081A4000000000000000000000001605562B100000472000000000000000000000000000000000000003E00000000clamav-unofficial-sigs-7.2.5/config/os/os.centos7-cpanel.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # RHEL/CentOS 7 with cPanel clam_user="clamav" clam_group="clamav" clam_dbs="/usr/local/cpanel/3rdparty/share/clamav" clamd_pid="/run/clamd.pid" clamd_restart_opt="systemctl restart clamd" clamd_socket="/var/clamd" # https://eXtremeSHOK.com ###################################################### 07070100000026000081A4000000000000000000000001605562B1000004A0000000000000000000000000000000000000003600000000clamav-unofficial-sigs-7.2.5/config/os/os.debian.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Debian 9+ (stretch, buster) clam_user="clamav" clam_group="clamav" logrotate_group="adm" clam_dbs="/var/lib/clamav" clamd_pid="/run/clamav/clamd.pid" #systemd. clamd_restart_opt="systemctl restart clamav-daemon.service" #clamd_socket="/run/clamav/clamd.ctl" # https://eXtremeSHOK.com ###################################################### 07070100000027000081A4000000000000000000000001605562B100000482000000000000000000000000000000000000003700000000clamav-unofficial-sigs-7.2.5/config/os/os.debian7.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Debian 7 (wheezy) clam_user="clamav" clam_group="clamav" logrotate_group="adm" clam_dbs="/var/lib/clamav" clamd_pid="/run/clamav/clamd.pid" clamd_restart_opt="service clamav-daemon restart" #clamd_socket="/run/clamav/clamd.ctl" # https://eXtremeSHOK.com ###################################################### 07070100000028000081A4000000000000000000000001605562B100000482000000000000000000000000000000000000003700000000clamav-unofficial-sigs-7.2.5/config/os/os.debian8.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Debian 8 (Jessie) clam_user="clamav" clam_group="clamav" logrotate_group="adm" clam_dbs="/var/lib/clamav" clamd_pid="/run/clamav/clamd.pid" clamd_restart_opt="service clamav-daemon restart" #clamd_socket="/run/clamav/clamd.ctl" # https://eXtremeSHOK.com ###################################################### 07070100000029000081A4000000000000000000000001605562B100000484000000000000000000000000000000000000003F00000000clamav-unofficial-sigs-7.2.5/config/os/os.debian8.systemd.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Debian 8 (Jessie) clam_user="clamav" clam_group="clamav" logrotate_group="adm" clam_dbs="/var/lib/clamav" clamd_pid="/run/clamav/clamd.pid" clamd_restart_opt="systemctl restart clamav-daemon" #clamd_socket="/run/clamav/clamd.ctl" # https://eXtremeSHOK.com ###################################################### 0707010000002A000081A4000000000000000000000001605562B1000004E7000000000000000000000000000000000000003600000000clamav-unofficial-sigs-7.2.5/config/os/os.fedora.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Fedora, using ClamAV packages from Fedora clam_user="clamupdate" clam_group="clamupdate" clam_dbs="/var/lib/clamav" clamd_pid="/var/run/clamd.scan/clamd.pid" clamd_restart_opt="systemctl restart clamd@scan" #clamd_socket="/var/run/clamd.scan/clamd.sock" clamd_reload_opt="clamdscan --config-file=/etc/clamd.d/scan.conf --reload" # https://eXtremeSHOK.com ###################################################### 0707010000002B000081A4000000000000000000000001605562B1000004D2000000000000000000000000000000000000003700000000clamav-unofficial-sigs-7.2.5/config/os/os.freebsd.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Requires gnu-sed (gsed) # FreeBSD 10+ clam_user="clamav" clam_group="clamav" clam_dbs="/var/db/clamav" clamd_pid="/var/run/clamav/clamd.pid" work_dir="/var/db/clamav-unofficial-sigs" log_file_path="/var/log/clamav" clamd_restart_opt="service clamav-clamd reload" #clamd_socket="/var/run/clamav/clamd.sock" # https://eXtremeSHOK.com ###################################################### 0707010000002C000081A4000000000000000000000001605562B10000048B000000000000000000000000000000000000003600000000clamav-unofficial-sigs-7.2.5/config/os/os.gentoo.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Gentoo clam_user="clamav" clam_group="clamav" clam_dbs="/var/lib/clamav" clamd_pid="/var/run/clamav/clamd.pid" clamd_restart_opt="clamdscan --reload" clamd_socket="/var/run/clamav/clamd.sock" allow_upgrades="no" allow_update_checks="no" # https://eXtremeSHOK.com ###################################################### 0707010000002D000081A4000000000000000000000001605562B1000005F9000000000000000000000000000000000000003500000000clamav-unofficial-sigs-7.2.5/config/os/os.macos.