Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: SchulzStefan on February 01, 2016, 10:17:45 PM
-
During the last few months we see a lot of emails with M$-office attachments (your invoice, blabla) of unknown, but well faiked, senders. Online-checking of this i.e. *.docs shows, that viruses are inside of macros are embedded. So the idea is to install additional antivirus signatures to - hopefully - block the emails.
https://wiki.contribs.org/Virus:Additional_Signatures (https://wiki.contribs.org/Virus:Additional_Signatures)
It seems the HOW-TO is outdated. I tried it to install, but got a lot of errors:
# ./sanesecurity-install.sh
sanesecurity-install.sh v0.3.1-1 - getting latest version of clamav-unofficial-sigs ...
--2016-02-01 22:11:48-- http://sourceforge.net/projects/unofficial-sigs/files/latest/download?source=files
Auflösen des Hostnamen »sourceforge.net«.... 216.34.181.60
Verbindungsaufbau zu sourceforge.net|216.34.181.60|:80... verbunden.
HTTP Anforderung gesendet, warte auf Antwort... 302 Found
Platz: http://downloads.sourceforge.net/project/unofficial-sigs/clamav-unofficial-sigs-3.7.2.tar.gz?r=&ts=1454361109&use_mirror=netix[folge]
--2016-02-01 22:11:49-- http://downloads.sourceforge.net/project/unofficial-sigs/clamav-unofficial-sigs-3.7.2.tar.gz?r=&ts=1454361109&use_mirror=netix
Auflösen des Hostnamen »downloads.sourceforge.net«.... 216.34.181.59
Verbindungsaufbau zu downloads.sourceforge.net|216.34.181.59|:80... verbunden.
HTTP Anforderung gesendet, warte auf Antwort... 302 Found
Platz: http://netix.dl.sourceforge.net/project/unofficial-sigs/clamav-unofficial-sigs-3.7.2.tar.gz[folge]
--2016-02-01 22:11:49-- http://netix.dl.sourceforge.net/project/unofficial-sigs/clamav-unofficial-sigs-3.7.2.tar.gz
Auflösen des Hostnamen »netix.dl.sourceforge.net«.... 87.121.121.2
Verbindungsaufbau zu netix.dl.sourceforge.net|87.121.121.2|:80... verbunden.
HTTP Anforderung gesendet, warte auf Antwort... 200 OK
Länge: 38549 (38K) [application/x-gzip]
In »»/tmp/sanesecurity-install.sh.5181/clamav-unofficial-sigs.tar.gz«« speichern.
100%[======================================>] 38.549 --.-K/s in 0,07s
2016-02-01 22:11:49 (570 KB/s) - »»/tmp/sanesecurity-install.sh.5181/clamav-unofficial-sigs.tar.gz«« gespeichert [38549/38549]
clamav-unofficial-sigs installed successfully
clamav database files provided by Sanesecurity will be updated within an hour,
and continuously after that.
This seems to work.
But:
# /usr/sbin/clamav-unofficial-sigs.sh
Sanesecurity public GPG key successfully downloaded
Sanesecurity public GPG key successfully imported to custom keyring
====================
= ClamD is running =
====================
======================================================================
Sanesecurity Database & GPG Signature File Updates
======================================================================
Sanesecurity mirror site used: 46.21.115.195
Number of files: 46 (reg: 46)
Number of created files: 46 (reg: 46)
Number of regular files transferred: 46
Total file size: 29,908,665 bytes
Total transferred file size: 29,908,665 bytes
Literal data: 29,908,665 bytes
Matched data: 0 bytes
File list size: 1,518
File list generation time: 0.183 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 908
Total bytes received: 4,897,304
sent 908 bytes received 4,897,304 bytes 1,399,489.14 bytes/sec
total size is 29,908,665 speedup is 6.11
Testing updated Sanesecurity database file: blurl.ndb
Sanesecurity GPG Signature tested good on blurl.ndb database
Clamscan reports Sanesecurity blurl.ndb database integrity tested good
Successfully updated Sanesecurity production database file: blurl.ndb
Testing updated Sanesecurity database file: junk.ndb
Sanesecurity GPG Signature tested good on junk.ndb database
Clamscan reports Sanesecurity junk.ndb database integrity tested good
Successfully updated Sanesecurity production database file: junk.ndb
Testing updated Sanesecurity database file: jurlbl.ndb
Sanesecurity GPG Signature tested good on jurlbl.ndb database
Clamscan reports Sanesecurity jurlbl.ndb database integrity tested good
Successfully updated Sanesecurity production database file: jurlbl.ndb
Testing updated Sanesecurity database file: phish.ndb
Sanesecurity GPG Signature tested good on phish.ndb database
Clamscan reports Sanesecurity phish.ndb database integrity tested good
Successfully updated Sanesecurity production database file: phish.ndb
Testing updated Sanesecurity database file: rogue.hdb
Sanesecurity GPG Signature tested good on rogue.hdb database
Clamscan reports Sanesecurity rogue.hdb database integrity tested good
Successfully updated Sanesecurity production database file: rogue.hdb
Testing updated Sanesecurity database file: sanesecurity.ftm
Sanesecurity GPG Signature tested good on sanesecurity.ftm database
