During the last few months we see a lot of emails with M$-office attachments (your invoice, blabla) of unknown, but well faiked, senders. Online-checking of this i.e. *.docs shows, that viruses are inside of macros are embedded. So the idea is to install additional antivirus signatures to - hopefully - block the emails.
https://wiki.contribs.org/Virus:Additional_SignaturesIt seems the HOW-TO is outdated. I tried it to install, but got a lot of errors:
# ./sanesecurity-install.sh
sanesecurity-install.sh v0.3.1-1 - getting latest version of clamav-unofficial-sigs ...
--2016-02-01 22:11:48--
http://sourceforge.net/projects/unofficial-sigs/files/latest/download?source=filesAuflösen des Hostnamen »sourceforge.net«.... 216.34.181.60
Verbindungsaufbau zu sourceforge.net|216.34.181.60|:80... verbunden.
HTTP Anforderung gesendet, warte auf Antwort... 302 Found
Platz:
http://downloads.sourceforge.net/project/unofficial-sigs/clamav-unofficial-sigs-3.7.2.tar.gz?r=&ts=1454361109&use_mirror=netix[folge]
--2016-02-01 22:11:49--
http://downloads.sourceforge.net/project/unofficial-sigs/clamav-unofficial-sigs-3.7.2.tar.gz?r=&ts=1454361109&use_mirror=netixAuflösen des Hostnamen »downloads.sourceforge.net«.... 216.34.181.59
Verbindungsaufbau zu downloads.sourceforge.net|216.34.181.59|:80... verbunden.
HTTP Anforderung gesendet, warte auf Antwort... 302 Found
Platz:
http://netix.dl.sourceforge.net/project/unofficial-sigs/clamav-unofficial-sigs-3.7.2.tar.gz[folge]
--2016-02-01 22:11:49--
http://netix.dl.sourceforge.net/project/unofficial-sigs/clamav-unofficial-sigs-3.7.2.tar.gzAuflösen des Hostnamen »netix.dl.sourceforge.net«.... 87.121.121.2
Verbindungsaufbau zu netix.dl.sourceforge.net|87.121.121.2|:80... verbunden.
HTTP Anforderung gesendet, warte auf Antwort... 200 OK
Länge: 38549 (38K) [application/x-gzip]
In »»/tmp/sanesecurity-install.sh.5181/clamav-unofficial-sigs.tar.gz«« speichern.
100%[======================================>] 38.549 --.-K/s in 0,07s
2016-02-01 22:11:49 (570 KB/s) - »»/tmp/sanesecurity-install.sh.5181/clamav-unofficial-sigs.tar.gz«« gespeichert [38549/38549]
clamav-unofficial-sigs installed successfully
clamav database files provided by Sanesecurity will be updated within an hour,
and continuously after that.
This seems to work.
But:
# /usr/sbin/clamav-unofficial-sigs.sh
Sanesecurity public GPG key successfully downloaded
Sanesecurity public GPG key successfully imported to custom keyring
====================
= ClamD is running =
====================
======================================================================
Sanesecurity Database & GPG Signature File Updates
======================================================================
Sanesecurity mirror site used: 46.21.115.195
Number of files: 46 (reg: 46)
Number of created files: 46 (reg: 46)
Number of regular files transferred: 46
Total file size: 29,908,665 bytes
Total transferred file size: 29,908,665 bytes
Literal data: 29,908,665 bytes
Matched data: 0 bytes
File list size: 1,518
File list generation time: 0.183 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 908
Total bytes received: 4,897,304
sent 908 bytes received 4,897,304 bytes 1,399,489.14 bytes/sec
total size is 29,908,665 speedup is 6.11
Testing updated Sanesecurity database file: blurl.ndb
Sanesecurity GPG Signature tested good on blurl.ndb database
Clamscan reports Sanesecurity blurl.ndb database integrity tested good
Successfully updated Sanesecurity production database file: blurl.ndb
Testing updated Sanesecurity database file: junk.ndb
Sanesecurity GPG Signature tested good on junk.ndb database
Clamscan reports Sanesecurity junk.ndb database integrity tested good
Successfully updated Sanesecurity production database file: junk.ndb
Testing updated Sanesecurity database file: jurlbl.ndb
Sanesecurity GPG Signature tested good on jurlbl.ndb database
Clamscan reports Sanesecurity jurlbl.ndb database integrity tested good
Successfully updated Sanesecurity production database file: jurlbl.ndb
Testing updated Sanesecurity database file: phish.ndb
Sanesecurity GPG Signature tested good on phish.ndb database
Clamscan reports Sanesecurity phish.ndb database integrity tested good
Successfully updated Sanesecurity production database file: phish.ndb
Testing updated Sanesecurity database file: rogue.hdb
Sanesecurity GPG Signature tested good on rogue.hdb database
Clamscan reports Sanesecurity rogue.hdb database integrity tested good
Successfully updated Sanesecurity production database file: rogue.hdb
Testing updated Sanesecurity database file: sanesecurity.ftm
Sanesecurity GPG Signature tested good on sanesecurity.ftm database
Clamscan reports Sanesecurity sanesecurity.ftm database integrity tested good
Successfully updated Sanesecurity production database file: sanesecurity.ftm