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Mac OS and OS X with clamav installed via homebrew # Requires gnu-sed (gsed) # Follow the installation Instructions: see the guide in the guides folder clam_user="clamav" # On some systems the clamgroup is "virusgroup" clam_group="clamav" clam_dbs="/usr/local/var/clamav/db" clamd_pid="/usr/local/var/clamav/run/clamd.pid" clamscan_bin="/usr/local/bin/clamscan" work_dir="/usr/local/var/clamav-unofficial-sigs" log_file_path="/usr/local/var/clamav/log" clamd_restart_opt="launchctl kickstart -k system/clamav.clamd" #clamd_socket="/tmp/clamd.socket" #gpg_bin="/usr/local/bin/gpg" enable_gpg="no" # https://eXtremeSHOK.com ###################################################### 0707010000002E000081A4000000000000000000000001605562B1000004CD000000000000000000000000000000000000003B00000000clamav-unofficial-sigs-7.2.5/config/os/os.mailcleaner.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Mailcleaner - Debian 8 (Jessie) PATH=$PATH:/opt/clamav/bin clam_user="clamav" clam_group="clamav" logrotate_group="adm" clam_dbs="/var/mailcleaner/spool/clamspam" clamd_pid="/var/mailcleaner/run/clamav/clamd.pid" clamd_restart_opt="/etc/init.d/mailcleaner restart" #clamd_socket="/run/clamav/clamd.ctl" # https://eXtremeSHOK.com ###################################################### 0707010000002F000081A4000000000000000000000001605562B1000004FC000000000000000000000000000000000000003700000000clamav-unofficial-sigs-7.2.5/config/os/os.openbsd.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Requires gnu-sed (gsed) # OpenBSD clam_user="_clamav" clam_group="_clamav" clam_dbs="/var/db/clamav" clamd_pid="/var/run/clamav/clamd.pid" work_dir="/var/db/clamav-unofficial-sigs" #ham_dir="/var/db/clamav-unofficial-sigs/ham-test" log_file_path="/var/clamav/log" clamd_restart_opt="rcctl restart clamd" #clamd_socket="/var/run/clamav/clamd.sock" # https://eXtremeSHOK.com ###################################################### 07070100000030000081A4000000000000000000000001605562B100000474000000000000000000000000000000000000003800000000clamav-unofficial-sigs-7.2.5/config/os/os.opensuse.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # OpenSUSE (Leap) clam_user="vscan" clam_group="vscan" clam_dbs="/var/lib/clamav" clamd_pid="/var/run/clamav/clamd.pid" clamd_restart_opt="systemctl restart clamd.service" #clamd_socket="/var/run/clamav/clamd-socket" # https://eXtremeSHOK.com ###################################################### 07070100000031000081A4000000000000000000000001605562B100000546000000000000000000000000000000000000003700000000clamav-unofficial-sigs-7.2.5/config/os/os.pfsense.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # pfSense 2.3 or newer (non embedded) # Requires gnu-sed (gsed) # Follow the installation Instructions: see the guide in the guides folder clam_user="clamav" clam_group="clamav" clam_dbs="/var/db/clamav" clamd_pid="/var/run/clamav/clamd.pid" work_dir="/var/db/clamav-unofficial-sigs" log_file_path="/var/log/clamav" clamd_restart_opt="service clamav-clamd reload" clamd_socket="/var/run/clamav/clamd.sock" enable_gpg="no" # https://eXtremeSHOK.com ###################################################### 07070100000032000081A4000000000000000000000001605562B100000493000000000000000000000000000000000000003800000000clamav-unofficial-sigs-7.2.5/config/os/os.raspbian.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Raspbian (based on Debian Jessie) clam_user="clamav" clam_group="clamav" logrotate_group="adm" clam_dbs="/var/lib/clamav" clamd_pid="/var/run/clamd.pid" clamd_restart_opt="service clamav-daemon restart" #clamd_socket="/var/run/clamav/clamd.ctl" # https://eXtremeSHOK.com ###################################################### 07070100000033000081A4000000000000000000000001605562B10000049B000000000000000000000000000000000000003900000000clamav-unofficial-sigs-7.2.5/config/os/os.slackware.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Slackware clam_user="clamav" clam_group="clamav" #clam_dbs="/var/lib/clamav" clam_dbs="/usr/local/share/clamav" clamd_pid="/var/run/clamav/clamd.pid" clamd_restart_opt="service clamd restart" #clamd_socket="/var/run/clamav/clamd.socket" cron_sudo="yes" # https://eXtremeSHOK.com ###################################################### 07070100000034000081A4000000000000000000000001605562B100000655000000000000000000000000000000000000003900000000clamav-unofficial-sigs-7.2.5/config/os/os.solaris10.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # # Basic guide to Installing ClamAV on Solaris 10 with gnugp # Run in Terminal # pkgadd -d http://get.opencsw.org/now # /opt/csw/bin/pkgutil -U # /opt/csw/bin/pkgutil -a clamav # /opt/csw/bin/pkgutil -y -i clamav # /opt/csw/bin/freshclam # /opt/csw/bin/pkgutil -y -i gnupg # Done! You can now use clamav. # Solaris 10 (SunOS 5.10) clamav via opencsw clam_user="clamav" # On some systems the clamgroup is "virusgroup" clam_group="clamav" clam_dbs="/var/opt/csw/clamav/db" clamd_pid="/var/run/clamd.pid" work_dir="/var/db/clamav-unofficial-sigs" log_file_path="/var/log" clamd_restart_opt="/opt/csw/bin/clamdscan --reload" clamscan_bin="/opt/csw/bin/clamscan" #clamd_socket="/tmp/clamd.socket" # https://eXtremeSHOK.com ###################################################### 07070100000035000081A4000000000000000000000001605562B100000654000000000000000000000000000000000000003900000000clamav-unofficial-sigs-7.2.5/config/os/os.solaris11.