Clamscan reports Sanesecurity sanesecurity.ftm database integrity tested good
Successfully updated Sanesecurity production database file: sanesecurity.ftm
Testing updated Sanesecurity database file: scam.ndb
Sanesecurity GPG Signature tested good on scam.ndb database
Clamscan reports Sanesecurity scam.ndb database integrity tested good
Successfully updated Sanesecurity production database file: scam.ndb
Testing updated Sanesecurity database file: spamattach.hdb
Sanesecurity GPG Signature tested good on spamattach.hdb database
Clamscan reports Sanesecurity spamattach.hdb database integrity tested good
Successfully updated Sanesecurity production database file: spamattach.hdb
Testing updated Sanesecurity database file: spamimg.hdb
Sanesecurity GPG Signature tested good on spamimg.hdb database
Clamscan reports Sanesecurity spamimg.hdb database integrity tested good
Successfully updated Sanesecurity production database file: spamimg.hdb
Testing updated Sanesecurity database file: winnow.attachments.hdb
Sanesecurity GPG Signature tested good on winnow.attachments.hdb database
Clamscan reports Sanesecurity winnow.attachments.hdb database integrity tested good
Successfully updated Sanesecurity production database file: winnow.attachments.hdb
Testing updated Sanesecurity database file: winnow_bad_cw.hdb
Sanesecurity GPG Signature tested good on winnow_bad_cw.hdb database
Clamscan reports Sanesecurity winnow_bad_cw.hdb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_bad_cw.hdb
Testing updated Sanesecurity database file: winnow_extended_malware.hdb
Sanesecurity GPG Signature tested good on winnow_extended_malware.hdb database
Clamscan reports Sanesecurity winnow_extended_malware.hdb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_extended_malware.hdb
Testing updated Sanesecurity database file: winnow_malware.hdb
Sanesecurity GPG Signature tested good on winnow_malware.hdb database
Clamscan reports Sanesecurity winnow_malware.hdb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_malware.hdb
Testing updated Sanesecurity database file: winnow_malware_links.ndb
Sanesecurity GPG Signature tested good on winnow_malware_links.ndb database
Clamscan reports Sanesecurity winnow_malware_links.ndb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_malware_links.ndb
Testing updated Sanesecurity database file: doppelstern.hdb
Sanesecurity GPG Signature tested good on doppelstern.hdb database
Clamscan reports Sanesecurity doppelstern.hdb database integrity tested good
Successfully updated Sanesecurity production database file: doppelstern.hdb
Testing updated Sanesecurity database file: bofhland_cracked_URL.ndb
Sanesecurity GPG Signature tested good on bofhland_cracked_URL.ndb database
Clamscan reports Sanesecurity bofhland_cracked_URL.ndb database integrity tested good
Successfully updated Sanesecurity production database file: bofhland_cracked_URL.ndb
Testing updated Sanesecurity database file: bofhland_malware_attach.hdb
Sanesecurity GPG Signature tested good on bofhland_malware_attach.hdb database
Clamscan reports Sanesecurity bofhland_malware_attach.hdb database integrity tested good
Successfully updated Sanesecurity production database file: bofhland_malware_attach.hdb
Testing updated Sanesecurity database file: bofhland_malware_URL.ndb
Sanesecurity GPG Signature tested good on bofhland_malware_URL.ndb database
Clamscan reports Sanesecurity bofhland_malware_URL.ndb database integrity tested good
Successfully updated Sanesecurity production database file: bofhland_malware_URL.ndb
Testing updated Sanesecurity database file: bofhland_phishing_URL.ndb
Sanesecurity GPG Signature tested good on bofhland_phishing_URL.ndb database
Clamscan reports Sanesecurity bofhland_phishing_URL.ndb database integrity tested good
Successfully updated Sanesecurity production database file: bofhland_phishing_URL.ndb
Testing updated Sanesecurity database file: crdfam.clamav.hdb
Sanesecurity GPG Signature tested good on crdfam.clamav.hdb database
Clamscan reports Sanesecurity crdfam.clamav.hdb database integrity tested good
Successfully updated Sanesecurity production database file: crdfam.clamav.hdb
Testing updated Sanesecurity database file: phishtank.ndb
Sanesecurity GPG Signature tested good on phishtank.ndb database
Clamscan reports Sanesecurity phishtank.ndb database integrity tested good
Successfully updated Sanesecurity production database file: phishtank.ndb
Testing updated Sanesecurity database file: porcupine.ndb
Sanesecurity GPG Signature tested good on porcupine.ndb database
Clamscan reports Sanesecurity porcupine.ndb database integrity tested good
Successfully updated Sanesecurity production database file: porcupine.ndb
======================================================================
