← Back to branch summary

~ubuntu-branches/ubuntu/quantal/clamav-unofficial-sigs/quantal 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263

# This file contains user configuration settings for the clamav-unofficial-sigs.sh
# script provide by Bill Landry (bill@inetmsg.com).
#
# Script documentation and updates can be viewed/downloaded from:
#
#     http://www.inetmsg.com/pub/
#
# The latest version will always be named: clamav-unofficial-sigs.tar.gz
# Older versions can be found in the "archive" directory.

################################################################################
#                     USER CONFIGURATION FILE FOR SCRIPT:                      #
#                                    * * *                                     #
#                          clamav-unofficial-sigs.sh                           #
#                                    * * *                                     #
#   SET PROGRAM PATHS AND OTHER VARIABLE OPTIONS FOR THE SCRIPT IN THIS FILE   #
################################################################################

# Edit the quoted variables below to meet your own particular needs
# and requirements, but do not remove the "quote" marks.

# Be sure to set the appropriate shell for your OS Platform.  It's been
# reported that "sh" works best for BSD variants, "ksh" for Sun Solaris,
# and "bash" for Linux variants.  If you experience problems running the
# script, please try editing the top line of the script file and changing
# "sh" to either "ksh" or "bash" before reporting a problem.

# Set and export the appropriate program paths for your OS platform.  Required
# utilities include: find, xargs, sed, awk, cut, dig, grep, tail, chown, chmod,
# cmp, diff, gzip, ls, cp, mv, test, gpg, host, sleep, cksum, rsync, curl, perl,
# and optionally socat.  It's been reported that on Sun systems, the GNU utilities
# should be used rather than the default Sun OS versions of these utilities.

PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
export PATH

# Set the appropriate ClamD user and group accounts for your system.
# If you do not want the script to set user and group permissions on
# files and directories, comment the next two variables.
clam_user="clamav"
clam_group="clamav"

# Set path to ClamAV database files location.  If unsure, check
# your clamd.conf file for the "DatabaseDirectory" path setting.
clam_dbs="/var/lib/clamav"

# Set path to clamd.pid file (see clamd.conf for path location).
clamd_pid="/var/run/clamd.pid"

# To enable "ham" (non-spam) directory scanning and removal of
# signatures that trigger on ham messages, uncomment the following
# variable and set it to the appropriate ham message directory.
#ham_dir="/path/to/ham-test/directory"

# If you would like to reload the clamd databases after an update,
# change the following variable to "yes".
reload_dbs="no"

# Set the reload or restart option if the "reload_dbs" variable above
# is set to "yes" (only select 'ONE' of the following variables or the
# last uncommented variable option will be the one used).
# - The next variable signals clamd daemon to reload databases (this is the recommended reload option)
reload_opt="clamdscan --reload"  # Default
# - The next variable signals clamd's Process ID (PID) to reload databases
#reload_opt="kill -USR2 `cat $clamd_pid`"
# - The next variable signals linux based systems to do a full clamd service stop/start
#reload_opt="service clamd restart"
# - Use the next variable to set a custom or system specific reload/restart option
#reload_opt=""

# If running clamd in "LocalSocket" mode (*NOT* in TCP/IP mode), and
# either "SOcket Cat" (socat) or the "IO::Socket::UNIX" perl module
# are installed on the system, and you want to report whether clamd
# is running or not, uncomment the "clamd_socket" variable below (you
# will be warned if neither socat nor IO::Socket::UNIX are found, but
# the script will still run).  You will also need to set the correct
# path to your clamd socket file (if unsure of the path, check the
# "LocalSocket" setting in your clamd.conf file for socket location).
#clamd_socket="/var/run/clamd.socket"