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # # Basic guide to Installing ClamAV on Solaris 11 # Run in Terminal # pkgadd -d http://get.opencsw.org/now # /opt/csw/bin/pkgutil -U # /opt/csw/bin/pkgutil -a clamav # /opt/csw/bin/pkgutil -y -i clamav # /opt/csw/bin/freshclam # Done! You can now use clamav. # optional: # export PATH=/opt/csw/bin:$PATH # Solaris 11 (SunOS 5.11) clamav via opencsw clam_user="clamav" # On some systems the clamgroup is "virusgroup" clam_group="clamav" clam_dbs="/var/opt/csw/clamav/db" clamd_pid="/var/run/clamd.pid" work_dir="/var/db/clamav-unofficial-sigs" log_file_path="/var/log" clamd_restart_opt="/opt/csw/bin/clamdscan --reload" clamscan_bin="/opt/csw/bin/clamscan" #clamd_socket="/tmp/clamd.socket" # https://eXtremeSHOK.com ###################################################### 07070100000036000081A4000000000000000000000001605562B100000461000000000000000000000000000000000000003600000000clamav-unofficial-sigs-7.2.5/config/os/os.ubuntu.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Ubuntu clam_user="clamav" clam_group="clamav" clam_dbs="/var/lib/clamav" clamd_pid="/var/run/clamd.pid" clamd_restart_opt="service clamav-daemon restart" #clamd_socket="/var/run/clamav/clamd.ctl" # https://eXtremeSHOK.com ###################################################### 07070100000037000081A4000000000000000000000001605562B100000502000000000000000000000000000000000000003600000000clamav-unofficial-sigs-7.2.5/config/os/os.zimbra.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Zimbra clam_user="zimbra" clam_group="zimbra" clam_dbs="/opt/zimbra/data/clamav/db" clamd_pid="/opt/zimbra/log/clamd.pid" work_dir="/opt/zimbra/data/clamav-unofficial-sigs" log_file_path="/opt/zimbra/log" clamd_reload_opt="/opt/zimbra/common/bin/clamdscan --config-file=/opt/zimbra/conf/clamd.conf --reload" clamscan_bin="/opt/zimbra/common/bin/clamscan" # https://eXtremeSHOK.com ###################################################### 07070100000038000041ED000000000000000000000002605562B100000000000000000000000000000000000000000000002E00000000clamav-unofficial-sigs-7.2.5/config/packaging07070100000039000081A4000000000000000000000001605562B100000693000000000000000000000000000000000000003E00000000clamav-unofficial-sigs-7.2.5/config/packaging/os.centos6.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Recommended Options for Packaging, this example applies to RHEL/CentOS # Disable Upgrades allow_upgrades="no" # Disable Update Checks allow_update_checks="no" # Provided two variables that package and port maintainers can use in order to # prevent the script from removing itself with the '-r' flag # If the script was installed via a package manager like yum, apt, pkg, etc. # The script will instead provide feedback to the user about how to uninstall the package. pkg_mgr="yum" #the package manager name pkg_rm="yum erase clamav-unofficial-sigs" #the package manager command to remove the script # RHEL/CentOS 6 clam_user="clam" clam_group="clam" clam_dbs="/var/lib/clamav" clamd_pid="/var/run/clamav/clamd.pid" clamd_restart_opt="/sbin/service clamd try-restart" #clamd_socket="/var/run/clamd.socket" # https://eXtremeSHOK.com ###################################################### 0707010000003A000081A4000000000000000000000001605562B100000770000000000000000000000000000000000000003E00000000clamav-unofficial-sigs-7.2.5/config/packaging/os.centos7.conf# This file contains os configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Rename to os.conf to enable this file ################################################################################ # Recommended Options for Packaging, this example applies to RHEL/CentOS # Disable Upgrades allow_upgrades="no" # Disable Update Checks allow_update_checks="no" # Provided two variables that package and port maintainers can use in order to # prevent the script from removing itself with the '-r' flag # If the script was installed via a package manager like yum, apt, pkg, etc. # The script will instead provide feedback to the user about how to uninstall the package. pkg_mgr="yum" #the package manager name pkg_rm="yum erase clamav-unofficial-sigs" #the package manager command to remove the script # RHEL/CentOS 7, using ClamAV packages from EPEL clam_user="clamupdate" clam_group="clamupdate" clam_dbs="/var/lib/clamav" clamd_pid="/var/run/clamd.scan/clamd.pid" clamd_restart_opt="systemctl try-restart clamd@scan" #clamd_socket="/var/run/clamd.scan/clamd.sock" clamd_reload_opt="clamdscan --config-file=/etc/clamd.d/scan.conf --reload" # By default clamupdate has no permissions to run service restarts reload_dbs="no" # https://eXtremeSHOK.com ###################################################### 0707010000003B000081A4000000000000000000000001605562B100000D9F000000000000000000000000000000000000002E00000000clamav-unofficial-sigs-7.2.5/config/user.conf# This file contains user configuration settings for clamav-unofficial-sigs.sh ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLANATIONS ################################################################################ # Values in this file will always override those in the master.conf and os.conf files. # This is useful to specify your authorisation/receipt codes and to always force certain options. # Please note, it is your responsibility to manage the contents of this file. # Values provided here are just examples, feel free to use any values from the main config file. # When a database is disabled we will remove the associated database files. # remove_disabled_databases="yes" # Default is "yes" # Malware Expert 2020 (non-free) clamav signatures # set to no to enable the commercial subscription databases #malwareexpert_serial_key="YOUR-SERIAL-KEY" # set to no to enable the commercial subscription url #malwarepatrol_free="yes" #malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext # if the malwarepatrol_product_code is not 8 the malwarepatrol_free is set to no (non-free) #malwarepatrol_product_code="8" #malwarepatrol_receipt_code="YOUR-RECEIPT-NUMBER" #malwarepatrol_db="malwarepatrol.db" #securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER" # Enable if you have a commercial/premium/non-free subscription #securiteinfo_premium="yes" # Default dbs rating (Default: MEDIUM) # valid rating: LOW, MEDIUM, HIGH, DISABLE #default_dbs_rating="HIGH" # Per Database # These ratings will override the global rating for the specific database # valid rating: LOW, MEDIUM, HIGH, DISABLE #interserver_dbs_rating="HIGH" #linuxmalwaredetect_dbs_rating="HIGH" #malwareexpert_dbs_rating="HIGH" #sanesecurity_dbs_rating="HIGH" #securiteinfo_dbs_rating="HIGH" #urlhaus_dbs_rating="HIGH" #yararulesproject_dbs_rating="HIGH" # ========================= # Additional signature databases # ========================= #declare -a additional_dbs=( # ftp://ftp.example.net/pub/sigs.ndb # http://www.example.org/sigs.ldb #) #END ADDITIONAL DATABASES # Uncomment the following line to enable the script user_configuration_complete="yes" # HTTPS validation # Uncomment to allow and ignore SSL errors leading to insecure transfers # downloader_ignore_ssl_errors="yes" # Default is "no" # Proxy Support # If necessary to proxy database downloads, define the rsync, curl, wget, dig, hosr proxy settings here. #curl_proxy="--proxy http://username:password@proxy_host:proxy_port" #dig_proxy="@proxy_host -p proxy_host:proxy_port" #host_proxy="@proxy_host" #does not support port #rsync_proxy="username:password@proxy_host:proxy_port" # Define rsync to use netcat for socks tunnel #rsync_connect_prog="nc -X 5 -x socksproxy_host:socksproxy_port %H 873" #wget_proxy="-e http_proxy=http://username:password@proxy_host:proxy_port -e https_proxy=https://username:password@proxy_host:proxy_port" # https://eXtremeSHOK.com ###################################################### 0707010000003C000041ED000000000000000000000002605562B100000000000000000000000000000000000000000000002100000000clamav-unofficial-sigs-7.2.5/dev0707010000003D000081A4000000000000000000000001605562B100000871000000000000000000000000000000000000003400000000clamav-unofficial-sigs-7.2.5/dev/test_yara_rules.sh#!/bin/bash ################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # A small utility to check/verify Yara-Rules from https://github.com/Yara-Rules/rules ################# export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/musl/bin:$HOME/bin wget https://raw.githubusercontent.com/Yara-Rules/rules/master/index.yar -O /tmp/index.yar sed 's|include "./||g' /tmp/index.yar | sed 's|"||g' | sed -r ':a; s%(.*)/\*.*\*/%\1%; ta; /\/\*/ !b; N; ba' | sed '/^$/d' > /tmp/rules.yara echo "" > /tmp/empty-file while IFS= read -r line ; do if [ -n "$line" ] ; then # shellcheck disable=SC2086 sub_dir="${line/\/*}" mkdir -p "/tmp/yara/${sub_dir}" wget --quiet "https://raw.githubusercontent.com/Yara-Rules/rules/master/${line}" -O "/tmp/yara/${line}" output="$(clamscan --quiet --no-summary --database="/tmp/yara/${line}" /tmp/empty-file 2>&1)" ret="$?" if [ -n "$output" ] || [ "$ret" != "0" ] ; then echo "ERROR --- ${line} ---" else echo "--- ${line} ---" #echo "$ret" #echo "$output" fi fi done < "/tmp/rules.yara" # clamscan --database=antidebug_antivm.yar 2> scan.log # # egrep "yyerror()|yara" scan.log # check the errorlevel at this stage. # here is some testing code which identifies all rules