SecuriteInfo Database File Updates
======================================================================
Checking for updated SecuriteInfo database file: honeynet.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
134 268 134 268 0 0 2042 0 --:--:-- --:--:-- --:--:-- 5702
Testing updated SecuriteInfo database file: honeynet.hdb
Clamscan reports SecuriteInfo honeynet.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/honeynet.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: honeynet.hdb - SKIPPING
No updated SecuriteInfo honeynet.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfo.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
136 272 136 272 0 0 2860 0 --:--:-- --:--:-- --:--:-- 6325
Testing updated SecuriteInfo database file: securiteinfo.hdb
Clamscan reports SecuriteInfo securiteinfo.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfo.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfo.hdb - SKIPPING
No updated SecuriteInfo securiteinfo.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfobat.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2748 0 --:--:-- --:--:-- --:--:-- 5612
Testing updated SecuriteInfo database file: securiteinfobat.hdb
Clamscan reports SecuriteInfo securiteinfobat.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfobat.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfobat.hdb - SKIPPING
No updated SecuriteInfo securiteinfobat.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfodos.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2464 0 --:--:-- --:--:-- --:--:-- 5851
Testing updated SecuriteInfo database file: securiteinfodos.hdb
Clamscan reports SecuriteInfo securiteinfodos.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfodos.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfodos.hdb - SKIPPING
No updated SecuriteInfo securiteinfodos.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfoelf.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2810 0 --:--:-- --:--:-- --:--:-- 6111
Testing updated SecuriteInfo database file: securiteinfoelf.hdb
Clamscan reports SecuriteInfo securiteinfoelf.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfoelf.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfoelf.hdb - SKIPPING
No updated SecuriteInfo securiteinfoelf.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfohtml.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
138 276 138 276 0 0 2707 0 --:--:-- --:--:-- --:--:-- 5750
Testing updated SecuriteInfo database file: securiteinfohtml.hdb
Clamscan reports SecuriteInfo securiteinfohtml.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfohtml.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfohtml.hdb - SKIPPING
No updated SecuriteInfo securiteinfohtml.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfooffice.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
139 278 139 278 0 0 2796 0 --:--:-- --:--:-- --:--:-- 5914
Testing updated SecuriteInfo database file: securiteinfooffice.hdb
Clamscan reports SecuriteInfo securiteinfooffice.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfooffice.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfooffice.hdb - SKIPPING
No updated SecuriteInfo securiteinfooffice.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfopdf.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2742 0 --:--:-- --:--:-- --:--:-- 5978
Testing updated SecuriteInfo database file: securiteinfopdf.hdb
Clamscan reports SecuriteInfo securiteinfopdf.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfopdf.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfopdf.hdb - SKIPPING
No updated SecuriteInfo securiteinfopdf.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfosh.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 274 137 274 0 0 2488 0 --:--:-- --:--:-- --:--:-- 5829
Testing updated SecuriteInfo database file: securiteinfosh.hdb
Clamscan reports SecuriteInfo securiteinfosh.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/usr/unofficial-dbs/si-dbs/securiteinfosh.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfosh.hdb - SKIPPING
No updated SecuriteInfo securiteinfosh.hdb database file found
======================================================================
MalwarePatrol mbl.ndb Database File Update
======================================================================
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
Testing updated MalwarePatrol database file: mbl.ndb
Clamscan reports MalwarePatrol mbl.ndb database integrity tested BAD - SKIPPING
===============================================================
= Database reload has been disabled in the configuration file =
===============================================================
Lots of errors.