# If you would like to attempt to restart ClamD if detected not running,
# uncomment the next 2 lines.  Confirm the path to the "clamd_lock" file
# (usually can be found in the clamd init script) and also enter the clamd
# start command for your particular distro for the "start_clamd" variable
# (the sample start command shown below should work for most linux distros).
# NOTE: these 2 variables are dependant on the "clamd_socket" variable
# shown above - if not enabled, then the following 2 variables will be
# ignored, whether enabled or not.
#clamd_lock="/var/lock/subsys/clamd"
#start_clamd="service clamd start"

# Enable or disable download time randomization.  This allows the script to
# be executed via cron, but the actual database file checking will pause
# for a random number of seconds between the "min" and "max" time settings
# specified below.  This helps to more evenly distribute load on the host
# download sites.  To disable, set the following variable to "no".
enable_random="yes"

# If download time randomization is enabled above (enable_random="yes"),
# then set the min and max radomization times intervals (in seconds).
min_sleep_time="60"    # Default minimum is 60 seconds (1 minute).
max_sleep_time="600"   # Default maximum is 600 seconds (10 minutes).

# ========================
# Sanesecurity Database(s)
# ========================
# Add or remove database file names between quote marks as needed.  To
# disable usage of any of the Sanesecurity distributed database files
# shown, remove the database file name from the quoted section below.
# To disable usage of all Sanesecurity distributed databases, comment
# all of the quoted lines below.  Only the following "low" risk define
# signature databases have been enabled by default (for additional
# information about the signature database ratings, see: 
# http://www.sanesecurity.com/clamav/databases.htm).  Finally, make
# sure that the database names are spelled correctly or you will
# experience issues when the script runs.
ss_dbs="
   junk.ndb
   jurlbl.ndb
   phish.ndb
   rogue.hdb
   sanesecurity.ftm
   scam.ndb
   spamimg.hdb
   winnow_malware.hdb
   winnow_malware_links.ndb
"

# Additional Sanesecruity distributed database that can be used and
# their associated potential fales-positive ratings:
#
# USE 'ONLY' ONE OF THE FOLLOWING TWO SIGNATURE DATABASES:
#
# INetMsg-SpamDomains-2w.ndb    : MEDIUM false-positive rating
# INetMsg-SpamDomains-2m.ndb    : MEDIUM false-positive rating
#
# ONE DATABASE CONTAINS THE LAST TWO WEEKS OF COLLECTED SPAM DOMAINS (2w), AND
# THE OTHER DATABASE CONTAINS THE LAST TWO MONTHS OF COLLECTED SPAM DOMAINS (2m).
#
# jurlbla.ndb                   : MEDIUM false-positive rating
# lott.ndb                      : MEDIUM false-positive rating
# spam.ldb                      : MEDIUM false-positive rating
# spear.ndb                     : MEDIUM false-positive rating
# scamnailer.ndb                : MEDIUM false-positive rating
# winnow.complex.patterns.ldb   : MEDIUM false-positive rating
# winnow_phish_complete.ndb     : HIGH false-positive rating
# winnow_phish_complete_url.ndb : MEDIUM false-positive rating
# winnow_spam_complete.ndb      : MEDIUM false-positive rating
#
# USE 'ONLY' ONE OF THE FOLLOWING TWO SIGNATURE DATABASES:
#
# winnow_phish_complete.ndb     : HIGH false-positive rating
# winnow_phish_complete_url.ndb : MEDIUM false-positive rating
#
# ONE CONTAINS THE COMPLETE URL PATH (MEDIUM RISK), AND THE OTHER
# CONTAINS ONLY THE URL, WITHOUT THE FULL PATH (HIGH RISK).

# ========================
# SecuriteInfo Database(s)
# ========================
# Add or remove database file names between quote marks as needed.  To
# disable any SecuriteInfo database downloads, remove the appropriate
# lines below.  To disable all SecuriteInfo database file downloads,
# comment all of the following lines.
si_dbs="
   honeynet.hdb
   securiteinfobat.hdb
   securiteinfodos.hdb
   securiteinfoelf.hdb
   securiteinfo.hdb
   securiteinfohtml.hdb
   securiteinfooffice.hdb
   securiteinfopdf.hdb
   securiteinfosh.hdb
"

# Since the SecuriteInfo databases are only updated a few time each
# month, set a time interval to do database update checks.
si_update_hours="4"   # Default is 4 hours (6 update checks daily).