in .yar file, checks for which ones are duplicated in rfxn.yara, then shows the name of the rules that are not duplicated.: # shellcheck disable=SC2062 grep -ah "^rule " /var/lib/clamav/*.yar|cut -d: -f1 >/tmp/rules; while read -r RULE; do grep -qF "$RULE" /var/lib/clamav/rfxn.yara||echo "$RULE"; done</tmp/rules # And this does the same check but outputs the names of the .yar files where the non-duplicated rules are found: # shellcheck disable=SC2062 grep -ah "^rule " /var/lib/clamav/*.yar|cut -d: -f1 >/tmp/rules; while read -r RULE; do grep -qF "$RULE" /var/lib/clamav/rfxn.yara||echo "$RULE"; done</tmp/rules|grep -Ff- /var/lib/clamav/*.yar 0707010000003E000041ED000000000000000000000002605562B100000000000000000000000000000000000000000000002400000000clamav-unofficial-sigs-7.2.5/guides0707010000003F000081A4000000000000000000000001605562B1000013BA000000000000000000000000000000000000002F00000000clamav-unofficial-sigs-7.2.5/guides/centos7.md# Basic guide to Installing and Updating on CentOS 7 Run the following as root # UPGRADE INSTRUCTIONS (version 7.0 +) ``` /usr/local/sbin/clamav-unofficial-sigs.sh --upgrade /usr/local/sbin/clamav-unofficial-sigs.sh --force ``` # UPGRADE INSTRUCTIONS (version 6.1 and below) ``` wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O /usr/local/sbin/clamav-unofficial-sigs.sh && chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O /etc/clamav-unofficial-sigs/master.conf /usr/local/sbin/clamav-unofficial-sigs.sh --force ``` # CLAMAV INSTALL INSTRUCTIONS ## Install Install epel ``` yum -y update yum -y install epel-release yum -y update ``` ## Install clamav ``` yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd ``` ## Configure SELinux to allow clamav ``` setsebool -P antivirus_can_scan_system 1 setsebool -P clamd_use_jit 1 ``` ## Configure clamav ``` sed -i '/^Example$/d' /etc/clamd.d/scan.conf sed -i -e 's|#LocalSocket /var/run/clamd.scan/clamd.sock|LocalSocket /var/run/clamd.scan/clamd.sock/g' /etc/clamd.d/scan.conf cat << EOF > /etc/tmpfiles.d/clamav.conf /var/run/clamd.scan 0755 clam clam EOF mv /usr/lib/systemd/system/clamd\@scan.service /usr/lib/systemd/system/clamd\@scan.old cat << EOF > /usr/lib/systemd/system/clamd\@scan.service # Run the clamd scanner [Unit] Description = clamd scanner (%i) daemon After = syslog.target nss-lookup.target network.target [Service] Type = simple ExecStart = /usr/sbin/clamd --foreground=yes Restart = on-failure IOSchedulingPriority = 7 CPUSchedulingPolicy = 5 Nice = 19 PrivateTmp = true MemoryLimit=500M CPUQuota=50% [Install] WantedBy = multi-user.target EOF systemctl daemon-reload ``` ## Configure Freshclam ``` sed -i '/^Example$/d' /etc/freshclam.conf sed -i '/REMOVE ME/d' /etc/sysconfig/freshclam cat << EOF > /usr/lib/systemd/system/clam-freshclam.service # Run the freshclam as daemon [Unit] Description = freshclam scanner After = network.target [Service] Type = forking ExecStart = /usr/bin/freshclam -d Restart = on-failure IOSchedulingPriority = 7 CPUSchedulingPolicy = 5 Nice = 19 PrivateTmp = true [Install] WantedBy = multi-user.target EOF systemctl daemon-reload freshclam systemctl enable clam-freshclam.service systemctl start clam-freshclam.service ``` ## Configure clamav ``` systemctl enable clamd@scan systemctl start clamd@scan systemctl status clamd@scan ``` ## Install Dependencies ``` yum -y install bind-utils rsync ``` # INSTALLATION INSTRUCTIONS ## Make sure you do not have the package installed via yum ``` yum erase -y clamav-unofficial-sigs ``` ## Install Run the following commands in shell (console/terminal) ``` mkdir -p /usr/local/sbin/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O /usr/local/sbin/clamav-unofficial-sigs.sh && chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh mkdir -p /etc/clamav-unofficial-sigs/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O /etc/clamav-unofficial-sigs/master.conf wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/user.conf -O /etc/clamav-unofficial-sigs/user.conf ``` Select your operating system config from https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/config/ **replace os.centos.conf with your required config, centos6 = os.centos6.conf, centos7-atomic = os.centos7-atomic.conf, centos6-cpanel = os.centos6-cpanel.conf** ``` os_conf="os.centos.conf" wget "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/os/${os_conf}" -O /etc/clamav-unofficial-sigs/os.conf ``` ### Optional: configure your user config /etc/clamav-unofficial-sigs/user.conf ## RUN THE SCRIPT ONCE AS ROOT ensure there are no errors, fix any missing dependencies script must run once as your superuser to set all the permissions and create the relevant directories ``` /usr/local/sbin/clamav-unofficial-sigs.sh --force ``` ### Install logrotate and Man files ``` /usr/local/sbin/clamav-unofficial-sigs.sh --install-logrotate /usr/local/sbin/clamav-unofficial-sigs.sh --install-man ``` ### Install Systemd configs or use cron #### cron ``` /usr/local/sbin/clamav-unofficial-sigs.sh --install-cron ``` ### OR #### systemd ``` mkdir -p /etc/systemd/system/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.service -O /etc/systemd/system/clamav-unofficial-sigs.service wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.timer -O /etc/systemd/system/clamav-unofficial-sigs.timer systemctl enable clamav-unofficial-sigs.service systemctl enable clamav-unofficial-sigs.timer systemctl start clamav-unofficial-sigs.timer ``` 07070100000040000081A4000000000000000000000001605562B100001BF6000000000000000000000000000000000000002D00000000clamav-unofficial-sigs-7.2.5/guides/macos.md# Basic guide to Installing and Updating on macOS and OSX Press Command+Space and type Terminal and press enter/return key. Run all the following in the Terminal app: # UPGRADE INSTRUCTIONS (version 7.0 +) ``` clamav-unofficial-sigs.sh --upgrade clamav-unofficial-sigs.sh --force ``` ## Notes: Tested on macOS Big Sur (OSX 11) ## Install Requirements # Step 1 Install Homebrew ``` /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" ``` # Step 2 Install dependencies : sed (gnu-sed) ``` brew install gnu-sed ``` # Step 3 Install clamav ``` brew install clamav ``` # Step 4 Configure clamav ``` # Create clamav user and group sudo dscl . create /Groups/clamav sudo dscl . create /Groups/clamav RealName "Clam Antivirus Group" sudo dscl . create /Groups/clamav gid 799 sudo dscl . create /Users/clamav sudo dscl . create /Users/clamav RealName "Clam Antivirus User" sudo dscl . create /Users/clamav UserShell /bin/false sudo dscl . create /Users/clamav UniqueID 599 sudo dscl . create /Users/clamav PrimaryGroupID 799 # Create the dirs sudo mkdir -p /usr/local/var/clamav/run sudo mkdir -p /usr/local/var/clamav/log sudo mkdir -p /usr/local/var/clamav/db sudo mkdir -p "/Library/LaunchDaemons" # Generate the configs cp "/usr/local/etc/clamav/clamd.conf.sample" "/usr/local/etc/clamav/clamd.conf" sed -e "s|# Example config file|# Config file|" \ -e "s|^Example$|# Example|" \ -e "s|^#MaxDirectoryRecursion 20$|MaxDirectoryRecursion 25|" \ -e "s|^#LogFile .*|LogFile /usr/local/var/clamav/log/clamd.log|" \ -e "s|^#PidFile .*|PidFile /usr/local/var/clamav/run/clamd.pid|" \ -e "s|^#DatabaseDirectory .*|DatabaseDirectory /usr/local/var/clamav/db|" \ -e "s|^#LocalSocket .*|LocalSocket /usr/local/var/clamav/run/clamd.socket|" \ -e "s|^#FixStaleSocket|FixStaleSocket|" \" -i -n "/usr/local/etc/clamav/clamd.conf" cp "/usr/local/etc/clamav/freshclam.conf.sample" "/usr/local/etc/clamav/freshclam.conf" sed -e "s|# Example config file|# Config file|" \ -e "s|^Example$|# Example|" \ -e "s|^#DatabaseDirectory .*|DatabaseDirectory /usr/local/var/clamav/db|" \ -e "s|^#UpdateLogFile .*|UpdateLogFile /usr/local/var/clamav/log/freshclam.log|" \ -e "s|^#PidFile .*|PidFile /usr/local/var/clamav/run/freshclam.pid|" \ -e "s|^#NotifyClamd .*|NotifyClamd /usr/local/etc/clamav/clamd.conf|" \ -i -n "/usr/local/etc/clamav/freshclam.conf" # Fix permissions sudo chown -R clamav:clamav /usr/local/var/clamav # Clamd socket sudo touch /usr/local/var/clamav/run/clamd.socket sudo chown clamav:clamav /usr/local/var/clamav/run/clamd.socket sudo tee "/Library/LaunchDaemons/clamav.clamd.plist" << EOF > /dev/null <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>clamav.clamd</string> <key>ProgramArguments</key> <array> <string>/usr/local/sbin/clamd</string> <string>--foreground</string> </array> <key>KeepAlive</key> <true/> <key>StandardErrorPath</key> <string>/usr/local/var/clamav/log/clamd.error.log</string> </dict> </plist> EOF sudo tee "/Library/LaunchDaemons/clamav.freshclam.plist" << EOF > /dev/null <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>${FRESHCLAM_DAEMON_NAME}</string> <key>ProgramArguments</key> <array> <string>/usr/local/bin/freshclam</string> <string>--daemon</string> <string>--foreground</string> </array> <key>KeepAlive</key> <true/> <key>RunAtLoad</key> <true/> <key>StandardErrorPath</key> <string>/usr/local/var/clamav/log/freshclam.error.log</string> <key>StartInterval</key> <integer>86400</integer> </dict> </plist> EOF sudo tee "/Library/LaunchDaemons/clamav.clamdscan.plist" << EOF > /dev/null <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>${CLAMDSCAN_DAEMON_NAME}</string> <key>ProgramArguments</key> <array> <string>/usr/local/bin/clamdscan</string> <string>--log=/usr/local/var/clamav/log/clamdscan.log</string> <string>-m</string> <string>/</string> </array> <key>KeepAlive</key> <false/> <key>RunAtLoad</key> <false/> <key>StartCalendarInterval</key> <dict> <key>Hour</key> <integer>1</integer> <key>Minute</key> <integer>45</integer> </dict> <key>StandardErrorPath</key> <string>/usr/local/var/clamav/log/clamdscan.error.log</string> </dict> </plist> EOF