Directory /usr/unofficial-dbs/si-dbs/ is empty.
Or do I have something missed, and things are working well?
Is anybody working with this?
Thanks for any reply.
stefan
-
mmmmmhh...
on the top of that page I read:
Note:
Please note that there now is a contrib for adding additional signatures. Please see Clamav_unofficial_sigs.
with a link that points to: https://wiki.contribs.org/Clamav_unofficial_sigs
I guess you missed it..
-
Ouch, you're right. I missed it. Sorry. I'm going to give it a try.
Thank you for your your hint.
-
Hmm, anyway:
clamav-unofficial-sigs.sh
Sanesecurity public GPG key successfully downloaded
Sanesecurity public GPG key successfully imported to custom keyring
======================================================================
Sanesecurity Database & GPG Signature File Updates
======================================================================
Sanesecurity mirror site used: ws3-170.freeformit.com 69.16.193.170
Number of files: 18 (reg: 18)
Number of created files: 18 (reg: 18)
Number of regular files transferred: 18
Total file size: 14,254,987 bytes
Total transferred file size: 14,254,987 bytes
Literal data: 14,254,987 bytes
Matched data: 0 bytes
File list size: 581
File list generation time: 0.215 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 376
Total bytes received: 2,705,515
sent 376 bytes received 2,705,515 bytes 491,980.18 bytes/sec
total size is 14,254,987 speedup is 5.27
Testing updated Sanesecurity database file: jurlbl.ndb
Sanesecurity GPG Signature tested good on jurlbl.ndb database
Clamscan reports Sanesecurity jurlbl.ndb database integrity tested good
Successfully updated Sanesecurity production database file: jurlbl.ndb
Testing updated Sanesecurity database file: scam.ndb
Sanesecurity GPG Signature tested good on scam.ndb database
Clamscan reports Sanesecurity scam.ndb database integrity tested good
Successfully updated Sanesecurity production database file: scam.ndb
Testing updated Sanesecurity database file: sanesecurity.ftm
Sanesecurity GPG Signature tested good on sanesecurity.ftm database
Clamscan reports Sanesecurity sanesecurity.ftm database integrity tested good
Successfully updated Sanesecurity production database file: sanesecurity.ftm
Testing updated Sanesecurity database file: winnow_malware.hdb
Sanesecurity GPG Signature tested good on winnow_malware.hdb database
Clamscan reports Sanesecurity winnow_malware.hdb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_malware.hdb
Testing updated Sanesecurity database file: spamimg.hdb
Sanesecurity GPG Signature tested good on spamimg.hdb database
Clamscan reports Sanesecurity spamimg.hdb database integrity tested good
Successfully updated Sanesecurity production database file: spamimg.hdb
Testing updated Sanesecurity database file: junk.ndb
Sanesecurity GPG Signature tested good on junk.ndb database
Clamscan reports Sanesecurity junk.ndb database integrity tested good
Successfully updated Sanesecurity production database file: junk.ndb
Testing updated Sanesecurity database file: winnow_malware_links.ndb
Sanesecurity GPG Signature tested good on winnow_malware_links.ndb database
Clamscan reports Sanesecurity winnow_malware_links.ndb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_malware_links.ndb
Testing updated Sanesecurity database file: rogue.hdb
Sanesecurity GPG Signature tested good on rogue.hdb database
Clamscan reports Sanesecurity rogue.hdb database integrity tested good
Successfully updated Sanesecurity production database file: rogue.hdb
Testing updated Sanesecurity database file: phish.ndb
Sanesecurity GPG Signature tested good on phish.ndb database
Clamscan reports Sanesecurity phish.ndb database integrity tested good
Successfully updated Sanesecurity production database file: phish.ndb
======================================================================
SecuriteInfo Database File Updates
======================================================================
Checking for updated SecuriteInfo database file: securiteinfosh.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 274 137 274 0 0 886 0 --:--:-- --:--:-- --:--:-- 5829
Testing updated SecuriteInfo database file: securiteinfosh.hdb
Clamscan reports Sanesecurity securiteinfosh.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/var/lib/clamav-unofficial-sigs/si-dbs/securiteinfosh.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfosh.hdb - SKIPPING
No updated SecuriteInfo securiteinfosh.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfopdf.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2981 0 --:--:-- --:--:-- --:--:-- 6111
Testing updated SecuriteInfo database file: securiteinfopdf.hdb
Clamscan reports Sanesecurity securiteinfopdf.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/var/lib/clamav-unofficial-sigs/si-dbs/securiteinfopdf.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfopdf.hdb - SKIPPING