Testing updated Sanesecurity database file: scam.ndb
Sanesecurity GPG Signature tested good on scam.ndb database
Clamscan reports Sanesecurity scam.ndb database integrity tested good
Successfully updated Sanesecurity production database file: scam.ndb
Testing updated Sanesecurity database file: spamattach.hdb
Sanesecurity GPG Signature tested good on spamattach.hdb database
Clamscan reports Sanesecurity spamattach.hdb database integrity tested good
Successfully updated Sanesecurity production database file: spamattach.hdb
Testing updated Sanesecurity database file: spamimg.hdb
Sanesecurity GPG Signature tested good on spamimg.hdb database
Clamscan reports Sanesecurity spamimg.hdb database integrity tested good
Successfully updated Sanesecurity production database file: spamimg.hdb
Testing updated Sanesecurity database file: winnow.attachments.hdb
Sanesecurity GPG Signature tested good on winnow.attachments.hdb database
Clamscan reports Sanesecurity winnow.attachments.hdb database integrity tested good
Successfully updated Sanesecurity production database file: winnow.attachments.hdb
Testing updated Sanesecurity database file: winnow_bad_cw.hdb
Sanesecurity GPG Signature tested good on winnow_bad_cw.hdb database
Clamscan reports Sanesecurity winnow_bad_cw.hdb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_bad_cw.hdb
Testing updated Sanesecurity database file: winnow_extended_malware.hdb
Sanesecurity GPG Signature tested good on winnow_extended_malware.hdb database
Clamscan reports Sanesecurity winnow_extended_malware.hdb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_extended_malware.hdb
Testing updated Sanesecurity database file: winnow_malware.hdb
Sanesecurity GPG Signature tested good on winnow_malware.hdb database
Clamscan reports Sanesecurity winnow_malware.hdb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_malware.hdb
Testing updated Sanesecurity database file: winnow_malware_links.ndb
Sanesecurity GPG Signature tested good on winnow_malware_links.ndb database
Clamscan reports Sanesecurity winnow_malware_links.ndb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_malware_links.ndb
Testing updated Sanesecurity database file: doppelstern.hdb
Sanesecurity GPG Signature tested good on doppelstern.hdb database
Clamscan reports Sanesecurity doppelstern.hdb database integrity tested good
Successfully updated Sanesecurity production database file: doppelstern.hdb
Testing updated Sanesecurity database file: bofhland_cracked_URL.ndb
Sanesecurity GPG Signature tested good on bofhland_cracked_URL.ndb database
Clamscan reports Sanesecurity bofhland_cracked_URL.ndb database integrity tested good
Successfully updated Sanesecurity production database file: bofhland_cracked_URL.ndb
Testing updated Sanesecurity database file: bofhland_malware_attach.hdb
Sanesecurity GPG Signature tested good on bofhland_malware_attach.hdb database
Clamscan reports Sanesecurity bofhland_malware_attach.hdb database integrity tested good
Successfully updated Sanesecurity production database file: bofhland_malware_attach.hdb
Testing updated Sanesecurity database file: bofhland_malware_URL.ndb
Sanesecurity GPG Signature tested good on bofhland_malware_URL.ndb database
Clamscan reports Sanesecurity bofhland_malware_URL.ndb database integrity tested good
Successfully updated Sanesecurity production database file: bofhland_malware_URL.ndb
Testing updated Sanesecurity database file: bofhland_phishing_URL.ndb
Sanesecurity GPG Signature tested good on bofhland_phishing_URL.ndb database
Clamscan reports Sanesecurity bofhland_phishing_URL.ndb database integrity tested good
Successfully updated Sanesecurity production database file: bofhland_phishing_URL.ndb
Testing updated Sanesecurity database file: crdfam.clamav.hdb
Sanesecurity GPG Signature tested good on crdfam.clamav.hdb database
Clamscan reports Sanesecurity crdfam.clamav.hdb database integrity tested good
Successfully updated Sanesecurity production database file: crdfam.clamav.hdb
Testing updated Sanesecurity database file: phishtank.ndb
Sanesecurity GPG Signature tested good on phishtank.ndb database
Clamscan reports Sanesecurity phishtank.ndb database integrity tested good
Successfully updated Sanesecurity production database file: phishtank.ndb
Testing updated Sanesecurity database file: porcupine.ndb
Sanesecurity GPG Signature tested good on porcupine.ndb database
Clamscan reports Sanesecurity porcupine.ndb database integrity tested good
Successfully updated Sanesecurity production database file: porcupine.ndb
======================================================================
SecuriteInfo Database File Updates
======================================================================