sudo chown root:wheel "/Library/LaunchDaemons/clamav.clamd.plist" "/Library/LaunchDaemons/clamav.freshclam.plist" "/Library/LaunchDaemons/clamav.clamdscan.plist" sudo chmod 0644 "/Library/LaunchDaemons/clamav.clamd.plist" "/Library/LaunchDaemons/clamav.freshclam.plist" "/Library/LaunchDaemons/clamav.clamdscan.plist" sudo launchctl load "/Library/LaunchDaemons/clamav.clamd.plist" "/Library/LaunchDaemons/clamav.freshclam.plist" "/Library/LaunchDaemons/clamav.clamdscan.plist" ``` # Step 5 ``` sudo su curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh --output /usr/local/bin/clamav-unofficial-sigs.sh chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh mkdir -p /usr/local/etc/clamav-unofficial-sigs curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf --output /usr/local/etc/clamav-unofficial-sigs/master.conf curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/os/os.macos.conf --output /usr/local/etc/clamav-unofficial-sigs/os.conf curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/user.conf --output /usr/local/etc/clamav-unofficial-sigs/user.conf ``` # Step 6 set your user options ``` sudo pico /usr/local/etc/clamav-unofficial-sigs/user.conf ``` # Step 7 Console (shell) ``` clamav-unofficial-sigs.sh --force ``` # Step 8 launchd helper Script (replaces cron) ``` sudo tee "/Library/LaunchDaemons/clamav.clamav-unofficial-sigs.plist" << EOF > /dev/null <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>Clamav Unofficial Sigs update</string> <key>ProgramArguments</key> <array> <string>bash /usr/local/bin/clamav-unofficial-sigs.sh</string> </array> <key>StartInterval</key> <integer>3600</integer> </dict> </plist> EOF sudo chown root:wheel "/Library/LaunchDaemons/clamav.clamav-unofficial-sigs.plist" sudo chmod 0644 "/Library/LaunchDaemons/clamav.clamav-unofficial-sigs.plist" sudo launchctl load "/Library/LaunchDaemons/clamav.clamav-unofficial-sigs.plist" ``` 07070100000041000081A4000000000000000000000001605562B1000009A6000000000000000000000000000000000000002F00000000clamav-unofficial-sigs-7.2.5/guides/pfsense.md# Basic guide to Installing and Updating on pfSense 2.5+ # UPGRADE INSTRUCTIONS (version 7.0 +) ``` clamav-unofficial-sigs.sh --upgrade clamav-unofficial-sigs.sh --force ``` # UPGRADE INSTRUCTIONS (version 6.1 and below) ``` wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O /usr/sbin/clamav-unofficial-sigs.sh && chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O /etc/clamav-unofficial-sigs/master.conf clamav-unofficial-sigs.sh --force ``` ## Install Requirements # Step 1 Webinterface -> System -> Package Manager -> Available Packages Select/Install: squid (pfSense-pkg-squid) # Step 2 Webinterface -> Services -> Squid proxy Server -> Antivirus Enable AV: enable ClamAV Database Update: every1 hour Regional ClamAV Database Update Mirror: closest to your server [SAVE] # Step 3 Webinterface -> Services -> Squid proxy Server -> Antivirus ClamAV Database Update [ Update AV ] # Step4 Console (shell) ``` pkg install bash pkg install rsync pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/quarterly/All/gsed-4.8.txz echo "fdesc /dev/fd fdescfs rw 0 0" >> /etc/fstab ln -s /usr/local/bin/bash /bin/bash curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh --output /usr/sbin/clamav-unofficial-sigs.sh chmod 755 /usr/sbin/clamav-unofficial-sigs.sh mkdir -p /etc/clamav-unofficial-sigs curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf --output /etc/clamav-unofficial-sigs/master.conf curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/os/os.pfsense.conf --output /etc/clamav-unofficial-sigs/os.conf curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/user.conf --output /etc/clamav-unofficial-sigs/user.conf ```` # Step 5 set your user options Console (shell) ``` vi /etc/clamav-unofficial-sigs/user.conf ``` # Step 6 Console (shell) ``` reboot ``` # Step 6 Console (shell) ``` clamav-unofficial-sigs.sh ``` # Step 7 Cron helper Script ``` cat <<EOF > /etc/rc.clamav-unofficial-sigs.sh #!/bin/sh SHELL=/bin/sh PATH=/usr/local/bin:$PATH /bin/bash /usr/sbin/clamav-unofficial-sigs.sh EOF chmod 755 /etc/rc.clamav-unofficial-sigs.sh echo -e "*/5 * * * * root /etc/rc.clamav-unofficial-sigs.sh\n\n" >> /etc/crontab ``` 07070100000042000081A4000000000000000000000001605562B100000C7A000000000000000000000000000000000000003500000000clamav-unofficial-sigs-7.2.5/guides/ubuntu-debian.md# Basic guide to Installing and Updating on Ubuntu / Debian Run the following as root # UPGRADE INSTRUCTIONS (version 7.0 +) ``` clamav-unofficial-sigs.sh --upgrade clamav-unofficial-sigs.sh --force ``` # UPGRADE INSTRUCTIONS (version 6.1 and below) ``` wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O /usr/local/sbin/clamav-unofficial-sigs.sh && chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O /etc/clamav-unofficial-sigs/master.conf clamav-unofficial-sigs.sh --force ``` # CLAMAV INSTALL INSTRUCTIONS # Install clamav ``` apt-get update && apt-get install -y clamav-base clamav-freshclam clamav clamav-daemon ``` ## Make sure you do not have the package installed via apt ``` apt-get purge -y clamav-unofficial-sigs ``` ## Install Run the following commands in shell (console/terminal) ``` mkdir -p /usr/local/sbin/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O /usr/local/sbin/clamav-unofficial-sigs.sh && chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh mkdir -p /etc/clamav-unofficial-sigs/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O /etc/clamav-unofficial-sigs/master.conf wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/user.conf -O /etc/clamav-unofficial-sigs/user.conf ``` Select your operating system config from https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/config/ **replace os.debian9.conf with your required config, ubuntu = os.ubuntu.conf, debian10 = os.debian.conf, debian9 = os.debian.conf, debian8 = os.debian8.conf, debian8-systemd = os.debian8.systemd.conf, debian7 = os.debian7.conf** ``` os_conf="os.debian.conf" wget "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/os/${os_conf}" -O /etc/clamav-unofficial-sigs/os.conf ``` ### Optional: configure your user config /etc/clamav-unofficial-sigs/user.conf ## RUN THE SCRIPT ONCE AS ROOT ensure there are no errors, fix any missing dependencies script must run once as your superuser to set all the permissions and create the relevant directories ``` /usr/local/sbin/clamav-unofficial-sigs.sh --force ``` ### Install logrotate and Man files ``` /usr/local/sbin/clamav-unofficial-sigs.sh --install-logrotate /usr/local/sbin/clamav-unofficial-sigs.sh --install-man ``` ### Install Systemd configs or use cron #### cron ``` /usr/local/sbin/clamav-unofficial-sigs.sh --install-cron ``` ### OR #### systemd ``` mkdir -p /etc/systemd/system/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.service -O /etc/systemd/system/clamav-unofficial-sigs.service wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.timer -O /etc/systemd/system/clamav-unofficial-sigs.timer systemctl enable clamav-unofficial-sigs.service systemctl enable clamav-unofficial-sigs.timer systemctl start clamav-unofficial-sigs.timer ``` 07070100000043000041ED000000000000000000000002605562B100000000000000000000000000000000000000000000002500000000clamav-unofficial-sigs-7.2.5/systemd07070100000044000081A4000000000000000000000001605562B1000003C2000000000000000000000000000000000000004400000000clamav-unofficial-sigs-7.2.5/systemd/clamav-unofficial-sigs.service################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # This file will execute the clamav-unofficial-sigs.sh script that # currently supports updating third-party signature databases provided # by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, etc. # # File Location: /etc/systemd/system/clamav-unofficial-sigs.service # # Remember to enable: # systemctl enable clamav-unofficial-sigs.service # systemctl enable clamav-unofficial-sigs.timer # ################## [Unit] Description=Clamav Unofficial Sigs Update service [Service] Type=simple ExecStart=/usr/local/sbin/clamav-unofficial-sigs.sh [Install] WantedBy=multi-user.target 07070100000045000081A4000000000000000000000001605562B100000409000000000000000000000000000000000000004200000000clamav-unofficial-sigs-7.2.5/systemd/clamav-unofficial-sigs.timer################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## # This file will execute the clamav-unofficial-sigs.sh script that # currently supports updating third-party signature databases provided # by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, etc. # # File Location: /etc/systemd/system/clamav-unofficial-sigs.service # # Remember to enable: # systemctl enable clamav-unofficial-sigs.service # systemctl enable clamav-unofficial-sigs.timer # ################## [Unit] Description=Clamav Unofficial Sigs Update timer Requires=clamav-unofficial-sigs.service [Timer] OnCalendar=*-*-* *:37:00 Unit=clamav-unofficial-sigs.service RandomizedDelaySec=60m Persistent=true [Install] WantedBy=multi-user.target 07070100000046000081A4000000000000000000000001605562B100000227000000000000000000000000000000000000003800000000clamav-unofficial-sigs-7.2.5/systemd/clamd.scan.service################### # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com # License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # ################## .include /lib/systemd/system/clamd@.service [Unit] Description = Generic clamav scanner daemon Wants=clamav-unofficial-sigs.timer [Install] WantedBy = multi-user.target 07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!755 blocks
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