No updated SecuriteInfo securiteinfopdf.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfooffice.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
139 278 139 278 0 0 2840 0 --:--:-- --:--:-- --:--:-- 5914
Testing updated SecuriteInfo database file: securiteinfooffice.hdb
Clamscan reports Sanesecurity securiteinfooffice.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/var/lib/clamav-unofficial-sigs/si-dbs/securiteinfooffice.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfooffice.hdb - SKIPPING
No updated SecuriteInfo securiteinfooffice.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfobat.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2720 0 --:--:-- --:--:-- --:--:-- 5729
Testing updated SecuriteInfo database file: securiteinfobat.hdb
Clamscan reports Sanesecurity securiteinfobat.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/var/lib/clamav-unofficial-sigs/si-dbs/securiteinfobat.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfobat.hdb - SKIPPING
No updated SecuriteInfo securiteinfobat.hdb database file found
---
Checking for updated SecuriteInfo database file: honeynet.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
134 268 134 268 0 0 2824 0 --:--:-- --:--:-- --:--:-- 6090
Testing updated SecuriteInfo database file: honeynet.hdb
Clamscan reports Sanesecurity honeynet.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/var/lib/clamav-unofficial-sigs/si-dbs/honeynet.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: honeynet.hdb - SKIPPING
No updated SecuriteInfo honeynet.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfoelf.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2784 0 --:--:-- --:--:-- --:--:-- 6395
Testing updated SecuriteInfo database file: securiteinfoelf.hdb
Clamscan reports Sanesecurity securiteinfoelf.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/var/lib/clamav-unofficial-sigs/si-dbs/securiteinfoelf.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfoelf.hdb - SKIPPING
No updated SecuriteInfo securiteinfoelf.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfodos.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
137 275 137 275 0 0 2756 0 --:--:-- --:--:-- --:--:-- 6111
Testing updated SecuriteInfo database file: securiteinfodos.hdb
Clamscan reports Sanesecurity securiteinfodos.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/var/lib/clamav-unofficial-sigs/si-dbs/securiteinfodos.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfodos.hdb - SKIPPING
No updated SecuriteInfo securiteinfodos.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfo.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
136 272 136 272 0 0 2759 0 --:--:-- --:--:-- --:--:-- 5666
Testing updated SecuriteInfo database file: securiteinfo.hdb
Clamscan reports Sanesecurity securiteinfo.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/var/lib/clamav-unofficial-sigs/si-dbs/securiteinfo.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfo.hdb - SKIPPING
No updated SecuriteInfo securiteinfo.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfohtml.hdb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
138 276 138 276 0 0 2778 0 --:--:-- --:--:-- --:--:-- 5872
Testing updated SecuriteInfo database file: securiteinfohtml.hdb
Clamscan reports Sanesecurity securiteinfohtml.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/var/lib/clamav-unofficial-sigs/si-dbs/securiteinfohtml.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfohtml.hdb - SKIPPING
No updated SecuriteInfo securiteinfohtml.hdb database file found
======================================================================
MalwarePatrol mbl.ndb Database File Update
======================================================================
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
Testing updated MalwarePatrol database file: mbl.ndb
Clamscan reports Sanesecurity mbl.ndb database integrity tested BAD - SKIPPING
======================================================================
=================================================
= Update(s) detected, reloaded ClamAV databases =
=================================================
I.e.:
Testing updated SecuriteInfo database file: securiteinfohtml.hdb
Clamscan reports Sanesecurity securiteinfohtml.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/var/lib/clamav-unofficial-sigs/si-dbs/securiteinfohtml.hdb" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfohtml.hdb - SKIPPING
Directory /var/lib/clamav-unofficial-sigs/si-dbs/ is empty. Does it have to be empty? Does it work - or not?
-
Contrib version is:
#clamav-unofficial-sigs.sh -v
clamav-unofficial-sigs.sh v3.7.1 (updated 2010-06-06)
Last version is:
clamav-unofficial-sigs-3.7.2
I'll try to figure out the differences.
