1
# This file contains user configuration settings for the clamav-unofficial-sigs.sh
2
# script provide by Bill Landry (bill@inetmsg.com).
4
# Script documentation and updates can be viewed/downloaded from:
6
# http://www.inetmsg.com/pub/
8
# The latest version will always be named: clamav-unofficial-sigs.tar.gz
9
# Older versions can be found in the "archive" directory.
11
################################################################################
12
# USER CONFIGURATION FILE FOR SCRIPT: #
14
# clamav-unofficial-sigs.sh #
16
# SET PROGRAM PATHS AND OTHER VARIABLE OPTIONS FOR THE SCRIPT IN THIS FILE #
17
################################################################################
19
# Edit the quoted variables below to meet your own particular needs
20
# and requirements, but do not remove the "quote" marks.
22
# Be sure to set the appropriate shell for your OS Platform. It's been
23
# reported that "sh" works best for BSD variants, "ksh" for Sun Solaris,
24
# and "bash" for Linux variants. If you experience problems running the
25
# script, please try editing the top line of the script file and changing
26
# "sh" to either "ksh" or "bash" before reporting a problem.
28
# Set and export the appropriate program paths for your OS platform. These
29
# include: find, xargs, sed, awk, cut, grep, tail, chown, chmod, cmp, diff,
30
# gzip, ls, cp, mv, test, gpg, host, sleep, urandom, cksum, rsync, curl,
31
# socat, etc. It has been reported that on Sun systems, the GNU utilities
32
# should be used rather than the default Sun versions of these utilities.
34
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
37
# Set the appropriate ClamD user and group accounts for your system.
41
# Set path to ClamAV database files location. If unsure, check
42
# your clamd.conf file for the "DatabaseDirectory" path setting.
43
clam_dbs="/var/lib/clamav"
45
# Set path to clamd.pid file (see clamd.conf for path location).
46
clamd_pid="/var/run/clamd.pid"
48
# If you would like to reload the clamd databases after an update,
49
# change the following variable to "yes".
52
# Set the reload or restart option if the "reload_dbs" variable above
53
# is set to "yes" (only select 'ONE' of the following variables or the
54
# last uncommented variable option will be the one used).
55
# - The next variable signals clamd daemon to reload databases (this is the recommended reload option)
56
reload_opt="clamdscan --reload" # Default
57
# - The next variable signals clamd's Process ID (PID) to reload databases
58
#reload_opt="kill -USR2 `cat $clamd_pid`"
59
# - The next variable uses perl to signal clamd's local socket to reload databases
60
#reload_opt="perl -MIO::Socket::UNIX -we '$s = IO::Socket::UNIX->new(shift); $s->print("RELOAD"); print $s->getline; $s->close' $clamd_socket"
61
# - The next variable uses socat to signal clamd's local socket to reload databases
62
#reload_opt="echo RELOAD | socat - $clamd_socket"
63
# - The next variable uses perl to signal clamd's tcp/ip address:port to reload databases (check address:port at EOL)
64
#reload_opt="perl -MIO::Socket::INET -we '$s = IO::Socket::INET->new(shift); $s->print("RELOAD"); print $s->getline; $s->close' 127.0.0.1:3310"
65
# - The next variable uses socat to signal clamd's tcp/ip address:port to reload databases
66
#reload_opt="echo RELOAD | socat - tcp4-connect:127.0.0.1:3310"
67
# - The next variable signals clamd to do a full service stop/start
68
#reload_opt="service clamd restart"
69
# - Use the next variable to set a custom or system specific reload/restart option
72
# If running clamd in "LocalSocket" mode (*NOT* in TCP/IP mode), and
73
# either "SOcket Cat" (socat) or the "IO::Socket::UNIX" perl module
74
# are installed on the system, and you want to report whether clamd
75
# is running or not, uncomment the "clamd_socket" variable below (you
76
# will be warned if neither socat nor IO::Socket::UNIX are found, but
77
# the script will still run). You will also need to set the correct
78
# path to your clamd socket file (if unsure of the path, check the
79
# "LocalSocket" setting in your clamd.conf file for socket location).
80
#clamd_socket="/var/run/clamd.socket"
82
# If you would like to attempt to restart ClamD if detected not running,
83
# uncomment the next 2 lines. Confirm the path to the "clamd_lock" file
84
# (usually can be found in the clamd init script) and also enter the clamd
85
# start command for your particular distro for the "start_clamd" variable
86
# (the sample start command shown below should work for most linux distros).
87
# NOTE: these 2 variables are dependant on the "clamd_socket" variable
88
# shown above - if not enabled, then the following 2 variables will be
89
# ignored, whether enabled or not.
90
#clamd_lock="/var/lock/subsys/clamd"
91
#start_clamd="service clamd start"
93
# Enable or disable download time randomization. This allows the script to
94
# be executed via cron, but the actual database file checking will pause
95
# for a random number of seconds between the "min" and "max" time settings
96
# specified below. This helps to more evenly distribute load on the host
97
# download sites. To disable, set the following variable to "no".
100
# If download time randomization is enabled above (enable_random="yes"),
101
# then set the min and max radomization times intervals (in seconds).
102
min_sleep_time="60" # Default minimum is 60 seconds (1 minute).
103
max_sleep_time="600" # Default maximum is 600 seconds (10 minutes).