Checking for updated SecuriteInfo database file: honeynet.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
134 268 134 268 0 0 2042 0 --:--:-- --:--:-- --:--:-- 5702
Testing updated SecuriteInfo database file: honeynet.hdb
Clamscan reports SecuriteInfo honeynet.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/honeynet.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: honeynet.hdb - SKIPPING
No updated SecuriteInfo honeynet.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfo.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
136 272 136 272 0 0 2860 0 --:--:-- --:--:-- --:--:-- 6325
Testing updated SecuriteInfo database file: securiteinfo.hdb
Clamscan reports SecuriteInfo securiteinfo.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfo.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfo.hdb - SKIPPING
No updated SecuriteInfo securiteinfo.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfobat.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2748 0 --:--:-- --:--:-- --:--:-- 5612
Testing updated SecuriteInfo database file: securiteinfobat.hdb
Clamscan reports SecuriteInfo securiteinfobat.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfobat.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfobat.hdb - SKIPPING
No updated SecuriteInfo securiteinfobat.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfodos.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2464 0 --:--:-- --:--:-- --:--:-- 5851
Testing updated SecuriteInfo database file: securiteinfodos.hdb
Clamscan reports SecuriteInfo securiteinfodos.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfodos.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfodos.hdb - SKIPPING
No updated SecuriteInfo securiteinfodos.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfoelf.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2810 0 --:--:-- --:--:-- --:--:-- 6111
Testing updated SecuriteInfo database file: securiteinfoelf.hdb
Clamscan reports SecuriteInfo securiteinfoelf.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfoelf.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfoelf.hdb - SKIPPING
No updated SecuriteInfo securiteinfoelf.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfohtml.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
138 276 138 276 0 0 2707 0 --:--:-- --:--:-- --:--:-- 5750
Testing updated SecuriteInfo database file: securiteinfohtml.hdb
Clamscan reports SecuriteInfo securiteinfohtml.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfohtml.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfohtml.hdb - SKIPPING
No updated SecuriteInfo securiteinfohtml.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfooffice.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
139 278 139 278 0 0 2796 0 --:--:-- --:--:-- --:--:-- 5914
Testing updated SecuriteInfo database file: securiteinfooffice.hdb
Clamscan reports SecuriteInfo securiteinfooffice.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfooffice.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfooffice.hdb - SKIPPING
No updated SecuriteInfo securiteinfooffice.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfopdf.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2742 0 --:--:-- --:--:-- --:--:-- 5978
Testing updated SecuriteInfo database file: securiteinfopdf.hdb
Clamscan reports SecuriteInfo securiteinfopdf.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfopdf.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfopdf.hdb - SKIPPING
No updated SecuriteInfo securiteinfopdf.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfosh.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 274 137 274 0 0 2488 0 --:--:-- --:--:-- --:--:-- 5829
Testing updated SecuriteInfo database file: securiteinfosh.hdb
Clamscan reports SecuriteInfo securiteinfosh.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfosh.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfosh.hdb - SKIPPING
No updated SecuriteInfo securiteinfosh.hdb database file found
======================================================================
MalwarePatrol mbl.ndb Database File Update
======================================================================
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
Testing updated MalwarePatrol database file: mbl.ndb
Clamscan reports MalwarePatrol mbl.ndb database integrity tested BAD - SKIPPING
===============================================================
= Database reload has been disabled in the configuration file =
===============================================================
Lots of errors.
Directory /usr/unofficial-dbs/si-dbs/ is empty.
Or do I have something missed, and things are working well?
Is anybody working with this?
Thanks for any reply.
stefan