-
contrib:
rpm -ql smeserver-clamav-unofficial-sigs
/*snip
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/honeynet.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/junk.ndb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/jurlbl.ndb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/mbl.ndb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/phish.ndb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/rogue.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/sanesecurity.ftm
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/scam.ndb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/securiteinfo.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/securiteinfobat.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/securiteinfodos.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/securiteinfoelf.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/securiteinfohtml.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/securiteinfooffice.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/securiteinfopdf.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/securiteinfosh.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/spamimg.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/status
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/type
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/winnow_malware.hdb
/etc/e-smith/db/configuration/defaults/clamav-unofficial-sigs/winnow_malware_links.ndb
snip*/
clamav-unofficial-sigs-3.7.2:
# ========================
# Sanesecurity Database(s)
# ========================
# Add or remove database file names between quote marks as needed. To
# disable usage of any of the Sanesecurity distributed database files
# shown, remove the database file name from the quoted section below.
# To disable usage of all Sanesecurity distributed databases, comment
# all of the quoted lines below. Only databases defined as "low" risk
# have been enabled by default (for additional information about the
# database ratings, see: http://www.sanesecurity.com/clamav/databases.htm).
# Only add signature databases here that are "distributed" by Sanesecuirty
# as defined at the URL shown above. Database distributed by others sources
# (e.g., SecuriteInfo & MalewarePatrol, can be added to other sections of
# this config file below). Finally, make sure that the database names are
# spelled correctly or you will experience issues when the script runs
# (hint: all rsync servers will fail to download signature updates).
ss_dbs="
blurl.ndb
junk.ndb
jurlbl.ndb
phish.ndb
rogue.hdb
sanesecurity.ftm
scam.ndb
sigwhitelist.ign2
spamattach.hdb
spamimg.hdb
winnow.attachments.hdb
winnow_bad_cw.hdb
winnow_extended_malware.hdb
winnow_malware.hdb
winnow_malware_links.ndb
doppelstern.hdb
bofhland_cracked_URL.ndb
bofhland_malware_attach.hdb
bofhland_malware_URL.ndb
bofhland_phishing_URL.ndb
crdfam.clamav.hdb
phishtank.ndb
porcupine.ndb
"
# ========================
# SecuriteInfo Database(s)
# ========================
# Add or remove database file names between quote marks as needed. To
# disable any SecuriteInfo database downloads, remove the appropriate
# lines below. To disable all SecuriteInfo database file downloads,
# comment all of the following lines.
si_dbs="
honeynet.hdb
securiteinfo.hdb
securiteinfobat.hdb
securiteinfodos.hdb
securiteinfoelf.hdb
securiteinfohtml.hdb
securiteinfooffice.hdb
securiteinfopdf.hdb
securiteinfosh.hdb
"
# =========================
# MalwarePatrol Database(s)
# =========================
# Add or remove database file names between quote marks as needed. To
# disable any of the MalwarePatrol database file downloads, remove the
# appropriate database file name lines below. To disable MalwarePatrol
# database downloads, comment all of the following lines.
mbl_dbs="
mbl.ndb
"
Few differences. I'll try and report.
-
CHANGELOG:
This file contains changes to the clamav-unofficial-sigs script written
by Bill Landry (unofficialsigs@gmail.com). The script provides a simple
way to download, test, and use third-party ClamAV signature databases
provided by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, etc.
Version 3.7.2 (updated 2013-08-25)
- Added Sanesecurity signature whitelist "sigwhitelist.ign2" file
to the list of default databases in the config file.
- Added "-w" flag to support adding signature whitelist entries in
"my-whitelist.ign2" file in the newer ClamAV IGN2 format. Do
not manually add or remove whitelist entries from this file,
the script will automatically remove whitelist entries when the
offending signatures have been modified or removed from the
third-party database.
- DEPRECATED the "-b" (signature bypass) flag. Although still
supported, it is highly recommend that you instead use the new
"-w" flag, which supports the newer ClamAV IGN2 signature
whitelist format.
- Anchored grep searches when using the "-b" flag in order to
more exactly match signature searches. Requested by Paul Wise.
- Added rsync and curl timeout variables to the configuration
file to allow the script user to define custom connect and
overall download timeout values. Requested by Paul Wise.
- Added a "setmode" variable to the script's configuration file to
allow the script user to enable or disable the "chmod" command
usage on the signature files and directory. Requested by Paul Wise.
