1
1
This file contains the changes for the clamav-unofficial-sigs.sh script
2
2
written by Bill Landry (bill@inetmsg.com). The script provides a simple
3
3
way to download, test and run the third-party ClamAV signature databases
4
provided by Sanesecurity, MSRBL, SecuriteInfo, MalwarePatrol, and OITC.
4
provided by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, INetMsg and
7
Version 3.7.1 (updated 2010-06-06)
8
- Added the rsync "-r" flag to the "add_dbs" section of the script
9
in order to support directory recursion. Reguested by Jim L.
10
- Changed from "host" to "dig" when doing the reverse lookup on the
11
Sanesecurity rsync host being used. The former parse string was
12
truncating the last letter of the FQHN on Debian systems. This
13
change removes the final usage of the "host" command from the
14
script. Issue reported by Ralf Hildebrandt.
15
- Fixed an issue where corrupted SecuriteInfo databases might be
16
created when the signature download site is down or inaccessable.
17
The script will now delete SecuriteInfo signature databases from
18
the download directory when corruptions issues are detected.
19
- Rearranged some logging lines in the MalwarePatrol section of the
20
script to resolve an issue with rsyncing files into the ClamAV
21
production directory when logging is disabled. Issue reported
23
- Updated the SecuriteInfo sections of the script and config files
24
to support the new (uncompressed) signature databases.
26
Version 3.7 (updated 2010-01-23)
27
- Removed MSRBL from script as the signature files have not been
28
updated since July 2009. Script users should consider removing
29
the MSRBL signature files (MSRBL-Images.hdb & MSRBL-SPAM.ndb)
31
- Rearranged some logging lines in the SecruiteInfo section of the
32
script to resolve an issue some were having with rsyncing of files
33
into the ClamAV production directory. Issue reported by Ted S.
34
- Removed "+tcp" from the dig command as some sites are blocking
35
DNS queries over TCP Port 53. Added instead the "+ignore"
36
flag which will silence the "Truncated" warning when the DNS
37
query-response is larger than a single UDP packet can contain.
38
This is not an issue since the script initially uses the first
39
listed IP address anyway. Issue reported by Matija Nalis.
40
- Replaced "echo -ne" with "printf" when the script is run with
41
the "-m" flag, for creating a signature file. The echo "-e"
42
and in some cases "-n" flags are not universally supported by
43
all system shells. Issue reported by Paul Wise.
44
- Added new Sanesecurity distributed signature databases and updated
45
the risk ratings for all signature databases listed in the config
46
file based on info provided at www.sanesecurity.com/databases.htm.
6
48
Version 3.6 (updated 2009-08-23)
7
49
- Added "tr" to remove Windows CRLF from signatures in local.ign