# =========================
# MalwarePatrol Database(s)
# =========================
# Add or remove database file names between quote marks as needed.  To
# disable any of the MalwarePatrol database file downloads, remove the
# appropriate database file name lines below.  To disable MalwarePatrol
# database downloads, comment all of the following lines.
mbl_dbs="
   mbl.ndb
"

# Since the MalwarePatrol database file is dynamically created,
# there is no way to test for changes prior to downloading.  For this
# reason, you will need to set a reasonable time interval in "hours"
# for MBL database file downloads.  As shown below, this has been
# set to update every "6" hours, which seems appropriate (that's 4
# file downloads per day)  Change only if you REALLY feel you must.
# However, I would not suggest going below every 4 hour lest you risk
# being blacklisted by the MalwarePatrol site.
mbl_update_hours="6"   # Default is 6 hours (4 downloads daily).

# Additional signature databases can be specified here in the following
# format: PROTOCOL://URL-or-IP/PATH/TO/FILE-NAME (use a trailing "/" in
# place of the "FILE-NAME" to download all files from specified location,
# but this *ONLY* works for files downloaded via rsync).  For non-rsync
# downloads, curl is used.  For download protocols supported by curl, see
# "man curl".  This also works well for locations that have many ClamAV
# servers that use 3rd party signature databases, as only one server need
# download the remote databases, and all others can update from the local
# mirror's copy.  See format examples below.  To use, remove the comments
# and examples shown and add your own sites between the quote marks.
#add_dbs="
#   rsync://192.168.1.50/new-db/sigs.hdb
#   rsync://rsync.example.com/all-dbs/
#   ftp://ftp.example.net/pub/sigs.ndb
#   http://www.example.org/sigs.ldb
#"

# Set working directory paths (edit to meet your own needs). If these
# directories do not exist, the script will attempt to create them.
# Top level working directory path:
work_dir="/usr/unofficial-dbs"   #Top level working directory
# Sub-directory names:
ss_dir="$work_dir/ss-dbs"        # Sanesecurity sub-directory
si_dir="$work_dir/si-dbs"        # SecuriteInfo sub-directory
mbl_dir="$work_dir/mbl-dbs"      # MalwarePatrol sub-directory
config_dir="$work_dir/configs"   # Script configs sub-directory
gpg_dir="$work_dir/gpg-key"      # Sanesecurity GPG Key sub-directory
add_dir="$work_dir/add-dbs"      # User defined databases sub-directory

# If you would like to make a backup copy of the current running database
# file before updating, leave the following variable set to "yes".
keep_db_backup="no"

# If you want to silence the information reported by curl, rsync, gpg
# or the general script comments, change the following variables to
# "yes".  If all variables are set to "yes", the script will output
# nothing except error conditions.
curl_silence="no"      # Default is "no" to report curl statistics
rsync_silence="no"     # Default is "no" to report rsync statistics
gpg_silence="no"       # Default is "no" to report gpg signature status
comment_silence="no"   # Default is "no" to report script comments

# Log update information to '$log_file_path/$log_file_name'.
enable_logging="no"
log_file_path="/var/log"
log_file_name="clamav-unofficial-sigs.log"

# If necessary to proxy database downloads, define the rsync and/or curl
# proxy settings here.  For rsync, the proxy must support connections to
# port 873.  Both curl and rsync proxy setting need to be defined in the
# format of "hostname:port".  For curl, also note the -x and -U flags,
# which must be set as "-x hostname:port" and "-U username:password".
rsync_proxy=""
curl_proxy=""

# After you have completed the configuration of this file, set the
# following variable to "yes".
user_configuration_complete="no"

################################################################################
#                          END OF USER CONFIGURATION                           #
################################################################################