- Added detail to the config file regarding correct file name
spelling, adding only relevant signature file names to the
appropriate sections of the config file, and not placing
anything other than correctly spelled signature file names
inside the quoted signature name sections of the config file.
- Modified "add_dbs" section of the script to properly retrieve
http downloaded signature database files on first-time run.
Issue reported by Blaine Fleming.
- Changed script database reporting to reflect the correct author.
- Updated my contact and script download information in all files
and updated "man" pages to reflect flag changes and additions.
I'm sorry, to update the contrib is beyond my knowledge. It would be nice if somebody could join in.
-
Should be moved to contribs now.
-
Googling around brings up:
http://lists.clamav.net/pipermail/clamav-users/2015-April/001452.html (http://lists.clamav.net/pipermail/clamav-users/2015-April/001452.html)
and
http://lists.clamav.net/pipermail/clamav-users/2015-April/001459.html (http://lists.clamav.net/pipermail/clamav-users/2015-April/001459.html)
which ends in:
http://clamav.securiteinfo.com/securiteinfohtml.hdb (http://clamav.securiteinfo.com/securiteinfohtml.hdb)
Not sure about the conditions if signing a free account. My French is not good enough to understand whether I'm allowed to use it commercial or not.
finally:
https://www.securiteinfo.com/services/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml (https://www.securiteinfo.com/services/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml)
I'm going to follow this:
http://lists.clamav.net/pipermail/clamav-users/2015-April/001452.html (http://lists.clamav.net/pipermail/clamav-users/2015-April/001452.html)
Maybe the maintainer of the contrib jumps on and push an update. With or without the securityinfo databases.
-
And:
http://lists.clamav.net/pipermail/clamav-users/2014-May/000348.html (http://lists.clamav.net/pipermail/clamav-users/2014-May/000348.html)
ends up:
http://www.malware.com.br/open-source.shtml (http://www.malware.com.br/open-source.shtml)
Contrib should be updated. Opend a bug https://bugs.contribs.org/show_bug.cgi?id=9207 (https://bugs.contribs.org/show_bug.cgi?id=9207).
-
Many of the additional signatures have changed the download URL a/o require you to sign in in order to get some key before downloading.
There is a new version of the script here
https://github.com/extremeshok/clamav-unofficial-sigs (https://github.com/extremeshok/clamav-unofficial-sigs)
which addresses these issues.
It could be taken as an example or, if the licensing permits, ported to SME.
-
Hi mauro, thank you for your suggestion.
could you post your comment to the related bug too?
thank you
-
I just did :D
-
doh, didn't notice the email from bugzilla :-)
thank you
-
I've used unofficial sigs for a while, and switched to the extremeshok version several months ago because its not abandoned.
But emails with attached Word documents still get through. I actually had someone who opened the .doc and tried to enable the content as instructed in the attachment.
So, I looked for ways to block .doc and .docx attachments, however blocking documents with macros seems the best solution. This doesn't block documents in .zip files, but that's ok because when a user opens a .zip file, the zip program places temporary copies on the drive where the user's antivirus can see them.
I created this directory and file:
nano /etc/e-smith/templates-custom/etc/clamd.conf/25OLE2BlockMacros
Then paste this into the file:
OLE2BlockMacros yes
Save and exit. Then activate:
signal-event post-upgrade
signal-event reboot
I use spamfilter-stats-7.pl for daily reports, and it does show emails being rejected for OLE*
-
So, I looked for ways to block .doc and .docx attachments, however blocking documents with macros seems the best solution. This doesn't block documents in .zip files, but that's ok because when a user opens a .zip file, the zip program places temporary copies on the drive where the user's antivirus can see them.
I created this directory and file:
nano /etc/e-smith/templates-custom/etc/clamd.conf/25OLE2BlockMacros
Then paste this into the file:
OLE2BlockMacros yes
Save and exit. Then activate:
signal-event post-upgrade
signal-event reboot
Big thanks to compdoc for this!
-
Many of the additional signatures have changed the download URL a/o require you to sign in in order to get some key before downloading.
There is a new version of the script here
https://github.com/extremeshok/clamav-unofficial-sigs (https://github.com/extremeshok/clamav-unofficial-sigs)
which addresses these issues.
It could be taken as an example or, if the licensing permits, ported to SME.
How did you manage the systemd issue on CentOS6?