105
# ========================
106
# Sanesecurity Database(s)
107
# ========================
108
# Add or remove database file names between quote marks as needed. To
109
# disable any of the Sanesecurity database file downloads, remove the
110
# appropriate database file name lines below. To disable Sanesecurity
111
# database downloads, comment all of the following lines.
125
winnow_malware_links.ndb
126
winnow_phish_complete.ndb
127
winnow_spam_complete.ndb
129
# By default the script is using "winnow_phish_complete.ndb" If you wish to
130
# be more conservative, change this to "winnow_phish_complete_url.ndb" above.
132
# - winnow_phish_complete.ndb - Signatures to detect phishing and other
133
# malicious URLs and compromised hosts. This collection of signatures
134
# are derived in a similar fashion to SURBL and URIBL. For example:
135
# example.com (aggressive).
136
# - winnow_phish_complete_url.ndb - Similar to winnow_phish_complete.ndb,
137
# except that the entire URL/Path is used to derive the signature. For
138
# example: example.com/path/file.html (conservative).
143
# Add or remove database file names between quote marks as needed.
144
# To disable any of the MSRBL database file downloads, remove
145
# the appropriate database file name lines below. To disable
146
# MSRBL database downloads, comment all of the following lines.
152
# ========================
153
# SecuriteInfo Database(s)
154
# ========================
155
# Add or remove database file names between quote marks as needed. To
156
# disable any SecuriteInfo database downloads, remove the appropriate
157
# lines below. To disable SecuriteInfo database file downloads,
158
# comment all of the following lines.
166
# Since the SecuriteInfo databases are only updated a few time each
167
# month, set a time interval to do database update checks.
168
si_update_hours="4" # Default is 4 hours (6 update checks daily).
170
# =========================
171
# MalwarePatrol Database(s)
172
# =========================
173
# Add or remove database file names between quote marks as needed. To
174
# disable any of the MalwarePatrol database file downloads, remove the
175
# appropriate database file name lines below. To disable MalwarePatrol
176
# database downloads, comment all of the following lines.
181
# Since the MalwarePatrol database file is dynamically created,
182
# there is no way to test for changes prior to downloading. For this
183
# reason, you will need to set a reasonable time interval in "hours"
184
# for MBL database file downloads. As shown below, this has been
185
# set to update every "6" hours, which seems appropriate (that's 4
186
# file downloads per day) Change only if you REALLY feel you must.
187
# However, I would not suggest going below every 4 hour lest you risk
188
# being blacklisted by the MalwarePatrol site.
189
mbl_update_hours="6" # Default is 6 hours (4 downloads daily).
191
# Additional signature databases can be specified here in the following
192
# format: PROTOCOL://URL-or-IP/PATH/TO/FILE-NAME (use a trailing "/" in
193
# place of the "FILE-NAME" to download all files from specified location,
194
# but this *ONLY* works for files downloaded via rsync). For non-rsync
195
# downloads, curl is used. For download protocols supported by curl, see
196
# "man curl". This also works well for locations that have many ClamAV
197
# servers that use 3rd party signature databases, as only one server need
198
# download the remote databases, and all others can update from the local
199
# mirror's copy. See format examples below. To use, remove the comments
200
# and examples shown and add your own sites between the quote marks.
202
# rsync://192.168.1.50/new-db/sigs.hdb
203
# rsync://rsync.example.com/all-dbs/
204
# ftp://ftp.example.net/pub/sigs.ndb
205
# http://www.example.org/sigs.ldb
208
# Set working directory paths (edit to meet your own needs). If these
209
# directories do not exist, the script will attempt to create them.
210
# Top level working directory path:
211
work_dir="/usr/unofficial-dbs" #Top level working directory
212
# Sub-directory names:
213
ss_dir="$work_dir/ss-dbs" # Sanesecurity sub-directory
214
msrbl_dir="$work_dir/msrbl-dbs" # MSRBL sub-directory
215
si_dir="$work_dir/si-dbs" # SecuriteInfo sub-directory
216
mbl_dir="$work_dir/mbl-dbs" # MalwarePatrol sub-directory
217
config_dir="$work_dir/configs" # Script configs sub-directory
218
gpg_dir="$work_dir/gpg-key" # Sanesecurity GPG Key sub-directory
219
add_dir="$work_dir/add-dbs" # User defined databases sub-directory
221
# If you would like to make a backup copy of the current running database
222
# file before updating, leave the following variable set to "yes".
225
# If you want to silence the information reported by curl, rsync, gpg
226
# or the general script comments, change the following variables to
227
# "yes". If all variables are set to "yes", the script will output
228
# nothing except error conditions.
229
curl_silence="no" # Default is "no" to report curl statistics
230
rsync_silence="no" # Default is "no" to report rsync statistics
231
gpg_silence="no" # Default is "no" to report gpg signature status
232
comment_silence="no" # Default is "no" to report script comments
234
# Log update information to '$log_file_path/$log_file_name'.
236
log_file_path="/var/log"
237
log_file_name="clamav-unofficial-sigs.log"
239
# If necessary to proxy database downloads, define the rsync and/or curl
240
# proxy settings here. For rsync, the proxy must support connections to
241
# port 873. Both curl and rsync proxy setting need to be defined in the
242
# format of "hostname:port". For curl, also note the -x and -U flags,
243
# which must be set as "-x hostname:port" and "-U username:password".
247
# After you have completed the configuration of this file, set the
248
# following variable to "yes".
249
user_configuration_complete="no"
251
################################################################################
252
# END OF USER CONFIGURATION #
253
################################################################################